/*
* Authorize digest credentials
*/
static int digest_authenticate(sip_msg_t* msg, str *realm,
str *table, hdr_types_t hftype, str *method)
{
return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL);
}
int auth_check(sip_msg_t *_m, str *srealm, str *stable, int iflags)
{
int ret;
hdr_field_t *hdr;
sip_uri_t *uri = NULL;
sip_uri_t *turi = NULL;
sip_uri_t *furi = NULL;
str suser;
if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) {
return AUTH_OK;
}
if (srealm->len<=0) {
LM_ERR("invalid realm parameter - empty value\n");
return AUTH_ERROR;
}
if (stable->len==0) {
LM_ERR("invalid table parameter - empty value\n");
return AUTH_ERROR;
}
LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm->len, srealm->s,
stable->len, stable->s, iflags);
hdr = NULL;
if(_m->REQ_METHOD==METHOD_REGISTER)
ret = digest_authenticate_hdr(_m, srealm, stable, HDR_AUTHORIZATION_T,
&_m->first_line.u.request.method, &hdr);
else
ret = digest_authenticate_hdr(_m, srealm, stable, HDR_PROXYAUTH_T,
&_m->first_line.u.request.method, &hdr);
if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) {
suser = ((auth_body_t*)(hdr->parsed))->digest.username.user;
if((furi=parse_from_uri(_m))==NULL)
return AUTH_ERROR;
if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
if((turi=parse_to_uri(_m))==NULL)
return AUTH_ERROR;
uri = turi;
} else {
uri = furi;
}
if(!((iflags&AUTH_CHECK_SKIPFWD_F)
&& (_m->REQ_METHOD==METHOD_INVITE || _m->REQ_METHOD==METHOD_BYE
|| _m->REQ_METHOD==METHOD_PRACK || _m->REQ_METHOD==METHOD_UPDATE
|| _m->REQ_METHOD==METHOD_MESSAGE))) {
if(suser.len!=uri->user.len
|| strncmp(suser.s, uri->user.s, suser.len)!=0) {
LM_DBG("authentication username mismatch with from/to username\n");
return AUTH_USER_MISMATCH;
}
}
if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
/* check from==to */
if(furi->user.len!=turi->user.len
|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0) {
LM_DBG("from username mismatch with to username\n");
return AUTH_USER_MISMATCH;
}
if(use_domain!=0 && (furi->host.len!=turi->host.len
|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0)) {
LM_DBG("from domain mismatch with to domain\n");
return AUTH_USER_MISMATCH;
}
/* check r-uri==from for publish */
if(_m->REQ_METHOD==METHOD_PUBLISH) {
if(parse_sip_msg_uri(_m)<0)
return AUTH_ERROR;
uri = &_m->parsed_uri;
if(furi->user.len!=uri->user.len
|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0) {
LM_DBG("from username mismatch with r-uri username\n");
return AUTH_USER_MISMATCH;
}
if(use_domain!=0 && (furi->host.len!=uri->host.len
|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0)) {
LM_DBG("from domain mismatch with r-uri domain\n");
return AUTH_USER_MISMATCH;
}
}
}
return AUTH_OK;
}
return ret;
}
/*
* Authenticate using WWW/Proxy-Authorize header field
*/
int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
{
str srealm;
str stable;
int iflags;
int ret;
hdr_field_t *hdr;
sip_uri_t *uri = NULL;
sip_uri_t *turi = NULL;
sip_uri_t *furi = NULL;
if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) {
return AUTH_OK;
}
if(_m==NULL || _realm==NULL || _table==NULL || _flags==NULL) {
LM_ERR("invalid parameters\n");
return AUTH_ERROR;
}
if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) {
LM_ERR("failed to get realm value\n");
return AUTH_ERROR;
}
if (srealm.len==0) {
LM_ERR("invalid realm parameter - empty value\n");
return AUTH_ERROR;
}
if (get_str_fparam(&stable, _m, (fparam_t*)_table) < 0) {
LM_ERR("failed to get realm value\n");
return AUTH_ERROR;
}
if (stable.len==0) {
LM_ERR("invalid table parameter - empty value\n");
return AUTH_ERROR;
}
if(fixup_get_ivalue(_m, (gparam_p)_flags, &iflags)!=0)
{
LM_ERR("invalid flags parameter\n");
return -1;
}
LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s,
stable.len, stable.s, iflags);
hdr = NULL;
if(_m->REQ_METHOD==METHOD_REGISTER)
ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T,
&_m->first_line.u.request.method, &hdr);
else
ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T,
&_m->first_line.u.request.method, &hdr);
if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) {
srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
if((furi=parse_from_uri(_m))==NULL)
return AUTH_ERROR;
if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
if((turi=parse_to_uri(_m))==NULL)
return AUTH_ERROR;
uri = turi;
} else {
uri = furi;
}
if(srealm.len!=uri->user.len
|| strncmp(srealm.s, uri->user.s, srealm.len)!=0)
return AUTH_USER_MISMATCH;
if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
/* check from==to */
if(furi->user.len!=turi->user.len
|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(use_domain!=0 && (furi->host.len!=turi->host.len
|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
/* check r-uri==from for publish */
if(_m->REQ_METHOD==METHOD_PUBLISH) {
if(parse_sip_msg_uri(_m)<0)
return AUTH_ERROR;
uri = &_m->parsed_uri;
if(furi->user.len!=uri->user.len
|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
return AUTH_USER_MISMATCH;
if(use_domain!=0 && (furi->host.len!=uri->host.len
|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
return AUTH_USER_MISMATCH;
}
}
return AUTH_OK;
}
return ret;
}
