int ds_hash_authusername(struct sip_msg *msg, unsigned int *hash) { /* Header, which contains the authorization */ struct hdr_field* h = 0; /* The Username */ str username = {0, 0}; /* The Credentials from this request */ auth_body_t* cred; if(msg==NULL || hash == NULL) { LM_ERR("bad parameters\n"); return -1; } if (parse_headers(msg, HDR_PROXYAUTH_F, 0) == -1) { LM_ERR("error parsing headers!\n"); return -1; } if (msg->proxy_auth && !msg->proxy_auth->parsed) parse_credentials(msg->proxy_auth); if (msg->proxy_auth && msg->proxy_auth->parsed) { h = msg->proxy_auth; } if (!h) { if (parse_headers(msg, HDR_AUTHORIZATION_F, 0) == -1) { LM_ERR("error parsing headers!\n"); return -1; } if (msg->authorization && !msg->authorization->parsed) parse_credentials(msg->authorization); if (msg->authorization && msg->authorization->parsed) { h = msg->authorization; } } if (!h) { LM_DBG("No Authorization-Header!\n"); return 1; } cred=(auth_body_t*)(h->parsed); if (!cred || !cred->digest.username.user.len) { LM_ERR("No Authorization-Username or Credentials!\n"); return 1; } username.s = cred->digest.username.user.s; username.len = cred->digest.username.user.len; trim(&username); *hash = ds_get_hash(&username, NULL); return 0; }
void process(char *name, pid_t *cids, int cnum) { pid_t pid = getpid(); pid_t ppid = getppid(); pid_t pgrp = getpgrp(); pid_t sid = getsid(0); FILE *fp; fp = fopen(name, "w"); fprintf(fp, "pid/spid\tppid/sppid\tsid/ssid\n"); fclose(fp); while (1) { int ret = 0, i; fp = fopen(name, "a"); fprintf(fp, "%d/%d\t%d/%d\t%d/%d\n", getpid(), pid, getppid(), ppid, getsid(0), sid); fclose(fp); ret = check_credentials(pid, ppid, pgrp, sid); if (ret) { parse_credentials(ret, name, pid, ppid, pgrp, sid); } for (i = 0; i < cnum; i++) { if (kill(cids[i], 0) < 0) { printf("%s: no child #%d = %d\n", name, i, cids[i]); } } sleep(1); } }
/** * Returns the Private Identity extracted from the Authorization header. * If none found there takes the SIP URI in To without the "sip:" prefix * \todo - remove the fallback case to the To header * @param msg - the SIP message * @param realm - the realm to match in an Authorization header * @returns the str containing the private id, no mem dup */ str cscf_get_private_identity(struct sip_msg *msg, str realm) { str pi = {0, 0}; struct hdr_field* h = 0; int ret, i, res; if ((parse_headers(msg, HDR_AUTHORIZATION_F, 0) != 0) && (parse_headers(msg, HDR_PROXYAUTH_F, 0) != 0)) { return pi; } h = msg->authorization; if (!msg->authorization) { goto fallback; } if (realm.len && realm.s) { ret = find_credentials(msg, &realm, HDR_AUTHORIZATION_F, &h); if (ret < 0) { ret = find_credentials(msg, &realm, HDR_PROXYAUTH_F, &h); if (ret < 0) { goto fallback; } else { if (ret >0) { goto fallback; } h = msg->proxy_auth; } } else { if (ret > 0) { goto fallback; } } } if (!h) goto fallback; res = parse_credentials(h); if (res != 0) { LOG(L_ERR, "Error while parsing credentials\n"); return pi; } if (h) pi = ((auth_body_t*) h->parsed)->digest.username.whole; goto done; fallback: pi = cscf_get_public_identity(msg); if (pi.len > 4 && strncasecmp(pi.s, "sip:", 4) == 0) { pi.s += 4; pi.len -= 4; } for (i = 0; i < pi.len; i++) if (pi.s[i] == ';') { pi.len = i; break; } done: return pi; }
static int verify_callback(int ok, X509_STORE_CTX *ctx) { char *userid; X509 *xs; PROXY_CERT_INFO_EXTENSION *pci; char *credstr; PVFS_credentials *credentials; char error_msg[256]; int ret; /* prior verifies have succeeded */ if (ok == 1) { /* parse the credential string uid/gid from the policy */ xs = ctx->current_cert; if (xs->ex_flags & EXFLAG_PROXY) { /* get userid for error logging */ userid = (char *) X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_userid()); /* get credentials in {UID}/{GID} form from cert policy */ pci = (PROXY_CERT_INFO_EXTENSION *) X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); if (pci->proxyPolicy->policy != NULL && pci->proxyPolicy->policy->length > 0) { credstr = (char *) pci->proxyPolicy->policy->data; credentials = (PVFS_credentials *) X509_STORE_CTX_get_ex_data( ctx, get_proxy_auth_ex_data_cred()); ret = parse_credentials(credstr, &credentials->uid, &credentials->gid); if (ret != 0) { _snprintf(error_msg, sizeof(error_msg), "User %s: proxy " "certificate contains invalid credential policy", userid); report_cert_error(error_msg); ok = 0; } } else { _snprintf(error_msg, sizeof(error_msg), "User %s: proxy " "certificate contains no credential policy", userid); report_cert_error(error_msg); ok = 0; } PROXY_CERT_INFO_EXTENSION_free(pci); } } return ok; }
static str get_diverter(struct sip_msg *msg) { struct hdr_field *header; dig_cred_t *credentials; int_str avpname, avpvalue; static str diverter; diverter.s = "None"; diverter.len = 4; avpname.n = diverter_avp_id; if (search_first_avp(AVP_VAL_STR, avpname, &avpvalue, NULL)) { // have a diverted call diverter = avpvalue.s; } else { get_authorized_cred(msg->proxy_auth, &header); if (header) { credentials = &((auth_body_t*)(header->parsed))->digest; } else { if (parse_headers(msg, HDR_PROXYAUTH_F, 0) == -1) { LOG(L_ERR, "cannot parse Proxy-Authorization header\n"); return diverter; } if (!msg->proxy_auth) return diverter; if (parse_credentials(msg->proxy_auth) != 0) { LOG(L_ERR, "cannot parse credentials\n"); return diverter; } credentials = &((auth_body_t*)(msg->proxy_auth->parsed))->digest; } if (credentials->username.user.len > 0 && credentials->username.domain.len > 0 && credentials->realm.len == 0 && credentials->nonce.len == 0 && credentials->response.len == 0) { // this is a call diverted from the failure route // and sent back to proxy with append_pa_hf() diverter = credentials->username.whole; } } return diverter; }
/** * Find credentials with given realm in a SIP message header. * @param _m - the SIP message to look into * @param _realm - the realm to match in the authorization header * @param _hftype - the header type (HDR_AUTHORIZATION_T,HDR_PROXYAUTH_T) * @param _h - header pointer to fill with the match * @returns 0 on success, 1 if not found * \note This function is taken from the auth module */ inline int find_credentials(struct sip_msg* _m, str* _realm, hdr_types_t _hftype, struct hdr_field** _h) { struct hdr_field** hook, *ptr, *prev; hdr_flags_t hdr_flags; int res; str* r; /* * Determine if we should use WWW-Authorization or * Proxy-Authorization header fields, this parameter * is set in www_authorize and proxy_authorize */ switch(_hftype) { case HDR_AUTHORIZATION_T: hook = &(_m->authorization); hdr_flags=HDR_AUTHORIZATION_F; break; case HDR_PROXYAUTH_T: hook = &(_m->proxy_auth); hdr_flags=HDR_PROXYAUTH_F; break; default: hook = &(_m->authorization); hdr_flags=HDR_T2F(_hftype); break; } /* * If the credentials haven't been parsed yet, do it now */ if (*hook == 0) { /* No credentials parsed yet */ if (parse_headers(_m, hdr_flags, 0) == -1) { LOG(L_ERR, "find_credentials(): Error while parsing headers\n"); return -1; } } ptr = *hook; /* * Iterate through the credentials in the message and * find credentials with given realm */ while(ptr) { res = parse_credentials(ptr); ptr->type = HDR_AUTHORIZATION_T; if (res < 0) { LOG(L_ERR, "find_credentials(): Error while parsing credentials\n"); return (res == -1) ? -2 : -3; } else if (res == 0) { if (_realm->len) { r = &(((auth_body_t*)(ptr->parsed))->digest.realm); if (r->len == _realm->len) { if (!strncasecmp(_realm->s, r->s, r->len)) { *_h = ptr; return 0; } } } else { *_h = ptr; return 0; } } prev = ptr; if (parse_headers(_m, hdr_flags, 1) == -1) { LOG(L_ERR, "find_credentials(): Error while parsing headers\n"); return -4; } else { if (prev != _m->last_header) { if (_m->last_header->type == _hftype) ptr = _m->last_header; else break; } else break; } } /* * Credentials with given realm not found */ return 1; }
/* Find credentials with given realm in a SIP message header */ int find_credentials(struct sip_msg* _m, str* _realm, int _hftype, struct hdr_field** _h) { struct hdr_field** hook, *ptr, *prev; int res; str* r; switch(_hftype) { case HDR_AUTHORIZATION: hook = &(_m->authorization); break; case HDR_PROXYAUTH: hook = &(_m->proxy_auth); break; default: hook = &(_m->authorization); break; } /* If the credentials haven't been parsed yet, do it now */ if (*hook == 0) if (parse_headers(_m, _hftype, 0) == -1) { LOG(L_ERR, M_NAME":find_credentials(): Error while parsing headers\n"); return -1; } ptr = *hook; /* Iterate through the credentials of the message to find credentials with given realm */ while(ptr) { res = parse_credentials(ptr); if (res < 0) { LOG(L_ERR, M_NAME":find_credentials(): Error while parsing " "credentials\n"); return (res == -1) ? -2 : -3; } else if (res == 0) { r = &(((auth_body_t*)(ptr->parsed))->digest.realm); if (r->len == _realm->len) { if (!strncasecmp(_realm->s, r->s, r->len)) { *_h = ptr; return 0; } } } prev = ptr; if (parse_headers(_m, _hftype, 1) == -1) { LOG(L_ERR, M_NAME":find_credentials(): Error while parsing" " headers\n"); return -4; } else { if (prev != _m->last_header) { if (_m->last_header->type == _hftype) ptr = _m->last_header; else break; } else break; } } /* Credentials with given realm not found */ return 1; }
/* * Find credentials with given realm in a SIP message header */ int find_credentials(struct sip_msg* msg, str* realm, hdr_types_t hftype, struct hdr_field** hdr) { struct hdr_field** hook, *ptr; hdr_flags_t hdr_flags; int res; str* r; /* * Determine if we should use WWW-Authorization or * Proxy-Authorization header fields, this parameter * is set in www_authorize and proxy_authorize */ switch(hftype) { case HDR_AUTHORIZATION_T: hook = &(msg->authorization); hdr_flags=HDR_AUTHORIZATION_F; break; case HDR_PROXYAUTH_T: hook = &(msg->proxy_auth); hdr_flags=HDR_PROXYAUTH_F; break; default: hook = &(msg->authorization); hdr_flags=HDR_T2F(hftype); break; } /* * If the credentials haven't been parsed yet, do it now */ if (*hook == 0) { /* No credentials parsed yet */ if (parse_headers(msg, hdr_flags, 0) == -1) { LM_ERR("error while parsing headers\n"); return -1; } } ptr = *hook; /* * Iterate through the credentials in the message and * find credentials with given realm */ while(ptr) { res = parse_credentials(ptr); if (res < 0) { LM_ERR("error while parsing credentials\n"); return (res == -1) ? -2 : -3; } else if (res == 0) { r = &(((auth_body_t*)(ptr->parsed))->digest.realm); if (r->len == realm->len) { if (!strncasecmp(realm->s, r->s, r->len)) { *hdr = ptr; return 0; } } } if (parse_headers(msg, hdr_flags, 1) == -1) { LM_ERR("error while parsing headers\n"); return -4; } else { ptr = next_sibling_hdr(ptr); if (!ptr) break; } } /* * Credentials with given realm not found */ return 1; }
/* * This function encodes an arbitrary header into a chunk of bytes, * ready to be sent to the Application Server. * * The header codes start with this encoded-bytes: * 2: SIP-MSG-START based pointer to the header (including header name) * 2: length of the header * 1: length of the header name */ int encode_header(struct sip_msg *sipmsg,struct hdr_field *hdr,unsigned char *payload,int paylen) { int len=0; unsigned int integer,*methods=0; char *hdrstart,*tmp; unsigned short int ptr; struct to_body *tobody=0; struct via_body *viabody=0; struct cseq_body *cseqbody=0; char *msg,*myerror; int mlen; msg=sipmsg->buf; mlen=sipmsg->len; hdrstart = hdr->name.s; if(hdrstart-msg<0){ LM_ERR("header(%.*s) does not belong to sip_msg(hdrstart<msg)\n", hdr->name.len,hdr->name.s); return -1; } ptr=htons((short int)(hdrstart-msg)); if((hdrstart-msg)>mlen){ LM_ERR("out of the sip_msg bounds (%d>%d)\n",ntohs(ptr),mlen); return -1; } if(hdr->len>(1<<16)){ LM_ERR("length of header too long\n"); return -1; } memcpy(payload,&ptr,2); ptr=htons((short int)(hdr->len)); memcpy(payload+HEADER_LEN_IDX,&ptr,2); payload[HEADER_NAME_LEN_IDX]=(unsigned char)hdr->name.len; switch(hdr->type){ case HDR_FROM_T: case HDR_TO_T: case HDR_REFER_TO_T: case HDR_RPID_T: if(!hdr->parsed){ if((tobody=pkg_malloc(sizeof(struct to_body)))==0){ myerror="Out of memory !!\n"; goto error; } parse_to(hdr->body.s,hdr->body.s+hdr->body.len+1,tobody); if (tobody->error == PARSE_ERROR) { myerror="bad (REFER,TO,FROM,RPID) header\n"; pkg_free(tobody); return 5; goto error; } hdr->parsed=(struct to_body*)tobody; }else tobody=(struct to_body*)hdr->parsed; if((len=encode_to_body(hdr->name.s,hdr->len,tobody,payload+5))<0){ myerror="parsing from or to header\n"; goto error; }else{ return 5+len; } break; case HDR_CONTACT_T: if(!hdr->parsed) if(parse_contact(hdr)<0){ myerror="parsing contact\n"; goto error; } if((len=encode_contact_body(hdr->name.s,hdr->len,(contact_body_t*)hdr->parsed,payload+5))<0){ myerror="encoding contact header\n"; goto error; }else{ return 5+len; } break; case HDR_ROUTE_T: case HDR_RECORDROUTE_T: if(!hdr->parsed) if(parse_rr(hdr)<0){ myerror="encoding route or recordroute\n"; goto error; } if((len=encode_route_body(hdr->name.s,hdr->len,(rr_t*)hdr->parsed,payload+5))<0){ myerror="encoding route or recordroute header\n"; goto error; }else{ return 5+len; } break; case HDR_CONTENTLENGTH_T: if(!hdr->parsed){ tmp=parse_content_length(hdr->body.s,hdr->body.s+hdr->body.len+1,(int*)&integer); if (tmp==0){ myerror="bad content_length header\n"; goto error; } hdr->parsed=(void*)(long)integer; } if((len=encode_contentlength(hdr->name.s,hdr->len,(long int)hdr->parsed,(char*)(payload+5)))<0){ myerror="encoding content-length header\n"; goto error; }else{ return 5+len; } break; case HDR_VIA_T: if(!hdr->parsed){ if((viabody=pkg_malloc(sizeof(struct via_body)))==0){ myerror="out of memory\n"; goto error; } memset(viabody,0,sizeof(struct via_body)); if(parse_via(hdr->body.s,hdr->body.s+hdr->body.len+1,viabody)==0){ myerror="encoding via \n"; goto error; } hdr->parsed=viabody; } if((len=encode_via_body(hdr->name.s,hdr->len,(struct via_body*)hdr->parsed,payload+5))<0){ myerror="encoding via header\n"; goto error; }else{ return 5+len; } break; case HDR_ACCEPT_T: if(!hdr->parsed){ if(parse_accept_hdr(sipmsg)<0){ return 5; } } if((len=encode_accept(hdr->name.s,hdr->len,(unsigned int*)hdr->parsed,(char*)(payload+5)))<0){ myerror="encoding via header\n"; goto error; }else{ return 5+len; } break; case HDR_CONTENTTYPE_T: if(!hdr->parsed){ if(parse_content_type_hdr(sipmsg)<0){ myerror="encoding content-type header\n"; goto error; } } if((len=encode_content_type(hdr->name.s,hdr->len,(unsigned int)get_content_type(sipmsg),(char*)(payload+5)))<0){ myerror="encoding via header\n"; goto error; }else{ return 5+len; } break; case HDR_CSEQ_T: if(!hdr->parsed){ if((cseqbody=pkg_malloc(sizeof(struct cseq_body)))==0){ myerror="out of memory\n"; goto error; } memset(cseqbody,0,sizeof(struct cseq_body)); if(parse_cseq(hdr->name.s,hdr->body.s+hdr->body.len+1,cseqbody)==0){ myerror="encoding cseq header\n"; goto error; } hdr->parsed=cseqbody; } if((len=encode_cseq(hdr->name.s,hdr->len,(struct cseq_body*)hdr->parsed,payload+5))<0){ myerror="encoding via header\n"; goto error; }else{ return 5+len; } break; case HDR_EXPIRES_T: if(!hdr->parsed){ if(parse_expires(hdr)<0){ myerror="encoding expires header\n"; goto error; } } if((len=encode_expires(hdr->name.s,hdr->len,(exp_body_t *)hdr->parsed,payload+5))<0){ myerror="encoding expires header\n"; goto error; }else{ return 5+len; } break; case HDR_ALLOW_T: if(!hdr->parsed){ if((methods=pkg_malloc(sizeof(unsigned int)))==0){ myerror="out of memory\n"; goto error; } *methods=0; if(parse_methods(&hdr->body,methods)!=0){ myerror="encoding allow header\n"; pkg_free(methods); return 5; /*goto error;*/ } hdr->parsed=methods; } if((len=encode_allow(hdr->name.s,hdr->len,(unsigned int*)hdr->parsed,(char*)(payload+5)))<0){ myerror="encoding allow header\n"; goto error; }else{ return 5+len; } break; case HDR_AUTHORIZATION_T: case HDR_PROXYAUTH_T: if(!hdr->parsed){ if(parse_credentials(hdr)<0){ myerror="encoding a digest header\n"; goto error; } } if((len=encode_digest(hdr->name.s,hdr->len,(dig_cred_t*)(&(((auth_body_t*)hdr->parsed)->digest)),payload+5))<0){ myerror="encoding allow header\n"; goto error; }else{ return 5+len; } break; default: return 5; } return 1; error: if(tobody) pkg_free(tobody); if(cseqbody) pkg_free(cseqbody); if(viabody) free_via_list(viabody); if(methods) pkg_free(methods); LM_ERR("%s",myerror); return -1; }