Exemplo n.º 1
0
int ds_hash_authusername(struct sip_msg *msg, unsigned int *hash)
{
	/* Header, which contains the authorization */
	struct hdr_field* h = 0;
	/* The Username */
	str username = {0, 0};
	/* The Credentials from this request */
	auth_body_t* cred;
	
	if(msg==NULL || hash == NULL)
	{
		LM_ERR("bad parameters\n");
		return -1;
	}
	if (parse_headers(msg, HDR_PROXYAUTH_F, 0) == -1)
	{
		LM_ERR("error parsing headers!\n");
		return -1;
	}
	if (msg->proxy_auth && !msg->proxy_auth->parsed)
		parse_credentials(msg->proxy_auth);
	if (msg->proxy_auth && msg->proxy_auth->parsed) {
		h = msg->proxy_auth;
	}
	if (!h)
	{
		if (parse_headers(msg, HDR_AUTHORIZATION_F, 0) == -1)
		{
			LM_ERR("error parsing headers!\n");
			return -1;
		}
		if (msg->authorization && !msg->authorization->parsed)
			parse_credentials(msg->authorization);
		if (msg->authorization && msg->authorization->parsed) {
			h = msg->authorization;
		}
	}
	if (!h)
	{
		LM_DBG("No Authorization-Header!\n");
		return 1;
	}

	cred=(auth_body_t*)(h->parsed);
	if (!cred || !cred->digest.username.user.len)
	{
		LM_ERR("No Authorization-Username or Credentials!\n");
		return 1;
	}
	
	username.s = cred->digest.username.user.s;
	username.len = cred->digest.username.user.len;

	trim(&username);
	
	*hash = ds_get_hash(&username, NULL);
	
	return 0;
}
Exemplo n.º 2
0
Arquivo: conf5.c Projeto: dmtcp/dmtcp
void
process(char *name, pid_t *cids, int cnum)
{
  pid_t pid = getpid();
  pid_t ppid = getppid();
  pid_t pgrp = getpgrp();
  pid_t sid = getsid(0);

  FILE *fp;

  fp = fopen(name, "w");
  fprintf(fp, "pid/spid\tppid/sppid\tsid/ssid\n");
  fclose(fp);
  while (1) {
    int ret = 0, i;

    fp = fopen(name, "a");
    fprintf(fp, "%d/%d\t%d/%d\t%d/%d\n",
            getpid(), pid,
            getppid(), ppid,
            getsid(0), sid);
    fclose(fp);

    ret = check_credentials(pid, ppid, pgrp, sid);
    if (ret) {
      parse_credentials(ret, name, pid, ppid, pgrp, sid);
    }
    for (i = 0; i < cnum; i++) {
      if (kill(cids[i], 0) < 0) {
        printf("%s: no child #%d = %d\n", name, i, cids[i]);
      }
    }
    sleep(1);
  }
}
Exemplo n.º 3
0
/**
 * Returns the Private Identity extracted from the Authorization header.
 * If none found there takes the SIP URI in To without the "sip:" prefix
 * \todo - remove the fallback case to the To header
 * @param msg - the SIP message
 * @param realm - the realm to match in an Authorization header
 * @returns the str containing the private id, no mem dup
 */
str cscf_get_private_identity(struct sip_msg *msg, str realm) {
	str pi = {0, 0};
	struct hdr_field* h = 0;
	int ret, i, res;

	if ((parse_headers(msg, HDR_AUTHORIZATION_F, 0) != 0) && (parse_headers(msg, HDR_PROXYAUTH_F, 0) != 0)) {
		return pi;
	}

	h = msg->authorization;
	if (!msg->authorization) {
		goto fallback;
	}
		
	if (realm.len && realm.s) {
		ret = find_credentials(msg, &realm, HDR_AUTHORIZATION_F, &h);
		if (ret < 0) {
			ret = find_credentials(msg, &realm, HDR_PROXYAUTH_F, &h);
			if (ret < 0) {
				goto fallback;
			} else {
				if (ret >0) {
					goto fallback;
				}
				h = msg->proxy_auth;
			}
		} else {
			if (ret > 0) {
				goto fallback;
			}
		}
	}
	
	if (!h)
		goto fallback;

	res = parse_credentials(h);
	if (res != 0) {
		LOG(L_ERR, "Error while parsing credentials\n");
		return pi;
	}

	if (h) pi = ((auth_body_t*) h->parsed)->digest.username.whole;

	goto done;

fallback:
	pi = cscf_get_public_identity(msg);
	if (pi.len > 4 && strncasecmp(pi.s, "sip:", 4) == 0) {
		pi.s += 4;
		pi.len -= 4;
	}
	for (i = 0; i < pi.len; i++)
		if (pi.s[i] == ';') {
			pi.len = i;
			break;
		}
done:
	return pi;
}
Exemplo n.º 4
0
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
    char *userid;
    X509 *xs;
    PROXY_CERT_INFO_EXTENSION *pci;
    char *credstr;
    PVFS_credentials *credentials;
    char error_msg[256];
    int ret;

    /* prior verifies have succeeded */
    if (ok == 1) 
    {
        /* parse the credential string uid/gid from the policy */
        xs = ctx->current_cert;
        if (xs->ex_flags & EXFLAG_PROXY)
        {
            /* get userid for error logging */
            userid = (char *) X509_STORE_CTX_get_ex_data(ctx, 
                get_proxy_auth_ex_data_userid());
            
            /* get credentials in {UID}/{GID} form from cert policy */
            pci = (PROXY_CERT_INFO_EXTENSION *) 
                    X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);

            if (pci->proxyPolicy->policy != NULL && pci->proxyPolicy->policy->length > 0)
            {
                credstr = (char *) pci->proxyPolicy->policy->data;
                credentials = (PVFS_credentials *) X509_STORE_CTX_get_ex_data(
                    ctx, get_proxy_auth_ex_data_cred());
                ret = parse_credentials(credstr, &credentials->uid, 
                                        &credentials->gid);
                if (ret != 0)
                {
                    _snprintf(error_msg, sizeof(error_msg), "User %s: proxy "
                        "certificate contains invalid credential policy", 
                        userid);
                    report_cert_error(error_msg);
                    ok = 0;
                }
            }
            else
            {
                _snprintf(error_msg, sizeof(error_msg), "User %s: proxy "
                          "certificate contains no credential policy", 
                          userid);
                report_cert_error(error_msg);
                ok = 0;
            }            

            PROXY_CERT_INFO_EXTENSION_free(pci);
        }
    }
    
    return ok;
}
Exemplo n.º 5
0
static str
get_diverter(struct sip_msg *msg)
{
    struct hdr_field *header;
    dig_cred_t *credentials;
    int_str avpname, avpvalue;
    static str diverter;

    diverter.s   = "None";
    diverter.len = 4;

    avpname.n = diverter_avp_id;

    if (search_first_avp(AVP_VAL_STR, avpname, &avpvalue, NULL)) {
        // have a diverted call
        diverter = avpvalue.s;
    } else {
        get_authorized_cred(msg->proxy_auth, &header);
        if (header) {
            credentials = &((auth_body_t*)(header->parsed))->digest;
        } else {
            if (parse_headers(msg, HDR_PROXYAUTH_F, 0) == -1) {
                LOG(L_ERR, "cannot parse Proxy-Authorization header\n");
                return diverter;
            }
            if (!msg->proxy_auth)
                return diverter;
            if (parse_credentials(msg->proxy_auth) != 0) {
                LOG(L_ERR, "cannot parse credentials\n");
                return diverter;
            }
            credentials = &((auth_body_t*)(msg->proxy_auth->parsed))->digest;
        }

        if (credentials->username.user.len > 0 &&
            credentials->username.domain.len > 0 &&
            credentials->realm.len == 0 &&
            credentials->nonce.len == 0 &&
            credentials->response.len == 0) {
            // this is a call diverted from the failure route
            // and sent back to proxy with append_pa_hf()
            diverter = credentials->username.whole;
        }
    }

    return diverter;
}
Exemplo n.º 6
0
/**
 * Find credentials with given realm in a SIP message header.
 * @param _m - the SIP message to look into
 * @param _realm - the realm to match in the authorization header
 * @param _hftype - the header type (HDR_AUTHORIZATION_T,HDR_PROXYAUTH_T)
 * @param _h - header pointer to fill with the match
 * @returns 0 on success, 1 if not found
 * \note This function is taken from the auth module
 */
inline int find_credentials(struct sip_msg* _m, str* _realm,
									hdr_types_t _hftype, struct hdr_field** _h)
{
	struct hdr_field** hook, *ptr, *prev;
	hdr_flags_t hdr_flags;
	int res;
	str* r;

	     /*
	      * Determine if we should use WWW-Authorization or
	      * Proxy-Authorization header fields, this parameter
	      * is set in www_authorize and proxy_authorize
	      */
	switch(_hftype) {
	case HDR_AUTHORIZATION_T: 
							hook = &(_m->authorization);
							hdr_flags=HDR_AUTHORIZATION_F;
							break;
	case HDR_PROXYAUTH_T:
							hook = &(_m->proxy_auth);
							hdr_flags=HDR_PROXYAUTH_F;
							break;
	default:				
							hook = &(_m->authorization);
							hdr_flags=HDR_T2F(_hftype);
							break;
	}

	     /*
	      * If the credentials haven't been parsed yet, do it now
	      */
	if (*hook == 0) {
		     /* No credentials parsed yet */
		if (parse_headers(_m, hdr_flags, 0) == -1) {
			LOG(L_ERR, "find_credentials(): Error while parsing headers\n");
			return -1;
		}
	}

	ptr = *hook;

	     /*
	      * Iterate through the credentials in the message and
	      * find credentials with given realm
	      */
	while(ptr) {
		res = parse_credentials(ptr);
		ptr->type = HDR_AUTHORIZATION_T;
		if (res < 0) {
			LOG(L_ERR, "find_credentials(): Error while parsing credentials\n");
			return (res == -1) ? -2 : -3;
		} else if (res == 0) {
			if (_realm->len) {
				r = &(((auth_body_t*)(ptr->parsed))->digest.realm);
	
				if (r->len == _realm->len) {
					if (!strncasecmp(_realm->s, r->s, r->len)) {
						*_h = ptr;
						return 0;
					}
				}
			}
			else {
				*_h = ptr;
				return 0;
			}
			
		}

		prev = ptr;
		if (parse_headers(_m, hdr_flags, 1) == -1) {
			LOG(L_ERR, "find_credentials(): Error while parsing headers\n");
			return -4;
		} else {
			if (prev != _m->last_header) {
				if (_m->last_header->type == _hftype) ptr = _m->last_header;
				else break;
			} else break;
		}
	}
	
	     /*
	      * Credentials with given realm not found
	      */
	return 1;
}
Exemplo n.º 7
0
/* Find credentials with given realm in a SIP message header */
int find_credentials(struct sip_msg* _m, str* _realm, int _hftype, 
				struct hdr_field** _h)
{
	struct hdr_field** hook, *ptr, *prev;
	int res;
	str* r;
      
	switch(_hftype) 
	{
		case HDR_AUTHORIZATION: hook = &(_m->authorization); break;
		case HDR_PROXYAUTH:     hook = &(_m->proxy_auth);    break;
		default:                hook = &(_m->authorization); break;
	}

	     
     /* If the credentials haven't been parsed yet, do it now */
	if (*hook == 0) 
		if (parse_headers(_m, _hftype, 0) == -1) 
		{
			LOG(L_ERR, M_NAME":find_credentials(): Error while parsing headers\n");
			return -1;
		}
	
	ptr = *hook;

	/* Iterate through the credentials of the message to find 
		credentials with given realm 
	*/
	while(ptr) 
	{
		res = parse_credentials(ptr);
		if (res < 0) 
		{
			LOG(L_ERR, M_NAME":find_credentials(): Error while parsing "
				"credentials\n");
			return (res == -1) ? -2 : -3;
		}
		else 
			if (res == 0) 
			{
				r = &(((auth_body_t*)(ptr->parsed))->digest.realm);
	
				if (r->len == _realm->len) 
				{
					if (!strncasecmp(_realm->s, r->s, r->len)) 
					{
						*_h = ptr;
						return 0;
					}
				}
			}
			
			prev = ptr;
			if (parse_headers(_m, _hftype, 1) == -1) 
			{
				LOG(L_ERR, M_NAME":find_credentials(): Error while parsing"
					" headers\n");
				return -4;
			}
			else 
			{	
				if (prev != _m->last_header) 
				{
					if (_m->last_header->type == _hftype) ptr = _m->last_header;
					else break;
				} 
				else break;
			}
	}
	     
     /* Credentials with given realm not found */
	return 1;
}
Exemplo n.º 8
0
/*
 * Find credentials with given realm in a SIP message header
 */
int find_credentials(struct sip_msg* msg, str* realm,
		hdr_types_t hftype, struct hdr_field** hdr)
{
	struct hdr_field** hook, *ptr;
	hdr_flags_t hdr_flags;
	int res;
	str* r;

	/*
	 * Determine if we should use WWW-Authorization or
	 * Proxy-Authorization header fields, this parameter
	 * is set in www_authorize and proxy_authorize
	 */
	switch(hftype) {
	case HDR_AUTHORIZATION_T:
		hook = &(msg->authorization);
		hdr_flags=HDR_AUTHORIZATION_F;
		break;
	case HDR_PROXYAUTH_T:
		hook = &(msg->proxy_auth);
		hdr_flags=HDR_PROXYAUTH_F;
		break;
	default:
		hook = &(msg->authorization);
		hdr_flags=HDR_T2F(hftype);
		break;
	}

	/*
	 * If the credentials haven't been parsed yet, do it now
	 */
	if (*hook == 0) {
		/* No credentials parsed yet */
		if (parse_headers(msg, hdr_flags, 0) == -1) {
			LM_ERR("error while parsing headers\n");
			return -1;
		}
	}

	ptr = *hook;

	/*
	 * Iterate through the credentials in the message and
	 * find credentials with given realm
	 */
	while(ptr) {
		res = parse_credentials(ptr);
		if (res < 0) {
			LM_ERR("error while parsing credentials\n");
			return (res == -1) ? -2 : -3;
		} else if (res == 0) {
			r = &(((auth_body_t*)(ptr->parsed))->digest.realm);

			if (r->len == realm->len) {
				if (!strncasecmp(realm->s, r->s, r->len)) {
					*hdr = ptr;
					return 0;
				}
			}
		}

		if (parse_headers(msg, hdr_flags, 1) == -1) {
			LM_ERR("error while parsing headers\n");
			return -4;
		} else {
			ptr = next_sibling_hdr(ptr);
			if (!ptr)
				break;
		}
	}

	/*
	 * Credentials with given realm not found
	 */
	return 1;
}
Exemplo n.º 9
0
/*
 * This function encodes an arbitrary header into a chunk of bytes,
 * ready to be sent to the Application Server.
 *
 * The header codes start with this encoded-bytes:
 * 2: SIP-MSG-START based pointer to the header (including header name)
 * 2: length of the header
 * 1: length of the header name
 */
int encode_header(struct sip_msg *sipmsg,struct hdr_field *hdr,unsigned char *payload,int paylen)
{
   int len=0;
   unsigned int integer,*methods=0;
   char *hdrstart,*tmp;
   unsigned short int ptr;
   struct to_body *tobody=0;
   struct via_body *viabody=0;
   struct cseq_body *cseqbody=0;
   char *msg,*myerror;
   int mlen;

   msg=sipmsg->buf;
   mlen=sipmsg->len;
   hdrstart = hdr->name.s;
   if(hdrstart-msg<0){
      LM_ERR("header(%.*s) does not belong to sip_msg(hdrstart<msg)\n",
			  hdr->name.len,hdr->name.s);
      return -1;
   }
   ptr=htons((short int)(hdrstart-msg));
   if((hdrstart-msg)>mlen){
      LM_ERR("out of the sip_msg bounds (%d>%d)\n",ntohs(ptr),mlen);
      return -1;
   }
   if(hdr->len>(1<<16)){
      LM_ERR("length of header too long\n");
      return -1;
   }
   memcpy(payload,&ptr,2);
   ptr=htons((short int)(hdr->len));
   memcpy(payload+HEADER_LEN_IDX,&ptr,2);
   payload[HEADER_NAME_LEN_IDX]=(unsigned char)hdr->name.len;
   switch(hdr->type){
      case HDR_FROM_T:
      case HDR_TO_T:
      case HDR_REFER_TO_T:
      case HDR_RPID_T:
	 if(!hdr->parsed){
	    if((tobody=pkg_malloc(sizeof(struct to_body)))==0){
	       myerror="Out of memory !!\n";
	       goto error;
	    }
	    parse_to(hdr->body.s,hdr->body.s+hdr->body.len+1,tobody);
	    if (tobody->error == PARSE_ERROR) {
	       myerror="bad (REFER,TO,FROM,RPID) header\n";
	       pkg_free(tobody);
	       return 5;
	       goto error;
	    }
	    hdr->parsed=(struct to_body*)tobody;
	 }else
	    tobody=(struct to_body*)hdr->parsed;
	 if((len=encode_to_body(hdr->name.s,hdr->len,tobody,payload+5))<0){
	    myerror="parsing from or to header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_CONTACT_T:
	 if(!hdr->parsed)
	    if(parse_contact(hdr)<0){
	       myerror="parsing contact\n";
	       goto error;
	    }
	 if((len=encode_contact_body(hdr->name.s,hdr->len,(contact_body_t*)hdr->parsed,payload+5))<0){
	    myerror="encoding contact header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_ROUTE_T:
      case HDR_RECORDROUTE_T:
	 if(!hdr->parsed)
	    if(parse_rr(hdr)<0){
	       myerror="encoding route or recordroute\n";
	       goto error;
	    }
	 if((len=encode_route_body(hdr->name.s,hdr->len,(rr_t*)hdr->parsed,payload+5))<0){
	    myerror="encoding route or recordroute header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_CONTENTLENGTH_T:
	 if(!hdr->parsed){
	    tmp=parse_content_length(hdr->body.s,hdr->body.s+hdr->body.len+1,(int*)&integer);
	    if (tmp==0){
	       myerror="bad content_length header\n";
	       goto error;
	    }
	    hdr->parsed=(void*)(long)integer;
	 }
	 if((len=encode_contentlength(hdr->name.s,hdr->len,(long int)hdr->parsed,(char*)(payload+5)))<0){
	    myerror="encoding content-length header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_VIA_T:
	 if(!hdr->parsed){
	    if((viabody=pkg_malloc(sizeof(struct via_body)))==0){
	       myerror="out of memory\n";
	       goto error;
	    }
	    memset(viabody,0,sizeof(struct via_body));
	    if(parse_via(hdr->body.s,hdr->body.s+hdr->body.len+1,viabody)==0){
	       myerror="encoding via \n";
	       goto error;
	    }
	    hdr->parsed=viabody;
	 }
	 if((len=encode_via_body(hdr->name.s,hdr->len,(struct via_body*)hdr->parsed,payload+5))<0){
	    myerror="encoding via header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_ACCEPT_T:
	 if(!hdr->parsed){
	    if(parse_accept_hdr(sipmsg)<0){
	       return 5;
	    }
	 }
	 if((len=encode_accept(hdr->name.s,hdr->len,(unsigned int*)hdr->parsed,(char*)(payload+5)))<0){
	    myerror="encoding via header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_CONTENTTYPE_T:
	 if(!hdr->parsed){
	    if(parse_content_type_hdr(sipmsg)<0){
	       myerror="encoding content-type header\n";
	       goto error;
	    }
	 }
	 if((len=encode_content_type(hdr->name.s,hdr->len,(unsigned int)get_content_type(sipmsg),(char*)(payload+5)))<0){
	    myerror="encoding via header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_CSEQ_T:
	 if(!hdr->parsed){
	    if((cseqbody=pkg_malloc(sizeof(struct cseq_body)))==0){
	       myerror="out of memory\n";
	       goto error;
	    }
	    memset(cseqbody,0,sizeof(struct cseq_body));
	    if(parse_cseq(hdr->name.s,hdr->body.s+hdr->body.len+1,cseqbody)==0){
	       myerror="encoding cseq header\n";
	       goto error;
	    }
	    hdr->parsed=cseqbody;
	 }
	 if((len=encode_cseq(hdr->name.s,hdr->len,(struct cseq_body*)hdr->parsed,payload+5))<0){
	    myerror="encoding via header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_EXPIRES_T:
	 if(!hdr->parsed){
	    if(parse_expires(hdr)<0){
	       myerror="encoding expires header\n";
	       goto error;
	    }
	 }
	 if((len=encode_expires(hdr->name.s,hdr->len,(exp_body_t *)hdr->parsed,payload+5))<0){
	    myerror="encoding expires header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_ALLOW_T:
	 if(!hdr->parsed){
	    if((methods=pkg_malloc(sizeof(unsigned int)))==0){
	       myerror="out of memory\n";
	       goto error;
	    }
	    *methods=0;
	    if(parse_methods(&hdr->body,methods)!=0){
	       myerror="encoding allow header\n";
	       pkg_free(methods);
	       return 5;
	       /*goto error;*/
	    }
	    hdr->parsed=methods;
	 }
	 if((len=encode_allow(hdr->name.s,hdr->len,(unsigned int*)hdr->parsed,(char*)(payload+5)))<0){
	    myerror="encoding allow header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      case HDR_AUTHORIZATION_T:
      case HDR_PROXYAUTH_T:
	 if(!hdr->parsed){
	    if(parse_credentials(hdr)<0){
	       myerror="encoding a digest header\n";
	       goto error;
	    }
	 }
	 if((len=encode_digest(hdr->name.s,hdr->len,(dig_cred_t*)(&(((auth_body_t*)hdr->parsed)->digest)),payload+5))<0){
	    myerror="encoding allow header\n";
	    goto error;
	 }else{
	    return 5+len;
	 }
	 break;
      default:
	 return 5;
   }
   return 1;
error:
   if(tobody)
      pkg_free(tobody);
   if(cseqbody)
      pkg_free(cseqbody);
   if(viabody)
      free_via_list(viabody);
   if(methods)
      pkg_free(methods);
   LM_ERR("%s",myerror);
   return -1;
}