/* Authorize digest credentials */
int authorize(struct sip_msg* msg, str* realm, int hftype)
{
auth_result_t ret;
struct hdr_field* h;
auth_body_t* cred = NULL;
str* uri;
struct sip_uri puri;
str domain;
domain = *realm;
/* see what is to do after a first look at the message */
ret = pre_auth(msg, &domain, hftype, &h);
switch(ret)
{
case ERROR: return 0;
case AUTHORIZED: return 1;
case NO_CREDENTIALS: cred = NULL;
break;
case DO_AUTHORIZATION: cred = (auth_body_t*)h->parsed;
break;
}
if (get_uri(msg, &uri) < 0)
{
LOG(L_ERR, M_NAME":authorize(): From/To URI not found\n");
return -1;
}
if (parse_uri(uri->s, uri->len, &puri) < 0)
{
LOG(L_ERR, M_NAME":authorize(): Error while parsing From/To URI\n");
return -1;
}
// user.s = (char *)pkg_malloc(puri.user.len);
// un_escape(&(puri.user), &user);
/* parse the ruri, if not yet */
if(msg->parsed_uri_ok==0 && parse_sip_msg_uri(msg)<0)
{
LOG(L_ERR,M_NAME":authorize(): ERROR while parsing the Request-URI\n");
return -1;
}
/* preliminary check */
if(cred)
{
if (puri.host.len != cred->digest.realm.len)
{
DBG(M_NAME":authorize(): Credentials realm and URI host do not "
"match\n");
return -1;
}
if (strncasecmp(puri.host.s, cred->digest.realm.s, puri.host.len) != 0)
{
DBG(M_NAME":authorize(): Credentials realm and URI host do not "
"match\n");
return -1;
}
}
if( diameter_authorize(cred?h:NULL, &msg->first_line.u.request.method,
puri, msg->parsed_uri, msg->id, rb) != 1)
{
send_resp(msg, 500, "Internal Server Error", NULL, 0);
return -1;
}
if( srv_response(msg, rb, hftype) != 1 )
return -1;
mark_authorized_cred(msg, h);
return 1;
}
/* Authorize digest credentials */
int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype)
{
auth_result_t ret;
struct hdr_field* h;
auth_body_t* cred = NULL;
str* uri;
struct sip_uri puri;
str domain;
if (realm) {
if (pv_printf_s(msg, realm, &domain)!=0) {
LM_ERR("pv_printf_s failed\n");
return AUTH_ERROR;
}
} else {
domain.len = 0;
domain.s = 0;
}
/* see what is to do after a first look at the message */
ret = diam_pre_auth(msg, &domain, hftype, &h);
switch(ret)
{
case NO_CREDENTIALS: cred = NULL;
break;
case DO_AUTHORIZATION: cred = (auth_body_t*)h->parsed;
break;
default: return ret;
}
if (get_uri(msg, &uri) < 0)
{
LM_ERR("From/To URI not found\n");
return AUTH_ERROR;
}
if (parse_uri(uri->s, uri->len, &puri) < 0)
{
LM_ERR("failed to parse From/To URI\n");
return AUTH_ERROR;
}
// user.s = (char *)pkg_malloc(puri.user.len);
// un_escape(&(puri.user), &user);
/* parse the ruri, if not yet */
if(msg->parsed_uri_ok==0 && parse_sip_msg_uri(msg)<0)
{
LM_ERR("failed to parse the Request-URI\n");
return AUTH_ERROR;
}
/* preliminary check */
if(cred)
{
if (puri.host.len != cred->digest.realm.len)
{
LM_DBG("credentials realm and URI host do not match\n");
return AUTH_ERROR;
}
if (strncasecmp(puri.host.s, cred->digest.realm.s, puri.host.len) != 0)
{
LM_DBG("credentials realm and URI host do not match\n");
return AUTH_ERROR;
}
}
if( diameter_authorize(cred?h:NULL, &msg->first_line.u.request.method,
puri, msg->parsed_uri, msg->id, rb) != 1)
{
send_resp(msg, 500, &dia_500_err, NULL, 0);
return AUTH_ERROR;
}
if( srv_response(msg, rb, hftype) != 1 )
return AUTH_ERROR;
mark_authorized_cred(msg, h);
return AUTHORIZED;
}
