OsStatus
SipRedirectorFallback::determineCallerLocationFromProvisionedUserLocation(
const SipMessage& message,
UtlString& callerLocation )
{
OsStatus result = OS_FAILED;
callerLocation.remove( 0 );
// First, determine the identity of the caller. This is done by looking for
// a properly signed P-Asserted identity in the request message.
// If the request contains a P-Asserted-Identity header and is not signed,
// we will not trust it the returned location will be blank.
UtlString matchedIdentityHeader;
SipXauthIdentity sipxIdentity;
Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "SipRedirectorFallback:: unbound entities allowing: %s", mAllowUnbound ? "TRUE" : "FALSE");
if (!mAllowUnbound) {
SipXauthIdentity sipxIdentity( message, matchedIdentityHeader, false );
} else {
SipXauthIdentity sipxIdentity( message, matchedIdentityHeader, false, SipXauthIdentity::allowUnbound);
}
if( !matchedIdentityHeader.isNull() )
{
UtlString authenticatedUserIdentity;
bool bRequestIsAuthenticated;
bRequestIsAuthenticated = sipxIdentity.getIdentity( authenticatedUserIdentity );
if( bRequestIsAuthenticated )
{
// we now have the autheticated identity of the caller. Look up the user location
// database to find out the location that is mapped to it.
//ResultSet userLocationsResult;
// Check in User Location database if user has locations
//mpUserLocationDbInstance->getLocations( authenticatedUserIdentity, userLocationsResult );
// Get the caller's site location. Only the first returned location is used.
// This is not a problem given that a user should only belong to one location.
EntityRecord entity;
EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB();
if (entityDb->findByIdentity(authenticatedUserIdentity.str(), entity))
{
callerLocation = entity.location().c_str();
result = OS_SUCCESS;
Os::Logger::instance().log(FAC_SIP, PRI_DEBUG,
"%s::determineCallerLocationFromProvisionedUserLocation mapped user '%s' taken from header '%s' to location '%s' based on its provisioned location",
mLogName.data(), authenticatedUserIdentity.data(),
authenticatedUserIdentity.data(),
entity.location().c_str() );
}
}
}
return result;
}
RedirectPlugin::LookUpStatus
SipRedirectorRegDB::lookUp(
const SipMessage& message,
UtlString& requestString,
Url& requestUri,
const UtlString& method,
ContactList& contactList,
RequestSeqNo requestSeqNo,
int redirectorNo,
SipRedirectorPrivateStorage*& privateStorage,
ErrorDescriptor& errorDescriptor)
{
unsigned long timeNow = OsDateTime::getSecsSinceEpoch();
// Local copy of requestUri
Url requestUriCopy = requestUri;
// Look for any grid parameter and remove it.
UtlString gridParameter;
UtlBoolean gridPresent =
requestUriCopy.getUrlParameter("grid", gridParameter, 0);
if (gridPresent)
{
requestUriCopy.removeUrlParameter("grid");
}
if (Os::Logger::instance().willLog(FAC_SIP, PRI_DEBUG))
{
UtlString temp;
requestUriCopy.getUri(temp);
Os::Logger::instance().log(FAC_SIP, PRI_DEBUG,
"%s::lookUp gridPresent = %d, gridParameter = '%s', "
"requestUriCopy after removing grid = '%s'",
mLogName.data(), gridPresent, gridParameter.data(),
temp.data());
}
RegDB::Bindings registrations;
// Give the ~~in~ URIs separate processing.
UtlString user;
requestUriCopy.getUserId(user);
RegDB* regDb = SipRegistrar::getInstance(NULL)->getRegDB();
if (user.index(URI_IN_PREFIX) == 0)
{
// This is a ~~in~ URI.
// Check for an '&' separator.
ssize_t s = user.last('&');
if (s != UTL_NOT_FOUND)
{
// This is a ~~in~[user]&[instrument] URI.
const char* instrumentp = user.data() + s + 1;
UtlString u;
u.append(user,
sizeof (URI_IN_PREFIX) - 1,
s - (sizeof (URI_IN_PREFIX) - 1));
requestUriCopy.setUserId(u);
//regDB->
// getUnexpiredContactsUserInstrument(requestUriCopy, instrumentp, timeNow, registrations);
UtlString identity;
requestUriCopy.getIdentity(identity);
regDb->getUnexpiredContactsUserInstrument(identity.str(), instrumentp, timeNow, registrations);
}
else
{
// This is a ~~in~[instrument] URI.
const char* instrumentp = user.data() + sizeof (URI_IN_PREFIX) - 1;
regDb->getUnexpiredContactsInstrument(instrumentp, timeNow, registrations);
}
}
else
{
// Note that getUnexpiredContactsUser will reduce the requestUri to its
// identity (user/host/port) part before searching in the
// database. The requestUri identity is matched against the
// "identity" column of the database, which is the identity part of
// the "uri" column which is stored in registration.xml.
UtlString identity;
requestUriCopy.getIdentity(identity);
regDb->getUnexpiredContactsUser(identity.str(), timeNow, registrations);
}
int numUnexpiredContacts = registrations.size();
Os::Logger::instance().log(FAC_SIP, PRI_DEBUG,
"%s::lookUp got %d unexpired contacts",
mLogName.data(), numUnexpiredContacts);
// Check for a per-user call forward timer.
// Don't set timer if we're not going to forward to voicemail.
std::ostringstream userCfwdTimer;
bool foundUserCfwdTimer = false;
if (method.compareTo(SIP_INVITE_METHOD) == 0)
{
UtlString noRoute;
requestUriCopy.getUrlParameter("sipx-noroute", noRoute);
if ((!noRoute.isNull()) && (noRoute.compareTo("Voicemail") == 0))
{
// This is not a call scenerio controlled by this users "forward to voicemail" timer
}
else
{
UtlString identity;
requestUriCopy.getIdentity(identity);
EntityRecord entity;
EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB();
foundUserCfwdTimer = entityDb->findByIdentity(identity.str(), entity);
if (foundUserCfwdTimer)
userCfwdTimer << entity.callForwardTime();
}
}
for (RegDB::Bindings::const_iterator iter = registrations.begin(); iter != registrations.end(); iter++)
{
// Query the Registration DB for the contact, expires and qvalue columns.
Os::Logger::instance().log(FAC_SIP, PRI_DEBUG,
"%s::lookUp contact = '%s', qvalue = '%s', path = '%s'",
mLogName.data(), iter->getContact().c_str(), iter->getQvalue().c_str(), iter->getPath().c_str() );
Url contactUri(iter->getContact().c_str());
// If available set the per-user call forward timer.
if (foundUserCfwdTimer)
{
contactUri.setHeaderParameter("expires", userCfwdTimer.str().c_str());
}
// If the contact URI is the same as the request URI, ignore it.
if (!contactUri.isUserHostPortEqual(requestUriCopy))
{
// Check if the q-value from the database is valid, and if so,
// add it into contactUri.
if (!iter->getQvalue().empty())
{
// :TODO: (XPL-3) need a RegEx copy constructor here
// Check if q value is numeric and between the range 0.0 and 1.0.
static RegEx qValueValid("^(0(\\.\\d{0,3})?|1(\\.0{0,3})?)$");
if (qValueValid.Search(iter->getQvalue().c_str()))
{
contactUri.setFieldParameter(SIP_Q_FIELD, iter->getQvalue().c_str());
}
}
// Re-apply any grid parameter.
if (gridPresent)
{
contactUri.setUrlParameter("grid", gridParameter);
}
contactUri.setUrlParameter(SIP_SIPX_CALL_DEST_FIELD, "INT");
// Check if database contained a Path value. If so, add a Route
// header parameter to the contact with the Path vector taken from
// the registration data.
if (!iter->getPath().empty())
{
UtlString existingRouteValue;
std::string pathVector = iter->getPath();
if ( contactUri.getHeaderParameter(SIP_ROUTE_FIELD, existingRouteValue))
{
// there is already a Route header parameter in the contact; append it to the
// Route derived from the Path vector.
pathVector += SIP_MULTIFIELD_SEPARATOR;
pathVector += existingRouteValue.str();
}
contactUri.setHeaderParameter(SIP_ROUTE_FIELD, pathVector.c_str());
}
// Add the contact.
contactList.add( contactUri, *this );
}
}
return RedirectPlugin::SUCCESS;
}
UtlBoolean
SubscribeServerThread::isAuthorized (
const SipMessage* message,
SipMessage *responseMessage,
StatusPluginReference* pluginContainer)
{
UtlBoolean retIsAuthorized = FALSE;
UtlString requestUser;
Url identityUrl;
message->getUri(NULL, NULL, NULL, &requestUser);
identityUrl.setUserId(requestUser);
identityUrl.setHostAddress(mDefaultDomain);
EntityDB* entityDb = StatusServer::getInstance()->getEntityDb();
if( pluginContainer )
{
// if the plugin has permissions, we must match all these against the IMDB
if( pluginContainer->hasPermissions() )
{
// permission required. Check for required permission in permission IMDB
// All required permissions should match
EntityRecord entity;
entityDb->findByIdentity(identityUrl, entity);
std::set<std::string> permissions = entity.permissions();
int numDBPermissions = permissions.size();
if( numDBPermissions > 0 )
{
UtlBoolean nextPermissionMatched = TRUE;
UtlSListIterator* pluginPermissionIterator = pluginContainer->permissionsIterator();
UtlString* pluginPermission;
// Iterated through the plugin permissions matching
// them one by one against the IMDB
while( (pluginPermission = (UtlString*)(*pluginPermissionIterator)())
&& nextPermissionMatched
)
{
//check againt all permissions in IMDB
nextPermissionMatched = FALSE;
UtlString identity, permission;
for ( std::set<std::string>::iterator iter = permissions.begin(); iter != permissions.end(); iter++ )
{
permission = iter->c_str();
if (pluginPermission->compareTo(permission, UtlString::ignoreCase ) == 0)
{
nextPermissionMatched = TRUE;
break;
}
}
}
delete pluginPermissionIterator;
// after going thru all permissions find out if all matched or not
if( nextPermissionMatched )
{
Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -"
" All permissions matched - request is AUTHORIZED");
retIsAuthorized = TRUE;
}
else
{
Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -"
" One or more Permissions did not match - request is UNAUTHORIZED");
retIsAuthorized = FALSE;
}
}
else
{
// one or more permissions needed by plugin and none in IMDB => UNAUTHORIZED
Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -"
" No Permissions in IMDB - request is UNAUTHORIZED");
retIsAuthorized = FALSE;
}
}
else
{
Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "SubscribeServerThread::isAuthorized() -"
" No Permissions required - request is always AUTHORIZED");
retIsAuthorized = TRUE;
}
}
//set the error response message id unauthorized
if(!retIsAuthorized)
{
responseMessage->setResponseData(message,SIP_FORBIDDEN_CODE, SIP_FORBIDDEN_TEXT);
}
return retIsAuthorized;
}
