| c64dbbd1 |
/*
* $Id$
*
* Copyright (C) 2007 1&1 Internet AG
*
|
| 27642a08 |
* This file is part of Kamailio, a free SIP server.
|
| c64dbbd1 |
*
|
| 27642a08 |
* Kamailio is free software; you can redistribute it and/or modify
|
| c64dbbd1 |
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version
*
|
| 27642a08 |
* Kamailio is distributed in the hope that it will be useful,
|
| c64dbbd1 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
|
| 1f8e65ee |
/*!
* \file
* \brief USERBLACKLIST :: module definitions
* \ingroup userblacklist
* - Module: \ref userblacklist
*/
/*!
* \defgroup userblacklist USERBLACKLIST :: The Kamailio userblacklist Module
*
* The userblacklist module allows Kamailio to handle blacklists on a per user basis.
* This information is stored in a database table, which is queried to decide if the
* number (more exactly, the request URI user) is blacklisted or not.
* An additional functionality that this module provides is the ability to handle
* global blacklists. This lists are loaded on startup into memory, thus providing a
* better performance then in the userblacklist case.
*/
|
| c64dbbd1 |
#include <string.h>
#include "../../parser/parse_uri.h"
#include "../../mem/shm_mem.h"
#include "../../sr_module.h"
|
| 3cb0009d |
#include "../../lib/kmi/mi.h"
|
| c64dbbd1 |
#include "../../mem/mem.h"
#include "../../usr_avp.h"
#include "../../locking.h"
#include "../../error.h"
#include "../../ut.h"
#include "../../mod_fix.h"
|
| f1a4d217 |
#include "../../lib/trie/dtrie.h"
|
| c64dbbd1 |
#include "db.h"
|
| 9230c04c |
#include "db_userblacklist.h"
|
| c64dbbd1 |
MODULE_VERSION
#define MAXNUMBERLEN 31
typedef struct _avp_check
{
int avp_flags;
int_str avp_name;
} avp_check_t;
struct check_blacklist_fs_t {
|
| dc10e758 |
struct dtrie_node_t *dtrie_root;
|
| c64dbbd1 |
};
|
| 9230c04c |
str userblacklist_db_url = str_init(DEFAULT_RODB_URL);
|
| c64dbbd1 |
static int use_domain = 0;
/* ---- fixup functions: */
static int check_blacklist_fixup(void** param, int param_no);
static int check_user_blacklist_fixup(void** param, int param_no);
/* ---- exported commands: */
|
| 0fe12cbb |
static int check_user_blacklist(struct sip_msg *msg, char* str1, char* str2, char* str3, char* str4);
|
| 9a0b1825 |
static int check_user_whitelist(struct sip_msg *msg, char* str1, char* str2, char* str3, char* str4);
|
| 0fe12cbb |
static int check_blacklist(struct sip_msg *msg, struct check_blacklist_fs_t *arg1);
|
| c64dbbd1 |
/* ---- module init functions: */
static int mod_init(void);
static int child_init(int rank);
static int mi_child_init(void);
static void mod_destroy(void);
/* --- fifo functions */
|
| bb30e4a8 |
struct mi_root * mi_reload_blacklist(struct mi_root* cmd, void* param); /* usage: kamctl fifo reload_blacklist */
|
| c64dbbd1 |
static cmd_export_t cmds[]={
{ "check_user_blacklist", (cmd_function)check_user_blacklist, 2, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| 9a0b1825 |
{ "check_user_whitelist", (cmd_function)check_user_whitelist, 2, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| 0fe12cbb |
{ "check_user_blacklist", (cmd_function)check_user_blacklist, 3, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| 9a0b1825 |
{ "check_user_whitelist", (cmd_function)check_user_whitelist, 3, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| 0fe12cbb |
{ "check_user_blacklist", (cmd_function)check_user_blacklist, 4, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| 9a0b1825 |
{ "check_user_whitelist", (cmd_function)check_user_whitelist, 4, check_user_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
|
| c64dbbd1 |
{ "check_blacklist", (cmd_function)check_blacklist, 1, check_blacklist_fixup, 0, REQUEST_ROUTE | FAILURE_ROUTE },
{ 0, 0, 0, 0, 0, 0}
};
static param_export_t params[] = {
|
| 9230c04c |
userblacklist_DB_URL
userblacklist_DB_TABLE
globalblacklist_DB_TABLE
userblacklist_DB_COLS
globalblacklist_DB_COLS
|
| c64dbbd1 |
{ "use_domain", INT_PARAM, &use_domain },
{ 0, 0, 0}
};
/* Exported MI functions */
static mi_export_t mi_cmds[] = {
{ "reload_blacklist", mi_reload_blacklist, MI_NO_INPUT_FLAG, 0, mi_child_init },
{ 0, 0, 0, 0, 0}
};
struct module_exports exports= {
"userblacklist",
|
| 0fe12cbb |
DEFAULT_DLFLAGS,
|
| c64dbbd1 |
cmds,
params,
0,
mi_cmds,
0,
|
| 0fe12cbb |
0,
mod_init,
|
| c64dbbd1 |
0,
mod_destroy,
child_init
};
struct source_t {
struct source_t *next;
/** prefixes to be used are stored in this table */
char *table;
/** d-tree structure: will be built from data in database */
|
| dc10e758 |
struct dtrie_node_t *dtrie_root;
|
| c64dbbd1 |
};
struct source_list_t {
struct source_t *head;
};
static gen_lock_t *lock = NULL;
static struct source_list_t *sources = NULL;
|
| dc10e758 |
static struct dtrie_node_t *dtrie_root;
|
| c64dbbd1 |
static int check_user_blacklist_fixup(void** param, int param_no)
{
pv_elem_t *model=NULL;
str s;
/* convert to str */
s.s = (char*)*param;
s.len = strlen(s.s);
|
| 0fe12cbb |
if (param_no > 0 && param_no <= 4) {
if(s.len == 0 && param_no != 4) {
LM_ERR("no parameter %d\n", param_no);
|
| c64dbbd1 |
return E_UNSPEC;
}
if(pv_parse_format(&s, &model) < 0 || !model) {
|
| 0fe12cbb |
LM_ERR("wrong format [%.*s] for parameter %d\n", s.len, s.s, param_no);
|
| c64dbbd1 |
return E_UNSPEC;
}
|
| 0fe12cbb |
|
| c64dbbd1 |
if(!model->spec.getf) {
if(param_no == 1) {
|
| 0fe12cbb |
if(str2int(&s, (unsigned int*)&model->spec.pvp.pvn.u.isname.name.n) != 0) {
LM_ERR("wrong value [%.*s] for parameter %d\n", s.len, s.s, param_no);
|
| c64dbbd1 |
return E_UNSPEC;
|
| 0fe12cbb |
}
} else {
if(param_no == 2 || param_no == 3) {
LM_ERR("wrong value [%.*s] for parameter %d\n", s.len, s.s, param_no);
return E_UNSPEC;
} else {
// only a string
return 0;
}
|
| c64dbbd1 |
}
}
*param = (void*)model;
|
| 0fe12cbb |
} else {
LM_ERR("wrong number of parameters\n");
|
| c64dbbd1 |
}
return 0;
}
|
| 9a0b1825 |
static int check_user_list(struct sip_msg *msg, char* str1, char* str2, char* str3, char* str4, int listtype)
|
| c64dbbd1 |
{
str user = { .len = 0, .s = NULL };
str domain = { .len = 0, .s = NULL};
|
| 0fe12cbb |
str table = { .len = 0, .s = NULL};
str number = { .len = 0, .s = NULL};
|
| 4074d000 |
void **nodeflags;
|
| 0fe12cbb |
char *ptr;
|
| c64dbbd1 |
char req_number[MAXNUMBERLEN+1];
|
| 0fe12cbb |
/* user */
|
| c64dbbd1 |
if(((pv_elem_p)str1)->spec.getf) {
if(pv_printf_s(msg, (pv_elem_p)str1, &user) != 0) {
LM_ERR("cannot print user pseudo-variable\n");
return -1;
}
}
|
| 0fe12cbb |
/* domain */
if(((pv_elem_p)str2)->spec.getf) {
|
| c64dbbd1 |
if(pv_printf_s(msg, (pv_elem_p)str2, &domain) != 0) {
LM_ERR("cannot print domain pseudo-variable\n");
return -1;
}
}
|
| 0fe12cbb |
/* source number */
if(str3 != NULL && ((pv_elem_p)str3)->spec.getf) {
if(pv_printf_s(msg, (pv_elem_p)str3, &number) != 0) {
LM_ERR("cannot print number pseudo-variable\n");
return -1;
}
}
/* table name */
if(str4 != NULL && strlen(str4) > 0) {
/* string */
table.s=str4;
table.len=strlen(str4);
} else {
/* use default table name */
|
| 9230c04c |
table.len=userblacklist_table.len;
table.s=userblacklist_table.s;
|
| 0fe12cbb |
}
|
| c64dbbd1 |
if (msg->first_line.type != SIP_REQUEST) {
LM_ERR("SIP msg is not a request\n");
return -1;
}
|
| 0fe12cbb |
if(number.s == NULL) {
/* use R-URI */
if ((parse_sip_msg_uri(msg) < 0) || (!msg->parsed_uri.user.s) || (msg->parsed_uri.user.len > MAXNUMBERLEN)) {
LM_ERR("cannot parse msg URI\n");
return -1;
}
strncpy(req_number, msg->parsed_uri.user.s, msg->parsed_uri.user.len);
req_number[msg->parsed_uri.user.len] = '\0';
} else {
if (number.len > MAXNUMBERLEN) {
LM_ERR("number to long\n");
return -1;
}
strncpy(req_number, number.s, number.len);
req_number[number.len] = '\0';
|
| c64dbbd1 |
}
|
| 0fe12cbb |
LM_DBG("check entry %s for user %.*s on domain %.*s in table %.*s\n", req_number,
user.len, user.s, domain.len, domain.s, table.len, table.s);
|
| dc10e758 |
if (db_build_userbl_tree(&user, &domain, &table, dtrie_root, use_domain) < 0) {
|
| c64dbbd1 |
LM_ERR("cannot build d-tree\n");
return -1;
}
|
| 0fe12cbb |
ptr = req_number;
/* Skip over non-digits. */
while (strlen(ptr) > 0 && !isdigit(*ptr)) {
ptr = ptr + 1;
}
|
| d72deb95 |
nodeflags = dtrie_longest_match(dtrie_root, ptr, strlen(ptr), NULL, 10);
|
| 4074d000 |
if (nodeflags) {
if (*nodeflags == (void *)MARK_WHITELIST) {
|
| c64dbbd1 |
/* LM_ERR("whitelisted"); */
return 1; /* found, but is whitelisted */
}
|
| 0fe12cbb |
} else {
|
| 9a0b1825 |
if(!listtype) {
/* LM_ERR("not found return 1"); */
return 1; /* not found is ok */
} else {
/* LM_ERR("not found return -1"); */
return -1; /* not found is not ok */
}
|
| c64dbbd1 |
}
LM_DBG("entry %s is blacklisted\n", req_number);
return -1;
}
|
| 9a0b1825 |
static int check_user_whitelist(struct sip_msg *msg, char* str1, char* str2, char* str3, char* str4)
{
return check_user_list(msg, str1, str2, str3, str4, 1);
}
static int check_user_blacklist(struct sip_msg *msg, char* str1, char* str2, char* str3, char* str4)
{
return check_user_list(msg, str1, str2, str3, str4, 0);
}
|
| c64dbbd1 |
/**
* Finds d-tree root for given table.
* \return pointer to d-tree root on success, NULL otherwise
*/
|
| dc10e758 |
static struct dtrie_node_t *table2dt(const char *table)
|
| c64dbbd1 |
{
struct source_t *src = sources->head;
while (src) {
|
| dc10e758 |
if (strcmp(table, src->table) == 0) return src->dtrie_root;
|
| c64dbbd1 |
src = src->next;
}
LM_ERR("invalid table '%s'.\n", table);
return NULL;
}
/**
* Adds a new table to the list, if the table is
* already present, nothing will be done.
* \return zero on success, negative on errors
*/
static int add_source(const char *table)
{
/* check if the table is already present */
struct source_t *src = sources->head;
while (src) {
if (strcmp(table, src->table) == 0) return 0;
src = src->next;
}
src = shm_malloc(sizeof(struct source_t));
if (!src) {
|
| 5e44df26 |
SHM_MEM_ERROR;
|
| c64dbbd1 |
return -1;
}
memset(src, 0, sizeof(struct source_t));
src->next = sources->head;
sources->head = src;
src->table = shm_malloc(strlen(table)+1);
if (!src->table) {
|
| 5e44df26 |
SHM_MEM_ERROR;
|
| c64dbbd1 |
shm_free(src);
return -1;
}
strcpy(src->table, table);
LM_DBG("add table %s", table);
|
| d72deb95 |
src->dtrie_root = dtrie_init(10);
|
| dc10e758 |
if (src->dtrie_root == NULL) {
LM_ERR("could not initialize data");
return -1;
}
return 0;
|
| c64dbbd1 |
}
static int check_blacklist_fixup(void **arg, int arg_no)
{
char *table = (char *)(*arg);
|
| dc10e758 |
struct dtrie_node_t *node = NULL;
|
| 275899b1 |
struct check_blacklist_fs_t *new_arg;
|
| c64dbbd1 |
if (arg_no != 1) {
|
| 0fe12cbb |
LM_ERR("wrong number of parameters\n");
|
| c64dbbd1 |
return -1;
}
if (!table) {
|
| 0fe12cbb |
LM_ERR("no table name\n");
|
| c64dbbd1 |
return -1;
}
/* try to add the table */
if (add_source(table) != 0) {
LM_ERR("could not add table");
return -1;
}
/* get the node that belongs to the table */
node = table2dt(table);
if (!node) {
|
| 0fe12cbb |
LM_ERR("invalid table '%s'\n", table);
|
| c64dbbd1 |
return -1;
}
|
| 275899b1 |
new_arg = pkg_malloc(sizeof(struct check_blacklist_fs_t));
|
| c64dbbd1 |
if (!new_arg) {
|
| 5e44df26 |
PKG_MEM_ERROR;
|
| c64dbbd1 |
return -1;
}
memset(new_arg, 0, sizeof(struct check_blacklist_fs_t));
|
| dc10e758 |
new_arg->dtrie_root = node;
|
| c64dbbd1 |
*arg=(void*)new_arg;
return 0;
}
|
| 0fe12cbb |
static int check_blacklist(struct sip_msg *msg, struct check_blacklist_fs_t *arg1)
|
| c64dbbd1 |
{
|
| 4074d000 |
void **nodeflags;
|
| 0fe12cbb |
char *ptr;
|
| c64dbbd1 |
char req_number[MAXNUMBERLEN+1];
|
| 8c2f0b88 |
int ret = -1;
|
| c64dbbd1 |
if (msg->first_line.type != SIP_REQUEST) {
LM_ERR("SIP msg is not a request\n");
return -1;
}
if (parse_sip_msg_uri(msg) < 0) {
LM_ERR("cannot parse msg URI\n");
return -1;
}
if ((parse_sip_msg_uri(msg) < 0) || (!msg->parsed_uri.user.s) || (msg->parsed_uri.user.len > MAXNUMBERLEN)) {
LM_ERR("cannot parse msg URI\n");
return -1;
}
strncpy(req_number, msg->parsed_uri.user.s, msg->parsed_uri.user.len);
req_number[msg->parsed_uri.user.len] = '\0';
|
| 0fe12cbb |
ptr = req_number;
/* Skip over non-digits. */
while (strlen(ptr) > 0 && !isdigit(*ptr)) {
ptr = ptr + 1;
}
|
| c64dbbd1 |
LM_DBG("check entry %s\n", req_number);
|
| 8c2f0b88 |
/* avoids dirty reads when updating d-tree */
lock_get(lock);
|
| d72deb95 |
nodeflags = dtrie_longest_match(arg1->dtrie_root, ptr, strlen(ptr), NULL, 10);
|
| 4074d000 |
if (nodeflags) {
if (*nodeflags == (void *)MARK_WHITELIST) {
|
| c64dbbd1 |
/* LM_DBG("whitelisted"); */
|
| 8c2f0b88 |
ret = 1; /* found, but is whitelisted */
|
| c64dbbd1 |
}
}
else {
/* LM_ERR("not found"); */
|
| 8c2f0b88 |
ret = 1; /* not found is ok */
|
| c64dbbd1 |
}
|
| 8c2f0b88 |
lock_release(lock);
|
| c64dbbd1 |
LM_DBG("entry %s is blacklisted\n", req_number);
|
| 8c2f0b88 |
return ret;
|
| c64dbbd1 |
}
/**
* Fills the d-tree for all configured and prepared sources.
* \return 0 on success, -1 otherwise
*/
static int reload_sources(void)
{
int result = 0;
str tmp;
|
| 275899b1 |
struct source_t *src;
int n;
|
| c64dbbd1 |
/* critical section start: avoids dirty reads when updating d-tree */
lock_get(lock);
|
| 275899b1 |
src = sources->head;
|
| c64dbbd1 |
while (src) {
tmp.s = src->table;
tmp.len = strlen(src->table);
|
| 275899b1 |
n = db_reload_source(&tmp, src->dtrie_root);
|
| c64dbbd1 |
if (n < 0) {
|
| 0fe12cbb |
LM_ERR("cannot reload source from '%.*s'\n", tmp.len, tmp.s);
|
| c64dbbd1 |
result = -1;
break;
}
|
| 0fe12cbb |
LM_INFO("got %d entries from '%.*s'\n", n, tmp.len, tmp.s);
|
| c64dbbd1 |
src = src->next;
}
/* critical section end */
lock_release(lock);
return result;
}
static int init_source_list(void)
{
sources = shm_malloc(sizeof(struct source_list_t));
if (!sources) {
|
| 5e44df26 |
SHM_MEM_ERROR;
|
| c64dbbd1 |
return -1;
}
sources->head = NULL;
return 0;
}
static void destroy_source_list(void)
{
if (sources) {
while (sources->head) {
struct source_t *src = sources->head;
sources->head = src->next;
if (src->table) shm_free(src->table);
|
| d72deb95 |
dtrie_destroy(&(src->dtrie_root), NULL, 10);
|
| c64dbbd1 |
shm_free(src);
}
shm_free(sources);
sources = NULL;
}
}
static int init_shmlock(void)
{
lock = lock_alloc();
if (!lock) {
LM_CRIT("cannot allocate memory for lock.\n");
return -1;
}
if (lock_init(lock) == 0) {
LM_CRIT("cannot initialize lock.\n");
return -1;
}
return 0;
}
static void destroy_shmlock(void)
{
if (lock) {
lock_destroy(lock);
lock_dealloc((void *)lock);
lock = NULL;
}
}
struct mi_root * mi_reload_blacklist(struct mi_root* cmd, void* param)
{
struct mi_root * tmp = NULL;
if(reload_sources() == 0) {
|
| dc10e758 |
tmp = init_mi_tree( 200, MI_OK_S, MI_OK_LEN);
|
| c64dbbd1 |
} else {
tmp = init_mi_tree( 500, "cannot reload blacklist", 21);
}
return tmp;
}
static int mod_init(void)
{
|
| 571bc6e4 |
if(register_mi_mod(exports.name, mi_cmds)!=0)
{
LM_ERR("failed to register MI commands\n");
return -1;
}
|
| 9230c04c |
userblacklist_db_vars();
|
| c64dbbd1 |
|
| 9230c04c |
if (userblacklist_db_init() != 0) return -1;
|
| c64dbbd1 |
if (init_shmlock() != 0) return -1;
if (init_source_list() != 0) return -1;
return 0;
}
static int child_init(int rank)
{
|
| 82a5ef65 |
if (rank==PROC_INIT || rank==PROC_MAIN || rank==PROC_TCP_MAIN)
return 0; /* do nothing for the main process */
|
| 9230c04c |
if (userblacklist_db_open() != 0) return -1;
|
| d72deb95 |
dtrie_root=dtrie_init(10);
|
| dc10e758 |
if (dtrie_root == NULL) {
LM_ERR("could not initialize data");
return -1;
}
|
| c64dbbd1 |
/* because we've added new sources during the fixup */
if (reload_sources() != 0) return -1;
return 0;
}
static int mi_child_init(void)
{
|
| 9230c04c |
if (userblacklist_db_open() != 0) return -1;
|
| d72deb95 |
dtrie_root=dtrie_init(10);
|
| dc10e758 |
if (dtrie_root == NULL) {
LM_ERR("could not initialize data");
return -1;
}
|
| c64dbbd1 |
/* because we've added new sources during the fixup */
if (reload_sources() != 0) return -1;
return 0;
}
static void mod_destroy(void)
{
destroy_source_list();
destroy_shmlock();
|
| 9230c04c |
userblacklist_db_close();
|
| d72deb95 |
dtrie_destroy(&dtrie_root, NULL, 10);
|
| c64dbbd1 |
}
|