modules/auth_ephemeral/autheph_mod.c
0bea7f63
 /* 
  * $Id$
  *
  * Copyright (C) 2013 Crocodile RCS Ltd
  *
  * This file is part of Kamailio, a free SIP server.
  *
  * Kamailio is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version
  *
  * Kamailio is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License 
  * along with this program; if not, write to the Free Software 
9e1ff448
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
0bea7f63
  *
99960be1
  * Exception: permission to copy, modify, propagate, and distribute a work
  * formed by combining OpenSSL toolkit software and the code in this file,
  * such as linking with software components and libraries released under
  * OpenSSL project license.
  *
0bea7f63
  */
 #include "../../dprint.h"
fd9fcd75
 #include "../../locking.h"
0bea7f63
 #include "../../mod_fix.h"
 #include "../../sr_module.h"
 #include "../../str.h"
fd9fcd75
 #include "../../lib/kmi/mi.h"
0bea7f63
 #include "../../modules/auth/api.h"
 
 #include "autheph_mod.h"
 #include "authorize.h"
e45df83d
 #include "checks.h"
0bea7f63
 
 MODULE_VERSION
 
 static int mod_init(void);
 static void destroy(void);
 
e45df83d
 static int secret_param(modparam_t _type, void *_val);
0bea7f63
 struct secret *secret_list = NULL;
fd9fcd75
 static struct mi_root *mi_dump_secrets(struct mi_root *cmd, void *param);
 static struct mi_root *mi_add_secret(struct mi_root *cmd, void *param);
 static struct mi_root *mi_rm_secret(struct mi_root *cmd, void *param);
 gen_lock_t *autheph_secret_lock = NULL;
0bea7f63
 
e45df83d
 autheph_username_format_t autheph_username_format = AUTHEPH_USERNAME_IETF;
 
0bea7f63
 auth_api_s_t eph_auth_api;
 
 static cmd_export_t cmds[]=
 {
 	{ "autheph_check", (cmd_function) autheph_check,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_www", (cmd_function) autheph_www,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_www", (cmd_function) autheph_www2,
 	  2, fixup_var_str_12, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_proxy", (cmd_function) autheph_proxy,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
e45df83d
 	{ "autheph_authenticate", (cmd_function) autheph_authenticate,
 	  2, fixup_var_str_12, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_check_from", (cmd_function) autheph_check_from0,
 	  0, 0, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_check_from", (cmd_function) autheph_check_from1,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_check_to", (cmd_function) autheph_check_to0,
 	  0, 0, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_check_to", (cmd_function) autheph_check_to1,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
 	{ "autheph_check_timestamp", (cmd_function) autheph_check_timestamp,
 	  1, fixup_var_str_1, 0,
 	  REQUEST_ROUTE },
0bea7f63
 	{0, 0, 0, 0, 0, 0}
 };
 
 static param_export_t params[]=
 {
e8025176
 	{ "secret",		PARAM_STRING|USE_FUNC_PARAM,
0bea7f63
 	  (void *) secret_param },
e45df83d
 	{ "username_format",	INT_PARAM,
 	  &autheph_username_format },
0bea7f63
 	{0, 0, 0}
 };
 
fd9fcd75
 static mi_export_t mi_cmds[] =
 {
 	{ "autheph.add_secret",		mi_add_secret,	0, 0, 0 },
 	{ "autheph.dump_secrets",	mi_dump_secrets,0, 0, 0 },
 	{ "autheph.rm_secret",		mi_rm_secret,	0, 0, 0 },
 
 	{ 0, 0, 0, 0, 0 }
 };
 
0bea7f63
 struct module_exports exports=
 {
 	"auth_ephemeral", 
 	DEFAULT_DLFLAGS,	/* dlopen flags */
 	cmds,			/* Exported functions */
 	params,			/* Exported parameters */
 	0,			/* exported statistics */
fd9fcd75
 	mi_cmds,		/* exported MI functions */
0bea7f63
 	0,			/* exported pseudo-variables */
 	0,			/* extra processes */
 	mod_init,		/* module initialization function */
 	0,			/* response function */
 	destroy,		/* destroy function */
 	0			/* child initialization function */
 };
 
 static int mod_init(void)
 {
 	bind_auth_s_t bind_auth;
 
fd9fcd75
 	if (register_mi_mod(exports.name, mi_cmds) != 0)
 	{
 		LM_ERR("registering MI commands\n");
 		return -1;
 	}
 
0bea7f63
 	if (secret_list == NULL)
 	{
 		LM_ERR("secret modparam not set\n");
 		return -1;
 	}
 
e45df83d
 	switch(autheph_username_format)
0bea7f63
 	{
e45df83d
 	case AUTHEPH_USERNAME_NON_IETF:
 		LM_WARN("the %d value for the username_format modparam is "
 			"deprecated. You should update the web-service that "
 			"generates credentials to use the format specified in "
 			"draft-uberti-rtcweb-turn-rest.\n",
 			autheph_username_format);
 		/* Fall-thru */
 	case AUTHEPH_USERNAME_IETF:
 		break;
 
 	default:
 		LM_ERR("bad value for username_format modparam: %d\n",
 			autheph_username_format);
 		return -1;
0bea7f63
 	}
 
e45df83d
 	bind_auth = (bind_auth_s_t) find_export("bind_auth_s", 0, 0);
 	if (bind_auth)
 	{
 		if (bind_auth(&eph_auth_api) < 0)
 		{
 			LM_ERR("unable to bind to auth module\n");
 			return -1;
 		}
 	}
 	else
0bea7f63
 	{
e45df83d
 		memset(&eph_auth_api, 0, sizeof(auth_api_s_t));
 		LM_INFO("auth module not loaded - digest authentication and "
 			"check functions will not be available\n");
0bea7f63
 	}
 
 	return 0;
 }
 
 static void destroy(void)
 {
 	struct secret *secret_struct;
 
fd9fcd75
 	if (secret_list != NULL)
0bea7f63
 	{
fd9fcd75
 		SECRET_UNLOCK;
 		SECRET_LOCK;
 		while (secret_list != NULL)
0bea7f63
 		{
fd9fcd75
 			secret_struct = secret_list;
 			secret_list = secret_struct->next;
 
 			if (secret_struct->secret_key.s != NULL)
 			{
 				shm_free(secret_struct->secret_key.s);
 			}
 			shm_free(secret_struct);
0bea7f63
 		}
fd9fcd75
 		SECRET_UNLOCK;
 	}
 
 	if (autheph_secret_lock != NULL)
 	{
 		lock_destroy(autheph_secret_lock);
 		lock_dealloc((void *) autheph_secret_lock);
0bea7f63
 	}
 }
 
e45df83d
 static inline int add_secret(str _secret_key)
0bea7f63
 {
 	struct secret *secret_struct;
 
fd9fcd75
 	if (autheph_secret_lock == NULL)
 	{
 		autheph_secret_lock = lock_alloc();
 		if (autheph_secret_lock == NULL)
 		{
 			LM_ERR("allocating lock\n");
 			return -1;
 		}
 		if (lock_init(autheph_secret_lock) == 0)
 		{
 			LM_ERR("initialising lock\n");
 			return -1;
 		}
 	}
 
0bea7f63
 	secret_struct = (struct secret *) shm_malloc(sizeof(struct secret));
 	if (secret_struct == NULL)
 	{
 		LM_ERR("unable to allocate shared memory\n");
 		return -1;
 	}
 
 	memset(secret_struct, 0, sizeof (struct secret));
fd9fcd75
 	secret_struct->secret_key = _secret_key;
 	SECRET_LOCK;
 	if (secret_list != NULL)
 	{
 		secret_list->prev = secret_struct;
 	}
0bea7f63
 	secret_struct->next = secret_list;
 	secret_list = secret_struct;
fd9fcd75
 	SECRET_UNLOCK;
0bea7f63
 
 	return 0;
 }
 
fd9fcd75
 static inline int rm_secret(int _id)
 {
 	int pos = 0;
 	struct secret *secret_struct;
 
 	if (secret_list == NULL)
 	{
 		LM_ERR("secret list empty\n");
 		return -1;
 	}
 
 	SECRET_LOCK;
 	secret_struct = secret_list;
 	while (pos <= _id && secret_struct != NULL)
 	{
 		if (pos == _id)
 		{
 			if (secret_struct->prev != NULL)
 			{
 				secret_struct->prev->next = secret_struct->next;
 			}
 			if (secret_struct->next != NULL)
 			{
 				secret_struct->next->prev = secret_struct->prev;
 			}
 			if (pos == 0)
 			{
 				secret_list = secret_struct->next;
 			}
 			SECRET_UNLOCK;
 			shm_free(secret_struct->secret_key.s);
 			shm_free(secret_struct);
 			return 0;
 		}
 
 		pos++;
 		secret_struct = secret_struct->next;
 
 	}
 	SECRET_UNLOCK;
 
 	LM_ERR("ID %d not found\n", _id);
 	return -1;
 }
 
e45df83d
 static int secret_param(modparam_t _type, void *_val)
0bea7f63
 {
 	str sval;
 
e45df83d
 	if (_val == NULL)
0bea7f63
 	{
 		LM_ERR("bad parameter\n");
 		return -1;
 	}
 
e45df83d
 	LM_INFO("adding %s to secret list\n", (char *) _val);
0bea7f63
 
e45df83d
 	sval.len = strlen((char *) _val);
0bea7f63
 	sval.s = (char *) shm_malloc(sizeof(char) * sval.len);
 	if (sval.s == NULL)
 	{
 		LM_ERR("unable to allocate shared memory\n");
 		return -1;
 	}
e45df83d
 	memcpy(sval.s, (char *) _val, sval.len);
0bea7f63
 
 	return add_secret(sval);
 }
fd9fcd75
 
 static str str_status_too_many_params = str_init("Too many parameters");
 static str str_status_empty_param = str_init("Not enough parameters");
 static str str_status_no_memory = str_init("Unable to allocate shared memory");
 static str str_status_string_error = str_init("Error converting string to int");
 static str str_status_adding_secret = str_init("Error adding secret");
 static str str_status_removing_secret = str_init("Error removing secret");
 
 static struct mi_root *mi_dump_secrets(struct mi_root *cmd, void *param)
 {
 	int pos = 0;
 	struct secret *secret_struct = secret_list;
 	struct mi_root *rpl_tree;
 
 	if (cmd->node.kids != NULL)
 	{
 		LM_WARN("too many parameters\n");
 		return init_mi_tree(400, str_status_too_many_params.s,
 					str_status_too_many_params.len);
 	}
 
 	rpl_tree = init_mi_tree(200, MI_OK_S, MI_OK_LEN);
 	if (rpl_tree == NULL)
 		return 0;
 
 	SECRET_LOCK;
 	while (secret_struct != NULL)
 	{
 		if (addf_mi_node_child(&rpl_tree->node, 0, 0, 0,
 					"ID %d: %.*s", pos++,
 					secret_struct->secret_key.len,
 					secret_struct->secret_key.s) == 0)
 		{
 			free_mi_tree(rpl_tree);
 			SECRET_UNLOCK;
 			return 0;
 		}
 		secret_struct = secret_struct->next;
 	}
 	SECRET_UNLOCK;
 
 	return rpl_tree;
 }
 
 static struct mi_root *mi_add_secret(struct mi_root *cmd, void *param)
 {
 	str sval;
 	struct mi_node *node = NULL;
 
 	node = cmd->node.kids;
 	if (node == NULL)
 	{
 		LM_WARN("no secret parameter\n");
 		return init_mi_tree(400, str_status_empty_param.s,
 						str_status_empty_param.len);
 	}
 
 	if (node->value.s == NULL || node->value.len == 0)
 	{
 		LM_WARN("empty secret parameter\n");
 		return init_mi_tree(400, str_status_empty_param.s,
 					str_status_empty_param.len);
 	}
 
 	if (node->next != NULL)
 	{
 		LM_WARN("too many parameters\n");
 		return init_mi_tree(400, str_status_too_many_params.s,
 					str_status_too_many_params.len);
 	}
 
 	sval.len = node->value.len;
 	sval.s = shm_malloc(sizeof(char) * sval.len);
 	if (sval.s == NULL)
 	{
 		LM_ERR("Unable to allocate shared memory\n");
 		return init_mi_tree(400, str_status_no_memory.s,
 					str_status_no_memory.len);
 	}
 	memcpy(sval.s, node->value.s, sval.len);
 
 	if (add_secret(sval) == 0)
 	{
 		return init_mi_tree(200, MI_OK_S, MI_OK_LEN);
 	}
 	else
 	{
 		LM_ERR("Adding secret\n");
 		return init_mi_tree(400, str_status_adding_secret.s,
 					str_status_adding_secret.len);
 	}
 }
 
 static struct mi_root *mi_rm_secret(struct mi_root *cmd, void *param)
 {
 	unsigned int id;
 	struct mi_node *node = NULL;
 
 	node = cmd->node.kids;
 	if (node == NULL)
 	{
 		LM_WARN("no id parameter\n");
 		return init_mi_tree(400, str_status_empty_param.s,
 						str_status_empty_param.len);
 	}
 
 	if (node->value.s == NULL || node->value.len == 0)
 	{
 		LM_WARN("empty id parameter\n");
 		return init_mi_tree(400, str_status_empty_param.s,
 					str_status_empty_param.len);
 	}
 
 	if (str2int(&node->value, &id) < 0)
 	{
 		LM_ERR("converting string to int\n");
 		return init_mi_tree(400, str_status_string_error.s,
 					str_status_string_error.len);
 	}
 
 	if (node->next != NULL)
 	{
 		LM_WARN("too many parameters\n");
 		return init_mi_tree(400, str_status_too_many_params.s,
 					str_status_too_many_params.len);
 	}
 
 	if (rm_secret(id) == 0)
 	{
 		return init_mi_tree(200, MI_OK_S, MI_OK_LEN);
 	}
 	else
 	{
 		LM_ERR("Removing secret\n");
 		return init_mi_tree(400, str_status_removing_secret.s,
 					str_status_removing_secret.len);
 	}
 
 	return init_mi_tree(200, MI_OK_S, MI_OK_LEN);
 }