Browse code
secsipid: added secsipid_check_identity_pubkey(pubkeyVal)
- functions that checks the identity header validity with a public key
provided in the parameter
Daniel-Constantin Mierla authored on 17/11/2020 09:11:29
Showing 1 changed files
| ... | ... |
@@ -46,6 +46,7 @@ static int child_init(int); |
| 46 | 46 |
static void mod_destroy(void); |
| 47 | 47 |
|
| 48 | 48 |
static int w_secsipid_check_identity(sip_msg_t *msg, char *pkeypath, char *str2); |
| 49 |
+static int w_secsipid_check_identity_pubkey(sip_msg_t *msg, char *pkeyval, char *str2); |
|
| 49 | 50 |
static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn, |
| 50 | 51 |
char *pattest, char *porigid, char *px5u, char *pkeypath); |
| 51 | 52 |
|
| ... | ... |
@@ -54,6 +55,8 @@ static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn, |
| 54 | 55 |
static cmd_export_t cmds[]={
|
| 55 | 56 |
{"secsipid_check_identity", (cmd_function)w_secsipid_check_identity, 1,
|
| 56 | 57 |
fixup_spve_null, fixup_free_spve_null, ANY_ROUTE}, |
| 58 |
+ {"secsipid_check_identity_pubkey", (cmd_function)w_secsipid_check_identity_pubkey, 1,
|
|
| 59 |
+ fixup_spve_null, fixup_free_spve_null, ANY_ROUTE}, |
|
| 57 | 60 |
{"secsipid_add_identity", (cmd_function)w_secsipid_add_identity, 6,
|
| 58 | 61 |
fixup_spve_all, fixup_free_spve_all, ANY_ROUTE}, |
| 59 | 62 |
{0, 0, 0, 0, 0, 0}
|
| ... | ... |
@@ -162,6 +165,57 @@ static int w_secsipid_check_identity(sip_msg_t *msg, char *pkeypath, char *str2) |
| 162 | 165 |
return ki_secsipid_check_identity(msg, &keypath); |
| 163 | 166 |
} |
| 164 | 167 |
|
| 168 |
+/** |
|
| 169 |
+ * |
|
| 170 |
+ */ |
|
| 171 |
+static int ki_secsipid_check_identity_pubkey(sip_msg_t *msg, str *keyval) |
|
| 172 |
+{
|
|
| 173 |
+ int ret = 1; |
|
| 174 |
+ str ibody = STR_NULL; |
|
| 175 |
+ hdr_field_t *hf; |
|
| 176 |
+ |
|
| 177 |
+ for (hf=msg->headers; hf; hf=hf->next) {
|
|
| 178 |
+ if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN |
|
| 179 |
+ && strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY, |
|
| 180 |
+ SECSIPID_HDR_IDENTITY_LEN)==0) |
|
| 181 |
+ break; |
|
| 182 |
+ } |
|
| 183 |
+ |
|
| 184 |
+ if(hf == NULL) {
|
|
| 185 |
+ LM_DBG("no identity header\n");
|
|
| 186 |
+ return -1; |
|
| 187 |
+ } |
|
| 188 |
+ |
|
| 189 |
+ ibody = hf->body; |
|
| 190 |
+ |
|
| 191 |
+ ret = SecSIPIDCheckFullPubKey(ibody.s, ibody.len, secsipid_expire, keyval->s, |
|
| 192 |
+ keyval->len); |
|
| 193 |
+ |
|
| 194 |
+ if(ret==0) {
|
|
| 195 |
+ LM_DBG("identity check: ok\n");
|
|
| 196 |
+ return 1; |
|
| 197 |
+ } |
|
| 198 |
+ |
|
| 199 |
+ LM_DBG("identity check: failed\n");
|
|
| 200 |
+ return -1; |
|
| 201 |
+} |
|
| 202 |
+ |
|
| 203 |
+/** |
|
| 204 |
+ * |
|
| 205 |
+ */ |
|
| 206 |
+static int w_secsipid_check_identity_pubkey(sip_msg_t *msg, char *pkeyval, char *str2) |
|
| 207 |
+{
|
|
| 208 |
+ str keyval = STR_NULL; |
|
| 209 |
+ |
|
| 210 |
+ if(fixup_get_svalue(msg, (gparam_t*)pkeyval, &keyval)<0) {
|
|
| 211 |
+ LM_ERR("failed to get keyval parameter\n");
|
|
| 212 |
+ return -1; |
|
| 213 |
+ } |
|
| 214 |
+ |
|
| 215 |
+ return ki_secsipid_check_identity_pubkey(msg, &keyval); |
|
| 216 |
+} |
|
| 217 |
+ |
|
| 218 |
+ |
|
| 165 | 219 |
/** |
| 166 | 220 |
* |
| 167 | 221 |
*/ |
| ... | ... |
@@ -277,6 +331,11 @@ static sr_kemi_t sr_kemi_secsipid_exports[] = {
|
| 277 | 331 |
{ SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR,
|
| 278 | 332 |
SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_STR } |
| 279 | 333 |
}, |
| 334 |
+ { str_init("secsipid"), str_init("secsipid_check_identity_pubkey"),
|
|
| 335 |
+ SR_KEMIP_INT, ki_secsipid_check_identity_pubkey, |
|
| 336 |
+ { SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE,
|
|
| 337 |
+ SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } |
|
| 338 |
+ }, |
|
| 280 | 339 |
|
| 281 | 340 |
{ {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } }
|
| 282 | 341 |
}; |