src/modules/auth_diameter/user_in.c
31ccf6a2
 /*
  * Digest Authentication - Diameter support
  *
  * Copyright (C) 2001-2003 FhG Fokus
  *
27642a08
  * This file is part of Kamailio, a free SIP server.
31ccf6a2
  *
27642a08
  * Kamailio is free software; you can redistribute it and/or modify
31ccf6a2
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version
  * 
27642a08
  * Kamailio is distributed in the hope that it will be useful,
31ccf6a2
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License 
  * along with this program; if not, write to the Free Software 
9e1ff448
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
2dc6e470
  * 
31ccf6a2
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netdb.h> 
 #include <string.h>
 
 /* memory management */
cf83221d
 #include "../../core/mem/mem.h"
 #include "../../core/mem/shm_mem.h"
31ccf6a2
 
 /* printing messages, dealing with strings and other utils */
cf83221d
 #include "../../core/dprint.h"
 #include "../../core/str.h"
 #include "../../core/ut.h"
31ccf6a2
 
 /* digest parser headers */
cf83221d
 #include "../../core/parser/digest/digest.h"
 #include "../../core/parser/parse_uri.h"
 #include "../../core/parser/parse_from.h"
 #include "../../core/parser/parse_to.h"
31ccf6a2
 
 
 /* headers defined by this module */
 #include "diameter_msg.h"
 #include "auth_diameter.h"
 #include "defs.h"
 #include "tcp_comm.h"
 
 
 /* Get To header field URI */
 static inline int get_to_uri(struct sip_msg* m, str* u)
 {
      // check that the header field is there and is parsed
b68fbcd1
 	if (!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1)|| (!m->to))) 
31ccf6a2
 	{
789504a6
 		LM_ERR("can't get To header field\n");
31ccf6a2
 		return -1;
 	}
 	
 	u->s   = ((struct to_body*)m->to->parsed)->uri.s;
 	u->len = ((struct to_body*)m->to->parsed)->uri.len;
 	
 	return 0;
 }
 
 
 /* Get From header field URI */
 static inline int get_from_uri(struct sip_msg* m, str* u)
 {
      // check that the header field is there and is parsed
 	if (parse_from_header(m) < 0) {
789504a6
 		LM_ERR("failed to parse From body\n");
31ccf6a2
 		return -1;
 	}
 	
 	u->s   = ((struct to_body*)m->from->parsed)->uri.s;
 	u->len = ((struct to_body*)m->from->parsed)->uri.len;
 
 	return 0;
 }
 
 /* it checks if a user is member of a group */
 int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
 {
 	str *grp, user_name, user, domain, uri;
 	dig_cred_t* cred = 0;
 	int hf_type;
 	struct hdr_field* h;
 	struct sip_uri puri;
 	AAAMessage *req;
 	AAA_AVP *avp; 
 	int ret;
 	unsigned int tmp;
d2f71f30
 	char *p = NULL;
31ccf6a2
 
 	grp = (str*)_group; /* via fixup */
 
 	hf_type = (int)(long)_hf;
 
778b6567
 	uri.s = 0;
 	uri.len = 0;
 
31ccf6a2
 	/* extract the uri according with the _hf parameter */
 	switch(hf_type) 
 	{
 		case 1: /* Request-URI */
0d5bfdf6
 			uri = *(GET_RURI(_m));
31ccf6a2
 		break;
 
 		case 2: /* To */
 			if (get_to_uri(_m, &uri) < 0) 
 			{
789504a6
 				LM_ERR("failed to extract To\n");
31ccf6a2
 				return -2;
 			}
 			break;
 
 		case 3: /* From */
 			if (get_from_uri(_m, &uri) < 0) 
 			{
789504a6
 				LM_ERR("failed to extract From URI\n");
31ccf6a2
 				return -3;
 			}
 			break;
 
 		case 4: /* Credentials */
 			get_authorized_cred(_m->authorization, &h);
 			if (!h) 	
 			{
 				get_authorized_cred(_m->proxy_auth, &h);
 				if (!h) 
 				{
789504a6
 					LM_ERR("no authorized credentials found "
 							"(error in scripts)\n");
31ccf6a2
 					return -4;
 				}
 			}
 			cred = &((auth_body_t*)(h->parsed))->digest;
 			break;
 	}
 
 	if (hf_type != 4) 
 	{
 		if (parse_uri(uri.s, uri.len, &puri) < 0) 
 		{
789504a6
 			LM_ERR("failed to parse URI\n");
31ccf6a2
 			return -5;
 		}
 		user = puri.user;
 		domain = puri.host;
 	} 
 	else
 	{
 		user = cred->username.user;
 		domain = cred->realm;
 	}
 	
 	/* user@domain mode */
 	if (use_domain)
 	{
778b6567
 		user_name.s = 0;
31ccf6a2
 		user_name.len = user.len + domain.len;
 		if(user_name.len>0)
 		{
 			user_name.len++;
d2f71f30
 			p = (char*)pkg_malloc(user_name.len);
 			if (!p)
31ccf6a2
 			{
789504a6
 				LM_ERR("no pkg memory left\n");
31ccf6a2
 				return -6;
 			}
d2f71f30
 			user_name.s = p;
31ccf6a2
 		
 			memcpy(user_name.s, user.s, user.len);
 			if(user.len>0)
 			{
 				user_name.s[user.len] = '@';
 				memcpy(user_name.s + user.len + 1, domain.s, domain.len);
 			}
 			else
 				memcpy(user_name.s, domain.s, domain.len);
 		}
 	} 
 	else 
 		user_name = user;
 	
 	
 	if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
 	{
789504a6
 		LM_ERR("can't create new AAA message!\n");
d2f71f30
 		if(p) pkg_free(p);
31ccf6a2
 		return -1;
 	}
 	
 	/* Username AVP */
 	if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
 				user_name.len, AVP_DUPLICATE_DATA)) == 0)
 	{
789504a6
 		LM_ERR("no more pkg memory!\n");
31ccf6a2
 		goto error;
 	}
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("avp not added \n");
31ccf6a2
 		goto error1;
 	}
 
 	/* Usergroup AVP */
 	if( (avp=AAACreateAVP(AVP_User_Group, 0, 0, grp->s,
 				grp->len, AVP_DUPLICATE_DATA)) == 0)
 	{
789504a6
 		LM_ERR("no more pkg memory!\n");
31ccf6a2
 		goto error;
 	}
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("avp not added \n");
31ccf6a2
 		goto error1;
 	}
 
 	/* SIP_MSGID AVP */
789504a6
 	LM_DBG("******* m_id=%d\n", _m->id);
31ccf6a2
 	tmp = _m->id;
 	if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp), 
 				sizeof(tmp), AVP_DUPLICATE_DATA)) == 0)
 	{
789504a6
 		LM_ERR("no more pkg memory!\n");
31ccf6a2
 		goto error;
 	}
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("avp not added \n");
31ccf6a2
 		goto error1;
 	}
 
 	/* ServiceType AVP */
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, 
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
 	{
789504a6
 		LM_ERR("no more pkg memory!\n");
31ccf6a2
 		goto error;
 	}
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("avp not added \n");
31ccf6a2
 		goto error1;
 	}
 
 	/* Destination-Realm AVP */
0d5bfdf6
 	uri = *(GET_RURI(_m));
67e87eb1
 	if(parse_uri(uri.s, uri.len, &puri)<0) {
 		LM_ERR("failed to parse uri\n");
 		goto error;
 	}
31ccf6a2
 	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
 						puri.host.len, AVP_DUPLICATE_DATA)) == 0)
 	{
789504a6
 		LM_ERR("no more pkg memory!\n");
31ccf6a2
 		goto error;
 	}
67e87eb1
 
31ccf6a2
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("avp not added \n");
31ccf6a2
 		goto error1;
 	}
67e87eb1
 
31ccf6a2
 #ifdef DEBUG
 	AAAPrintMessage(req);
 #endif
 
 	/* build a AAA message buffer */
 	if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
 	{
789504a6
 		LM_ERR("message buffer not created\n");
31ccf6a2
 		goto error;
 	}
 
 	if(sockfd==AAA_NO_CONNECTION)
 	{
 		sockfd = init_mytcp(diameter_client_host, diameter_client_port);
 		if(sockfd==AAA_NO_CONNECTION)
 		{
789504a6
 			LM_ERR("failed to reconnect to Diameter client\n");
31ccf6a2
 			goto error;
 		}
 	}
 
 	ret =tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id);
 
 	if(ret == AAA_CONN_CLOSED)
 	{
789504a6
 		LM_NOTICE("connection to Diameter client closed."
 				"It will be reopened by the next request\n");
31ccf6a2
 		close(sockfd);
 		sockfd = AAA_NO_CONNECTION;
 		goto error;
 	}
 	if(ret != AAA_USER_IN_GROUP)
 	{
789504a6
 		LM_ERR("message sending to the DIAMETER backend authorization server"
 				"failed or user is not in group\n");
31ccf6a2
 		goto error;
 	}
 	
 	AAAFreeMessage(&req);
 	return 1;
 
 error1:
 	AAAFreeAVP(&avp);
 error:
 	AAAFreeMessage(&req);
 	return -1;
 
67e87eb1
 }