Browse code

auth_diameter: avoid passing large structs as params and better error handling

Daniel-Constantin Mierla authored on 27/07/2017 07:11:17
Showing 1 changed files
... ...
@@ -239,7 +239,6 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
239 239
 		goto error1;
240 240
 	}
241 241
 
242
-	
243 242
 	/* ServiceType AVP */
244 243
 	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, 
245 244
 				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
... ...
@@ -252,24 +251,26 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
252 251
 		LM_ERR("avp not added \n");
253 252
 		goto error1;
254 253
 	}
255
-	
256 254
 
257 255
 	/* Destination-Realm AVP */
258 256
 	uri = *(GET_RURI(_m));
259
-	parse_uri(uri.s, uri.len, &puri);
257
+	if(parse_uri(uri.s, uri.len, &puri)<0) {
258
+		LM_ERR("failed to parse uri\n");
259
+		goto error;
260
+	}
260 261
 	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
261 262
 						puri.host.len, AVP_DUPLICATE_DATA)) == 0)
262 263
 	{
263 264
 		LM_ERR("no more pkg memory!\n");
264 265
 		goto error;
265 266
 	}
266
-	
267
+
267 268
 	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
268 269
 	{
269 270
 		LM_ERR("avp not added \n");
270 271
 		goto error1;
271 272
 	}
272
-	
273
+
273 274
 #ifdef DEBUG
274 275
 	AAAPrintMessage(req);
275 276
 #endif
... ...
@@ -317,5 +318,4 @@ error:
317 318
 	AAAFreeMessage(&req);
318 319
 	return -1;
319 320
 
320
-}
321
-
321
+}
322 322
\ No newline at end of file
Browse code

auth_diameter: removed svn id, history

Daniel-Constantin Mierla authored on 26/07/2017 20:32:39
Showing 1 changed files
... ...
@@ -1,6 +1,4 @@
1 1
 /*
2
- * $Id$
3
- *
4 2
  * Digest Authentication - Diameter support
5 3
  *
6 4
  * Copyright (C) 2001-2003 FhG Fokus
... ...
@@ -20,11 +18,7 @@
20 18
  * You should have received a copy of the GNU General Public License 
21 19
  * along with this program; if not, write to the Free Software 
22 20
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
23
- *
24
- * History:
25
- * -------
26
- *  
27
- *  
21
+ * 
28 22
  */
29 23
 
30 24
 #include <stdio.h>
Browse code

core, lib, modules: updated include paths for header files

Daniel-Constantin Mierla authored on 07/12/2016 11:07:22
Showing 1 changed files
... ...
@@ -37,19 +37,19 @@
37 37
 #include <string.h>
38 38
 
39 39
 /* memory management */
40
-#include "../../mem/mem.h"
41
-#include "../../mem/shm_mem.h"
40
+#include "../../core/mem/mem.h"
41
+#include "../../core/mem/shm_mem.h"
42 42
 
43 43
 /* printing messages, dealing with strings and other utils */
44
-#include "../../dprint.h"
45
-#include "../../str.h"
46
-#include "../../ut.h"
44
+#include "../../core/dprint.h"
45
+#include "../../core/str.h"
46
+#include "../../core/ut.h"
47 47
 
48 48
 /* digest parser headers */
49
-#include "../../parser/digest/digest.h"
50
-#include "../../parser/parse_uri.h"
51
-#include "../../parser/parse_from.h"
52
-#include "../../parser/parse_to.h"
49
+#include "../../core/parser/digest/digest.h"
50
+#include "../../core/parser/parse_uri.h"
51
+#include "../../core/parser/parse_from.h"
52
+#include "../../core/parser/parse_to.h"
53 53
 
54 54
 
55 55
 /* headers defined by this module */
Browse code

core, lib, modules: restructured source code tree

- new folder src/ to hold the source code for main project applications
- main.c is in src/
- all core files are subfolder are in src/core/
- modules are in src/modules/
- libs are in src/lib/
- application Makefiles are in src/
- application binary is built in src/ (src/kamailio)

Daniel-Constantin Mierla authored on 07/12/2016 11:03:51
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,327 @@
1
+/*
2
+ * $Id$
3
+ *
4
+ * Digest Authentication - Diameter support
5
+ *
6
+ * Copyright (C) 2001-2003 FhG Fokus
7
+ *
8
+ * This file is part of Kamailio, a free SIP server.
9
+ *
10
+ * Kamailio is free software; you can redistribute it and/or modify
11
+ * it under the terms of the GNU General Public License as published by
12
+ * the Free Software Foundation; either version 2 of the License, or
13
+ * (at your option) any later version
14
+ * 
15
+ * Kamailio is distributed in the hope that it will be useful,
16
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
17
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
+ * GNU General Public License for more details.
19
+ *
20
+ * You should have received a copy of the GNU General Public License 
21
+ * along with this program; if not, write to the Free Software 
22
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
23
+ *
24
+ * History:
25
+ * -------
26
+ *  
27
+ *  
28
+ */
29
+
30
+#include <stdio.h>
31
+#include <stdlib.h>
32
+#include <string.h>
33
+#include <sys/types.h>
34
+#include <sys/socket.h>
35
+#include <netinet/in.h>
36
+#include <netdb.h> 
37
+#include <string.h>
38
+
39
+/* memory management */
40
+#include "../../mem/mem.h"
41
+#include "../../mem/shm_mem.h"
42
+
43
+/* printing messages, dealing with strings and other utils */
44
+#include "../../dprint.h"
45
+#include "../../str.h"
46
+#include "../../ut.h"
47
+
48
+/* digest parser headers */
49
+#include "../../parser/digest/digest.h"
50
+#include "../../parser/parse_uri.h"
51
+#include "../../parser/parse_from.h"
52
+#include "../../parser/parse_to.h"
53
+
54
+
55
+/* headers defined by this module */
56
+#include "diameter_msg.h"
57
+#include "auth_diameter.h"
58
+#include "defs.h"
59
+#include "tcp_comm.h"
60
+
61
+
62
+/* Get To header field URI */
63
+static inline int get_to_uri(struct sip_msg* m, str* u)
64
+{
65
+     // check that the header field is there and is parsed
66
+	if (!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1)|| (!m->to))) 
67
+	{
68
+		LM_ERR("can't get To header field\n");
69
+		return -1;
70
+	}
71
+	
72
+	u->s   = ((struct to_body*)m->to->parsed)->uri.s;
73
+	u->len = ((struct to_body*)m->to->parsed)->uri.len;
74
+	
75
+	return 0;
76
+}
77
+
78
+
79
+/* Get From header field URI */
80
+static inline int get_from_uri(struct sip_msg* m, str* u)
81
+{
82
+     // check that the header field is there and is parsed
83
+	if (parse_from_header(m) < 0) {
84
+		LM_ERR("failed to parse From body\n");
85
+		return -1;
86
+	}
87
+	
88
+	u->s   = ((struct to_body*)m->from->parsed)->uri.s;
89
+	u->len = ((struct to_body*)m->from->parsed)->uri.len;
90
+
91
+	return 0;
92
+}
93
+
94
+/* it checks if a user is member of a group */
95
+int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group)
96
+{
97
+	str *grp, user_name, user, domain, uri;
98
+	dig_cred_t* cred = 0;
99
+	int hf_type;
100
+	struct hdr_field* h;
101
+	struct sip_uri puri;
102
+	AAAMessage *req;
103
+	AAA_AVP *avp; 
104
+	int ret;
105
+	unsigned int tmp;
106
+	char *p = NULL;
107
+
108
+	grp = (str*)_group; /* via fixup */
109
+
110
+	hf_type = (int)(long)_hf;
111
+
112
+	uri.s = 0;
113
+	uri.len = 0;
114
+
115
+	/* extract the uri according with the _hf parameter */
116
+	switch(hf_type) 
117
+	{
118
+		case 1: /* Request-URI */
119
+			uri = *(GET_RURI(_m));
120
+		break;
121
+
122
+		case 2: /* To */
123
+			if (get_to_uri(_m, &uri) < 0) 
124
+			{
125
+				LM_ERR("failed to extract To\n");
126
+				return -2;
127
+			}
128
+			break;
129
+
130
+		case 3: /* From */
131
+			if (get_from_uri(_m, &uri) < 0) 
132
+			{
133
+				LM_ERR("failed to extract From URI\n");
134
+				return -3;
135
+			}
136
+			break;
137
+
138
+		case 4: /* Credentials */
139
+			get_authorized_cred(_m->authorization, &h);
140
+			if (!h) 	
141
+			{
142
+				get_authorized_cred(_m->proxy_auth, &h);
143
+				if (!h) 
144
+				{
145
+					LM_ERR("no authorized credentials found "
146
+							"(error in scripts)\n");
147
+					return -4;
148
+				}
149
+			}
150
+			cred = &((auth_body_t*)(h->parsed))->digest;
151
+			break;
152
+	}
153
+
154
+	if (hf_type != 4) 
155
+	{
156
+		if (parse_uri(uri.s, uri.len, &puri) < 0) 
157
+		{
158
+			LM_ERR("failed to parse URI\n");
159
+			return -5;
160
+		}
161
+		user = puri.user;
162
+		domain = puri.host;
163
+	} 
164
+	else
165
+	{
166
+		user = cred->username.user;
167
+		domain = cred->realm;
168
+	}
169
+	
170
+	/* user@domain mode */
171
+	if (use_domain)
172
+	{
173
+		user_name.s = 0;
174
+		user_name.len = user.len + domain.len;
175
+		if(user_name.len>0)
176
+		{
177
+			user_name.len++;
178
+			p = (char*)pkg_malloc(user_name.len);
179
+			if (!p)
180
+			{
181
+				LM_ERR("no pkg memory left\n");
182
+				return -6;
183
+			}
184
+			user_name.s = p;
185
+		
186
+			memcpy(user_name.s, user.s, user.len);
187
+			if(user.len>0)
188
+			{
189
+				user_name.s[user.len] = '@';
190
+				memcpy(user_name.s + user.len + 1, domain.s, domain.len);
191
+			}
192
+			else
193
+				memcpy(user_name.s, domain.s, domain.len);
194
+		}
195
+	} 
196
+	else 
197
+		user_name = user;
198
+	
199
+	
200
+	if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL)
201
+	{
202
+		LM_ERR("can't create new AAA message!\n");
203
+		if(p) pkg_free(p);
204
+		return -1;
205
+	}
206
+	
207
+	/* Username AVP */
208
+	if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s,
209
+				user_name.len, AVP_DUPLICATE_DATA)) == 0)
210
+	{
211
+		LM_ERR("no more pkg memory!\n");
212
+		goto error;
213
+	}
214
+	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
215
+	{
216
+		LM_ERR("avp not added \n");
217
+		goto error1;
218
+	}
219
+
220
+	/* Usergroup AVP */
221
+	if( (avp=AAACreateAVP(AVP_User_Group, 0, 0, grp->s,
222
+				grp->len, AVP_DUPLICATE_DATA)) == 0)
223
+	{
224
+		LM_ERR("no more pkg memory!\n");
225
+		goto error;
226
+	}
227
+	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
228
+	{
229
+		LM_ERR("avp not added \n");
230
+		goto error1;
231
+	}
232
+
233
+	/* SIP_MSGID AVP */
234
+	LM_DBG("******* m_id=%d\n", _m->id);
235
+	tmp = _m->id;
236
+	if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp), 
237
+				sizeof(tmp), AVP_DUPLICATE_DATA)) == 0)
238
+	{
239
+		LM_ERR("no more pkg memory!\n");
240
+		goto error;
241
+	}
242
+	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
243
+	{
244
+		LM_ERR("avp not added \n");
245
+		goto error1;
246
+	}
247
+
248
+	
249
+	/* ServiceType AVP */
250
+	if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, 
251
+				SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0)
252
+	{
253
+		LM_ERR("no more pkg memory!\n");
254
+		goto error;
255
+	}
256
+	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
257
+	{
258
+		LM_ERR("avp not added \n");
259
+		goto error1;
260
+	}
261
+	
262
+
263
+	/* Destination-Realm AVP */
264
+	uri = *(GET_RURI(_m));
265
+	parse_uri(uri.s, uri.len, &puri);
266
+	if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s,
267
+						puri.host.len, AVP_DUPLICATE_DATA)) == 0)
268
+	{
269
+		LM_ERR("no more pkg memory!\n");
270
+		goto error;
271
+	}
272
+	
273
+	if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS)
274
+	{
275
+		LM_ERR("avp not added \n");
276
+		goto error1;
277
+	}
278
+	
279
+#ifdef DEBUG
280
+	AAAPrintMessage(req);
281
+#endif
282
+
283
+	/* build a AAA message buffer */
284
+	if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS)
285
+	{
286
+		LM_ERR("message buffer not created\n");
287
+		goto error;
288
+	}
289
+
290
+	if(sockfd==AAA_NO_CONNECTION)
291
+	{
292
+		sockfd = init_mytcp(diameter_client_host, diameter_client_port);
293
+		if(sockfd==AAA_NO_CONNECTION)
294
+		{
295
+			LM_ERR("failed to reconnect to Diameter client\n");
296
+			goto error;
297
+		}
298
+	}
299
+
300
+	ret =tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id);
301
+
302
+	if(ret == AAA_CONN_CLOSED)
303
+	{
304
+		LM_NOTICE("connection to Diameter client closed."
305
+				"It will be reopened by the next request\n");
306
+		close(sockfd);
307
+		sockfd = AAA_NO_CONNECTION;
308
+		goto error;
309
+	}
310
+	if(ret != AAA_USER_IN_GROUP)
311
+	{
312
+		LM_ERR("message sending to the DIAMETER backend authorization server"
313
+				"failed or user is not in group\n");
314
+		goto error;
315
+	}
316
+	
317
+	AAAFreeMessage(&req);
318
+	return 1;
319
+
320
+error1:
321
+	AAAFreeAVP(&avp);
322
+error:
323
+	AAAFreeMessage(&req);
324
+	return -1;
325
+
326
+}
327
+