-
Notifications
You must be signed in to change notification settings - Fork 909
/
utils.c
320 lines (283 loc) · 8.74 KB
/
utils.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
/*
* Copyright (C) 2012 Smile Communications, jason.penton@smilecoms.com
* Copyright (C) 2012 Smile Communications, richard.good@smilecoms.com
*
* The initial version of this code was written by Dragos Vingarzan
* (dragos(dot)vingarzan(at)fokus(dot)fraunhofer(dot)de and the
* Fruanhofer Institute. It was and still is maintained in a separate
* branch of the original SER. We are therefore migrating it to
* Kamailio/SR and look forward to maintaining it from here on out.
* 2011/2012 Smile Communications, Pty. Ltd.
* ported/maintained/improved by
* Jason Penton (jason(dot)penton(at)smilecoms.com and
* Richard Good (richard(dot)good(at)smilecoms.com) as part of an
* effort to add full IMS support to Kamailio/SR using a new and
* improved architecture
*
* NB: Alot of this code was originally part of OpenIMSCore,
* FhG Fokus.
* Copyright (C) 2004-2006 FhG Fokus
* Thanks for great work! This is an effort to
* break apart the various CSCF functions into logically separate
* components. We hope this will drive wider use. We also feel
* that in this way the architecture is more complete and thereby easier
* to manage in the Kamailio/SR environment
*
* This file is part of Kamailio, a free SIP server.
*
* Kamailio is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version
*
* Kamailio is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include "utils.h"
/*
* Find credentials with given realm in a SIP message header
*/
int ims_find_credentials(struct sip_msg* _m, str* _realm,
hdr_types_t _hftype, struct hdr_field** _h) {
struct hdr_field** hook, *ptr, *prev;
hdr_flags_t hdr_flags;
int res;
str* r;
LM_DBG("Searching credentials in realm [%.*s]\n", _realm->len, _realm->s);
/*
* Determine if we should use WWW-Authorization or
* Proxy-Authorization header fields, this parameter
* is set in www_authorize and proxy_authorize
*/
switch (_hftype) {
case HDR_AUTHORIZATION_T:
hook = &(_m->authorization);
hdr_flags = HDR_AUTHORIZATION_F;
break;
case HDR_PROXYAUTH_T:
hook = &(_m->proxy_auth);
hdr_flags = HDR_PROXYAUTH_F;
break;
default:
LM_WARN("unexpected header type %d - using authorization\n", _hftype);
hook = &(_m->authorization);
hdr_flags = HDR_AUTHORIZATION_F;
break;
}
/*
* If the credentials haven't been parsed yet, do it now
*/
if (*hook == 0) {
/* No credentials parsed yet */
LM_DBG("*hook == 0, No credentials parsed yet\n");
if (parse_headers(_m, hdr_flags, 0) == -1) {
LM_ERR("Error while parsing headers\n");
return -1;
}
}
ptr = *hook;
LM_DBG("*hook = %p\n", ptr);
/*
* Iterate through the credentials in the message and
* find credentials with given realm
*/
while (ptr) {
res = parse_credentials(ptr);
if (res < 0) {
LM_ERR("Error while parsing credentials\n");
return (res == -1) ? -2 : -3;
} else if (res == 0) {
LM_DBG("Credential parsed successfully\n");
if (_realm->len) {
r = &(((auth_body_t*) (ptr->parsed))->digest.realm);
LM_DBG("Comparing realm <%.*s> and <%.*s>\n", _realm->len, _realm->s, r->len, r->s);
if (r->len == _realm->len) {
if (!strncasecmp(_realm->s, r->s, r->len)) {
*_h = ptr;
return 0;
}
}
} else {
*_h = ptr;
return 0;
}
}
prev = ptr;
if (parse_headers(_m, hdr_flags, 1) == -1) {
LM_ERR("Error while parsing headers\n");
return -4;
} else {
if (prev != _m->last_header) {
if (_m->last_header->type == _hftype)
ptr = _m->last_header;
else
break;
} else
break;
}
}
/*
* Credentials with given realm not found
*/
LM_DBG("Credentials with given realm not found\n");
return 1;
}
/**
* Looks for the nonce and response parameters in the Authorization header and returns them
* @param msg - the SIP message
* @param realm - realm to match the right Authorization header
* @param nonce - param to fill with the nonce found
* @param response - param to fill with the response
* @returns 1 if found, 0 if not
*/
int get_nonce_response(struct sip_msg *msg, str *username, str realm,str *nonce,str *response,
enum qop_type *qop,str *qop_str,str *nc,str *cnonce,str *uri, int is_proxy_auth)
{
struct hdr_field* h = 0;
int ret;
ret = parse_headers(msg, is_proxy_auth ? HDR_PROXYAUTH_F : HDR_AUTHORIZATION_F, 0);
if (ret != 0) {
return 0;
}
if ((!is_proxy_auth && !msg->authorization)
|| (is_proxy_auth && !msg->proxy_auth)) {
return 0;
}
LM_DBG("Calling find_credentials with realm [%.*s]\n", realm.len, realm.s);
ret = ims_find_credentials(msg, &realm, is_proxy_auth ? HDR_PROXYAUTH_T : HDR_AUTHORIZATION_T, &h);
if (ret < 0) {
return 0;
} else if (ret > 0) {
LM_DBG("ret > 0");
return 0;
}
if (h && h->parsed) {
if (nonce)
*nonce = ((auth_body_t*) h->parsed)->digest.nonce;
if (response)
*response = ((auth_body_t*) h->parsed)->digest.response;
if (qop)
*qop = ((auth_body_t*) h->parsed)->digest.qop.qop_parsed;
if (qop_str)
*qop_str = ((auth_body_t*) h->parsed)->digest.qop.qop_str;
if (nc)
*nc = ((auth_body_t*) h->parsed)->digest.nc;
if (cnonce)
*cnonce = ((auth_body_t*) h->parsed)->digest.cnonce;
if (uri)
*uri = ((auth_body_t*) h->parsed)->digest.uri;
if (username)
*username = ((auth_body_t*) h->parsed)->digest.username.whole;
}
LM_DBG("Found nonce response\n");
return 1;
}
str ims_get_body(struct sip_msg * msg)
{
str x={0,0};
if (parse_headers(msg,HDR_CONTENTLENGTH_F,0)!=0) {
LM_DBG("Error parsing until header Content-Length: \n");
return x;
}
if (msg->content_length)
// Content-Length header might be missing
x.len = (int)(long)msg->content_length->parsed;
if (x.len>0)
x.s = get_body(msg);
return x;
}
/**
* Looks for the auts parameter in the Authorization header and returns its value.
* @param msg - the SIP message
* @param realm - realm to match the right Authorization header
* @returns the auts value or an empty string if not found
*/
str ims_get_auts(struct sip_msg *msg, str realm, int is_proxy_auth)
{
str name={"auts=\"",6};
struct hdr_field* h=0;
int i,ret;
str auts={0,0};
if (parse_headers(msg, is_proxy_auth ? HDR_PROXYAUTH_F : HDR_AUTHORIZATION_F,0)!=0) {
LM_ERR("Error parsing until header Authorization: \n");
return auts;
}
if ((!is_proxy_auth && !msg->authorization)
|| (is_proxy_auth && !msg->proxy_auth)){
LM_ERR("Message does not contain Authorization nor Proxy-Authorization header.\n");
return auts;
}
ret = find_credentials(msg, &realm, is_proxy_auth ? HDR_PROXYAUTH_T : HDR_AUTHORIZATION_T, &h);
if (ret < 0) {
LM_ERR("Error while looking for credentials.\n");
return auts;
} else
if (ret > 0) {
LM_ERR("No credentials for this realm found.\n");
return auts;
}
if (h) {
for(i=0;i<h->body.len-name.len;i++)
if (strncasecmp(h->body.s+i,name.s,name.len)==0){
auts.s = h->body.s+i+name.len;
while(i+auts.len<h->body.len && auts.s[auts.len]!='\"')
auts.len++;
}
}
return auts;
}
/**
* Looks for the nonce parameter in the Authorization header and returns its value.
* @param msg - the SIP message
* @param realm - realm to match the right Authorization header
* @returns the nonce or an empty string if none found
*/
str ims_get_nonce(struct sip_msg *msg, str realm)
{
struct hdr_field* h=0;
int ret;
str nonce={0,0};
if (parse_headers(msg,HDR_AUTHORIZATION_F,0)!=0) {
LM_ERR("Error parsing until header Authorization: \n");
return nonce;
}
if (!msg->authorization){
LM_ERR("Message does not contain Authorization header.\n");
return nonce;
}
ret = find_credentials(msg, &realm, HDR_AUTHORIZATION_T, &h);
if (ret < 0) {
LM_ERR("Error while looking for credentials.\n");
return nonce;
} else
if (ret > 0) {
LM_ERR("No credentials for this realm found.\n");
return nonce;
}
if (h&&h->parsed) {
nonce = ((auth_body_t*)h->parsed)->digest.nonce;
}
return nonce;
}
/**
* Adds a header to the reply message
* @param msg - the request to add a header to its reply
* @param content - the str containing the new header
* @returns 1 on success, 0 on failure
*/
int ims_add_header_rpl(struct sip_msg *msg, str *hdr)
{
if (add_lump_rpl( msg, hdr->s, hdr->len, LUMP_RPL_HDR)==0) {
LM_ERR("Can't add header <%.*s>\n",
hdr->len,hdr->s);
return 0;
}
return 1;
}