diff --git a/src/modules/auth_db/api.h b/src/modules/auth_db/api.h index 9945e8ade52..6dd6ca1f3dc 100644 --- a/src/modules/auth_db/api.h +++ b/src/modules/auth_db/api.h @@ -27,16 +27,17 @@ #include "../../core/sr_module.h" #include "../../core/parser/msg_parser.h" -typedef int (*digest_authenticate_f)(struct sip_msg* msg, str *realm, - str *table, hdr_types_t hftype, str *method); +typedef int (*digest_authenticate_f)(struct sip_msg *msg, str *realm, + str *table, hdr_types_t hftype, str *method); /** * @brief AUTH_DB API structure */ -typedef struct auth_db_api { +typedef struct auth_db_api +{ digest_authenticate_f digest_authenticate; } auth_db_api_t; -typedef int (*bind_auth_db_f)(auth_db_api_t* api); +typedef int (*bind_auth_db_f)(auth_db_api_t *api); /** * @brief Load the SL API @@ -50,8 +51,7 @@ static inline int auth_db_load_api(auth_db_api_t *api) LM_ERR("cannot find bind_auth_db\n"); return -1; } - if (bindauthdb(api)==-1) - { + if(bindauthdb(api) == -1) { LM_ERR("cannot bind authdb api\n"); return -1; } diff --git a/src/modules/auth_db/auth_db_mod.c b/src/modules/auth_db/auth_db_mod.c index 55bb395a925..0e46f9353e7 100644 --- a/src/modules/auth_db/auth_db_mod.c +++ b/src/modules/auth_db/auth_db_mod.c @@ -58,10 +58,10 @@ static int child_init(int rank); static int mod_init(void); -static int w_is_subscriber(sip_msg_t *msg, char *_uri, char* _table, - char *_flags); -static int auth_fixup(void** param, int param_no); -static int auth_check_fixup(void** param, int param_no); +static int w_is_subscriber( + sip_msg_t *msg, char *_uri, char *_table, char *_flags); +static int auth_fixup(void **param, int param_no); +static int auth_check_fixup(void **param, int param_no); int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt); #define USER_COL "username" @@ -72,92 +72,85 @@ int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt); /* * Module parameter variables */ -static str db_url = str_init(DEFAULT_RODB_URL); -str user_column = str_init(USER_COL); -str domain_column = str_init(DOMAIN_COL); -str pass_column = str_init(PASS_COL); -str pass_column_2 = str_init(PASS_COL_2); +static str db_url = str_init(DEFAULT_RODB_URL); +str user_column = str_init(USER_COL); +str domain_column = str_init(DOMAIN_COL); +str pass_column = str_init(PASS_COL); +str pass_column_2 = str_init(PASS_COL_2); static int version_table_check = 1; -int calc_ha1 = 0; -int use_domain = 0; /* Use also domain when looking up in table */ -int force_generate_avps = 0; /* Even when user failed to authenticate */ +int calc_ha1 = 0; +int use_domain = 0; /* Use also domain when looking up in table */ +int force_generate_avps = 0; /* Even when user failed to authenticate */ -db1_con_t* auth_db_handle = 0; /* database connection handle */ +db1_con_t *auth_db_handle = 0; /* database connection handle */ db_func_t auth_dbf; auth_api_s_t auth_api; -char *credentials_list = 0; -pv_elem_t *credentials = 0; /* Parsed list of credentials to load */ -int credentials_n = 0; /* Number of credentials in the list */ +char *credentials_list = 0; +pv_elem_t *credentials = 0; /* Parsed list of credentials to load */ +int credentials_n = 0; /* Number of credentials in the list */ /* * Exported functions */ -static cmd_export_t cmds[] = { - {"www_authorize", (cmd_function)www_authenticate, 2, auth_fixup, 0, - REQUEST_ROUTE}, - {"www_authenticate", (cmd_function)www_authenticate, 2, auth_fixup, 0, - REQUEST_ROUTE}, - {"www_authenticate", (cmd_function)www_authenticate2, 3, auth_fixup, 0, - REQUEST_ROUTE}, - {"proxy_authorize", (cmd_function)proxy_authenticate, 2, auth_fixup, 0, - REQUEST_ROUTE}, - {"proxy_authenticate", (cmd_function)proxy_authenticate, 2, auth_fixup, 0, - REQUEST_ROUTE}, - {"auth_check", (cmd_function)w_auth_check, 3, auth_check_fixup, 0, - REQUEST_ROUTE}, - {"is_subscriber", (cmd_function)w_is_subscriber, 3, auth_check_fixup, 0, - ANY_ROUTE}, - {"bind_auth_db", (cmd_function)bind_auth_db, 0, 0, 0, - 0}, - {0, 0, 0, 0, 0, 0} -}; +static cmd_export_t cmds[] = {{"www_authorize", (cmd_function)www_authenticate, + 2, auth_fixup, 0, REQUEST_ROUTE}, + {"www_authenticate", (cmd_function)www_authenticate, 2, auth_fixup, 0, + REQUEST_ROUTE}, + {"www_authenticate", (cmd_function)www_authenticate2, 3, auth_fixup, 0, + REQUEST_ROUTE}, + {"proxy_authorize", (cmd_function)proxy_authenticate, 2, auth_fixup, 0, + REQUEST_ROUTE}, + {"proxy_authenticate", (cmd_function)proxy_authenticate, 2, auth_fixup, + 0, REQUEST_ROUTE}, + {"auth_check", (cmd_function)w_auth_check, 3, auth_check_fixup, 0, + REQUEST_ROUTE}, + {"is_subscriber", (cmd_function)w_is_subscriber, 3, auth_check_fixup, 0, + ANY_ROUTE}, + {"bind_auth_db", (cmd_function)bind_auth_db, 0, 0, 0, 0}, + {0, 0, 0, 0, 0, 0}}; /* * Exported parameters */ -static param_export_t params[] = { - {"db_url", PARAM_STR, &db_url }, - {"user_column", PARAM_STR, &user_column }, - {"domain_column", PARAM_STR, &domain_column }, - {"password_column", PARAM_STR, &pass_column }, - {"password_column_2", PARAM_STR, &pass_column_2 }, - {"calculate_ha1", INT_PARAM, &calc_ha1 }, - {"use_domain", INT_PARAM, &use_domain }, - {"load_credentials", PARAM_STRING, &credentials_list }, - {"version_table", INT_PARAM, &version_table_check }, - {"force_generate_avps", INT_PARAM, &force_generate_avps}, - {0, 0, 0} -}; +static param_export_t params[] = {{"db_url", PARAM_STR, &db_url}, + {"user_column", PARAM_STR, &user_column}, + {"domain_column", PARAM_STR, &domain_column}, + {"password_column", PARAM_STR, &pass_column}, + {"password_column_2", PARAM_STR, &pass_column_2}, + {"calculate_ha1", INT_PARAM, &calc_ha1}, + {"use_domain", INT_PARAM, &use_domain}, + {"load_credentials", PARAM_STRING, &credentials_list}, + {"version_table", INT_PARAM, &version_table_check}, + {"force_generate_avps", INT_PARAM, &force_generate_avps}, {0, 0, 0}}; /* * Module interface */ struct module_exports exports = { - "auth_db", - DEFAULT_DLFLAGS, /* dlopen flags */ - cmds, /* Exported functions */ - params, /* Exported parameters */ - 0, /* exported RPC methods */ - 0, /* exported pseudo-variables */ - 0, /* response function */ - mod_init, /* module initialization function */ - child_init, /* child initialization function */ - destroy /* destroy function */ + "auth_db", DEFAULT_DLFLAGS, /* dlopen flags */ + cmds, /* Exported functions */ + params, /* Exported parameters */ + 0, /* exported RPC methods */ + 0, /* exported pseudo-variables */ + 0, /* response function */ + mod_init, /* module initialization function */ + child_init, /* child initialization function */ + destroy /* destroy function */ }; static int child_init(int rank) { - if (rank==PROC_INIT || rank==PROC_MAIN || rank==PROC_TCP_MAIN) + if(rank == PROC_INIT || rank == PROC_MAIN || rank == PROC_TCP_MAIN) return 0; /* do nothing for the main process */ auth_db_handle = auth_dbf.init(&db_url); - if (auth_db_handle == 0){ + if(auth_db_handle == 0) { LM_ERR("unable to connect to the database\n"); return -1; } @@ -171,26 +164,26 @@ static int mod_init(void) bind_auth_s_t bind_auth; /* Find a database module */ - if (db_bind_mod(&db_url, &auth_dbf) < 0){ + if(db_bind_mod(&db_url, &auth_dbf) < 0) { LM_ERR("unable to bind to a database driver\n"); return -1; } /* bind to auth module and import the API */ bind_auth = (bind_auth_s_t)find_export("bind_auth_s", 0, 0); - if (!bind_auth) { + if(!bind_auth) { LM_ERR("unable to find bind_auth function. Check if you load" - " the auth module.\n"); + " the auth module.\n"); return -2; } - if (bind_auth(&auth_api) < 0) { + if(bind_auth(&auth_api) < 0) { LM_ERR("unable to bind auth module\n"); return -3; } /* process additional list of credentials */ - if (parse_aaa_pvs(credentials_list, &credentials, &credentials_n) != 0) { + if(parse_aaa_pvs(credentials_list, &credentials, &credentials_n) != 0) { LM_ERR("failed to parse credentials\n"); return -5; } @@ -201,11 +194,11 @@ static int mod_init(void) static void destroy(void) { - if (auth_db_handle) { + if(auth_db_handle) { auth_dbf.close(auth_db_handle); auth_db_handle = 0; } - if (credentials) { + if(credentials) { pv_elem_free_all(credentials); credentials = 0; credentials_n = 0; @@ -220,26 +213,26 @@ static int is_subscriber(sip_msg_t *msg, str *suri, str *stable, int iflags) int ret; sip_uri_t puri; - if (suri->len<=0) { + if(suri->len <= 0) { LM_ERR("invalid uri parameter - empty value\n"); return -1; } - if(parse_uri(suri->s, suri->len, &puri)<0){ + if(parse_uri(suri->s, suri->len, &puri) < 0) { LM_ERR("invalid uri parameter format\n"); return -1; } - if (stable->len<=0) { + if(stable->len <= 0) { LM_ERR("invalid table parameter - empty value\n"); return -1; } LM_DBG("uri [%.*s] table [%.*s] flags [%d]\n", suri->len, suri->s, - stable->len, stable->s, iflags); + stable->len, stable->s, iflags); ret = fetch_credentials(msg, &puri.user, - (iflags&AUTH_DB_SUBS_USE_DOMAIN)?&puri.host:NULL, - stable, iflags); + (iflags & AUTH_DB_SUBS_USE_DOMAIN) ? &puri.host : NULL, stable, + iflags); - if(ret>=0) + if(ret >= 0) return 1; return ret; } @@ -248,30 +241,29 @@ static int is_subscriber(sip_msg_t *msg, str *suri, str *stable, int iflags) * check if the subscriber identified by _uri has a valid record in * database table _table */ -static int w_is_subscriber(sip_msg_t *msg, char *_uri, char* _table, - char *_flags) +static int w_is_subscriber( + sip_msg_t *msg, char *_uri, char *_table, char *_flags) { str suri; str stable; int iflags = 0; - if(msg==NULL || _uri==NULL || _table==NULL || _flags==NULL) { + if(msg == NULL || _uri == NULL || _table == NULL || _flags == NULL) { LM_ERR("invalid parameters\n"); return AUTH_ERROR; } - if (get_str_fparam(&suri, msg, (fparam_t*)_uri) < 0) { + if(get_str_fparam(&suri, msg, (fparam_t *)_uri) < 0) { LM_ERR("failed to get uri value\n"); return -1; } - if (get_str_fparam(&stable, msg, (fparam_t*)_table) < 0) { + if(get_str_fparam(&stable, msg, (fparam_t *)_table) < 0) { LM_ERR("failed to get table value\n"); return -1; } - if(fixup_get_ivalue(msg, (gparam_p)_flags, &iflags)!=0) - { + if(fixup_get_ivalue(msg, (gparam_p)_flags, &iflags) != 0) { LM_ERR("invalid flags parameter\n"); return -1; } @@ -281,30 +273,30 @@ static int w_is_subscriber(sip_msg_t *msg, char *_uri, char* _table, /* * Convert the char* parameters */ -static int auth_fixup(void** param, int param_no) +static int auth_fixup(void **param, int param_no) { - db1_con_t* dbh = NULL; + db1_con_t *dbh = NULL; str name; - if(strlen((char*)*param)<=0) { + if(strlen((char *)*param) <= 0) { LM_ERR("empty parameter %d not allowed\n", param_no); return -1; } - if (param_no == 1 || param_no == 3) { + if(param_no == 1 || param_no == 3) { return fixup_var_str_12(param, 1); - } else if (param_no == 2) { - name.s = (char*)*param; + } else if(param_no == 2) { + name.s = (char *)*param; name.len = strlen(name.s); dbh = auth_dbf.init(&db_url); - if (!dbh) { + if(!dbh) { LM_ERR("unable to open database connection\n"); return -1; } - if(version_table_check!=0 - && db_check_table_version(&auth_dbf, dbh, &name, - TABLE_VERSION) < 0) { + if(version_table_check != 0 + && db_check_table_version(&auth_dbf, dbh, &name, TABLE_VERSION) + < 0) { DB_TABLE_VERSION_ERROR(name); auth_dbf.close(dbh); dbh = 0; @@ -319,19 +311,19 @@ static int auth_fixup(void** param, int param_no) /* * Convert cfg parameters to run-time structures */ -static int auth_check_fixup(void** param, int param_no) +static int auth_check_fixup(void **param, int param_no) { - if(strlen((char*)*param)<=0) { + if(strlen((char *)*param) <= 0) { LM_ERR("empty parameter %d not allowed\n", param_no); return -1; } - if (param_no == 1) { + if(param_no == 1) { return fixup_var_str_12(param, 1); } - if (param_no == 2) { + if(param_no == 2) { return fixup_var_str_12(param, 2); } - if (param_no == 3) { + if(param_no == 3) { return fixup_igp_null(param, 1); } return 0; @@ -349,38 +341,39 @@ int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt) char *sep; p = definition; - if (p==0 || *p==0) + if(p == 0 || *p == 0) return 0; *pv_def = 0; *cnt = 0; /* get element by element */ - while ( (end=strchr(p,';'))!=0 || (end=p+strlen(p))!=p ) { + while((end = strchr(p, ';')) != 0 || (end = p + strlen(p)) != p) { /* new pv_elem_t */ - if ( (pve=(pv_elem_t*)pkg_malloc(sizeof(pv_elem_t)))==0 ) { + if((pve = (pv_elem_t *)pkg_malloc(sizeof(pv_elem_t))) == 0) { PKG_MEM_ERROR; goto error; } - memset( pve, 0, sizeof(pv_elem_t)); + memset(pve, 0, sizeof(pv_elem_t)); /* definition is between p and e */ /* search backwards because PV definition may contain '=' characters */ - for (sep = end; sep >= p && *sep != '='; sep--); - if (sep > p) { + for(sep = end; sep >= p && *sep != '='; sep--) + ; + if(sep > p) { /* pv=column style */ /* set column name */ pve->text.s = sep + 1; pve->text.len = end - pve->text.s; trim(&pve->text); - if (pve->text.len == 0) { + if(pve->text.len == 0) { goto parse_error; } /* set pv spec */ pv.s = p; pv.len = sep - p; trim(&pv); - if (pv.len == 0) { + if(pv.len == 0) { goto parse_error; } } else { @@ -388,12 +381,12 @@ int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt) pve->text.s = p; pve->text.len = end - pve->text.s; trim(&pve->text); - if (pve->text.len == 0) { + if(pve->text.len == 0) { goto parse_error; } /* create an avp definition for the spec parser */ - pv.s = (char*)pkg_malloc(pve->text.len + 7); - if (pv.s == NULL) { + pv.s = (char *)pkg_malloc(pve->text.len + 7); + if(pv.s == NULL) { PKG_MEM_ERROR; goto error; } @@ -402,9 +395,10 @@ int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt) } /* create a pv spec */ - LM_DBG("column: %.*s pv: %.*s\n", pve->text.len, pve->text.s, pv.len, pv.s); + LM_DBG("column: %.*s pv: %.*s\n", pve->text.len, pve->text.s, pv.len, + pv.s); pve->spec = pv_spec_lookup(&pv, NULL); - if(pve->spec==NULL || pve->spec->setf == NULL) { + if(pve->spec == NULL || pve->spec->setf == NULL) { LM_ERR("PV is not writeable: %.*s\n", pv.len, pv.s); goto parse_error; } @@ -416,21 +410,21 @@ int parse_aaa_pvs(char *definition, pv_elem_t **pv_def, int *cnt) pve = 0; /* go to the end */ p = end; - if (*p==';') { + if(*p == ';') { p++; } - if (*p==0) { + if(*p == 0) { break; } } return 0; parse_error: - LM_ERR("parse failed in \"%s\" at pos %d(%s)\n", - definition, (int)(long)(p-definition),p); + LM_ERR("parse failed in \"%s\" at pos %d(%s)\n", definition, + (int)(long)(p - definition), p); error: - pkg_free( pve ); - pv_elem_free_all( *pv_def ); + pkg_free(pve); + pv_elem_free_all(*pv_def); *pv_def = 0; *cnt = 0; return -1; diff --git a/src/modules/auth_db/auth_db_mod.h b/src/modules/auth_db/auth_db_mod.h index 7cef7c12dff..60588d1a612 100644 --- a/src/modules/auth_db/auth_db_mod.h +++ b/src/modules/auth_db/auth_db_mod.h @@ -34,17 +34,18 @@ * Module parameters variables */ -extern str user_column; /* 'username' column name */ -extern str domain_column; /* 'domain' column name */ -extern str pass_column; /* 'password' column name */ -extern str pass_column_2; /* Column containing HA1 string constructed +extern str user_column; /* 'username' column name */ +extern str domain_column; /* 'domain' column name */ +extern str pass_column; /* 'password' column name */ +extern str pass_column_2; /* Column containing HA1 string constructed * of user@domain username */ -extern int calc_ha1; /* if set to 1, ha1 is calculated by the server */ -extern int use_domain; /* If set to 1 then the domain will be used when selecting a row */ +extern int calc_ha1; /* if set to 1, ha1 is calculated by the server */ +extern int + use_domain; /* If set to 1 then the domain will be used when selecting a row */ -extern db1_con_t* auth_db_handle; /* database connection handle */ +extern db1_con_t *auth_db_handle; /* database connection handle */ extern db_func_t auth_dbf; extern auth_api_s_t auth_api; diff --git a/src/modules/auth_db/authorize.c b/src/modules/auth_db/authorize.c index 74a151d4297..f0de2299ac1 100644 --- a/src/modules/auth_db/authorize.c +++ b/src/modules/auth_db/authorize.c @@ -42,7 +42,8 @@ #include "authorize.h" -int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int flags) +int fetch_credentials( + sip_msg_t *msg, str *user, str *domain, str *table, int flags) { pv_elem_t *cred; db_key_t keys[2]; @@ -52,13 +53,13 @@ int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int fl int n, nc; - if(flags&AUTH_DB_SUBS_SKIP_CREDENTIALS) { + if(flags & AUTH_DB_SUBS_SKIP_CREDENTIALS) { nc = 1; } else { nc = credentials_n; } - col = pkg_malloc(sizeof(*col) * (nc+1)); - if (col == NULL) { + col = pkg_malloc(sizeof(*col) * (nc + 1)); + if(col == NULL) { PKG_MEM_ERROR; return -1; } @@ -66,10 +67,10 @@ int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int fl keys[0] = &user_column; keys[1] = &domain_column; - if(flags&AUTH_DB_SUBS_SKIP_CREDENTIALS) { + if(flags & AUTH_DB_SUBS_SKIP_CREDENTIALS) { col[0] = &user_column; } else { - for (n = 0, cred=credentials; cred ; n++, cred=cred->next) { + for(n = 0, cred = credentials; cred; n++, cred = cred->next) { col[n] = &cred->text; } } @@ -80,19 +81,19 @@ int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int fl n = 1; VAL_STR(vals) = *user; - if (domain && domain->len) { + if(domain && domain->len) { VAL_STR(vals + 1) = *domain; n = 2; } - if (auth_dbf.use_table(auth_db_handle, table) < 0) { + if(auth_dbf.use_table(auth_db_handle, table) < 0) { LM_ERR("failed to use_table\n"); pkg_free(col); return -1; } - if (auth_dbf.query(auth_db_handle, keys, 0, vals, col, n, nc, 0, &res) < 0 - || res==NULL) { + if(auth_dbf.query(auth_db_handle, keys, 0, vals, col, n, nc, 0, &res) < 0 + || res == NULL) { LM_ERR("failed to query database\n"); pkg_free(col); if(res) @@ -100,20 +101,19 @@ int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int fl return -1; } pkg_free(col); - if (RES_ROW_N(res) == 0) { + if(RES_ROW_N(res) == 0) { auth_dbf.free_result(auth_db_handle, res); - LM_DBG("no result for user \'%.*s%s%.*s\' in [%.*s]\n", - user->len, user->s, (n==2)?"@":"", - (n==2)?domain->len:0, (n==2)?domain->s:"", - table->len, table->s); + LM_DBG("no result for user \'%.*s%s%.*s\' in [%.*s]\n", user->len, + user->s, (n == 2) ? "@" : "", (n == 2) ? domain->len : 0, + (n == 2) ? domain->s : "", table->len, table->s); return -2; } - if(flags&AUTH_DB_SUBS_SKIP_CREDENTIALS) { + if(flags & AUTH_DB_SUBS_SKIP_CREDENTIALS) { /* there is a result and flag to skip loading credentials is set */ goto done; } - for (cred=credentials, n=0; cred; cred=cred->next, n++) { - if (db_val2pv_spec(msg, &RES_ROWS(res)[0].values[n], cred->spec) != 0) { + for(cred = credentials, n = 0; cred; cred = cred->next, n++) { + if(db_val2pv_spec(msg, &RES_ROWS(res)[0].values[n], cred->spec) != 0) { auth_dbf.free_result(auth_db_handle, res); LM_ERR("Failed to convert value for column %.*s\n", RES_NAMES(res)[n]->len, RES_NAMES(res)[n]->s); @@ -127,8 +127,8 @@ int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int fl return 0; } -static inline int get_ha1(struct username* _username, str* _domain, - const str* _table, char* _ha1, db1_res_t** res) +static inline int get_ha1(struct username *_username, str *_domain, + const str *_table, char *_ha1, db1_res_t **res) { pv_elem_t *cred; db_key_t keys[2]; @@ -139,7 +139,7 @@ static inline int get_ha1(struct username* _username, str* _domain, int n, nc; col = pkg_malloc(sizeof(*col) * (credentials_n + 1)); - if (col == NULL) { + if(col == NULL) { PKG_MEM_ERROR; return -1; } @@ -147,10 +147,10 @@ static inline int get_ha1(struct username* _username, str* _domain, keys[0] = &user_column; keys[1] = &domain_column; /* should we calculate the HA1, and is it calculated with domain? */ - col[0] = (_username->domain.len && !calc_ha1) ? - (&pass_column_2) : (&pass_column); + col[0] = (_username->domain.len && !calc_ha1) ? (&pass_column_2) + : (&pass_column); - for (n = 0, cred=credentials; cred ; n++, cred=cred->next) { + for(n = 0, cred = credentials; cred; n++, cred = cred->next) { col[1 + n] = &cred->text; } @@ -160,7 +160,7 @@ static inline int get_ha1(struct username* _username, str* _domain, VAL_STR(vals).s = _username->user.s; VAL_STR(vals).len = _username->user.len; - if (_username->domain.len) { + if(_username->domain.len) { VAL_STR(vals + 1) = _username->domain; } else { VAL_STR(vals + 1) = *_domain; @@ -168,34 +168,34 @@ static inline int get_ha1(struct username* _username, str* _domain, n = (use_domain ? 2 : 1); nc = 1 + credentials_n; - if (auth_dbf.use_table(auth_db_handle, _table) < 0) { + if(auth_dbf.use_table(auth_db_handle, _table) < 0) { LM_ERR("failed to use_table\n"); pkg_free(col); return -1; } - if (auth_dbf.query(auth_db_handle, keys, 0, vals, col, n, nc, 0, res) < 0) { + if(auth_dbf.query(auth_db_handle, keys, 0, vals, col, n, nc, 0, res) < 0) { LM_ERR("failed to query database\n"); pkg_free(col); return -1; } pkg_free(col); - if (RES_ROW_N(*res) == 0) { - LM_DBG("no result for user \'%.*s@%.*s\'\n", - _username->user.len, ZSW(_username->user.s), - (use_domain ? (_domain->len) : 0), ZSW(_domain->s)); + if(RES_ROW_N(*res) == 0) { + LM_DBG("no result for user \'%.*s@%.*s\'\n", _username->user.len, + ZSW(_username->user.s), (use_domain ? (_domain->len) : 0), + ZSW(_domain->s)); return 1; } - result.s = (char*)ROW_VALUES(RES_ROWS(*res))[0].val.string_val; + result.s = (char *)ROW_VALUES(RES_ROWS(*res))[0].val.string_val; result.len = strlen(result.s); - if (calc_ha1) { + if(calc_ha1) { /* Only plaintext passwords are stored in database, * we have to calculate HA1 */ - auth_api.calc_HA1(HA_MD5, &_username->whole, _domain, &result, - 0, 0, _ha1); + auth_api.calc_HA1( + HA_MD5, &_username->whole, _domain, &result, 0, 0, _ha1); LM_DBG("HA1 string calculated: %s\n", _ha1); } else { memcpy(_ha1, result.s, result.len); @@ -209,13 +209,14 @@ static inline int get_ha1(struct username* _username, str* _domain, /* * Generate AVPs from the database result */ -static int generate_avps(struct sip_msg* msg, db1_res_t* db_res) +static int generate_avps(struct sip_msg *msg, db1_res_t *db_res) { pv_elem_t *cred; int i; - for (cred=credentials, i=1; cred; cred=cred->next, i++) { - if (db_val2pv_spec(msg, &RES_ROWS(db_res)[0].values[i], cred->spec) != 0) { + for(cred = credentials, i = 1; cred; cred = cred->next, i++) { + if(db_val2pv_spec(msg, &RES_ROWS(db_res)[0].values[i], cred->spec) + != 0) { LM_ERR("Failed to convert value for column %.*s\n", RES_NAMES(db_res)[i]->len, RES_NAMES(db_res)[i]->s); return -1; @@ -228,15 +229,15 @@ static int generate_avps(struct sip_msg* msg, db1_res_t* db_res) /* * Authorize digest credentials and set the pointer to used hdr */ -static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, - str *table, hdr_types_t hftype, str *method, hdr_field_t **ahdr) +static int digest_authenticate_hdr(sip_msg_t *msg, str *realm, str *table, + hdr_types_t hftype, str *method, hdr_field_t **ahdr) { char ha1[256]; auth_cfg_result_t ret; auth_result_t rauth; - struct hdr_field* h; - auth_body_t* cred; - db1_res_t* result = NULL; + struct hdr_field *h; + auth_body_t *cred; + db1_res_t *result = NULL; cred = 0; ret = AUTH_ERROR; @@ -279,34 +280,35 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, goto end; } - cred = (auth_body_t*)h->parsed; - if(ahdr!=NULL) *ahdr = h; + cred = (auth_body_t *)h->parsed; + if(ahdr != NULL) + *ahdr = h; rauth = get_ha1(&cred->digest.username, realm, table, ha1, &result); - if (rauth < 0) { + if(rauth < 0) { /* Error while accessing the database */ ret = AUTH_ERROR; goto end; } - if (rauth > 0) { + if(rauth > 0) { /* Username not found in the database */ ret = AUTH_USER_UNKNOWN; goto end; } /* Even when user failed to authenticate */ - if (force_generate_avps) { + if(force_generate_avps) { generate_avps(msg, result); } /* Recalculate response, it must be same to authorize successfully */ rauth = auth_api.check_response(&(cred->digest), method, ha1); - if(rauth==AUTHENTICATED) { + if(rauth == AUTHENTICATED) { ret = AUTH_OK; switch(auth_api.post_auth(msg, h, ha1)) { case AUTHENTICATED: /* Only when user succeeded to authenticate */ - if (!force_generate_avps) { + if(!force_generate_avps) { generate_avps(msg, result); } break; @@ -315,7 +317,7 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, break; } } else { - if(rauth==NOT_AUTHENTICATED) + if(rauth == NOT_AUTHENTICATED) ret = AUTH_INVALID_PASSWORD; else ret = AUTH_ERROR; @@ -330,8 +332,8 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, /* * Authorize digest credentials */ -static int digest_authenticate(sip_msg_t* msg, str *realm, - str *table, hdr_types_t hftype, str *method) +static int digest_authenticate( + sip_msg_t *msg, str *realm, str *table, hdr_types_t hftype, str *method) { return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL); } @@ -340,119 +342,117 @@ static int digest_authenticate(sip_msg_t* msg, str *realm, /* * Authenticate using Proxy-Authorize header field */ -int proxy_authenticate(struct sip_msg* _m, char* _realm, char* _table) +int proxy_authenticate(struct sip_msg *_m, char *_realm, char *_table) { str srealm; str stable; - if(_table==NULL) { + if(_table == NULL) { LM_ERR("invalid table parameter\n"); return AUTH_ERROR; } - stable.s = _table; + stable.s = _table; stable.len = strlen(stable.s); - if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) { + if(get_str_fparam(&srealm, _m, (fparam_t *)_realm) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } - if (srealm.len==0) - { + if(srealm.len == 0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("realm value [%.*s]\n", srealm.len, srealm.s); return digest_authenticate(_m, &srealm, &stable, HDR_PROXYAUTH_T, - &_m->first_line.u.request.method); + &_m->first_line.u.request.method); } /* * Authenticate using WWW-Authorize header field */ -int www_authenticate(struct sip_msg* _m, char* _realm, char* _table) +int www_authenticate(struct sip_msg *_m, char *_realm, char *_table) { str srealm; str stable; - if(_table==NULL) { + if(_table == NULL) { LM_ERR("invalid table parameter\n"); return AUTH_ERROR; } - stable.s = _table; + stable.s = _table; stable.len = strlen(stable.s); - if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) { + if(get_str_fparam(&srealm, _m, (fparam_t *)_realm) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } - if (srealm.len==0) - { + if(srealm.len == 0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("realm value [%.*s]\n", srealm.len, srealm.s); return digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T, - &_m->first_line.u.request.method); + &_m->first_line.u.request.method); } -int ki_www_authenticate(struct sip_msg* _m, str *realm, str *table) +int ki_www_authenticate(struct sip_msg *_m, str *realm, str *table) { LM_DBG("realm value [%.*s]\n", realm->len, realm->s); return digest_authenticate(_m, realm, table, HDR_AUTHORIZATION_T, - &_m->first_line.u.request.method); + &_m->first_line.u.request.method); } -int www_authenticate2(struct sip_msg* _m, char* _realm, char* _table, char *_method) +int www_authenticate2( + struct sip_msg *_m, char *_realm, char *_table, char *_method) { str srealm; str stable; str smethod; - if(_table==NULL) { + if(_table == NULL) { LM_ERR("invalid table parameter\n"); return AUTH_ERROR; } - stable.s = _table; + stable.s = _table; stable.len = strlen(stable.s); - if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) { + if(get_str_fparam(&srealm, _m, (fparam_t *)_realm) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } - if (srealm.len==0) - { + if(srealm.len == 0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("realm value [%.*s]\n", srealm.len, srealm.s); - if (get_str_fparam(&smethod, _m, (fparam_t*)_method) < 0) { + if(get_str_fparam(&smethod, _m, (fparam_t *)_method) < 0) { LM_ERR("failed to get method value\n"); return AUTH_ERROR; } - if (smethod.len==0) - { + if(smethod.len == 0) { LM_ERR("invalid method parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("method value [%.*s]\n", smethod.len, smethod.s); - return digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T, - &smethod); + return digest_authenticate( + _m, &srealm, &stable, HDR_AUTHORIZATION_T, &smethod); } -int ki_www_authenticate_method(sip_msg_t *msg, str *realm, str *table, str *method) +int ki_www_authenticate_method( + sip_msg_t *msg, str *realm, str *table, str *method) { return digest_authenticate(msg, realm, table, HDR_AUTHORIZATION_T, method); } @@ -469,79 +469,92 @@ int auth_check(sip_msg_t *_m, str *srealm, str *stable, int iflags) sip_uri_t *furi = NULL; str suser; - if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { + if((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { return AUTH_OK; } - if (srealm->len<=0) { + if(srealm->len <= 0) { LM_ERR("invalid realm parameter - empty value\n"); return AUTH_ERROR; } - if (stable->len==0) { + if(stable->len == 0) { LM_ERR("invalid table parameter - empty value\n"); return AUTH_ERROR; } LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm->len, srealm->s, - stable->len, stable->s, iflags); + stable->len, stable->s, iflags); hdr = NULL; - if(_m->REQ_METHOD==METHOD_REGISTER) + if(_m->REQ_METHOD == METHOD_REGISTER) ret = digest_authenticate_hdr(_m, srealm, stable, HDR_AUTHORIZATION_T, - &_m->first_line.u.request.method, &hdr); + &_m->first_line.u.request.method, &hdr); else ret = digest_authenticate_hdr(_m, srealm, stable, HDR_PROXYAUTH_T, - &_m->first_line.u.request.method, &hdr); + &_m->first_line.u.request.method, &hdr); - if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) { - suser = ((auth_body_t*)(hdr->parsed))->digest.username.user; + if(ret == AUTH_OK && hdr != NULL && (iflags & AUTH_CHECK_ID_F)) { + suser = ((auth_body_t *)(hdr->parsed))->digest.username.user; - if((furi=parse_from_uri(_m))==NULL) + if((furi = parse_from_uri(_m)) == NULL) return AUTH_ERROR; - if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { - if((turi=parse_to_uri(_m))==NULL) + if(_m->REQ_METHOD == METHOD_REGISTER + || _m->REQ_METHOD == METHOD_PUBLISH) { + if((turi = parse_to_uri(_m)) == NULL) return AUTH_ERROR; uri = turi; } else { uri = furi; } - if(!((iflags&AUTH_CHECK_SKIPFWD_F) - && (_m->REQ_METHOD==METHOD_INVITE || _m->REQ_METHOD==METHOD_BYE - || _m->REQ_METHOD==METHOD_PRACK || _m->REQ_METHOD==METHOD_UPDATE - || _m->REQ_METHOD==METHOD_MESSAGE))) { - if(suser.len!=uri->user.len - || strncmp(suser.s, uri->user.s, suser.len)!=0) { - LM_DBG("authentication username mismatch with from/to username\n"); + if(!((iflags & AUTH_CHECK_SKIPFWD_F) + && (_m->REQ_METHOD == METHOD_INVITE + || _m->REQ_METHOD == METHOD_BYE + || _m->REQ_METHOD == METHOD_PRACK + || _m->REQ_METHOD == METHOD_UPDATE + || _m->REQ_METHOD == METHOD_MESSAGE))) { + if(suser.len != uri->user.len + || strncmp(suser.s, uri->user.s, suser.len) != 0) { + LM_DBG("authentication username mismatch with from/to " + "username\n"); return AUTH_USER_MISMATCH; } } - if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) { + if(_m->REQ_METHOD == METHOD_REGISTER + || _m->REQ_METHOD == METHOD_PUBLISH) { /* check from==to */ - if(furi->user.len!=turi->user.len - || strncmp(furi->user.s, turi->user.s, furi->user.len)!=0) { + if(furi->user.len != turi->user.len + || strncmp(furi->user.s, turi->user.s, furi->user.len) + != 0) { LM_DBG("from username mismatch with to username\n"); return AUTH_USER_MISMATCH; } - if(use_domain!=0 && (furi->host.len!=turi->host.len - || strncmp(furi->host.s, turi->host.s, furi->host.len)!=0)) { + if(use_domain != 0 + && (furi->host.len != turi->host.len + || strncmp(furi->host.s, turi->host.s, + furi->host.len) + != 0)) { LM_DBG("from domain mismatch with to domain\n"); return AUTH_USER_MISMATCH; } /* check r-uri==from for publish */ - if(_m->REQ_METHOD==METHOD_PUBLISH) { - if(parse_sip_msg_uri(_m)<0) + if(_m->REQ_METHOD == METHOD_PUBLISH) { + if(parse_sip_msg_uri(_m) < 0) return AUTH_ERROR; uri = &_m->parsed_uri; - if(furi->user.len!=uri->user.len - || strncmp(furi->user.s, uri->user.s, furi->user.len)!=0) { + if(furi->user.len != uri->user.len + || strncmp(furi->user.s, uri->user.s, furi->user.len) + != 0) { LM_DBG("from username mismatch with r-uri username\n"); return AUTH_USER_MISMATCH; } - if(use_domain!=0 && (furi->host.len!=uri->host.len - || strncmp(furi->host.s, uri->host.s, furi->host.len)!=0)) { + if(use_domain != 0 + && (furi->host.len != uri->host.len + || strncmp(furi->host.s, uri->host.s, + furi->host.len) + != 0)) { LM_DBG("from domain mismatch with r-uri domain\n"); return AUTH_USER_MISMATCH; } @@ -556,38 +569,37 @@ int auth_check(sip_msg_t *_m, str *srealm, str *stable, int iflags) /* * Authenticate using WWW/Proxy-Authorize header field */ -int w_auth_check(sip_msg_t *_m, char* _realm, char* _table, char *_flags) +int w_auth_check(sip_msg_t *_m, char *_realm, char *_table, char *_flags) { str srealm; str stable; int iflags; - if(_m==NULL) { + if(_m == NULL) { LM_ERR("invalid msg parameter\n"); return AUTH_ERROR; } - if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { + if((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) { return AUTH_OK; } - if(_realm==NULL || _table==NULL || _flags==NULL) { + if(_realm == NULL || _table == NULL || _flags == NULL) { LM_ERR("invalid parameters\n"); return AUTH_ERROR; } - if (get_str_fparam(&srealm, _m, (fparam_t*)_realm) < 0) { + if(get_str_fparam(&srealm, _m, (fparam_t *)_realm) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } - if (get_str_fparam(&stable, _m, (fparam_t*)_table) < 0) { + if(get_str_fparam(&stable, _m, (fparam_t *)_table) < 0) { LM_ERR("failed to get realm value\n"); return AUTH_ERROR; } - if(fixup_get_ivalue(_m, (gparam_p)_flags, &iflags)!=0) - { + if(fixup_get_ivalue(_m, (gparam_p)_flags, &iflags) != 0) { LM_ERR("invalid flags parameter\n"); return -1; } @@ -600,7 +612,7 @@ int w_auth_check(sip_msg_t *_m, char* _realm, char* _table, char *_flags) */ int bind_auth_db(auth_db_api_t *api) { - if (!api) { + if(!api) { ERR("Invalid parameter value\n"); return -1; } diff --git a/src/modules/auth_db/authorize.h b/src/modules/auth_db/authorize.h index 5653fd452f5..bbb3bc105c0 100644 --- a/src/modules/auth_db/authorize.h +++ b/src/modules/auth_db/authorize.h @@ -30,42 +30,45 @@ extern int force_generate_avps; -int auth_db_init(const str* db_url); -int auth_db_bind(const str* db_url); +int auth_db_init(const str *db_url); +int auth_db_bind(const str *db_url); void auth_db_close(void); /* * Authorize using Proxy-Authorization header field */ -int proxy_authenticate(struct sip_msg* _msg, char* _realm, char* _table); +int proxy_authenticate(struct sip_msg *_msg, char *_realm, char *_table); /* * Authorize using WWW-Authorization header field */ -int www_authenticate(struct sip_msg* _msg, char* _realm, char* _table); -int www_authenticate2(struct sip_msg* _msg, char* _realm, char* _table, char *_method); +int www_authenticate(struct sip_msg *_msg, char *_realm, char *_table); +int www_authenticate2( + struct sip_msg *_msg, char *_realm, char *_table, char *_method); -int ki_www_authenticate(struct sip_msg* _m, str *realm, str *table); -int ki_www_authenticate_method(sip_msg_t *msg, str *realm, str *table, str *method); +int ki_www_authenticate(struct sip_msg *_m, str *realm, str *table); +int ki_www_authenticate_method( + sip_msg_t *msg, str *realm, str *table, str *method); /* * Authenticate using WWW/Proxy-Authorize header field */ int auth_check(sip_msg_t *_m, str *srealm, str *stable, int iflags); -int w_auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags); +int w_auth_check(struct sip_msg *_m, char *_realm, char *_table, char *_flags); -#define AUTH_DB_SUBS_USE_DOMAIN 1<<0 -#define AUTH_DB_SUBS_SKIP_CREDENTIALS 1<<1 +#define AUTH_DB_SUBS_USE_DOMAIN 1 << 0 +#define AUTH_DB_SUBS_SKIP_CREDENTIALS 1 << 1 /* * Fetch credentials for a specific user */ -int fetch_credentials(sip_msg_t *msg, str *user, str* domain, str *table, int flags); +int fetch_credentials( + sip_msg_t *msg, str *user, str *domain, str *table, int flags); /* * Bind to AUTH_DB API */ -int bind_auth_db(auth_db_api_t* api); +int bind_auth_db(auth_db_api_t *api); #endif /* AUTHORIZE_H */