From 63b19282d967ceb2dfa8e2d8a4beadbdfe9cffca Mon Sep 17 00:00:00 2001 From: Victor Seva Date: Wed, 17 May 2023 16:35:57 +0200 Subject: [PATCH] auth_diameter: clang-format for coherent indentation and coding style --- src/modules/auth_diameter/auth_diameter.c | 149 +++---- src/modules/auth_diameter/auth_diameter.h | 1 - src/modules/auth_diameter/authorize.c | 473 +++++++++------------- src/modules/auth_diameter/authorize.h | 46 +-- src/modules/auth_diameter/avp.c | 315 +++++++------- src/modules/auth_diameter/defs.h | 50 +-- src/modules/auth_diameter/diameter_msg.h | 425 +++++++++---------- src/modules/auth_diameter/message.c | 222 +++++----- src/modules/auth_diameter/tcp_comm.c | 217 +++++----- src/modules/auth_diameter/tcp_comm.h | 22 +- src/modules/auth_diameter/user_in.c | 177 ++++---- 11 files changed, 974 insertions(+), 1123 deletions(-) diff --git a/src/modules/auth_diameter/auth_diameter.c b/src/modules/auth_diameter/auth_diameter.c index 067df251e67..e9dea5bef45 100644 --- a/src/modules/auth_diameter/auth_diameter.c +++ b/src/modules/auth_diameter/auth_diameter.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include #include "../../core/sr_module.h" #include "../../core/error.h" @@ -46,19 +46,19 @@ MODULE_VERSION /** SL API structure */ sl_api_t slb; -static int mod_init(void); /* Module initialization function*/ -static int mod_child_init(int r); /* Child initialization function*/ -static int auth_fixup(void** param, int param_no); -static int group_fixup(void** param, int param_no); +static int mod_init(void); /* Module initialization function*/ +static int mod_child_init(int r); /* Child initialization function*/ +static int auth_fixup(void **param, int param_no); +static int group_fixup(void **param, int param_no); -int diameter_www_authorize(struct sip_msg* _msg, char* _realm, char* _s2); -int diameter_proxy_authorize(struct sip_msg* _msg, char* _realm, char* _s2); -int diameter_is_user_in(struct sip_msg* _msg, char* group, char* _s2); +int diameter_www_authorize(struct sip_msg *_msg, char *_realm, char *_s2); +int diameter_proxy_authorize(struct sip_msg *_msg, char *_realm, char *_s2); +int diameter_is_user_in(struct sip_msg *_msg, char *group, char *_s2); /* * Module parameter variables */ -char* diameter_client_host = "localhost"; +char *diameter_client_host = "localhost"; int diameter_client_port = 3000; int use_domain = 0; int sockfd = -1; @@ -69,41 +69,37 @@ rd_buf_t *rb; * Exported functions */ static cmd_export_t cmds[] = { - {"diameter_www_authorize", (cmd_function)diameter_www_authorize, 1, auth_fixup, - 0, REQUEST_ROUTE}, - {"diameter_proxy_authorize", (cmd_function)diameter_proxy_authorize, 1, auth_fixup, - 0, REQUEST_ROUTE}, - {"diameter_is_user_in", (cmd_function)diameter_is_user_in, 2, group_fixup, - 0, REQUEST_ROUTE}, - {0, 0, 0, 0, 0, 0} -}; + {"diameter_www_authorize", (cmd_function)diameter_www_authorize, 1, + auth_fixup, 0, REQUEST_ROUTE}, + {"diameter_proxy_authorize", (cmd_function)diameter_proxy_authorize, 1, + auth_fixup, 0, REQUEST_ROUTE}, + {"diameter_is_user_in", (cmd_function)diameter_is_user_in, 2, + group_fixup, 0, REQUEST_ROUTE}, + {0, 0, 0, 0, 0, 0}}; /* * Exported parameters */ static param_export_t params[] = { - {"diameter_client_host", PARAM_STRING, &diameter_client_host}, - {"diameter_client_port", INT_PARAM, &diameter_client_port}, - {"use_domain", INT_PARAM, &use_domain}, - {0, 0, 0} -}; + {"diameter_client_host", PARAM_STRING, &diameter_client_host}, + {"diameter_client_port", INT_PARAM, &diameter_client_port}, + {"use_domain", INT_PARAM, &use_domain}, {0, 0, 0}}; /* * Module interface */ struct module_exports exports = { - "auth_diameter", - DEFAULT_DLFLAGS, /* dlopen flags */ - cmds, /* Exported functions */ - params, /* Exported parameters */ - 0, /* exported RPC methods */ - 0, /* exported pseudo-variables */ - 0, /* response function */ - mod_init, /* module initialization function */ - mod_child_init, /* child initialization function */ - 0 /* destroy function */ + "auth_diameter", DEFAULT_DLFLAGS, /* dlopen flags */ + cmds, /* Exported functions */ + params, /* Exported parameters */ + 0, /* exported RPC methods */ + 0, /* exported pseudo-variables */ + 0, /* response function */ + mod_init, /* module initialization function */ + mod_child_init, /* child initialization function */ + 0 /* destroy function */ }; @@ -115,31 +111,29 @@ static int mod_init(void) LM_DBG("auth_diameter - Initializing\n"); /* bind the SL API */ - if (sl_load_api(&slb)!=0) { + if(sl_load_api(&slb) != 0) { LM_ERR("cannot bind to SL API\n"); return -1; } - + return 0; } static int mod_child_init(int r) -{ +{ /* open TCP connection */ LM_DBG("initializing TCP connection\n"); sockfd = init_mytcp(diameter_client_host, diameter_client_port); - if(sockfd==-1) - { + if(sockfd == -1) { LM_DBG("the TCP connection was not established\n"); return -1; } LM_DBG("the TCP connection was established on socket=%d\n", sockfd); - - rb = (rd_buf_t*)pkg_malloc(sizeof(rd_buf_t)); - if(!rb) - { + + rb = (rd_buf_t *)pkg_malloc(sizeof(rd_buf_t)); + if(!rb) { PKG_MEM_ERROR; return -1; } @@ -160,23 +154,23 @@ static void destroy(void) /* * Convert char* parameter to pv_elem_t* parameter */ -static int auth_fixup(void** param, int param_no) +static int auth_fixup(void **param, int param_no) { pv_elem_t *model; str s; - if (param_no == 1) { - s.s = (char*)*param; - if (s.s==0 || s.s[0]==0) { + if(param_no == 1) { + s.s = (char *)*param; + if(s.s == 0 || s.s[0] == 0) { model = 0; } else { s.len = strlen(s.s); - if (pv_parse_format(&s,&model)<0) { + if(pv_parse_format(&s, &model) < 0) { LM_ERR("pv_parse_format failed\n"); return E_OUT_OF_MEM; } } - *param = (void*)model; + *param = (void *)model; } return 0; @@ -186,71 +180,62 @@ static int auth_fixup(void** param, int param_no) /* * Authorize using Proxy-Authorization header field */ -int diameter_proxy_authorize(struct sip_msg* _msg, char* _realm, char* _s2) +int diameter_proxy_authorize(struct sip_msg *_msg, char *_realm, char *_s2) { /* realm parameter is converted in fixup */ - return authorize(_msg, (pv_elem_t*)_realm, HDR_PROXYAUTH_T); + return authorize(_msg, (pv_elem_t *)_realm, HDR_PROXYAUTH_T); } /* * Authorize using WWW-Authorization header field */ -int diameter_www_authorize(struct sip_msg* _msg, char* _realm, char* _s2) +int diameter_www_authorize(struct sip_msg *_msg, char *_realm, char *_s2) { - return authorize(_msg, (pv_elem_t*)_realm, HDR_AUTHORIZATION_T); + return authorize(_msg, (pv_elem_t *)_realm, HDR_AUTHORIZATION_T); } -static int group_fixup(void** param, int param_no) +static int group_fixup(void **param, int param_no) { - str* s; + str *s; - if (param_no == 1) - { - if (!strcasecmp((char*)*param, "Request-URI")) - { - *param = (void*)1; + if(param_no == 1) { + if(!strcasecmp((char *)*param, "Request-URI")) { + *param = (void *)1; goto end; - } + } - if(!strcasecmp((char*)*param, "To")) - { - *param = (void*)2; + if(!strcasecmp((char *)*param, "To")) { + *param = (void *)2; goto end; - } + } - if (!strcasecmp((char*)*param, "From")) - { - *param = (void*)3; + if(!strcasecmp((char *)*param, "From")) { + *param = (void *)3; goto end; - } + } - if (!strcasecmp((char*)*param, "Credentials")) - { - *param = (void*)4; + if(!strcasecmp((char *)*param, "Credentials")) { + *param = (void *)4; goto end; } - + LM_ERR("unsupported Header Field identifier\n"); return E_UNSPEC; - } - - if (param_no == 2) - { - s = (str*)pkg_malloc(sizeof(str)); - if (!s) - { + } + + if(param_no == 2) { + s = (str *)pkg_malloc(sizeof(str)); + if(!s) { PKG_MEM_ERROR; return E_UNSPEC; } - s->s = (char*)*param; + s->s = (char *)*param; s->len = strlen(s->s); - *param = (void*)s; + *param = (void *)s; } end: return 0; } - - diff --git a/src/modules/auth_diameter/auth_diameter.h b/src/modules/auth_diameter/auth_diameter.h index 51c5ec0528d..fc41c287155 100644 --- a/src/modules/auth_diameter/auth_diameter.h +++ b/src/modules/auth_diameter/auth_diameter.h @@ -41,4 +41,3 @@ extern rd_buf_t *rb; #endif /* AUTHDIAM_MOD_H */ - diff --git a/src/modules/auth_diameter/authorize.c b/src/modules/auth_diameter/authorize.c index 9dd78319114..a3cc682b0c2 100644 --- a/src/modules/auth_diameter/authorize.c +++ b/src/modules/auth_diameter/authorize.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include /* memory management */ #include "../../core/mem/mem.h" @@ -62,25 +62,20 @@ static str dia_500_err = str_init(MESSAGE_500); /* Extract URI depending on the request from To or From header */ -int get_uri(struct sip_msg* m, str** uri) +int get_uri(struct sip_msg *m, str **uri) { - if ((REQ_LINE(m).method.len == 8) && - (memcmp(REQ_LINE(m).method.s, "REGISTER", 8) == 0)) - { + if((REQ_LINE(m).method.len == 8) + && (memcmp(REQ_LINE(m).method.s, "REGISTER", 8) == 0)) { /* REGISTER */ - if (!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1)|| (!m->to))) - { + if(!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1) || (!m->to))) { LM_ERR("the To header field was not found or malformed\n"); - + /* it was a REGISTER and an error appeared when parsing TO header*/ return -1; } *uri = &(get_to(m)->uri); - } - else - { - if (parse_from_header(m)<0) - { + } else { + if(parse_from_header(m) < 0) { LM_ERR("failed to parse FROM header\n"); /* an error appeared when parsing FROM header */ @@ -89,36 +84,31 @@ int get_uri(struct sip_msg* m, str** uri) *uri = &(get_from(m)->uri); } - /* success */ + /* success */ return 0; } /* Return parsed To or From host part of the parsed uri (that is realm) */ -int get_realm(struct sip_msg* m, int hftype, struct sip_uri* u) +int get_realm(struct sip_msg *m, int hftype, struct sip_uri *u) { str uri; /* extracting the uri */ - if ((REQ_LINE(m).method.len==8) - && !memcmp(REQ_LINE(m).method.s, "REGISTER", 8) - && (hftype == HDR_AUTHORIZATION_T) ) - { + if((REQ_LINE(m).method.len == 8) + && !memcmp(REQ_LINE(m).method.s, "REGISTER", 8) + && (hftype == HDR_AUTHORIZATION_T)) { /* REGISTER */ - if (!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1) || (!m->to))) - { + if(!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1) || (!m->to))) { LM_ERR("failed to parse TO header\n"); /* signal the error */ return -1; } - - /* Body of To header field is parsed automatically */ - uri = get_to(m)->uri; - } - else - { - if (parse_from_header(m)<0) - { + + /* Body of To header field is parsed automatically */ + uri = get_to(m)->uri; + } else { + if(parse_from_header(m) < 0) { LM_ERR("failed to parse FROM header\n"); /* signal the error */ return -1; @@ -126,37 +116,33 @@ int get_realm(struct sip_msg* m, int hftype, struct sip_uri* u) uri = get_from(m)->uri; } - + /* parsing the uri */ - if (parse_uri(uri.s, uri.len, u) < 0) - { + if(parse_uri(uri.s, uri.len, u) < 0) { LM_ERR("failed to parse URI\n"); return -1; } - + /* everything was OK */ return 0; } -auth_diam_result_t diam_pre_auth(struct sip_msg* _m, str* _realm, int _hftype, - struct hdr_field** _h) +auth_diam_result_t diam_pre_auth( + struct sip_msg *_m, str *_realm, int _hftype, struct hdr_field **_h) { int ret; struct sip_uri uri; str realm; - if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) + if((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) return AUTHORIZED; /* if no realm supplied, find out now */ - if (_realm==0 || _realm->len == 0) - { - if (get_realm(_m, _hftype, &uri) < 0) - { + if(_realm == 0 || _realm->len == 0) { + if(get_realm(_m, _hftype, &uri) < 0) { LM_ERR("failed to extract realm\n"); - if (send_resp(_m, 400, &dia_400_err, 0, 0) == -1) - { + if(send_resp(_m, 400, &dia_400_err, 0, 0) == -1) { LM_ERR("failed to send 400 reply\n"); } return ERROR; @@ -167,40 +153,36 @@ auth_diam_result_t diam_pre_auth(struct sip_msg* _m, str* _realm, int _hftype, } ret = find_credentials(_m, &realm, _hftype, _h); - if (ret < 0) - { + if(ret < 0) { LM_ERR("credentials not found\n"); - if (send_resp(_m, (ret == -2) ? 500 : 400, - (ret == -2) ? &dia_500_err : &dia_400_err, 0, 0) == -1) - { + if(send_resp(_m, (ret == -2) ? 500 : 400, + (ret == -2) ? &dia_500_err : &dia_400_err, 0, 0) + == -1) { LM_ERR("failed to send 400 reply\n"); } return ERROR; - } - else - if (ret > 0) - { - LM_ERR("credentials with given realm not found\n"); - return NO_CREDENTIALS; - } - + } else if(ret > 0) { + LM_ERR("credentials with given realm not found\n"); + return NO_CREDENTIALS; + } + return DO_AUTHORIZATION; } /* Authorize digest credentials */ -int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype) +int authorize(struct sip_msg *msg, pv_elem_t *realm, int hftype) { auth_diam_result_t ret; - struct hdr_field* h; - auth_body_t* cred = NULL; - str* uri; + struct hdr_field *h; + auth_body_t *cred = NULL; + str *uri; struct sip_uri puri; - str domain; + str domain; - if (realm) { - if (pv_printf_s(msg, realm, &domain)!=0) { + if(realm) { + if(pv_printf_s(msg, realm, &domain) != 0) { LM_ERR("pv_printf_s failed\n"); return AUTH_ERROR; } @@ -212,61 +194,57 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype) /* see what is to do after a first look at the message */ ret = diam_pre_auth(msg, &domain, hftype, &h); - switch(ret) - { - case NO_CREDENTIALS: cred = NULL; - break; + switch(ret) { + case NO_CREDENTIALS: + cred = NULL; + break; - case DO_AUTHORIZATION: cred = (auth_body_t*)h->parsed; - break; - default: return ret; + case DO_AUTHORIZATION: + cred = (auth_body_t *)h->parsed; + break; + default: + return ret; } - if (get_uri(msg, &uri) < 0) - { + if(get_uri(msg, &uri) < 0) { LM_ERR("From/To URI not found\n"); return AUTH_ERROR; } - - if (parse_uri(uri->s, uri->len, &puri) < 0) - { + + if(parse_uri(uri->s, uri->len, &puri) < 0) { LM_ERR("failed to parse From/To URI\n"); return AUTH_ERROR; } -// user.s = (char *)pkg_malloc(puri.user.len); -// un_escape(&(puri.user), &user); - + // user.s = (char *)pkg_malloc(puri.user.len); + // un_escape(&(puri.user), &user); + /* parse the ruri, if not yet */ - if(msg->parsed_uri_ok==0 && parse_sip_msg_uri(msg)<0) - { + if(msg->parsed_uri_ok == 0 && parse_sip_msg_uri(msg) < 0) { LM_ERR("failed to parse the Request-URI\n"); return AUTH_ERROR; } - + /* preliminary check */ - if(cred) - { - if (puri.host.len != cred->digest.realm.len) - { - LM_DBG("credentials realm and URI host do not match\n"); + if(cred) { + if(puri.host.len != cred->digest.realm.len) { + LM_DBG("credentials realm and URI host do not match\n"); return AUTH_ERROR; } - - if (strncasecmp(puri.host.s, cred->digest.realm.s, puri.host.len) != 0) - { + + if(strncasecmp(puri.host.s, cred->digest.realm.s, puri.host.len) != 0) { LM_DBG("credentials realm and URI host do not match\n"); return AUTH_ERROR; } } - - if( diameter_authorize(cred?h:NULL, &msg->first_line.u.request.method, - &puri, &msg->parsed_uri, msg->id, rb) != 1) - { + + if(diameter_authorize(cred ? h : NULL, &msg->first_line.u.request.method, + &puri, &msg->parsed_uri, msg->id, rb) + != 1) { send_resp(msg, 500, &dia_500_err, NULL, 0); return AUTH_ERROR; } - - if( srv_response(msg, rb, hftype) != 1 ) + + if(srv_response(msg, rb, hftype) != 1) return AUTH_ERROR; mark_authorized_cred(msg, h); @@ -275,7 +253,6 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype) } - /* * This function creates and submits diameter authentication request as per * draft-srinivas-aaa-basic-digest-00.txt. @@ -285,123 +262,107 @@ int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype) * -1 - error * */ -int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri, - sip_uri_t *ruri, unsigned int m_id, rd_buf_t* rb) +int diameter_authorize(struct hdr_field *hdr, str *p_method, sip_uri_t *uri, + sip_uri_t *ruri, unsigned int m_id, rd_buf_t *rb) { str user_name; AAAMessage *req; - AAA_AVP *avp, *position; + AAA_AVP *avp, *position; int name_flag, port_flag; - dig_cred_t* cred; + dig_cred_t *cred; unsigned int tmp; - if ( !p_method ) - { + if(!p_method) { LM_ERR("invalid parameter value\n"); return -1; } - if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL) + if((req = AAAInMessage(AA_REQUEST, AAA_APP_NASREQ)) == NULL) return -1; if(hdr && hdr->parsed) - cred = &(((auth_body_t*)hdr->parsed)->digest); + cred = &(((auth_body_t *)hdr->parsed)->digest); else cred = NULL; - - if(!cred) - { + + if(!cred) { /* Username AVP */ user_name.s = 0; user_name.len = uri->user.len + uri->host.len; - if(user_name.len>0) - { + if(user_name.len > 0) { user_name.len += 2; - user_name.s = (char*)ad_malloc(user_name.len*sizeof(char)); - if(!(user_name.s)) - { + user_name.s = (char *)ad_malloc(user_name.len * sizeof(char)); + if(!(user_name.s)) { PKG_MEM_ERROR; return -1; } memset(user_name.s, 0, user_name.len); memcpy(user_name.s, uri->user.s, uri->user.len); - if(uri->user.len>0) - { - memcpy(user_name.s+uri->user.len, "@", 1); - memcpy(user_name.s+uri->user.len+1, uri->host.s, uri->host.len); - } - else + if(uri->user.len > 0) { + memcpy(user_name.s + uri->user.len, "@", 1); + memcpy(user_name.s + uri->user.len + 1, uri->host.s, + uri->host.len); + } else memcpy(user_name.s, uri->host.s, uri->host.len); } - if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, - user_name.len, AVP_FREE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, user_name.len, + AVP_FREE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); - if(user_name.len>0) + if(user_name.len > 0) pkg_free(user_name.s); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } - } - else /* it is a SIP message with credentials */ + } else /* it is a SIP message with credentials */ { /* Add Username AVP */ - if (cred->username.domain.len>0) - { - if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, cred->username.whole.s, - cred->username.whole.len, AVP_DUPLICATE_DATA)) == 0) - { + if(cred->username.domain.len > 0) { + if((avp = AAACreateAVP(AVP_User_Name, 0, 0, cred->username.whole.s, + cred->username.whole.len, AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } - } - else - { + } else { user_name.s = 0; user_name.len = cred->username.user.len + cred->realm.len; - if(user_name.len>0) - { + if(user_name.len > 0) { user_name.s = ad_malloc(user_name.len); - if (!user_name.s) - { + if(!user_name.s) { PKG_MEM_ERROR; goto error; } - memcpy(user_name.s, cred->username.whole.s, - cred->username.whole.len); - if(cred->username.whole.len>0) - { + memcpy(user_name.s, cred->username.whole.s, + cred->username.whole.len); + if(cred->username.whole.len > 0) { user_name.s[cred->username.whole.len] = '@'; - memcpy(user_name.s + cred->username.whole.len + 1, + memcpy(user_name.s + cred->username.whole.len + 1, cred->realm.s, cred->realm.len); - } - else - memcpy(user_name.s, cred->realm.s, cred->realm.len); + } else + memcpy(user_name.s, cred->realm.s, cred->realm.len); } - if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, - user_name.len, AVP_FREE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, + user_name.len, AVP_FREE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); - if(user_name.len>0) + if(user_name.len > 0) pkg_free(user_name.s); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR(" avp not added \n"); goto error1; } @@ -411,91 +372,86 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri, /* SIP_MSGID AVP */ LM_DBG("******* m_id=%d\n", m_id); tmp = m_id; - if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp), - sizeof(m_id), AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char *)(&tmp), sizeof(m_id), + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR(" avp not added \n"); goto error1; } /* SIP Service AVP */ - if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION, - SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Service_Type, 0, 0, SIP_AUTHENTICATION, + SERVICE_LEN, AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR(" avp not added \n"); goto error1; } - + /* Destination-Realm AVP */ - if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, uri->host.s, - uri->host.len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Destination_Realm, 0, 0, uri->host.s, + uri->host.len, AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } -#ifdef DEBUG - LM_DBG("Destination Realm: %.*s\n", uri->host.len, uri->host.s); +#ifdef DEBUG + LM_DBG("Destination Realm: %.*s\n", uri->host.len, uri->host.s); #endif - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR(" avp not added \n"); goto error1; } - + /* Resource AVP */ user_name.len = ruri->user.len + ruri->host.len + ruri->port.len + 2; - user_name.s = (char*)ad_malloc(user_name.len*sizeof(char)); - if(!(user_name.s)) - { + user_name.s = (char *)ad_malloc(user_name.len * sizeof(char)); + if(!(user_name.s)) { PKG_MEM_ERROR; return -1; } memset(user_name.s, 0, user_name.len); memcpy(user_name.s, ruri->user.s, ruri->user.len); - name_flag= 0; - if(ruri->user.s) - { + name_flag = 0; + if(ruri->user.s) { name_flag = 1; - memcpy(user_name.s+ruri->user.len, "@", 1); - } + memcpy(user_name.s + ruri->user.len, "@", 1); + } - memcpy(user_name.s+ruri->user.len+name_flag, ruri->host.s, ruri->host.len); + memcpy(user_name.s + ruri->user.len + name_flag, ruri->host.s, + ruri->host.len); - port_flag=0; - if(ruri->port.s) - { - port_flag = 1; - memcpy(user_name.s+ruri->user.len+ruri->host.len+1, ":", 1); - memcpy(user_name.s+ruri->user.len+ruri->host.len+name_flag+port_flag, - ruri->port.s, ruri->port.len); + port_flag = 0; + if(ruri->port.s) { + port_flag = 1; + memcpy(user_name.s + ruri->user.len + ruri->host.len + 1, ":", 1); + memcpy(user_name.s + ruri->user.len + ruri->host.len + name_flag + + port_flag, + ruri->port.s, ruri->port.len); } #ifdef DEBUG LM_DBG(": AVP_Resource=%.*s\n", user_name.len, user_name.s); #endif - if( (avp=AAACreateAVP(AVP_Resource, 0, 0, user_name.s, - user_name.len, AVP_FREE_DATA)) == 0) - { + if((avp = AAACreateAVP( + AVP_Resource, 0, 0, user_name.s, user_name.len, AVP_FREE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); if(user_name.s) pkg_free(user_name.s); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR(" avp not added \n"); goto error1; } @@ -503,70 +459,65 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri, if(cred) /* it is a SIP message with credentials */ { /* Response AVP */ - if( (avp=AAACreateAVP(AVP_Response, 0, 0, hdr->body.s, - hdr->body.len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Response, 0, 0, hdr->body.s, hdr->body.len, + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } - + position = AAAGetLastAVP(&(req->avpList)); - if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS) - + if(AAAAddAVPToMessage(req, avp, position) != AAA_ERR_SUCCESS) + { LM_ERR(" avp not added \n"); goto error1; } /* Method AVP */ - if( (avp=AAACreateAVP(AVP_Method, 0, 0, p_method->s, - p_method->len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Method, 0, 0, p_method->s, p_method->len, + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("could not create AVP\n"); goto error; } - + position = AAAGetLastAVP(&(req->avpList)); - if( AAAAddAVPToMessage(req, avp, position)!= AAA_ERR_SUCCESS) - + if(AAAAddAVPToMessage(req, avp, position) != AAA_ERR_SUCCESS) + { LM_ERR(" avp not added \n"); goto error1; } - - - } + } #ifdef DEBUG AAAPrintMessage(req); #endif /* build an AAA message buffer */ - if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS) - { + if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS) { LM_ERR(" message buffer not created\n"); goto error; } - - if(sockfd==AAA_NO_CONNECTION) - { + + if(sockfd == AAA_NO_CONNECTION) { sockfd = init_mytcp(diameter_client_host, diameter_client_port); - if(sockfd==AAA_NO_CONNECTION) - { + if(sockfd == AAA_NO_CONNECTION) { LM_ERR(" failed to reconnect to Diameter client\n"); goto error; } } /* send the message to the DIAMETER CLIENT */ - switch( tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, m_id) ) - { + switch(tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, m_id)) { case AAA_ERROR: /* a transmission error occurred */ - LM_ERR(" message sending to the" - " DIAMETER backend authorization server failed\n"); + LM_ERR(" message sending to the" + " DIAMETER backend authorization server failed\n"); goto error; - + case AAA_CONN_CLOSED: - LM_NOTICE("connection to Diameter" + LM_NOTICE( + "connection to Diameter" " client closed.It will be reopened by the next request\n"); close(sockfd); sockfd = AAA_NO_CONNECTION; @@ -590,16 +541,15 @@ int diameter_authorize(struct hdr_field* hdr, str* p_method, sip_uri_t *uri, } /* give the appropriate response to the SER client */ -int srv_response(struct sip_msg* msg, rd_buf_t * rb, int hftype) +int srv_response(struct sip_msg *msg, rd_buf_t *rb, int hftype) { - int auth_hf_len=0, ret=0; - char* auth_hf; + int auth_hf_len = 0, ret = 0; + char *auth_hf; - switch(rb->ret_code) - { + switch(rb->ret_code) { case AAA_AUTHORIZED: return 1; - + case AAA_NOT_AUTHORIZED: send_resp(msg, 403, &dia_403_err, NULL, 0); return -1; @@ -607,53 +557,50 @@ int srv_response(struct sip_msg* msg, rd_buf_t * rb, int hftype) case AAA_SRVERR: send_resp(msg, 500, &dia_500_err, NULL, 0); return -1; - + case AAA_CHALLENGE: - if(hftype==HDR_AUTHORIZATION_T) /* SIP server */ + if(hftype == HDR_AUTHORIZATION_T) /* SIP server */ { - auth_hf_len = WWW_AUTH_CHALLENGE_LEN+rb->chall_len; - auth_hf = (char*)ad_malloc(auth_hf_len*(sizeof(char))); - if(!(auth_hf)) - { + auth_hf_len = WWW_AUTH_CHALLENGE_LEN + rb->chall_len; + auth_hf = (char *)ad_malloc(auth_hf_len * (sizeof(char))); + if(!(auth_hf)) { PKG_MEM_ERROR; return -1; } memset(auth_hf, 0, auth_hf_len); - memcpy(auth_hf,WWW_AUTH_CHALLENGE, WWW_AUTH_CHALLENGE_LEN); - memcpy(auth_hf+WWW_AUTH_CHALLENGE_LEN, rb->chall, - rb->chall_len); - + memcpy(auth_hf, WWW_AUTH_CHALLENGE, WWW_AUTH_CHALLENGE_LEN); + memcpy(auth_hf + WWW_AUTH_CHALLENGE_LEN, rb->chall, + rb->chall_len); + ret = send_resp(msg, 401, &dia_401_err, auth_hf, auth_hf_len); - } - else /* Proxy Server */ + } else /* Proxy Server */ { - auth_hf_len = PROXY_AUTH_CHALLENGE_LEN+rb->chall_len; - auth_hf = (char*)ad_malloc(auth_hf_len*(sizeof(char))); - if(!(auth_hf)) - { + auth_hf_len = PROXY_AUTH_CHALLENGE_LEN + rb->chall_len; + auth_hf = (char *)ad_malloc(auth_hf_len * (sizeof(char))); + if(!(auth_hf)) { PKG_MEM_ERROR; return -1; } memset(auth_hf, 0, auth_hf_len); memcpy(auth_hf, PROXY_AUTH_CHALLENGE, PROXY_AUTH_CHALLENGE_LEN); - memcpy(auth_hf + PROXY_AUTH_CHALLENGE_LEN, rb->chall, + memcpy(auth_hf + PROXY_AUTH_CHALLENGE_LEN, rb->chall, rb->chall_len); ret = send_resp(msg, 407, &dia_407_err, auth_hf, auth_hf_len); } - if (auth_hf) pkg_free(auth_hf); - - if (ret == -1) - { + if(auth_hf) + pkg_free(auth_hf); + + if(ret == -1) { LM_ERR("failed to send challenge to the client of SER\n"); return -1; } return -1; } - - // never reach this - return -1; + + // never reach this + return -1; } @@ -661,12 +608,11 @@ int srv_response(struct sip_msg* msg, rd_buf_t * rb, int hftype) * Create a response with given code and reason phrase * Optionally add new headers specified in _hdr */ -int send_resp(struct sip_msg* m, int code, str* reason, - char* hdr, int hdr_len) +int send_resp(struct sip_msg *m, int code, str *reason, char *hdr, int hdr_len) { /* Add new headers if there are any */ - if ((hdr) && (hdr_len)) { - if (add_lump_rpl( m, hdr, hdr_len, LUMP_RPL_HDR)==0) { + if((hdr) && (hdr_len)) { + if(add_lump_rpl(m, hdr, hdr_len, LUMP_RPL_HDR) == 0) { LM_ERR("unable to append hdr\n"); return -1; } @@ -674,20 +620,3 @@ int send_resp(struct sip_msg* m, int code, str* reason, return slb.freply(m, code, reason); } - - - - - - - - - - - - - - - - - diff --git a/src/modules/auth_diameter/authorize.h b/src/modules/auth_diameter/authorize.h index e9e0493efc0..9ccd88619fa 100644 --- a/src/modules/auth_diameter/authorize.h +++ b/src/modules/auth_diameter/authorize.h @@ -31,40 +31,38 @@ #include "../../core/str.h" #include "defs.h" -typedef enum auth_diam_result { - NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */ - AUTH_ERROR, /*!< Error occurred, a reply has not been sent out */ - NO_CREDENTIALS, /*!< Credentials missing */ - STALE_NONCE, /*!< Stale nonce */ - INVALID_PASSWORD, /*!< Invalid password */ - USER_UNKNOWN, /*!< User non existent */ - ERROR, /*!< Error occurred, a reply has been sent out, +typedef enum auth_diam_result +{ + NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */ + AUTH_ERROR, /*!< Error occurred, a reply has not been sent out */ + NO_CREDENTIALS, /*!< Credentials missing */ + STALE_NONCE, /*!< Stale nonce */ + INVALID_PASSWORD, /*!< Invalid password */ + USER_UNKNOWN, /*!< User non existent */ + ERROR, /*!< Error occurred, a reply has been sent out, return 0 to the kamailio core */ - AUTHORIZED, /*!< Authorized. If returned by pre_auth, + AUTHORIZED, /*!< Authorized. If returned by pre_auth, no digest authorization necessary */ - DO_AUTHORIZATION, /*!< Can only be returned by pre_auth. */ - /*!< Means to continue doing authorization */ + DO_AUTHORIZATION, /*!< Can only be returned by pre_auth. */ + /*!< Means to continue doing authorization */ } auth_diam_result_t; +int get_uri(struct sip_msg *m, str **uri); -int get_uri(struct sip_msg* m, str** uri); +int get_realm(struct sip_msg *m, int hftype, struct sip_uri *u); -int get_realm(struct sip_msg* m, int hftype, struct sip_uri* u); +auth_diam_result_t diam_pre_auth( + struct sip_msg *m, str *realm, int hftype, struct hdr_field **h); -auth_diam_result_t diam_pre_auth(struct sip_msg* m, str* realm, int hftype, - struct hdr_field** h); +int authorize(struct sip_msg *msg, pv_elem_t *realm, int hftype); -int authorize(struct sip_msg* msg, pv_elem_t* realm, int hftype); +int diameter_authorize(struct hdr_field *cred, str *p_method, sip_uri_t *uri, + sip_uri_t *ruri, unsigned int m_id, rd_buf_t *response); -int diameter_authorize(struct hdr_field* cred, str* p_method, - sip_uri_t *uri, sip_uri_t *ruri, - unsigned int m_id, rd_buf_t *response); +int srv_response(struct sip_msg *msg, rd_buf_t *rb, int hftype); -int srv_response(struct sip_msg* msg, rd_buf_t* rb, int hftype); - -int send_resp(struct sip_msg* _m, int _code, str* _reason, - char* _hdr, int _hdr_len); +int send_resp( + struct sip_msg *_m, int _code, str *_reason, char *_hdr, int _hdr_len); #endif /* DIAMETER_AUTHORIZE_H */ - diff --git a/src/modules/auth_diameter/avp.c b/src/modules/auth_diameter/avp.c index b57c15b9cec..5b4db85f288 100644 --- a/src/modules/auth_diameter/avp.c +++ b/src/modules/auth_diameter/avp.c @@ -31,32 +31,31 @@ #include "diameter_msg.h" - /* * each AVP type has some default set/reset flags and a proper data type. * All this default values (for flags and data-type) are correct/set by this * function. */ -void set_avp_fields( AAA_AVPCode code, AAA_AVP *avp) +void set_avp_fields(AAA_AVPCode code, AAA_AVP *avp) { - switch (code) { - case 1: /*AVP_User_Name*/ - case 25: /*AVP_Class*/ + switch(code) { + case 1: /*AVP_User_Name*/ + case 25: /*AVP_Class*/ case 263: /*AVP_Session_Id*/ case 283: /*AVP_Destination_Realm*/ case 293: /*AVP Destination Host*/ case 264: /*AVP_Origin_Host*/ case 296: /*AVP Origin_Realm*/ - case 400: /* AVP_Resource */ - case 401: /* AVP_Response */ - case 402: /* AVP_Challenge */ + case 400: /* AVP_Resource */ + case 401: /* AVP_Response */ + case 402: /* AVP_Challenge */ case 403: /* AVP_Method */ case 404: /* Service_Type AVP */ case 405: /* User_Group AVP*/ - avp->flags = 0x40|(0x20&avp->flags); + avp->flags = 0x40 | (0x20 & avp->flags); avp->type = AAA_AVP_STRING_TYPE; break; - case 27: /*AVP_Session_Timeout*/ + case 27: /*AVP_Session_Timeout*/ case 258: /*AVP_Auth_Application_Id*/ case 262: /*AVP_Redirect_Max_Cache_Time*/ case 265: /*AVP_Supported_Vendor_Id*/ @@ -66,7 +65,7 @@ void set_avp_fields( AAA_AVPCode code, AAA_AVP *avp) case 276: /*AVP_Auth_Grace_Period*/ case 278: /*AVP_Origin_State_Id*/ case 291: /*AVP_Authorization_Lifetime*/ - avp->flags = 0x40|(0x20&avp->flags); + avp->flags = 0x40 | (0x20 & avp->flags); avp->type = AAA_AVP_INTEGER32_TYPE; break; case 33: /*AVP_Proxy_State*/ @@ -74,7 +73,7 @@ void set_avp_fields( AAA_AVPCode code, AAA_AVP *avp) avp->type = AAA_AVP_STRING_TYPE; break; case 257: /*AVP_Host_IP_Address*/ - avp->flags = 0x40|(0x20&avp->flags); + avp->flags = 0x40 | (0x20 & avp->flags); avp->type = AAA_AVP_ADDRESS_TYPE; break; case 269: /*AVP_Product_Name*/ @@ -82,7 +81,7 @@ void set_avp_fields( AAA_AVPCode code, AAA_AVP *avp) avp->type = AAA_AVP_STRING_TYPE; break; case 281: /*AVP_Error_Message*/ - avp->flags = (0x20&avp->flags); + avp->flags = (0x20 & avp->flags); avp->type = AAA_AVP_STRING_TYPE; break; default: @@ -91,97 +90,91 @@ void set_avp_fields( AAA_AVPCode code, AAA_AVP *avp) } - /* This function creates an AVP and returns a pointer to it; */ -AAA_AVP* AAACreateAVP( - AAA_AVPCode code, - AAA_AVPFlag flags, - AAAVendorId vendorId, - char *data, - unsigned int length, - AVPDataStatus data_status) +AAA_AVP *AAACreateAVP(AAA_AVPCode code, AAA_AVPFlag flags, AAAVendorId vendorId, + char *data, unsigned int length, AVPDataStatus data_status) { AAA_AVP *avp = NULL; /* first check the params */ - if( data==0 || length==0) { + if(data == 0 || length == 0) { LM_ERR("NULL value received for param data/length !!\n"); return 0; } /* allocated a new AVP struct */ avp = 0; - avp = (AAA_AVP*)ad_malloc(sizeof(AAA_AVP)); - if (!avp) + avp = (AAA_AVP *)ad_malloc(sizeof(AAA_AVP)); + if(!avp) goto error; - memset( avp, 0, sizeof(AAA_AVP) ); + memset(avp, 0, sizeof(AAA_AVP)); /* set some fields */ //avp->free_it = free_it; avp->packetType = AAA_DIAMETER; - avp->code=code; - avp->flags=flags; - avp->vendorId=vendorId; - set_avp_fields( code, avp); + avp->code = code; + avp->flags = flags; + avp->vendorId = vendorId; + set_avp_fields(code, avp); - if ( data_status==AVP_DUPLICATE_DATA ) { + if(data_status == AVP_DUPLICATE_DATA) { /* make a duplicate for data */ avp->data.len = length; - avp->data.s = (void*)ad_malloc(length); + avp->data.s = (void *)ad_malloc(length); if(!avp->data.s) goto error; - memcpy( avp->data.s, data, length); + memcpy(avp->data.s, data, length); avp->free_it = 1; } else { avp->data.s = data; avp->data.len = length; - avp->free_it = (data_status==AVP_FREE_DATA)?1:0; + avp->free_it = (data_status == AVP_FREE_DATA) ? 1 : 0; } return avp; error: PKG_MEM_ERROR; - if(avp) ad_free(avp); + if(avp) + ad_free(avp); return 0; } - /* Insert the AVP avp into this avpList of a message after position */ -AAAReturnCode AAAAddAVPToMessage( - AAAMessage *msg, - AAA_AVP *avp, - AAA_AVP *position) +AAAReturnCode AAAAddAVPToMessage( + AAAMessage *msg, AAA_AVP *avp, AAA_AVP *position) { AAA_AVP *avp_t; - if ( !msg || !avp ) { + if(!msg || !avp) { LM_ERR("param msg or avp passed null" - " or *avpList=NULL and position!=NULL !!\n"); + " or *avpList=NULL and position!=NULL !!\n"); return AAA_ERR_PARAMETER; } - if (!position) { + if(!position) { /* insert at the beginning */ avp->next = msg->avpList.head; avp->prev = 0; msg->avpList.head = avp; - if (avp->next) + if(avp->next) avp->next->prev = avp; else msg->avpList.tail = avp; } else { /* look after avp from position */ - for(avp_t=msg->avpList.head;avp_t&&avp_t!=position;avp_t=avp_t->next); - if (!avp_t) { + for(avp_t = msg->avpList.head; avp_t && avp_t != position; + avp_t = avp_t->next) + ; + if(!avp_t) { LM_ERR("the \"position\" avp is not in \"msg\" message!!\n"); return AAA_ERR_PARAMETER; } /* insert after position */ avp->next = position->next; position->next = avp; - if (avp->next) + if(avp->next) avp->next->prev = avp; else msg->avpList.tail = avp; @@ -189,53 +182,66 @@ AAAReturnCode AAAAddAVPToMessage( } /* update the short-cuts */ - switch (avp->code) { - case AVP_Session_Id: msg->sessionId = avp;break; - case AVP_Origin_Host: msg->orig_host = avp;break; - case AVP_Origin_Realm: msg->orig_realm = avp;break; - case AVP_Destination_Host: msg->dest_host = avp;break; - case AVP_Destination_Realm: msg->dest_realm = avp;break; - case AVP_Result_Code: msg->res_code = avp;break; - case AVP_Auth_Session_State: msg->auth_ses_state = avp;break; + switch(avp->code) { + case AVP_Session_Id: + msg->sessionId = avp; + break; + case AVP_Origin_Host: + msg->orig_host = avp; + break; + case AVP_Origin_Realm: + msg->orig_realm = avp; + break; + case AVP_Destination_Host: + msg->dest_host = avp; + break; + case AVP_Destination_Realm: + msg->dest_realm = avp; + break; + case AVP_Result_Code: + msg->res_code = avp; + break; + case AVP_Auth_Session_State: + msg->auth_ses_state = avp; + break; } return AAA_ERR_SUCCESS; } /* This function finds an AVP with matching code and vendor id */ -AAA_AVP *AAAFindMatchingAVP( - AAAMessage *msg, - AAA_AVP *startAvp, - AAA_AVPCode avpCode, - AAAVendorId vendorId, - AAASearchType searchType) +AAA_AVP *AAAFindMatchingAVP(AAAMessage *msg, AAA_AVP *startAvp, + AAA_AVPCode avpCode, AAAVendorId vendorId, AAASearchType searchType) { AAA_AVP *avp_t; /* param checking */ - if (!msg) { + if(!msg) { LM_ERR("param msg passed null !!\n"); goto error; } /* search the startAVP avp */ - for(avp_t=msg->avpList.head;avp_t&&avp_t!=startAvp;avp_t=avp_t->next); - if (!avp_t && startAvp) { + for(avp_t = msg->avpList.head; avp_t && avp_t != startAvp; + avp_t = avp_t->next) + ; + if(!avp_t && startAvp) { LM_ERR(" the \"position\" avp is not in \"avpList\" list!!\n"); goto error; } /* where should I start searching from ? */ - if (!startAvp) - avp_t=(searchType==AAA_FORWARD_SEARCH)?(msg->avpList.head): - (msg->avpList.tail); + if(!startAvp) + avp_t = (searchType == AAA_FORWARD_SEARCH) ? (msg->avpList.head) + : (msg->avpList.tail); else - avp_t=startAvp; + avp_t = startAvp; /* start searching */ while(avp_t) { - if (avp_t->code==avpCode && avp_t->vendorId==vendorId) + if(avp_t->code == avpCode && avp_t->vendorId == vendorId) return avp_t; - avp_t = (searchType==AAA_FORWARD_SEARCH)?(avp_t->next):(avp_t->prev); + avp_t = (searchType == AAA_FORWARD_SEARCH) ? (avp_t->next) + : (avp_t->prev); } error: @@ -244,197 +250,210 @@ AAA_AVP *AAAFindMatchingAVP( /* This function removes an AVP from a list of a message */ -AAAReturnCode AAARemoveAVPFromMessage( - AAAMessage *msg, - AAA_AVP *avp) +AAAReturnCode AAARemoveAVPFromMessage(AAAMessage *msg, AAA_AVP *avp) { AAA_AVP *avp_t; /* param check */ - if ( !msg || !avp ) { + if(!msg || !avp) { LM_ERR("param AVP_LIST \"avpList\" or AVP \"avp\" passed null !!\n"); return AAA_ERR_PARAMETER; } /* search the "avp" avp */ - for(avp_t=msg->avpList.head;avp_t&&avp_t!=avp;avp_t=avp_t->next); - if (!avp_t) { + for(avp_t = msg->avpList.head; avp_t && avp_t != avp; avp_t = avp_t->next) + ; + if(!avp_t) { LM_ERR("the \"avp\" avp is not in \"avpList\" avp list!!\n"); return AAA_ERR_PARAMETER; } /* remove the avp from list */ - if (msg->avpList.head==avp) + if(msg->avpList.head == avp) msg->avpList.head = avp->next; else avp->prev->next = avp->next; - if (avp->next) + if(avp->next) avp->next->prev = avp->prev; else msg->avpList.tail = avp->prev; avp->next = avp->prev = 0; /* update short-cuts */ - switch (avp->code) { - case AVP_Session_Id: msg->sessionId = 0;break; - case AVP_Origin_Host: msg->orig_host = 0;break; - case AVP_Origin_Realm: msg->orig_realm = 0;break; - case AVP_Destination_Host: msg->dest_host = 0;break; - case AVP_Destination_Realm: msg->dest_realm = 0;break; - case AVP_Result_Code: msg->res_code = 0;break; - case AVP_Auth_Session_State: msg->auth_ses_state = 0;break; + switch(avp->code) { + case AVP_Session_Id: + msg->sessionId = 0; + break; + case AVP_Origin_Host: + msg->orig_host = 0; + break; + case AVP_Origin_Realm: + msg->orig_realm = 0; + break; + case AVP_Destination_Host: + msg->dest_host = 0; + break; + case AVP_Destination_Realm: + msg->dest_realm = 0; + break; + case AVP_Result_Code: + msg->res_code = 0; + break; + case AVP_Auth_Session_State: + msg->auth_ses_state = 0; + break; } return AAA_ERR_SUCCESS; } - /* The function frees an AVP */ -AAAReturnCode AAAFreeAVP(AAA_AVP **avp) +AAAReturnCode AAAFreeAVP(AAA_AVP **avp) { /* some checks */ - if (!avp || !(*avp)) { + if(!avp || !(*avp)) { LM_ERR("param avp cannot be null!!\n"); return AAA_ERR_PARAMETER; } /* free all the mem */ - if ( (*avp)->free_it && (*avp)->data.s ) + if((*avp)->free_it && (*avp)->data.s) ad_free((*avp)->data.s); - ad_free( *avp ); + ad_free(*avp); *avp = 0; return AAA_ERR_SUCCESS; } - /* This function returns a pointer to the first AVP in the list */ -AAA_AVP* AAAGetFirstAVP(AAA_AVP_LIST *avpList){ +AAA_AVP *AAAGetFirstAVP(AAA_AVP_LIST *avpList) +{ return avpList->head; } - /* This function returns a pointer to the last AVP in the list */ -AAA_AVP* AAAGetLastAVP(AAA_AVP_LIST *avpList) +AAA_AVP *AAAGetLastAVP(AAA_AVP_LIST *avpList) { return avpList->tail; } - - /* This function returns a pointer to the next AVP in the list */ -AAA_AVP* AAAGetNextAVP(AAA_AVP *avp) +AAA_AVP *AAAGetNextAVP(AAA_AVP *avp) { return avp->next; } - /* This function returns a pointer to the previous AVP in the list */ -AAA_AVP* AAAGetPrevAVP(AAA_AVP *avp) +AAA_AVP *AAAGetPrevAVP(AAA_AVP *avp) { return avp->prev; } - /* This function converts the data in the AVP to a format suitable for * log or display functions. */ -char* AAAConvertAVPToString(AAA_AVP *avp, char *dest, unsigned int destLen) +char *AAAConvertAVPToString(AAA_AVP *avp, char *dest, unsigned int destLen) { int l; int i; - if (!avp || !dest || !destLen) { + if(!avp || !dest || !destLen) { LM_ERR("param AVP, DEST or DESTLEN passed as null!!!\n"); return 0; } - l = snprintf(dest,destLen,"AVP(%p < %p >%p):packetType=%u;code=%u," - "flags=%x;\nDataType=%u;VendorID=%u;DataLen=%u;\n", - avp->prev,avp,avp->next,avp->packetType,avp->code,avp->flags, - avp->type,avp->vendorId,avp->data.len); + l = snprintf(dest, destLen, + "AVP(%p < %p >%p):packetType=%u;code=%u," + "flags=%x;\nDataType=%u;VendorID=%u;DataLen=%u;\n", + avp->prev, avp, avp->next, avp->packetType, avp->code, avp->flags, + avp->type, avp->vendorId, avp->data.len); switch(avp->type) { case AAA_AVP_STRING_TYPE: - l+=snprintf(dest+l,destLen-l,"String: <%.*s>",avp->data.len, - avp->data.s); + l += snprintf(dest + l, destLen - l, "String: <%.*s>", + avp->data.len, avp->data.s); break; case AAA_AVP_INTEGER32_TYPE: - l+=snprintf(dest+l,destLen-l,"Int32: <%u>(%x)", - (unsigned int)htonl(*((unsigned int*)avp->data.s)), - (unsigned int)htonl(*((unsigned int*)avp->data.s))); + l += snprintf(dest + l, destLen - l, "Int32: <%u>(%x)", + (unsigned int)htonl(*((unsigned int *)avp->data.s)), + (unsigned int)htonl(*((unsigned int *)avp->data.s))); break; case AAA_AVP_ADDRESS_TYPE: i = 1; - switch (avp->data.len) { - case 4: i=i*0; - case 6: i=i*2; - l+=snprintf(dest+l,destLen-l,"Address IPv4: <%d.%d.%d.%d>", - (unsigned char)avp->data.s[i+0], - (unsigned char)avp->data.s[i+1], - (unsigned char)avp->data.s[i+2], - (unsigned char)avp->data.s[i+3]); + switch(avp->data.len) { + case 4: + i = i * 0; + case 6: + i = i * 2; + l += snprintf(dest + l, destLen - l, + "Address IPv4: <%d.%d.%d.%d>", + (unsigned char)avp->data.s[i + 0], + (unsigned char)avp->data.s[i + 1], + (unsigned char)avp->data.s[i + 2], + (unsigned char)avp->data.s[i + 3]); + break; + case 16: + i = i * 0; + case 18: + i = i * 2; + l += snprintf(dest + l, destLen - l, + "Address IPv6: <%x.%x.%x.%x.%x.%x.%x.%x>", + ((avp->data.s[i + 0] << 8) + avp->data.s[i + 1]), + ((avp->data.s[i + 2] << 8) + avp->data.s[i + 3]), + ((avp->data.s[i + 4] << 8) + avp->data.s[i + 5]), + ((avp->data.s[i + 6] << 8) + avp->data.s[i + 7]), + ((avp->data.s[i + 8] << 8) + avp->data.s[i + 9]), + ((avp->data.s[i + 10] << 8) + avp->data.s[i + 11]), + ((avp->data.s[i + 12] << 8) + avp->data.s[i + 13]), + ((avp->data.s[i + 14] << 8) + avp->data.s[i + 15])); break; - case 16: i=i*0; - case 18: i=i*2; - l+=snprintf(dest+l,destLen-l, - "Address IPv6: <%x.%x.%x.%x.%x.%x.%x.%x>", - ((avp->data.s[i+0]<<8)+avp->data.s[i+1]), - ((avp->data.s[i+2]<<8)+avp->data.s[i+3]), - ((avp->data.s[i+4]<<8)+avp->data.s[i+5]), - ((avp->data.s[i+6]<<8)+avp->data.s[i+7]), - ((avp->data.s[i+8]<<8)+avp->data.s[i+9]), - ((avp->data.s[i+10]<<8)+avp->data.s[i+11]), - ((avp->data.s[i+12]<<8)+avp->data.s[i+13]), - ((avp->data.s[i+14]<<8)+avp->data.s[i+15])); break; - break; } break; //case AAA_AVP_INTEGER64_TYPE: case AAA_AVP_TIME_TYPE: default: LM_WARN("don't know how to print" - " this data type [%d] -> trying hexa\n",avp->type); + " this data type [%d] -> trying hexa\n", + avp->type); case AAA_AVP_DATA_TYPE: - for (i=0;idata.len&&ldata.s)[i]); + for(i = 0; i < avp->data.len && l < destLen - 1; i++) + l += snprintf(dest + l, destLen - l - 1, "%x", + ((unsigned char *)avp->data.s)[i]); } return dest; } - -AAA_AVP* AAACloneAVP( AAA_AVP *avp , unsigned char clone_data) +AAA_AVP *AAACloneAVP(AAA_AVP *avp, unsigned char clone_data) { AAA_AVP *n_avp; - if (!avp || !(avp->data.s) || !(avp->data.len) ) + if(!avp || !(avp->data.s) || !(avp->data.len)) goto error; /* clone the avp structure */ - n_avp = (AAA_AVP*)ad_malloc( sizeof(AAA_AVP) ); - if (!n_avp) { + n_avp = (AAA_AVP *)ad_malloc(sizeof(AAA_AVP)); + if(!n_avp) { PKG_MEM_ERROR; goto error; } - memcpy( n_avp, avp, sizeof(AAA_AVP)); + memcpy(n_avp, avp, sizeof(AAA_AVP)); n_avp->next = n_avp->prev = 0; - if (clone_data) { + if(clone_data) { /* clone the avp data */ - n_avp->data.s = (char*)ad_malloc( avp->data.len ); - if (!(n_avp->data.s)) { + n_avp->data.s = (char *)ad_malloc(avp->data.len); + if(!(n_avp->data.s)) { PKG_MEM_ERROR; - ad_free( n_avp ); + ad_free(n_avp); goto error; } - memcpy( n_avp->data.s, avp->data.s, avp->data.len); + memcpy(n_avp->data.s, avp->data.s, avp->data.len); n_avp->free_it = 1; } else { /* link the clone's data to the original's data */ @@ -447,5 +466,3 @@ AAA_AVP* AAACloneAVP( AAA_AVP *avp , unsigned char clone_data) error: return 0; } - - diff --git a/src/modules/auth_diameter/defs.h b/src/modules/auth_diameter/defs.h index 3b77a592f03..6a82dd0b38f 100644 --- a/src/modules/auth_diameter/defs.h +++ b/src/modules/auth_diameter/defs.h @@ -18,39 +18,39 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -#ifndef DIAMETER_DEFS -#define DIAMETER_DEFS +#ifndef DIAMETER_DEFS +#define DIAMETER_DEFS -#define vendorID 0 +#define vendorID 0 #define AA_REQUEST 265 -#define AA_ANSWER 265 +#define AA_ANSWER 265 -#define SERVICE_LEN 1 -#define SIP_AUTHENTICATION "6" -#define SIP_GROUP_CHECK "8" +#define SERVICE_LEN 1 +#define SIP_AUTHENTICATION "6" +#define SIP_GROUP_CHECK "8" -#define SIP_AUTH_SERVICE '6' -#define SIP_GROUP_SERVICE '8' -#define SIP_ACC_SERVICE '9' +#define SIP_AUTH_SERVICE '6' +#define SIP_GROUP_SERVICE '8' +#define SIP_ACC_SERVICE '9' -#define AAA_CHALLENGE 1 -#define AAA_AUTHORIZED 0 -#define AAA_NOT_AUTHORIZED 2 -#define AAA_SRVERR 3 +#define AAA_CHALLENGE 1 +#define AAA_AUTHORIZED 0 +#define AAA_NOT_AUTHORIZED 2 +#define AAA_SRVERR 3 -#define AAA_ERROR -1 -#define AAA_CONN_CLOSED -2 -#define AAA_TIMEOUT -3 -#define AAA_USER_IN_GROUP 0 +#define AAA_ERROR -1 +#define AAA_CONN_CLOSED -2 +#define AAA_TIMEOUT -3 +#define AAA_USER_IN_GROUP 0 -#define AAA_NO_CONNECTION -1 +#define AAA_NO_CONNECTION -1 -#define WWW_AUTH_CHALLENGE_LEN 18 -#define PROXY_AUTH_CHALLENGE_LEN 20 - -#define WWW_AUTH_CHALLENGE "WWW-Authenticate: " -#define PROXY_AUTH_CHALLENGE "Proxy-Authenticate: " +#define WWW_AUTH_CHALLENGE_LEN 18 +#define PROXY_AUTH_CHALLENGE_LEN 20 + +#define WWW_AUTH_CHALLENGE "WWW-Authenticate: " +#define PROXY_AUTH_CHALLENGE "Proxy-Authenticate: " #define MESSAGE_401 "Unauthorized" #define MESSAGE_407 "Proxy Authentication Required" @@ -64,7 +64,7 @@ typedef struct rd_buf { /* used to return a parsed response */ int ret_code; - unsigned int chall_len; + unsigned int chall_len; unsigned char *chall; /* used to read the message*/ diff --git a/src/modules/auth_diameter/diameter_msg.h b/src/modules/auth_diameter/diameter_msg.h index e8e7eea875c..7331e77a8d3 100644 --- a/src/modules/auth_diameter/diameter_msg.h +++ b/src/modules/auth_diameter/diameter_msg.h @@ -19,7 +19,6 @@ */ - #ifndef _AUTH_DIAM_MESSAGE_H_ #define _AUTH_DIAM_MESSAGE_H_ @@ -27,77 +26,78 @@ #include "../../core/mem/mem.h" #include "../../core/endianness.h" -#define ad_malloc pkg_malloc -#define ad_free pkg_free +#define ad_malloc pkg_malloc +#define ad_free pkg_free /*********************************** AAA TYPES *******************************/ -#define AAA_NO_VENDOR_ID 0 +#define AAA_NO_VENDOR_ID 0 -#define VER_SIZE 1 -#define MESSAGE_LENGTH_SIZE 3 -#define FLAGS_SIZE 1 -#define COMMAND_CODE_SIZE 3 -#define APPLICATION_ID_SIZE 4 +#define VER_SIZE 1 +#define MESSAGE_LENGTH_SIZE 3 +#define FLAGS_SIZE 1 +#define COMMAND_CODE_SIZE 3 +#define APPLICATION_ID_SIZE 4 #define HOP_BY_HOP_IDENTIFIER_SIZE 4 #define END_TO_END_IDENTIFIER_SIZE 4 -#define AVP_CODE_SIZE 4 -#define AVP_FLAGS_SIZE 1 -#define AVP_LENGTH_SIZE 3 +#define AVP_CODE_SIZE 4 +#define AVP_FLAGS_SIZE 1 +#define AVP_LENGTH_SIZE 3 #define AVP_VENDOR_ID_SIZE 4 -#define AAA_MSG_HDR_SIZE \ - (VER_SIZE + MESSAGE_LENGTH_SIZE + FLAGS_SIZE + COMMAND_CODE_SIZE +\ - APPLICATION_ID_SIZE+HOP_BY_HOP_IDENTIFIER_SIZE+END_TO_END_IDENTIFIER_SIZE) +#define AAA_MSG_HDR_SIZE \ + (VER_SIZE + MESSAGE_LENGTH_SIZE + FLAGS_SIZE + COMMAND_CODE_SIZE \ + + APPLICATION_ID_SIZE + HOP_BY_HOP_IDENTIFIER_SIZE \ + + END_TO_END_IDENTIFIER_SIZE) -#define AVP_HDR_SIZE(_flags_) \ - (AVP_CODE_SIZE+AVP_FLAGS_SIZE+AVP_LENGTH_SIZE+\ - AVP_VENDOR_ID_SIZE*(((_flags_)&AAA_AVP_FLAG_VENDOR_SPECIFIC)!=0) ) +#define AVP_HDR_SIZE(_flags_) \ + (AVP_CODE_SIZE + AVP_FLAGS_SIZE + AVP_LENGTH_SIZE \ + + AVP_VENDOR_ID_SIZE \ + * (((_flags_)&AAA_AVP_FLAG_VENDOR_SPECIFIC) != 0)) /* message codes */ #ifndef __IS_BIG_ENDIAN - #define AS_MSG_CODE 0x12010000 - #define AC_MSG_CODE 0x0f010000 - #define CE_MSG_CODE 0x01010000 - #define DW_MSG_CODE 0x18010000 - #define DP_MSG_CODE 0x1a010000 - #define RA_MSG_CODE 0x02010000 - #define ST_MSG_CODE 0x13010000 - #define MASK_MSG_CODE 0xffffff00 +#define AS_MSG_CODE 0x12010000 +#define AC_MSG_CODE 0x0f010000 +#define CE_MSG_CODE 0x01010000 +#define DW_MSG_CODE 0x18010000 +#define DP_MSG_CODE 0x1a010000 +#define RA_MSG_CODE 0x02010000 +#define ST_MSG_CODE 0x13010000 +#define MASK_MSG_CODE 0xffffff00 #else - #define AS_MSG_CODE 0x00000112 - #define AC_MSG_CODE 0x0000010f - #define CE_MSG_CODE 0x00000101 - #define DW_MSG_CODE 0x00000118 - #define DP_MSG_CODE 0x0000011a - #define RA_MSG_CODE 0x00000102 - #define ST_MSG_CODE 0x00000113 - #define MASK_MSG_CODE 0x00ffffff +#define AS_MSG_CODE 0x00000112 +#define AC_MSG_CODE 0x0000010f +#define CE_MSG_CODE 0x00000101 +#define DW_MSG_CODE 0x00000118 +#define DP_MSG_CODE 0x0000011a +#define RA_MSG_CODE 0x00000102 +#define ST_MSG_CODE 0x00000113 +#define MASK_MSG_CODE 0x00ffffff #endif - -typedef unsigned int AAACommandCode; -typedef unsigned int AAAVendorId; -typedef unsigned int AAAExtensionId; -typedef unsigned int AAA_AVPCode; -typedef unsigned int AAAValue; -typedef unsigned int AAAApplicationId; -typedef void* AAAApplicationRef; -typedef str AAASessionId; -typedef unsigned int AAAMsgIdentifier; -typedef unsigned char AAAMsgFlag; - +typedef unsigned int AAACommandCode; +typedef unsigned int AAAVendorId; +typedef unsigned int AAAExtensionId; +typedef unsigned int AAA_AVPCode; +typedef unsigned int AAAValue; +typedef unsigned int AAAApplicationId; +typedef void *AAAApplicationRef; +typedef str AAASessionId; +typedef unsigned int AAAMsgIdentifier; +typedef unsigned char AAAMsgFlag; /* Status codes returned by functions in the AAA API */ -typedef enum { - AAA_ERR_NOT_FOUND = -2, /* handle or id not found */ - AAA_ERR_FAILURE = -1, /* unspecified failure during an AAA op. */ - AAA_ERR_SUCCESS = 0, /* AAA operation succeeded */ - AAA_ERR_NOMEM, /* op. caused memory to be exhausted */ - AAA_ERR_PROTO, /* AAA protocol error */ +typedef enum +{ + AAA_ERR_NOT_FOUND = -2, /* handle or id not found */ + AAA_ERR_FAILURE = -1, /* unspecified failure during an AAA op. */ + AAA_ERR_SUCCESS = 0, /* AAA operation succeeded */ + AAA_ERR_NOMEM, /* op. caused memory to be exhausted */ + AAA_ERR_PROTO, /* AAA protocol error */ AAA_ERR_SECURITY, AAA_ERR_PARAMETER, AAA_ERR_CONFIG, @@ -115,7 +115,8 @@ typedef enum { /* The following are AVP data type codes. They correspond directly to * the AVP data types outline in the Diameter specification [1]: */ -typedef enum { +typedef enum +{ AAA_AVP_DATA_TYPE, AAA_AVP_STRING_TYPE, AAA_AVP_ADDRESS_TYPE, @@ -127,118 +128,123 @@ typedef enum { /* The following are used for AVP header flags and for flags in the AVP * wrapper struct and AVP dictionary definitions. */ -typedef enum { - AAA_AVP_FLAG_NONE = 0x00, - AAA_AVP_FLAG_MANDATORY = 0x40, - AAA_AVP_FLAG_RESERVED = 0x1F, - AAA_AVP_FLAG_VENDOR_SPECIFIC = 0x80, +typedef enum +{ + AAA_AVP_FLAG_NONE = 0x00, + AAA_AVP_FLAG_MANDATORY = 0x40, + AAA_AVP_FLAG_RESERVED = 0x1F, + AAA_AVP_FLAG_VENDOR_SPECIFIC = 0x80, AAA_AVP_FLAG_END_TO_END_ENCRYPT = 0x20, } AAA_AVPFlag; /* List with all known application identifiers */ -typedef enum { - AAA_APP_DIAMETER_COMMON_MSG = 0, - AAA_APP_NASREQ = 1, - AAA_APP_MOBILE_IP = 2, - AAA_APP_DIAMETER_BASE_ACC = 3, - AAA_APP_RELAY = (int)0xffffffff, -}AAA_APP_IDS; +typedef enum +{ + AAA_APP_DIAMETER_COMMON_MSG = 0, + AAA_APP_NASREQ = 1, + AAA_APP_MOBILE_IP = 2, + AAA_APP_DIAMETER_BASE_ACC = 3, + AAA_APP_RELAY = (int)0xffffffff, +} AAA_APP_IDS; /* The following are the result codes returned from remote servers as * part of messages */ -typedef enum { - AAA_MUTI_ROUND_AUTH = 1001, - AAA_SUCCESS = 2001, - AAA_COMMAND_UNSUPPORTED = 3001, - AAA_UNABLE_TO_DELIVER = 3002, - AAA_REALM_NOT_SERVED = 3003, - AAA_TOO_BUSY = 3004, - AAA_LOOP_DETECTED = 3005, - AAA_REDIRECT_INDICATION = 3006, - AAA_APPLICATION_UNSUPPORTED = 3007, - AAA_INVALID_HDR_BITS = 3008, - AAA_INVALID_AVP_BITS = 3009, - AAA_UNKNOWN_PEER = 3010, - AAA_AUTHENTICATION_REJECTED = 4001, - AAA_OUT_OF_SPACE = 4002, - AAA_ELECTION_LOST = 4003, - AAA_AVP_UNSUPPORTED = 5001, - AAA_UNKNOWN_SESSION_ID = 5002, - AAA_AUTHORIZATION_REJECTED = 5003, - AAA_INVALID_AVP_VALUE = 5004, - AAA_MISSING_AVP = 5005, - AAA_RESOURCES_EXCEEDED = 5006, - AAA_CONTRADICTING_AVPS = 5007, - AAA_AVP_NOT_ALLOWED = 5008, +typedef enum +{ + AAA_MUTI_ROUND_AUTH = 1001, + AAA_SUCCESS = 2001, + AAA_COMMAND_UNSUPPORTED = 3001, + AAA_UNABLE_TO_DELIVER = 3002, + AAA_REALM_NOT_SERVED = 3003, + AAA_TOO_BUSY = 3004, + AAA_LOOP_DETECTED = 3005, + AAA_REDIRECT_INDICATION = 3006, + AAA_APPLICATION_UNSUPPORTED = 3007, + AAA_INVALID_HDR_BITS = 3008, + AAA_INVALID_AVP_BITS = 3009, + AAA_UNKNOWN_PEER = 3010, + AAA_AUTHENTICATION_REJECTED = 4001, + AAA_OUT_OF_SPACE = 4002, + AAA_ELECTION_LOST = 4003, + AAA_AVP_UNSUPPORTED = 5001, + AAA_UNKNOWN_SESSION_ID = 5002, + AAA_AUTHORIZATION_REJECTED = 5003, + AAA_INVALID_AVP_VALUE = 5004, + AAA_MISSING_AVP = 5005, + AAA_RESOURCES_EXCEEDED = 5006, + AAA_CONTRADICTING_AVPS = 5007, + AAA_AVP_NOT_ALLOWED = 5008, AAA_AVP_OCCURS_TOO_MANY_TIMES = 5009, - AAA_NO_COMMON_APPLICATION = 5010, - AAA_UNSUPPORTED_VERSION = 5011, - AAA_UNABLE_TO_COMPLY = 5012, - AAA_INVALID_BIT_IN_HEADER = 5013, - AAA_INVALIS_AVP_LENGTH = 5014, - AAA_INVALID_MESSGE_LENGTH = 5015, - AAA_INVALID_AVP_BIT_COMBO = 5016, - AAA_NO_COMMON_SECURITY = 5017, + AAA_NO_COMMON_APPLICATION = 5010, + AAA_UNSUPPORTED_VERSION = 5011, + AAA_UNABLE_TO_COMPLY = 5012, + AAA_INVALID_BIT_IN_HEADER = 5013, + AAA_INVALIS_AVP_LENGTH = 5014, + AAA_INVALID_MESSGE_LENGTH = 5015, + AAA_INVALID_AVP_BIT_COMBO = 5016, + AAA_NO_COMMON_SECURITY = 5017, } AAAResultCode; -typedef enum { - AVP_User_Name = 1, - AVP_Class = 25, - AVP_Session_Timeout = 27, - AVP_Proxy_State = 33, - AVP_Host_IP_Address = 257, - AVP_Auth_Application_Id = 258, - AVP_Vendor_Specific_Application_Id= 260, - AVP_Redirect_Max_Cache_Time = 262, - AVP_Session_Id = 263, - AVP_Origin_Host = 264, - AVP_Supported_Vendor_Id = 265, - AVP_Vendor_Id = 266, - AVP_Result_Code = 268, - AVP_Product_Name = 269, - AVP_Session_Binding = 270, - AVP_Disconnect_Cause = 273, - AVP_Auth_Request_Type = 274, - AVP_Auth_Grace_Period = 276, - AVP_Auth_Session_State = 277, - AVP_Origin_State_Id = 278, - AVP_Proxy_Host = 280, - AVP_Error_Message = 281, - AVP_Record_Route = 282, - AVP_Destination_Realm = 283, - AVP_Proxy_Info = 284, - AVP_Re_Auth_Request_Type = 285, - AVP_Authorization_Lifetime = 291, - AVP_Redirect_Host = 292, - AVP_Destination_Host = 293, - AVP_Termination_Cause = 295, - AVP_Origin_Realm = 296, -/* begin SIP AAA with DIAMETER*/ - AVP_Resource = 400, - AVP_Response = 401, - AVP_Challenge = 402, - AVP_Method = 403, - AVP_Service_Type = 404, - AVP_User_Group = 405, - AVP_SIP_MSGID = 406 - -/* end SIP AAA with DIAMETER */ -}AAA_AVPCodeNr; +typedef enum +{ + AVP_User_Name = 1, + AVP_Class = 25, + AVP_Session_Timeout = 27, + AVP_Proxy_State = 33, + AVP_Host_IP_Address = 257, + AVP_Auth_Application_Id = 258, + AVP_Vendor_Specific_Application_Id = 260, + AVP_Redirect_Max_Cache_Time = 262, + AVP_Session_Id = 263, + AVP_Origin_Host = 264, + AVP_Supported_Vendor_Id = 265, + AVP_Vendor_Id = 266, + AVP_Result_Code = 268, + AVP_Product_Name = 269, + AVP_Session_Binding = 270, + AVP_Disconnect_Cause = 273, + AVP_Auth_Request_Type = 274, + AVP_Auth_Grace_Period = 276, + AVP_Auth_Session_State = 277, + AVP_Origin_State_Id = 278, + AVP_Proxy_Host = 280, + AVP_Error_Message = 281, + AVP_Record_Route = 282, + AVP_Destination_Realm = 283, + AVP_Proxy_Info = 284, + AVP_Re_Auth_Request_Type = 285, + AVP_Authorization_Lifetime = 291, + AVP_Redirect_Host = 292, + AVP_Destination_Host = 293, + AVP_Termination_Cause = 295, + AVP_Origin_Realm = 296, + /* begin SIP AAA with DIAMETER*/ + AVP_Resource = 400, + AVP_Response = 401, + AVP_Challenge = 402, + AVP_Method = 403, + AVP_Service_Type = 404, + AVP_User_Group = 405, + AVP_SIP_MSGID = 406 + + /* end SIP AAA with DIAMETER */ +} AAA_AVPCodeNr; /* The following type allows the client to specify which direction to * search for an AVP in the AVP list: */ -typedef enum { +typedef enum +{ AAA_FORWARD_SEARCH = 0, AAA_BACKWARD_SEARCH } AAASearchType; - -typedef enum { +typedef enum +{ AAA_ACCT_EVENT = 1, AAA_ACCT_START = 2, AAA_ACCT_INTERIM = 3, @@ -246,17 +252,20 @@ typedef enum { } AAAAcctMessageType; -typedef enum { +typedef enum +{ AVP_DUPLICATE_DATA, AVP_DONT_FREE_DATA, AVP_FREE_DATA, } AVPDataStatus; /* The following structure contains a message AVP in parsed format */ -typedef struct avp { +typedef struct avp +{ struct avp *next; struct avp *prev; - enum { + enum + { AAA_RADIUS, AAA_DIAMETER } packetType; @@ -271,121 +280,91 @@ typedef struct avp { /* The following structure is used for representing lists of AVPs on the * message: */ -typedef struct _avp_list_t { +typedef struct _avp_list_t +{ AAA_AVP *head; AAA_AVP *tail; } AAA_AVP_LIST; /* The following structure contains the full AAA message: */ -typedef struct _message_t { - AAAMsgFlag flags; - AAACommandCode commandCode; - AAAApplicationId applicationId; - AAAMsgIdentifier endtoendId; - AAAMsgIdentifier hopbyhopId; - AAASessionId *sId; - AAA_AVP *sessionId; - AAA_AVP *orig_host; - AAA_AVP *orig_realm; - AAA_AVP *dest_host; - AAA_AVP *dest_realm; - AAA_AVP *res_code; - AAA_AVP *auth_ses_state; - AAA_AVP_LIST avpList; - str buf; - void *in_peer; +typedef struct _message_t +{ + AAAMsgFlag flags; + AAACommandCode commandCode; + AAAApplicationId applicationId; + AAAMsgIdentifier endtoendId; + AAAMsgIdentifier hopbyhopId; + AAASessionId *sId; + AAA_AVP *sessionId; + AAA_AVP *orig_host; + AAA_AVP *orig_realm; + AAA_AVP *dest_host; + AAA_AVP *dest_realm; + AAA_AVP *res_code; + AAA_AVP *auth_ses_state; + AAA_AVP_LIST avpList; + str buf; + void *in_peer; } AAAMessage; - - /**************************** AAA MESSAGE FUNCTIONS **************************/ /* MESSAGES */ -#define is_req(_msg_) \ - (((_msg_)->flags)&0x80) +#define is_req(_msg_) (((_msg_)->flags) & 0x80) -AAAMessage *AAAInMessage( - AAACommandCode commandCode, - AAAApplicationId appId); +AAAMessage *AAAInMessage(AAACommandCode commandCode, AAAApplicationId appId); -AAAReturnCode AAAFreeMessage( - AAAMessage **message); +AAAReturnCode AAAFreeMessage(AAAMessage **message); AAAReturnCode AAASetMessageResultCode( - AAAMessage *message, - AAAResultCode resultCode); + AAAMessage *message, AAAResultCode resultCode); -void AAAPrintMessage( - AAAMessage *msg); +void AAAPrintMessage(AAAMessage *msg); -AAAReturnCode AAABuildMsgBuffer( - AAAMessage *msg ); +AAAReturnCode AAABuildMsgBuffer(AAAMessage *msg); -AAAMessage* AAATranslateMessage( - unsigned char* source, - unsigned int sourceLen, - int attach_buf ); +AAAMessage *AAATranslateMessage( + unsigned char *source, unsigned int sourceLen, int attach_buf); /* AVPS */ -#define AAACreateAndAddAVPToMessage(_msg_,_code_,_flags_,_vdr_,_data_,_len_) \ - ( AAAAddAVPToMessage(_msg_, \ - AAACreateAVP(_code_,_flags_,_vdr_,_data_,_len_, AVP_DUPLICATE_DATA),\ - (_msg_)->avpList.tail) ) +#define AAACreateAndAddAVPToMessage( \ + _msg_, _code_, _flags_, _vdr_, _data_, _len_) \ + (AAAAddAVPToMessage(_msg_, \ + AAACreateAVP(_code_, _flags_, _vdr_, _data_, _len_, \ + AVP_DUPLICATE_DATA), \ + (_msg_)->avpList.tail)) -AAA_AVP* AAACreateAVP( - AAA_AVPCode code, - AAA_AVPFlag flags, - AAAVendorId vendorId, - char *data, - unsigned int length, - AVPDataStatus data_status); +AAA_AVP *AAACreateAVP(AAA_AVPCode code, AAA_AVPFlag flags, AAAVendorId vendorId, + char *data, unsigned int length, AVPDataStatus data_status); -AAA_AVP* AAACloneAVP( - AAA_AVP *avp, - unsigned char duplicate_data ); +AAA_AVP *AAACloneAVP(AAA_AVP *avp, unsigned char duplicate_data); AAAReturnCode AAAAddAVPToMessage( - AAAMessage *msg, - AAA_AVP *avp, - AAA_AVP *position); + AAAMessage *msg, AAA_AVP *avp, AAA_AVP *position); -AAA_AVP *AAAFindMatchingAVP( - AAAMessage *msg, - AAA_AVP *startAvp, - AAA_AVPCode avpCode, - AAAVendorId vendorId, - AAASearchType searchType); +AAA_AVP *AAAFindMatchingAVP(AAAMessage *msg, AAA_AVP *startAvp, + AAA_AVPCode avpCode, AAAVendorId vendorId, AAASearchType searchType); -AAAReturnCode AAARemoveAVPFromMessage( - AAAMessage *msg, - AAA_AVP *avp); +AAAReturnCode AAARemoveAVPFromMessage(AAAMessage *msg, AAA_AVP *avp); -AAAReturnCode AAAFreeAVP( - AAA_AVP **avp); +AAAReturnCode AAAFreeAVP(AAA_AVP **avp); -AAA_AVP* AAAGetFirstAVP( - AAA_AVP_LIST *avpList); +AAA_AVP *AAAGetFirstAVP(AAA_AVP_LIST *avpList); -AAA_AVP* AAAGetLastAVP( - AAA_AVP_LIST *avpList); +AAA_AVP *AAAGetLastAVP(AAA_AVP_LIST *avpList); -AAA_AVP* AAAGetNextAVP( - AAA_AVP *avp); +AAA_AVP *AAAGetNextAVP(AAA_AVP *avp); -AAA_AVP* AAAGetPrevAVP( - AAA_AVP *avp); +AAA_AVP *AAAGetPrevAVP(AAA_AVP *avp); -char *AAAConvertAVPToString( - AAA_AVP *avp, - char *dest, - unsigned int destLen); +char *AAAConvertAVPToString(AAA_AVP *avp, char *dest, unsigned int destLen); #endif diff --git a/src/modules/auth_diameter/message.c b/src/modules/auth_diameter/message.c index 6ca98dcd5f9..4c377012f1d 100644 --- a/src/modules/auth_diameter/message.c +++ b/src/modules/auth_diameter/message.c @@ -29,122 +29,127 @@ #include "../../core/dprint.h" #include "diameter_msg.h" -#define get_3bytes(_b) \ - ((((unsigned int)(_b)[0])<<16)|(((unsigned int)(_b)[1])<<8)|\ - (((unsigned int)(_b)[2]))) - -#define get_4bytes(_b) \ - ((((unsigned int)(_b)[0])<<24)|(((unsigned int)(_b)[1])<<16)|\ - (((unsigned int)(_b)[2])<<8)|(((unsigned int)(_b)[3]))) - -#define set_3bytes(_b,_v) \ - {(_b)[0]=((_v)&0x00ff0000)>>16;(_b)[1]=((_v)&0x0000ff00)>>8;\ - (_b)[2]=((_v)&0x000000ff);} +#define get_3bytes(_b) \ + ((((unsigned int)(_b)[0]) << 16) | (((unsigned int)(_b)[1]) << 8) \ + | (((unsigned int)(_b)[2]))) + +#define get_4bytes(_b) \ + ((((unsigned int)(_b)[0]) << 24) | (((unsigned int)(_b)[1]) << 16) \ + | (((unsigned int)(_b)[2]) << 8) | (((unsigned int)(_b)[3]))) + +#define set_3bytes(_b, _v) \ + { \ + (_b)[0] = ((_v)&0x00ff0000) >> 16; \ + (_b)[1] = ((_v)&0x0000ff00) >> 8; \ + (_b)[2] = ((_v)&0x000000ff); \ + } -#define set_4bytes(_b,_v) \ - {(_b)[0]=((_v)&0xff000000)>>24;(_b)[1]=((_v)&0x00ff0000)>>16;\ - (_b)[2]=((_v)&0x0000ff00)>>8;(_b)[3]=((_v)&0x000000ff);} +#define set_4bytes(_b, _v) \ + { \ + (_b)[0] = ((_v)&0xff000000) >> 24; \ + (_b)[1] = ((_v)&0x00ff0000) >> 16; \ + (_b)[2] = ((_v)&0x0000ff00) >> 8; \ + (_b)[3] = ((_v)&0x000000ff); \ + } -#define to_32x_len( _len_ ) \ - ( (_len_)+(((_len_)&3)?4-((_len_)&3):0) ) +#define to_32x_len(_len_) ((_len_) + (((_len_)&3) ? 4 - ((_len_)&3) : 0)) /* from an AAAMessage structure, a buffer to be sent is built */ -AAAReturnCode AAABuildMsgBuffer( AAAMessage *msg ) +AAAReturnCode AAABuildMsgBuffer(AAAMessage *msg) { unsigned char *p; - AAA_AVP *avp; + AAA_AVP *avp; /* first let's compute the length of the buffer */ msg->buf.len = AAA_MSG_HDR_SIZE; /* AAA message header size */ /* count and add the avps */ - for(avp=msg->avpList.head;avp;avp=avp->next) { - msg->buf.len += AVP_HDR_SIZE(avp->flags)+ to_32x_len( avp->data.len ); + for(avp = msg->avpList.head; avp; avp = avp->next) { + msg->buf.len += AVP_HDR_SIZE(avp->flags) + to_32x_len(avp->data.len); } -// LM_DBG("xxxx len=%d\n",msg->buf.len); + // LM_DBG("xxxx len=%d\n",msg->buf.len); /* allocate some memory */ - msg->buf.s = (char*)ad_malloc( msg->buf.len ); - if (!msg->buf.s) { + msg->buf.s = (char *)ad_malloc(msg->buf.len); + if(!msg->buf.s) { PKG_MEM_ERROR; goto error; } memset(msg->buf.s, 0, msg->buf.len); /* fill in the buffer */ - p = (unsigned char*)msg->buf.s; + p = (unsigned char *)msg->buf.s; /* DIAMETER HEADER */ /* message length */ - ((unsigned int*)p)[0] =htonl(msg->buf.len); + ((unsigned int *)p)[0] = htonl(msg->buf.len); /* Diameter Version */ *p = 1; p += VER_SIZE + MESSAGE_LENGTH_SIZE; /* command code */ - ((unsigned int*)p)[0] = htonl(msg->commandCode); + ((unsigned int *)p)[0] = htonl(msg->commandCode); /* flags */ *p = (unsigned char)msg->flags; p += FLAGS_SIZE + COMMAND_CODE_SIZE; /* application-ID */ - ((unsigned int*)p)[0] = htonl(msg->applicationId); + ((unsigned int *)p)[0] = htonl(msg->applicationId); p += APPLICATION_ID_SIZE; /* hop by hop id */ - ((unsigned int*)p)[0] = msg->hopbyhopId; + ((unsigned int *)p)[0] = msg->hopbyhopId; p += HOP_BY_HOP_IDENTIFIER_SIZE; /* end to end id */ - ((unsigned int*)p)[0] = msg->endtoendId; + ((unsigned int *)p)[0] = msg->endtoendId; p += END_TO_END_IDENTIFIER_SIZE; /* AVPS */ - for(avp=msg->avpList.head;avp;avp=avp->next) { + for(avp = msg->avpList.head; avp; avp = avp->next) { /* AVP HEADER */ /* avp code */ - set_4bytes(p,avp->code); - p +=4; + set_4bytes(p, avp->code); + p += 4; /* flags */ (*p++) = (unsigned char)avp->flags; /* avp length */ - set_3bytes(p, (AVP_HDR_SIZE(avp->flags)+avp->data.len) ); + set_3bytes(p, (AVP_HDR_SIZE(avp->flags) + avp->data.len)); p += 3; /* vendor id */ - if ((avp->flags&0x80)!=0) { - set_4bytes(p,avp->vendorId); - p +=4; + if((avp->flags & 0x80) != 0) { + set_4bytes(p, avp->vendorId); + p += 4; } /* data */ - memcpy( p, avp->data.s, avp->data.len); - p += to_32x_len( avp->data.len ); + memcpy(p, avp->data.s, avp->data.len); + p += to_32x_len(avp->data.len); } - if ((char*)p-msg->buf.s!=msg->buf.len) { + if((char *)p - msg->buf.s != msg->buf.len) { LM_ERR("mismatch between len and buf!\n"); - ad_free( msg->buf.s ); + ad_free(msg->buf.s); msg->buf.s = 0; msg->buf.len = 0; goto error; } -// LM_DBG("Message: %.*s\n", msg->buf.len, msg->buf.s); + // LM_DBG("Message: %.*s\n", msg->buf.len, msg->buf.s); return AAA_ERR_SUCCESS; error: return -1; } - /* frees a message allocated through AAANewMessage() */ -AAAReturnCode AAAFreeMessage(AAAMessage **msg) +AAAReturnCode AAAFreeMessage(AAAMessage **msg) { AAA_AVP *avp_t; AAA_AVP *avp; /* param check */ - if (!msg || !(*msg)) + if(!msg || !(*msg)) goto done; /* free the avp list */ avp = (*msg)->avpList.head; - while (avp) { + while(avp) { avp_t = avp; avp = avp->next; /*free the avp*/ @@ -152,8 +157,8 @@ AAAReturnCode AAAFreeMessage(AAAMessage **msg) } /* free the buffer (if any) */ - if ( (*msg)->buf.s ) - ad_free( (*msg)->buf.s ); + if((*msg)->buf.s) + ad_free((*msg)->buf.s); /* free the AAA msg */ ad_free(*msg); @@ -164,39 +169,36 @@ AAAReturnCode AAAFreeMessage(AAAMessage **msg) } - /* Sets the proper result_code into the Result-Code AVP; thus avp must already * exists into the reply message */ -AAAReturnCode AAASetMessageResultCode( - AAAMessage *message, - AAAResultCode resultCode) +AAAReturnCode AAASetMessageResultCode( + AAAMessage *message, AAAResultCode resultCode) { - if ( !is_req(message) && message->res_code) { - *((unsigned int*)(message->res_code->data.s)) = htonl(resultCode); + if(!is_req(message) && message->res_code) { + *((unsigned int *)(message->res_code->data.s)) = htonl(resultCode); return AAA_ERR_SUCCESS; } return AAA_ERR_FAILURE; } - /* This function convert message to message structure */ -AAAMessage* AAATranslateMessage( unsigned char* source, unsigned int sourceLen, - int attach_buf) +AAAMessage *AAATranslateMessage( + unsigned char *source, unsigned int sourceLen, int attach_buf) { unsigned char *ptr; - AAAMessage *msg = NULL; + AAAMessage *msg = NULL; unsigned char version; - unsigned int msg_len; - AAA_AVP *avp; - unsigned int avp_code; + unsigned int msg_len; + AAA_AVP *avp; + unsigned int avp_code; unsigned char avp_flags; - unsigned int avp_len; - unsigned int avp_vendorID; - unsigned int avp_data_len; + unsigned int avp_len; + unsigned int avp_vendorID; + unsigned int avp_data_len; /* check the params */ - if( !source || !sourceLen || sourceLensourceLen) { + if(msg_len > sourceLen) { LM_ERR(" AAA message len [%d] bigger than" - " buffer len [%d]\n",msg_len,sourceLen); + " buffer len [%d]\n", + msg_len, sourceLen); goto error; } @@ -236,95 +239,94 @@ AAAMessage* AAATranslateMessage( unsigned char* source, unsigned int sourceLen, ptr += FLAGS_SIZE; /* command code */ - msg->commandCode = get_3bytes( ptr ); + msg->commandCode = get_3bytes(ptr); ptr += COMMAND_CODE_SIZE; /* application-Id */ - msg->applicationId = get_4bytes( ptr ); + msg->applicationId = get_4bytes(ptr); ptr += APPLICATION_ID_SIZE; /* Hop-by-Hop-Id */ - msg->hopbyhopId = *((unsigned int*)ptr); + msg->hopbyhopId = *((unsigned int *)ptr); ptr += HOP_BY_HOP_IDENTIFIER_SIZE; /* End-to-End-Id */ - msg->endtoendId = *((unsigned int*)ptr); + msg->endtoendId = *((unsigned int *)ptr); ptr += END_TO_END_IDENTIFIER_SIZE; /* start decoding the AVPS */ - while (ptr < source+msg_len) { - if (ptr+AVP_HDR_SIZE(0x80)>source+msg_len){ + while(ptr < source + msg_len) { + if(ptr + AVP_HDR_SIZE(0x80) > source + msg_len) { LM_ERR(" source buffer to short!! " - "Cannot read the whole AVP header!\n"); + "Cannot read the whole AVP header!\n"); goto error; } /* avp code */ - avp_code = get_4bytes( ptr ); + avp_code = get_4bytes(ptr); ptr += AVP_CODE_SIZE; /* avp flags */ avp_flags = (unsigned char)*ptr; ptr += AVP_FLAGS_SIZE; /* avp length */ - avp_len = get_3bytes( ptr ); + avp_len = get_3bytes(ptr); ptr += AVP_LENGTH_SIZE; - if (avp_len<1) { + if(avp_len < 1) { LM_ERR(" invalid AVP len [%d]\n", avp_len); goto error; } /* avp vendor-ID */ avp_vendorID = 0; - if (avp_flags&AAA_AVP_FLAG_VENDOR_SPECIFIC) { - avp_vendorID = get_4bytes( ptr ); + if(avp_flags & AAA_AVP_FLAG_VENDOR_SPECIFIC) { + avp_vendorID = get_4bytes(ptr); ptr += AVP_VENDOR_ID_SIZE; } /* data length */ - avp_data_len = avp_len-AVP_HDR_SIZE(avp_flags); + avp_data_len = avp_len - AVP_HDR_SIZE(avp_flags); /*check the data length */ - if ( source+msg_lenavpList.tail)!=AAA_ERR_SUCCESS) { + if(AAAAddAVPToMessage(msg, avp, msg->avpList.tail) != AAA_ERR_SUCCESS) { LM_ERR("failed to add avp to message\n"); } - ptr += to_32x_len( avp_data_len ); + ptr += to_32x_len(avp_data_len); } /* link the buffer to the message */ - if (attach_buf) { - msg->buf.s = (char*)source; + if(attach_buf) { + msg->buf.s = (char *)source; msg->buf.len = msg_len; } //AAAPrintMessage( msg ); - return msg; + return msg; error: LM_ERR(" message conversion dropped!!\n"); - if (msg) { + if(msg) { AAAFreeMessage(&msg); } return 0; } /* create a new minimal AAA message */ -AAAMessage* AAAInMessage(AAACommandCode commandCode, AAAApplicationId appId) +AAAMessage *AAAInMessage(AAACommandCode commandCode, AAAApplicationId appId) { - AAAMessage *msg; + AAAMessage *msg; /* we allocate a new AAAMessage structure and set it to 0 */ - msg = (AAAMessage*)ad_malloc(sizeof(AAAMessage)); - if (!msg) - { + msg = (AAAMessage *)ad_malloc(sizeof(AAAMessage)); + if(!msg) { PKG_MEM_ERROR; return NULL; } @@ -345,21 +347,21 @@ AAAMessage* AAAInMessage(AAACommandCode commandCode, AAAApplicationId appId) /* print as debug all info contained by an aaa message + AVPs */ -void AAAPrintMessage( AAAMessage *msg) +void AAAPrintMessage(AAAMessage *msg) { - char buf[1024]; + char buf[1024]; AAA_AVP *avp; /* print msg info */ - LM_DBG("AAA_MESSAGE - %p\n",msg); - LM_DBG("\tCode = %u\n",msg->commandCode); - LM_DBG("\tFlags = %x\n",msg->flags); + LM_DBG("AAA_MESSAGE - %p\n", msg); + LM_DBG("\tCode = %u\n", msg->commandCode); + LM_DBG("\tFlags = %x\n", msg->flags); /*print the AVPs */ avp = msg->avpList.head; - while (avp) { - AAAConvertAVPToString(avp,buf,1024); - LM_DBG("\n%s\n",buf); - avp=avp->next; + while(avp) { + AAAConvertAVPToString(avp, buf, 1024); + LM_DBG("\n%s\n", buf); + avp = avp->next; } } diff --git a/src/modules/auth_diameter/tcp_comm.c b/src/modules/auth_diameter/tcp_comm.c index 97e05629a01..115e1eaeb18 100644 --- a/src/modules/auth_diameter/tcp_comm.c +++ b/src/modules/auth_diameter/tcp_comm.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include #include /* memory management */ @@ -43,137 +43,120 @@ #include "tcp_comm.h" #include "diameter_msg.h" -#define MAX_TRIES 10 +#define MAX_TRIES 10 -/* it initializes the TCP connection */ -int init_mytcp(char* host, int port) +/* it initializes the TCP connection */ +int init_mytcp(char *host, int port) { int sockfd; struct sockaddr_in serv_addr; struct hostent *server; - + sockfd = socket(PF_INET, SOCK_STREAM, 0); - - if (sockfd < 0) - { + + if(sockfd < 0) { LM_ERR("error creating the socket\n"); return -1; - } - - server = gethostbyname(host); - if (server == NULL) - { + } + + server = gethostbyname(host); + if(server == NULL) { LM_ERR("error finding the host\n"); close(sockfd); return -1; - } + } + + memset((char *)&serv_addr, 0, sizeof(serv_addr)); + serv_addr.sin_family = PF_INET; + memcpy((char *)&serv_addr.sin_addr.s_addr, (char *)server->h_addr, + server->h_length); + serv_addr.sin_port = htons(port); - memset((char *) &serv_addr, 0, sizeof(serv_addr)); - serv_addr.sin_family = PF_INET; - memcpy((char *)&serv_addr.sin_addr.s_addr, (char *)server->h_addr, - server->h_length); - serv_addr.sin_port = htons(port); - - if (connect(sockfd, (const struct sockaddr *)&serv_addr, - sizeof(serv_addr)) < 0) - { - LM_ERR("error connecting to the DIAMETER client\n"); + if(connect(sockfd, (const struct sockaddr *)&serv_addr, sizeof(serv_addr)) + < 0) { + LM_ERR("error connecting to the DIAMETER client\n"); close(sockfd); return -1; - } + } return sockfd; } - void reset_read_buffer(rd_buf_t *rb) { - rb->ret_code = 0; - rb->chall_len = 0; + rb->ret_code = 0; + rb->chall_len = 0; if(rb->chall) pkg_free(rb->chall); - rb->chall = 0; + rb->chall = 0; - rb->first_4bytes = 0; - rb->buf_len = 0; + rb->first_4bytes = 0; + rb->buf_len = 0; if(rb->buf) pkg_free(rb->buf); - rb->buf = 0; + rb->buf = 0; } /* read from a socket, an AAA message buffer */ -int do_read( int socket, rd_buf_t *p) +int do_read(int socket, rd_buf_t *p) { - unsigned char *ptr; - unsigned int wanted_len, len; + unsigned char *ptr; + unsigned int wanted_len, len; int n; - if (p->buf==0) - { + if(p->buf == 0) { wanted_len = sizeof(p->first_4bytes) - p->buf_len; - ptr = ((unsigned char*)&(p->first_4bytes)) + p->buf_len; - } - else - { + ptr = ((unsigned char *)&(p->first_4bytes)) + p->buf_len; + } else { wanted_len = p->first_4bytes - p->buf_len; ptr = p->buf + p->buf_len; } - while( (n=recv( socket, ptr, wanted_len, MSG_DONTWAIT ))>0 ) - { -// LM_DBG("(sock=%d) -> n=%d (expected=%d)\n", p->sock,n,wanted_len); + while((n = recv(socket, ptr, wanted_len, MSG_DONTWAIT)) > 0) { + // LM_DBG("(sock=%d) -> n=%d (expected=%d)\n", p->sock,n,wanted_len); p->buf_len += n; - if (nbuf==0) - { + } else { + if(p->buf == 0) { /* I just finished reading the first 4 bytes from msg */ - len = ntohl(p->first_4bytes)&0x00ffffff; - if (lenMAX_AAA_MSG_SIZE) - { + len = ntohl(p->first_4bytes) & 0x00ffffff; + if(len < AAA_MSG_HDR_SIZE || len > MAX_AAA_MSG_SIZE) { LM_ERR(" (sock=%d): invalid message " - "length read %u (%x)\n", socket, len, p->first_4bytes); + "length read %u (%x)\n", + socket, len, p->first_4bytes); goto error; } //LM_DBG("message length = %d(%x)\n",len,len); - if ( (p->buf=pkg_malloc(len))==0 ) - { + if((p->buf = pkg_malloc(len)) == 0) { PKG_MEM_ERROR; goto error; } - *((unsigned int*)p->buf) = p->first_4bytes; + *((unsigned int *)p->buf) = p->first_4bytes; p->buf_len = sizeof(p->first_4bytes); p->first_4bytes = len; /* update the reading position and len */ ptr = p->buf + p->buf_len; wanted_len = p->first_4bytes - p->buf_len; - } - else - { + } else { /* I finished reading the whole message */ - LM_DBG("(sock=%d): whole message read (len=%d)!\n", - socket, p->first_4bytes); + LM_DBG("(sock=%d): whole message read (len=%d)!\n", socket, + p->first_4bytes); return CONN_SUCCESS; } } } - if (n==0) - { + if(n == 0) { LM_INFO("(sock=%d): FIN received\n", socket); return CONN_CLOSED; } - if ( n==-1 && errno!=EINTR && errno!=EAGAIN ) - { - LM_ERR(" (sock=%d): n=%d , errno=%d (%s)\n", - socket, n, errno, strerror(errno)); + if(n == -1 && errno != EINTR && errno != EAGAIN) { + LM_ERR(" (sock=%d): n=%d , errno=%d (%s)\n", socket, n, errno, + strerror(errno)); goto error; } error: @@ -182,29 +165,27 @@ int do_read( int socket, rd_buf_t *p) /* send a message over an already opened TCP connection */ -int tcp_send_recv(int sockfd, char* buf, int len, rd_buf_t* rb, - unsigned int waited_id) +int tcp_send_recv( + int sockfd, char *buf, int len, rd_buf_t *rb, unsigned int waited_id) { int n, number_of_tries; fd_set active_fd_set, read_fd_set; struct timeval tv; unsigned long int result_code; AAAMessage *msg; - AAA_AVP *avp; + AAA_AVP *avp; char serviceType; unsigned int m_id; /* try to write the message to the Diameter client */ - while( (n=write(sockfd, buf, len))==-1 ) - { - if (errno==EINTR) + while((n = write(sockfd, buf, len)) == -1) { + if(errno == EINTR) continue; LM_ERR("write returned error: %s\n", strerror(errno)); return AAA_ERROR; } - if (n!=len) - { + if(n != len) { LM_ERR("write gave no error but wrote less than asked\n"); return AAA_ERROR; } @@ -214,19 +195,17 @@ int tcp_send_recv(int sockfd, char* buf, int len, rd_buf_t* rb, tv.tv_usec = MAX_WAIT_USEC; /* Initialize the set of active sockets. */ - FD_ZERO (&active_fd_set); - FD_SET (sockfd, &active_fd_set); + FD_ZERO(&active_fd_set); + FD_SET(sockfd, &active_fd_set); number_of_tries = 0; - while(number_of_triesbuf, rb->buf_len, 0); - if(!msg) - { - LM_ERR("message structure not obtained\n"); + msg = AAATranslateMessage(rb->buf, rb->buf_len, 0); + if(!msg) { + LM_ERR("message structure not obtained\n"); return AAA_ERROR; } - avp = AAAFindMatchingAVP(msg, NULL, AVP_SIP_MSGID, - vendorID, AAA_FORWARD_SEARCH); - if(!avp) - { + avp = AAAFindMatchingAVP( + msg, NULL, AVP_SIP_MSGID, vendorID, AAA_FORWARD_SEARCH); + if(!avp) { LM_ERR("AVP_SIP_MSGID not found\n"); return AAA_ERROR; } - m_id = *((unsigned int*)(avp->data.s)); + m_id = *((unsigned int *)(avp->data.s)); LM_DBG("######## m_id=%d\n", m_id); - if(m_id!=waited_id) - { - number_of_tries ++; + if(m_id != waited_id) { + number_of_tries++; LM_NOTICE("old message received\n"); continue; } @@ -274,39 +249,35 @@ int tcp_send_recv(int sockfd, char* buf, int len, rd_buf_t* rb, return AAA_TIMEOUT; next: /* Finally die correct answer */ - avp = AAAFindMatchingAVP(msg, NULL, AVP_Service_Type, - vendorID, AAA_FORWARD_SEARCH); - if(!avp) - { + avp = AAAFindMatchingAVP( + msg, NULL, AVP_Service_Type, vendorID, AAA_FORWARD_SEARCH); + if(!avp) { LM_ERR("AVP_Service_Type not found\n"); return AAA_ERROR; } serviceType = avp->data.s[0]; - result_code = ntohl(*((unsigned long int*)(msg->res_code->data.s))); - switch(result_code) - { - case AAA_SUCCESS: /* 2001 */ + result_code = ntohl(*((unsigned long int *)(msg->res_code->data.s))); + switch(result_code) { + case AAA_SUCCESS: /* 2001 */ rb->ret_code = AAA_AUTHORIZED; break; - case AAA_AUTHENTICATION_REJECTED: /* 4001 */ - if(serviceType!=SIP_AUTH_SERVICE) - { + case AAA_AUTHENTICATION_REJECTED: /* 4001 */ + if(serviceType != SIP_AUTH_SERVICE) { rb->ret_code = AAA_NOT_AUTHORIZED; break; } - avp = AAAFindMatchingAVP(msg, NULL, AVP_Challenge, - vendorID, AAA_FORWARD_SEARCH); - if(!avp) - { + avp = AAAFindMatchingAVP( + msg, NULL, AVP_Challenge, vendorID, AAA_FORWARD_SEARCH); + if(!avp) { LM_ERR("AVP_Response not found\n"); rb->ret_code = AAA_SRVERR; break; } - rb->chall_len=avp->data.len; - rb->chall = (unsigned char*)pkg_malloc(avp->data.len*sizeof(unsigned char)); - if(rb->chall == NULL) - { + rb->chall_len = avp->data.len; + rb->chall = (unsigned char *)pkg_malloc( + avp->data.len * sizeof(unsigned char)); + if(rb->chall == NULL) { PKG_MEM_ERROR; rb->ret_code = AAA_SRVERR; break; @@ -314,18 +285,16 @@ int tcp_send_recv(int sockfd, char* buf, int len, rd_buf_t* rb, memcpy(rb->chall, avp->data.s, avp->data.len); rb->ret_code = AAA_CHALLENGE; break; - case AAA_AUTHORIZATION_REJECTED: /* 5003 */ + case AAA_AUTHORIZATION_REJECTED: /* 5003 */ rb->ret_code = AAA_NOT_AUTHORIZED; break; - default: /* error */ + default: /* error */ rb->ret_code = AAA_SRVERR; } - - return rb->ret_code; + + return rb->ret_code; } void close_tcp_connection(int sfd) { shutdown(sfd, 2); } - - diff --git a/src/modules/auth_diameter/tcp_comm.h b/src/modules/auth_diameter/tcp_comm.h index 1499c9ebf24..8b2aa39f361 100644 --- a/src/modules/auth_diameter/tcp_comm.h +++ b/src/modules/auth_diameter/tcp_comm.h @@ -26,25 +26,25 @@ #include "defs.h" -#define MAX_WAIT_SEC 2 -#define MAX_WAIT_USEC 0 +#define MAX_WAIT_SEC 2 +#define MAX_WAIT_USEC 0 -#define MAX_AAA_MSG_SIZE 65536 +#define MAX_AAA_MSG_SIZE 65536 -#define CONN_SUCCESS 1 -#define CONN_ERROR -1 -#define CONN_CLOSED -2 +#define CONN_SUCCESS 1 +#define CONN_ERROR -1 +#define CONN_CLOSED -2 void reset_read_buffer(rd_buf_t *rb); -int do_read( int socket, rd_buf_t *p); +int do_read(int socket, rd_buf_t *p); -/* it initializes the TCP connection */ -int init_mytcp(char* host, int port); +/* it initializes the TCP connection */ +int init_mytcp(char *host, int port); /* send a message over an already opened TCP connection */ -int tcp_send_recv(int sockfd, char* buf, int len, rd_buf_t* resp, - unsigned int id); +int tcp_send_recv( + int sockfd, char *buf, int len, rd_buf_t *resp, unsigned int id); void close_tcp_connection(int sfd); diff --git a/src/modules/auth_diameter/user_in.c b/src/modules/auth_diameter/user_in.c index 7d9d51e2cef..0e85d8b901a 100644 --- a/src/modules/auth_diameter/user_in.c +++ b/src/modules/auth_diameter/user_in.c @@ -27,7 +27,7 @@ #include #include #include -#include +#include /* memory management */ #include "../../core/mem/mem.h" @@ -53,52 +53,51 @@ /* Get To header field URI */ -static inline int get_to_uri(struct sip_msg* m, str* u) +static inline int get_to_uri(struct sip_msg *m, str *u) { - // check that the header field is there and is parsed - if (!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1)|| (!m->to))) - { + // check that the header field is there and is parsed + if(!m->to && ((parse_headers(m, HDR_TO_F, 0) == -1) || (!m->to))) { LM_ERR("can't get To header field\n"); return -1; } - - u->s = ((struct to_body*)m->to->parsed)->uri.s; - u->len = ((struct to_body*)m->to->parsed)->uri.len; - + + u->s = ((struct to_body *)m->to->parsed)->uri.s; + u->len = ((struct to_body *)m->to->parsed)->uri.len; + return 0; } /* Get From header field URI */ -static inline int get_from_uri(struct sip_msg* m, str* u) +static inline int get_from_uri(struct sip_msg *m, str *u) { - // check that the header field is there and is parsed - if (parse_from_header(m) < 0) { + // check that the header field is there and is parsed + if(parse_from_header(m) < 0) { LM_ERR("failed to parse From body\n"); return -1; } - - u->s = ((struct to_body*)m->from->parsed)->uri.s; - u->len = ((struct to_body*)m->from->parsed)->uri.len; + + u->s = ((struct to_body *)m->from->parsed)->uri.s; + u->len = ((struct to_body *)m->from->parsed)->uri.len; return 0; } /* it checks if a user is member of a group */ -int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) +int diameter_is_user_in(struct sip_msg *_m, char *_hf, char *_group) { str *grp, user_name, user, domain, uri; - dig_cred_t* cred = 0; + dig_cred_t *cred = 0; int hf_type; - struct hdr_field* h; + struct hdr_field *h; struct sip_uri puri; AAAMessage *req; - AAA_AVP *avp; + AAA_AVP *avp; int ret; unsigned int tmp; char *p = NULL; - grp = (str*)_group; /* via fixup */ + grp = (str *)_group; /* via fixup */ hf_type = (int)(long)_hf; @@ -106,23 +105,20 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) uri.len = 0; /* extract the uri according with the _hf parameter */ - switch(hf_type) - { + switch(hf_type) { case 1: /* Request-URI */ uri = *(GET_RURI(_m)); - break; + break; case 2: /* To */ - if (get_to_uri(_m, &uri) < 0) - { + if(get_to_uri(_m, &uri) < 0) { LM_ERR("failed to extract To\n"); return -2; } break; case 3: /* From */ - if (get_from_uri(_m, &uri) < 0) - { + if(get_from_uri(_m, &uri) < 0) { LM_ERR("failed to extract From URI\n"); return -3; } @@ -130,95 +126,81 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) case 4: /* Credentials */ get_authorized_cred(_m->authorization, &h); - if (!h) - { + if(!h) { get_authorized_cred(_m->proxy_auth, &h); - if (!h) - { + if(!h) { LM_ERR("no authorized credentials found " - "(error in scripts)\n"); + "(error in scripts)\n"); return -4; } } - cred = &((auth_body_t*)(h->parsed))->digest; + cred = &((auth_body_t *)(h->parsed))->digest; break; } - if (hf_type != 4) - { - if (parse_uri(uri.s, uri.len, &puri) < 0) - { + if(hf_type != 4) { + if(parse_uri(uri.s, uri.len, &puri) < 0) { LM_ERR("failed to parse URI\n"); return -5; } user = puri.user; domain = puri.host; - } - else - { + } else { user = cred->username.user; domain = cred->realm; } - + /* user@domain mode */ - if (use_domain) - { + if(use_domain) { user_name.s = 0; user_name.len = user.len + domain.len; - if(user_name.len>0) - { + if(user_name.len > 0) { user_name.len++; - p = (char*)pkg_malloc(user_name.len); - if (!p) - { + p = (char *)pkg_malloc(user_name.len); + if(!p) { PKG_MEM_ERROR; return -6; } user_name.s = p; - + memcpy(user_name.s, user.s, user.len); - if(user.len>0) - { + if(user.len > 0) { user_name.s[user.len] = '@'; memcpy(user_name.s + user.len + 1, domain.s, domain.len); - } - else + } else memcpy(user_name.s, domain.s, domain.len); } - } - else + } else user_name = user; - - - if ( (req=AAAInMessage(AA_REQUEST, AAA_APP_NASREQ))==NULL) - { + + + if((req = AAAInMessage(AA_REQUEST, AAA_APP_NASREQ)) == NULL) { LM_ERR("can't create new AAA message!\n"); - if(p) pkg_free(p); + if(p) + pkg_free(p); return -1; } - + /* Username AVP */ - if( (avp=AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, - user_name.len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_User_Name, 0, 0, user_name.s, user_name.len, + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("no more pkg memory!\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } /* Usergroup AVP */ - if( (avp=AAACreateAVP(AVP_User_Group, 0, 0, grp->s, - grp->len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP( + AVP_User_Group, 0, 0, grp->s, grp->len, AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("no more pkg memory!\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } @@ -226,46 +208,43 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) /* SIP_MSGID AVP */ LM_DBG("******* m_id=%d\n", _m->id); tmp = _m->id; - if( (avp=AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char*)(&tmp), - sizeof(tmp), AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_SIP_MSGID, 0, 0, (char *)(&tmp), sizeof(tmp), + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("no more pkg memory!\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } /* ServiceType AVP */ - if( (avp=AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, - SERVICE_LEN, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Service_Type, 0, 0, SIP_GROUP_CHECK, SERVICE_LEN, + AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("no more pkg memory!\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } /* Destination-Realm AVP */ uri = *(GET_RURI(_m)); - if(parse_uri(uri.s, uri.len, &puri)<0) { + if(parse_uri(uri.s, uri.len, &puri) < 0) { LM_ERR("failed to parse uri\n"); goto error; } - if( (avp=AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s, - puri.host.len, AVP_DUPLICATE_DATA)) == 0) - { + if((avp = AAACreateAVP(AVP_Destination_Realm, 0, 0, puri.host.s, + puri.host.len, AVP_DUPLICATE_DATA)) + == 0) { LM_ERR("no more pkg memory!\n"); goto error; } - if( AAAAddAVPToMessage(req, avp, 0)!= AAA_ERR_SUCCESS) - { + if(AAAAddAVPToMessage(req, avp, 0) != AAA_ERR_SUCCESS) { LM_ERR("avp not added \n"); goto error1; } @@ -275,39 +254,34 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) #endif /* build an AAA message buffer */ - if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS) - { + if(AAABuildMsgBuffer(req) != AAA_ERR_SUCCESS) { LM_ERR("message buffer not created\n"); goto error; } - if(sockfd==AAA_NO_CONNECTION) - { + if(sockfd == AAA_NO_CONNECTION) { sockfd = init_mytcp(diameter_client_host, diameter_client_port); - if(sockfd==AAA_NO_CONNECTION) - { + if(sockfd == AAA_NO_CONNECTION) { LM_ERR("failed to reconnect to Diameter client\n"); goto error; } } - ret =tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id); + ret = tcp_send_recv(sockfd, req->buf.s, req->buf.len, rb, _m->id); - if(ret == AAA_CONN_CLOSED) - { + if(ret == AAA_CONN_CLOSED) { LM_NOTICE("connection to Diameter client closed." - "It will be reopened by the next request\n"); + "It will be reopened by the next request\n"); close(sockfd); sockfd = AAA_NO_CONNECTION; goto error; } - if(ret != AAA_USER_IN_GROUP) - { + if(ret != AAA_USER_IN_GROUP) { LM_ERR("message sending to the DIAMETER backend authorization server" - "failed or user is not in group\n"); + "failed or user is not in group\n"); goto error; } - + AAAFreeMessage(&req); return 1; @@ -316,5 +290,4 @@ int diameter_is_user_in(struct sip_msg* _m, char* _hf, char* _group) error: AAAFreeMessage(&req); return -1; - } \ No newline at end of file