From cf043326abc792317335954fe75927f8294fa40e Mon Sep 17 00:00:00 2001 From: Daniel-Constantin Mierla Date: Mon, 4 Dec 2017 16:54:52 +0100 Subject: [PATCH] auth_radius: exported functions to kemi framework --- src/modules/auth_radius/auth_radius.c | 40 ++++++++++++++ src/modules/auth_radius/authorize.c | 79 ++++++++++++++++++++++----- src/modules/auth_radius/authorize.h | 5 ++ 3 files changed, 109 insertions(+), 15 deletions(-) diff --git a/src/modules/auth_radius/auth_radius.c b/src/modules/auth_radius/auth_radius.c index b780cdd84fc..a521905f385 100644 --- a/src/modules/auth_radius/auth_radius.c +++ b/src/modules/auth_radius/auth_radius.c @@ -31,6 +31,7 @@ #include "../../core/dprint.h" #include "../../core/config.h" #include "../../core/mod_fix.h" +#include "../../core/kemi.h" #include "../misc_radius/radius.h" #include "../../core/mem/mem.h" #include "auth_radius.h" @@ -185,3 +186,42 @@ static int mod_init(void) return 0; } + +/** + * + */ +/* clang-format off */ +static sr_kemi_t sr_kemi_auth_radius_exports[] = { + { str_init("auth_radius"), str_init("proxy_authorize"), + SR_KEMIP_INT, ki_radius_proxy_authorize, + { SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, + { str_init("auth_radius"), str_init("proxy_authorize_user"), + SR_KEMIP_INT, ki_radius_proxy_authorize_user, + { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_NONE, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, + { str_init("auth_radius"), str_init("www_authorize"), + SR_KEMIP_INT, ki_radius_www_authorize, + { SR_KEMIP_STR, SR_KEMIP_NONE, SR_KEMIP_NONE, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, + { str_init("auth_radius"), str_init("www_authorize_user"), + SR_KEMIP_INT, ki_radius_www_authorize_user, + { SR_KEMIP_STR, SR_KEMIP_STR, SR_KEMIP_NONE, + SR_KEMIP_NONE, SR_KEMIP_NONE, SR_KEMIP_NONE } + }, + + { {0, 0}, {0, 0}, 0, NULL, { 0, 0, 0, 0, 0, 0 } } +}; +/* clang-format on */ + +/** + * + */ +int mod_register(char *path, int *dlflags, void *p1, void *p2) +{ + sr_kemi_modules_add(sr_kemi_auth_radius_exports); + return 0; +} diff --git a/src/modules/auth_radius/authorize.c b/src/modules/auth_radius/authorize.c index 8a5cfd580ea..20d8f30d8e3 100644 --- a/src/modules/auth_radius/authorize.c +++ b/src/modules/auth_radius/authorize.c @@ -70,26 +70,23 @@ static inline int get_uri_user(struct sip_msg *_m, str **_uri_user) /* * Authorize digest credentials */ -static inline int authorize(struct sip_msg *_msg, gparam_t *_realm, - gparam_t *_uri_user, hdr_types_t _hftype) +static int ki_authorize(sip_msg_t *_msg, str *srealm, + str *suser, hdr_types_t _hftype) { int res; auth_cfg_result_t ret; struct hdr_field *h; auth_body_t *cred; str *uri_user; - str user, puser, domain; + str user = STR_NULL, domain; cred = 0; ret = -1; user.s = 0; /* get pre_auth domain from _realm pvar (if exists) */ - if(_realm) { - if(fixup_get_svalue(_msg, _realm, &domain)<0) { - LM_ERR("failed to get realm value\n"); - return -5; - } + if(srealm) { + domain = *srealm; } else { domain.len = 0; domain.s = 0; @@ -135,14 +132,9 @@ static inline int authorize(struct sip_msg *_msg, gparam_t *_realm, /* get uri_user from _uri_user pvap (if exists) or from To/From URI */ - if(_uri_user) { - if(fixup_get_svalue(_msg, _uri_user, &puser)<0) { - LM_ERR("cannot get uri user value\n"); - ret = AUTH_ERROR; - goto end; - } + if(suser != NULL && suser->len > 0) { res = radius_authorize_sterman(_msg, &cred->digest, - &_msg->first_line.u.request.method, &puser); + &_msg->first_line.u.request.method, suser); } else { if(get_uri_user(_msg, &uri_user) < 0) { LM_ERR("To/From URI not found\n"); @@ -198,6 +190,63 @@ static inline int authorize(struct sip_msg *_msg, gparam_t *_realm, } +/* + * Authorize digest credentials + */ +static inline int authorize(struct sip_msg *_msg, gparam_t *_realm, + gparam_t *_uri_user, hdr_types_t _hftype) +{ + str srealm = STR_NULL; + str suser = STR_NULL; + + /* get pre_auth domain from _realm param (if exists) */ + if(_realm) { + if(fixup_get_svalue(_msg, _realm, &srealm)<0) { + LM_ERR("failed to get realm value\n"); + return -5; + } + } + if(_uri_user) { + if(fixup_get_svalue(_msg, _uri_user, &suser)<0) { + LM_ERR("cannot get uri user value\n"); + return AUTH_ERROR; + } + } + return ki_authorize(_msg, &srealm, &suser, _hftype); +} + +/** + * + */ +int ki_radius_proxy_authorize(sip_msg_t *msg, str *srealm) +{ + return ki_authorize(msg, srealm, NULL, HDR_PROXYAUTH_T); +} + +/** + * + */ +int ki_radius_proxy_authorize_user(sip_msg_t *msg, str *srealm, str *suser) +{ + return ki_authorize(msg, srealm, suser, HDR_PROXYAUTH_T); +} + +/** + * + */ +int ki_radius_www_authorize(sip_msg_t *msg, str *srealm) +{ + return ki_authorize(msg, srealm, NULL, HDR_AUTHORIZATION_T); +} + +/** + * + */ +int ki_radius_www_authorize_user(sip_msg_t *msg, str *srealm, str *suser) +{ + return ki_authorize(msg, srealm, suser, HDR_AUTHORIZATION_T); +} + /* * Authorize using Proxy-Authorize header field (no URI user parameter given) */ diff --git a/src/modules/auth_radius/authorize.h b/src/modules/auth_radius/authorize.h index 96e958d672e..3944e0e6000 100644 --- a/src/modules/auth_radius/authorize.h +++ b/src/modules/auth_radius/authorize.h @@ -51,4 +51,9 @@ int radius_www_authorize_1(struct sip_msg *_msg, char *_realm, char *_s2); int radius_www_authorize_2(struct sip_msg *_msg, char *_realm, char *_uri_user); +int ki_radius_proxy_authorize(sip_msg_t *msg, str *srealm); +int ki_radius_proxy_authorize_user(sip_msg_t *msg, str *srealm, str *suser); +int ki_radius_www_authorize(sip_msg_t *msg, str *srealm); +int ki_radius_www_authorize_user(sip_msg_t *msg, str *srealm, str *suser); + #endif /* AUTHORIZE_H */