[sr-dev] git:master: auth_db(k): multi-domain fixes for auth_check(...)
Daniel-Constantin Mierla
miconda at gmail.com
Thu May 10 13:07:26 CEST 2012
Module: sip-router
Branch: master
Commit: 2d35cca6583a9ac556fe2dbeb9740d9fcf8e33e6
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=2d35cca6583a9ac556fe2dbeb9740d9fcf8e33e6
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Thu May 10 13:04:09 2012 +0200
auth_db(k): multi-domain fixes for auth_check(...)
- check domain parts in from/to based on use_domain parameter
---
modules_k/auth_db/authorize.c | 47 +++++++++++++++++++++++++++++++++-------
1 files changed, 38 insertions(+), 9 deletions(-)
diff --git a/modules_k/auth_db/authorize.c b/modules_k/auth_db/authorize.c
index 877f506..909365c 100644
--- a/modules_k/auth_db/authorize.c
+++ b/modules_k/auth_db/authorize.c
@@ -44,6 +44,7 @@
#include "../../parser/parser_f.h"
#include "../../parser/parse_from.h"
#include "../../parser/parse_to.h"
+#include "../../parser/parse_uri.h"
#include "../../usr_avp.h"
#include "../../mod_fix.h"
#include "../../mem/mem.h"
@@ -319,7 +320,9 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
int iflags;
int ret;
hdr_field_t *hdr;
- sip_uri_t *uri;
+ sip_uri_t *uri = NULL;
+ sip_uri_t *turi = NULL;
+ sip_uri_t *furi = NULL;
if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) {
return AUTH_OK;
@@ -367,17 +370,43 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) {
hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth;
srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
- if(_m->REQ_METHOD==METHOD_REGISTER) {
- if((uri=parse_to_uri(_m))==NULL)
+
+ if((furi=parse_from_uri(_m))==NULL)
+ return AUTH_ERROR;
+
+ if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
+ if((turi=parse_to_uri(_m))==NULL)
return AUTH_ERROR;
+ uri = turi;
} else {
- if((uri=parse_from_uri(_m))==NULL)
- return AUTH_ERROR;
+ uri = furi;
+ }
+ if(srealm.len!=uri->user.len
+ || strncmp(srealm.s, uri->user.s, srealm.len)!=0)
+ return AUTH_USER_MISMATCH;
+
+ if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
+ /* check from==to */
+ if(furi->user.len!=turi->user.len
+ || strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
+ return AUTH_USER_MISMATCH;
+ if(use_domain!=0 && (furi->host.len!=turi->host.len
+ || strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
+ return AUTH_USER_MISMATCH;
+ /* check r-uri==from for publish */
+ if(_m->REQ_METHOD==METHOD_PUBLISH) {
+ if(parse_sip_msg_uri(_m)<0)
+ return AUTH_ERROR;
+ uri = &_m->parsed_uri;
+ if(furi->user.len!=uri->user.len
+ || strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
+ return AUTH_USER_MISMATCH;
+ if(use_domain!=0 && (furi->host.len!=uri->host.len
+ || strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
+ return AUTH_USER_MISMATCH;
+ }
}
- if(srealm.len==uri->user.len
- && strncmp(srealm.s, uri->user.s, srealm.len)==0)
- return ret;
- return AUTH_USER_MISMATCH;
+ return AUTH_OK;
}
return ret;
More information about the sr-dev
mailing list