Accueil Explorer Aide
Connexion
Kamailio
/
kamailio
miroir de https://github.com/kamailio/kamailio.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

auth_db(k): multi-domain fixes for auth_check(...)

- check domain parts in from/to based on use_domain parameter
Daniel-Constantin Mierla il y a 13 ans
Parent
e2f6540818
commit
2d35cca658
1 fichiers modifiés avec 38 ajouts et 9 suppressions
Vue séparée Afficher les stats Diff
  1. 38 9
      modules_k/auth_db/authorize.c

+ 38 - 9
modules_k/auth_db/authorize.c
Voir le fichier 

@@ -44,6 +44,7 @@
 
 #include "../../parser/parser_f.h"
 
 #include "../../parser/parse_from.h"
 
 #include "../../parser/parse_to.h"
 
+#include "../../parser/parse_uri.h"
 
 #include "../../usr_avp.h"
 
 #include "../../mod_fix.h"
 
 #include "../../mem/mem.h"
 
@@ -319,7 +320,9 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
 
 	int iflags;
 
 	int ret;
 
 	hdr_field_t *hdr;
 
-	sip_uri_t *uri;
 
+	sip_uri_t *uri = NULL;
 
+	sip_uri_t *turi = NULL;
 
+	sip_uri_t *furi = NULL;
 
 
 	if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) {
 
 		return AUTH_OK;
 
@@ -367,17 +370,43 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
 
 	if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) {
 
 		hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth;
 
 		srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
 
-		if(_m->REQ_METHOD==METHOD_REGISTER) {
 
-			if((uri=parse_to_uri(_m))==NULL)
 
+			
+		if((furi=parse_from_uri(_m))==NULL)
 
+			return AUTH_ERROR;
 
+		
+		if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
 
+			if((turi=parse_to_uri(_m))==NULL)
 
 				return AUTH_ERROR;
 
+			uri = turi;
 
 		} else {
 
-			if((uri=parse_from_uri(_m))==NULL)
 
-				return AUTH_ERROR;
 
+			uri = furi;
 
+		}
 
+		if(srealm.len!=uri->user.len
 
+					|| strncmp(srealm.s, uri->user.s, srealm.len)!=0)
 
+			return AUTH_USER_MISMATCH;
 
+
 
+		if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
 
+			/* check from==to */
 
+			if(furi->user.len!=turi->user.len
 
+					|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
 
+				return AUTH_USER_MISMATCH;
 
+			if(use_domain!=0 && (furi->host.len!=turi->host.len
 
+					|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
 
+				return AUTH_USER_MISMATCH;
 
+			/* check r-uri==from for publish */
 
+			if(_m->REQ_METHOD==METHOD_PUBLISH) {
 
+				if(parse_sip_msg_uri(_m)<0)
 
+					return AUTH_ERROR;
 
+				uri = &_m->parsed_uri;
 
+				if(furi->user.len!=uri->user.len
 
+						|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
 
+					return AUTH_USER_MISMATCH;
 
+				if(use_domain!=0 && (furi->host.len!=uri->host.len
 
+						|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
 
+					return AUTH_USER_MISMATCH;
 
+				}
 
 		}
 
-		if(srealm.len==uri->user.len
 
-					&& strncmp(srealm.s, uri->user.s, srealm.len)==0)
 
-			return ret;
 
-		return AUTH_USER_MISMATCH;
 
+		return AUTH_OK;
 
 	}
 
 
 	return ret;