/[resiprocate]/main/resip/dum/RADIUSServerAuthManager.cxx
ViewVC logotype

Contents of /main/resip/dum/RADIUSServerAuthManager.cxx

Parent Directory Parent Directory | Revision Log Revision Log


Revision 10848 - (show annotations) (download)
Sun Jan 12 10:43:21 2014 UTC (5 years, 10 months ago) by Dpocock
File size: 7416 byte(s)
resip/dum: add support for statically configured auth realm
1 #ifdef HAVE_CONFIG_H
2 #include "config.h"
3 #endif
4
5
6 #include <sstream>
7
8 #include "resip/dum/ChallengeInfo.hxx"
9 #include "resip/dum/ClientInviteSession.hxx"
10 #include "resip/dum/DialogUsageManager.hxx"
11 #include "resip/dum/UserAuthInfo.hxx"
12 #include "resip/dum/RADIUSServerAuthManager.hxx"
13 #include "resip/stack/ExtensionHeader.hxx"
14 #include "rutil/Data.hxx"
15 #include "rutil/Logger.hxx"
16 #include "rutil/MD5Stream.hxx"
17
18 #ifdef USE_RADIUS_CLIENT
19
20 using namespace resip;
21 using namespace std;
22
23 #define RESIPROCATE_SUBSYSTEM Subsystem::DUM
24
25 RADIUSServerAuthManager::RADIUSServerAuthManager(
26 resip::DialogUsageManager& dum,
27 TargetCommand::Target& target,
28 const Data& configurationFile,
29 bool challengeThirdParties,
30 const Data& staticRealm) :
31 ServerAuthManager(dum, target, challengeThirdParties, staticRealm),
32 dum(dum)
33 {
34 RADIUSDigestAuthenticator::init(
35 configurationFile.empty() ? 0 : configurationFile.c_str());
36 }
37
38 RADIUSServerAuthManager::~RADIUSServerAuthManager()
39 {
40 }
41
42 void
43 RADIUSServerAuthManager::requestCredential(
44 const resip::Data& user,
45 const resip::Data& realm,
46 const resip::SipMessage& msg,
47 const resip::Auth& auth,
48 const resip::Data& transactionId)
49 {
50 DebugLog(<<"RADIUSServerAuthManager::requestCredential, uri = " << msg.header(h_RequestLine).uri() << " authUser = " << user);
51
52 MyRADIUSDigestAuthListener *radiusListener = NULL;
53 try
54 {
55 radiusListener = new MyRADIUSDigestAuthListener(user, realm, dum, transactionId);
56 Data radiusUser = user;
57 DebugLog(<< "radiusUser = " << radiusUser.c_str() << ", " << "user = " << user.c_str());
58
59 assert(msg.isRequest());
60 Data reqUri = auth.param(p_uri);
61 Data reqMethod = Data(resip::getMethodName(msg.header(h_RequestLine).getMethod()));
62
63 RADIUSDigestAuthenticator *radius = NULL;
64 if(auth.exists(p_qop))
65 {
66 if(auth.param(p_qop) == Symbols::auth)
67 {
68 Data myQop("auth");
69 radius = new RADIUSDigestAuthenticator(
70 radiusUser, user, realm, auth.param(p_nonce),
71 reqUri, reqMethod, myQop, auth.param(p_nc), auth.param(p_cnonce),
72 auth.param(p_response),
73 radiusListener);
74 }
75 else if(auth.param(p_qop) == Symbols::authInt)
76 {
77 Data myQop("auth-int");
78 radius = new RADIUSDigestAuthenticator(
79 radiusUser, user, realm, auth.param(p_nonce),
80 reqUri, reqMethod, myQop, auth.param(p_nc), auth.param(p_cnonce),
81 auth.param(p_opaque),
82 auth.param(p_response),
83 radiusListener);
84 }
85 }
86 if(radius == NULL)
87 {
88 radius = new RADIUSDigestAuthenticator(
89 radiusUser, user, realm, auth.param(p_nonce),
90 reqUri, reqMethod,
91 auth.param(p_response),
92 radiusListener);
93 }
94 int result = radius->doRADIUSCheck();
95 if(result < 0)
96 {
97 ErrLog(<<"RADIUSServerAuthManager::requestCredential, uri = " << msg.header(h_RequestLine).uri() <<" failed to start thread, error = " << result);
98 }
99 }
100 catch(...)
101 {
102 WarningLog(<<"RADIUSServerAuthManager::requestCredential, uri = " << msg.header(h_RequestLine).uri() <<" exception");
103 delete radiusListener;
104 }
105 }
106
107 bool
108 RADIUSServerAuthManager::useAuthInt() const
109 {
110 return true;
111 }
112
113 void
114 RADIUSServerAuthManager::onAuthSuccess(const resip::SipMessage& msg)
115 {
116 }
117
118 void
119 RADIUSServerAuthManager::onAuthFailure(resip::ServerAuthManager::AuthFailureReason reason, const resip::SipMessage& msg)
120 {
121 Data failureMsg("unknown failure");
122 switch(reason) {
123 case InvalidRequest:
124 failureMsg = Data("InvalidRequest");
125 break;
126 case BadCredentials:
127 failureMsg = Data("BadCredentials");
128 break;
129 case Error:
130 failureMsg = Data("Error");
131 break;
132 }
133 Tuple sourceTuple = msg.getSource();
134 Data sourceIp = Data(inet_ntoa(sourceTuple.toGenericIPAddress().v4Address.sin_addr));
135 WarningLog(<<"auth failure: " << failureMsg
136 << ": src IP=" << sourceIp
137 << ", uri=" << msg.header(h_RequestLine).uri().user()
138 << ", from=" <<msg.header(h_From).uri().user()
139 << ", to=" << msg.header(h_To).uri().user());
140 }
141
142 MyRADIUSDigestAuthListener::MyRADIUSDigestAuthListener(
143 const resip::Data& user,
144 const resip::Data& realm,
145 resip::TransactionUser& tu,
146 const resip::Data& transactionId) :
147 user(user),
148 realm(realm),
149 tu(tu),
150 transactionId(transactionId)
151 {
152 }
153
154 MyRADIUSDigestAuthListener::~MyRADIUSDigestAuthListener()
155 {
156 }
157
158 void
159 MyRADIUSDigestAuthListener::onSuccess(const resip::Data& rpid)
160 {
161 DebugLog(<<"MyRADIUSDigestAuthListener::onSuccess");
162 if(!rpid.empty())
163 {
164 DebugLog(<<"MyRADIUSDigestAuthListener::onSuccess rpid = " << rpid.c_str());
165 }
166 else
167 {
168 DebugLog(<<"MyRADIUSDigestAuthListener::onSuccess, no rpid");
169 }
170 UserAuthInfo *uai = new UserAuthInfo(user, realm, UserAuthInfo::DigestAccepted, transactionId);
171 tu.post(uai);
172 }
173
174 void
175 MyRADIUSDigestAuthListener::onAccessDenied()
176 {
177 DebugLog(<<"MyRADIUSDigestAuthListener::onAccessDenied");
178 UserAuthInfo *uai = new UserAuthInfo(user, realm, UserAuthInfo::DigestNotAccepted, transactionId);
179 tu.post(uai);
180 }
181
182 void
183 MyRADIUSDigestAuthListener::onError()
184 {
185 WarningLog(<<"MyRADIUSDigestAuthListener::onError");
186 UserAuthInfo *uai = new UserAuthInfo(user, realm, UserAuthInfo::Error, transactionId);
187 tu.post(uai);
188 }
189
190 #endif
191
192 /* ====================================================================
193 *
194 * Copyright 2008-2013 Daniel Pocock http://danielpocock.com
195 * All rights reserved.
196 *
197 * Redistribution and use in source and binary forms, with or without
198 * modification, are permitted provided that the following conditions
199 * are met:
200 *
201 * 1. Redistributions of source code must retain the above copyright
202 * notice, this list of conditions and the following disclaimer.
203 *
204 * 2. Redistributions in binary form must reproduce the above copyright
205 * notice, this list of conditions and the following disclaimer in
206 * the documentation and/or other materials provided with the
207 * distribution.
208 *
209 * 3. Neither the name of the author(s) nor the names of any contributors
210 * may be used to endorse or promote products derived from this software
211 * without specific prior written permission.
212 *
213 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS "AS IS" AND
214 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
215 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
216 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE
217 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
218 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
219 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
220 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
221 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
222 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
223 * SUCH DAMAGE.
224 *
225 * ====================================================================
226 *
227 *
228 */
229

webmaster AT resiprocate DOT org
ViewVC Help
Powered by ViewVC 1.1.27