git:master: auth_db(k): multi-domain fixes for auth_check(...) - sr-dev

10 May 2012

Module: sip-router
Branch: master
Commit: 2d35cca6583a9ac556fe2dbeb9740d9fcf8e33e6
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=2d35cca6...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date:   Thu May 10 13:04:09 2012 +0200
auth_db(k): multi-domain fixes for auth_check(...)
- check domain parts in from/to based on use_domain parameter
---
modules_k/auth_db/authorize.c |   47 +++++++++++++++++++++++++++++++++-------
 1 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/modules_k/auth_db/authorize.c b/modules_k/auth_db/authorize.c
index 877f506..909365c 100644
--- a/modules_k/auth_db/authorize.c
+++ b/modules_k/auth_db/authorize.c
@@ -44,6 +44,7 @@
 #include "../../parser/parser_f.h"
 #include "../../parser/parse_from.h"
 #include "../../parser/parse_to.h"
+#include "../../parser/parse_uri.h"
 #include "../../usr_avp.h"
 #include "../../mod_fix.h"
 #include "../../mem/mem.h"
@@ -319,7 +320,9 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
    int iflags;
    int ret;
    hdr_field_t *hdr;
-	sip_uri_t *uri;
+	sip_uri_t *uri = NULL;
+	sip_uri_t *turi = NULL;
+	sip_uri_t *furi = NULL;
if ((_m->REQ_METHOD == METHOD_ACK) || (_m->REQ_METHOD == METHOD_CANCEL)) {
    	return AUTH_OK;
@@ -367,17 +370,43 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
    if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) {
    	hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth;
    	srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
-		if(_m->REQ_METHOD==METHOD_REGISTER) {
-			if((uri=parse_to_uri(_m))==NULL)
+			
+		if((furi=parse_from_uri(_m))==NULL)
+			return AUTH_ERROR;
+		
+		if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
+			if((turi=parse_to_uri(_m))==NULL)
    			return AUTH_ERROR;
+			uri = turi;
    	} else {
-			if((uri=parse_from_uri(_m))==NULL)
-				return AUTH_ERROR;
+			uri = furi;
+		}
+		if(srealm.len!=uri->user.len
+					|| strncmp(srealm.s, uri->user.s, srealm.len)!=0)
+			return AUTH_USER_MISMATCH;
+
+		if(_m->REQ_METHOD==METHOD_REGISTER || _m->REQ_METHOD==METHOD_PUBLISH) {
+			/* check from==to */
+			if(furi->user.len!=turi->user.len
+					|| strncmp(furi->user.s, turi->user.s, furi->user.len)!=0)
+				return AUTH_USER_MISMATCH;
+			if(use_domain!=0 && (furi->host.len!=turi->host.len
+					|| strncmp(furi->host.s, turi->host.s, furi->host.len)!=0))
+				return AUTH_USER_MISMATCH;
+			/* check r-uri==from for publish */
+			if(_m->REQ_METHOD==METHOD_PUBLISH) {
+				if(parse_sip_msg_uri(_m)<0)
+					return AUTH_ERROR;
+				uri = &_m->parsed_uri;
+				if(furi->user.len!=uri->user.len
+						|| strncmp(furi->user.s, uri->user.s, furi->user.len)!=0)
+					return AUTH_USER_MISMATCH;
+				if(use_domain!=0 && (furi->host.len!=uri->host.len
+						|| strncmp(furi->host.s, uri->host.s, furi->host.len)!=0))
+					return AUTH_USER_MISMATCH;
+				}
    	}
-		if(srealm.len==uri->user.len
-					&& strncmp(srealm.s, uri->user.s, srealm.len)==0)
-			return ret;
-		return AUTH_USER_MISMATCH;
+		return AUTH_OK;
    }
return ret;

    