Commit 26c50592 authored by Mickaël Turnel's avatar Mickaël Turnel

Changed passwd_algo_t structure to be general instead of having only clrtxt, md5 and sha256

parent 2722eb3f
......@@ -25,31 +25,43 @@
using namespace std;
void FileAuthDb::parsePasswd(vector<string> &pass, string user, string domain, vector<passwd_algo_t> &password){
// parse password and calcul passmd5, passsha256 if there is clrtxt pass.
for (const auto &passwd : pass) {
if (passwd.substr(0, 7) == "clrtxt:") {
passwd_algo_t clrtxt, md5, sha256;
clrtxt.pass = passwd.substr(7);
clrtxt.algo = "CLRTXT";
password.push_back(clrtxt);
void FileAuthDb::parsePasswd(string* pass, string user, string domain, passwd_algo_t* password){
// parse password and calcul passmd5, passsha256 if there is clrtxt pass.
int i;
for(i=0;i<3;i++){
if(pass[i].substr(0,7)=="clrtxt:"){
password->pass = pass[i].substr(7);
}
}
string input;
input = user+":"+domain+":"+clrtxt.pass;
if(password->pass !=""){
string input;
input = user+":"+domain+":"+password->pass;
password->passmd5=syncMd5(input.c_str(), 16);
password->passsha256=syncSha256(input.c_str(), 32);
return;
md5.pass = syncMd5(input.c_str(), 16);
md5.algo = "MD5";
password.push_back(md5);
sha256.pass = syncSha256(input.c_str(), 32);
sha256.algo = "SHA256";
password.push_back(sha256);
return;
}
}
for(i=0;i<3;i++){
if(pass[i].substr(0,4)=="md5:"){
password->passmd5 = pass[i].substr(4);
for (const auto &passwd : pass) {
if (passwd.substr(0, 4) == "md5:") {
passwd_algo_t md5;
md5.pass = passwd.substr(4);
md5.algo = "MD5";
password.push_back(md5);
}
if(pass[i].substr(0,7)=="sha256:"){
password->passsha256 = pass[i].substr(7);
if (passwd.substr(0, 7) == "sha256:") {
passwd_algo_t sha256;
sha256.pass = passwd.substr(7);
sha256.algo = "SHA-256";
password.push_back(sha256);
}
}
}
......@@ -86,11 +98,11 @@ void FileAuthDb::getPasswordFromBackend(const std::string &id, const std::string
string key(createPasswordKey(id, authid));
passwd_algo_t passwd;
vector<passwd_algo_t> passwd;
if (getCachedPassword(key, domain, passwd) == VALID_PASS_FOUND) {
res = AuthDbResult::PASSWORD_FOUND;
}
if(listener_ref) listener_ref->finish_verify_algos(passwd);
if (listener_ref) listener_ref->finishVerifyAlgos(passwd);
if (listener) listener->onResult(res, passwd);
}
......@@ -110,13 +122,12 @@ void FileAuthDb::sync() {
string line;
string user;
string domain;
passwd_algo_t password;
vector<passwd_algo_t> passwords;
string userid;
string phone;
string pass[3];
vector<string> pass;
string version;
string passwd_tag;
int i;
LOGD("Opening file %s", mFileString.c_str());
file.open(mFileString);
......@@ -140,31 +151,28 @@ void FileAuthDb::sync() {
ss.str(line);
user.clear();
domain.clear();
pass[0].clear();
pass[1].clear();
pass[2].clear();
password.pass.clear();
password.passmd5.clear();
password.passsha256.clear();
pass.clear();
passwords.clear();
userid.clear();
phone.clear();
try {
getline(ss, user, '@');
getline(ss, domain, ' ');
for(i=0;i<3 && (!ss.eof());i++){
while (!ss.eof()) {
passwd_tag.clear();
getline(ss, passwd_tag, ' ');
if(passwd_tag!=";")
pass[i]=strdup(passwd_tag.c_str());
else break;
if (passwd_tag != ";")
pass.push_back(passwd_tag);
else
break;
}
if(passwd_tag!=";"){
if(passwd_tag != ";"){
if(ss.eof())
LOGA("In userdb.conf, the section of password must end with ';'");
else {
passwd_tag.clear();
getline(ss, passwd_tag, ' ');
if((!ss.eof())&&(passwd_tag!=";"))
if((!ss.eof()) && (passwd_tag != ";"))
LOGA("In userdb.conf, the section of password must end with ';'");
}
}
......@@ -182,14 +190,14 @@ void FileAuthDb::sync() {
}
cacheUserWithPhone(phone, domain, user);
parsePasswd(pass,user,domain,&password);
parsePasswd(pass, user, domain, passwords);
if (find(domains.begin(), domains.end(), domain) != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
cachePassword(key, domain, passwords, mCacheExpire);
} else if (find(domains.begin(), domains.end(), "*") != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
cachePassword(key, domain, passwords, mCacheExpire);
} else {
LOGW("Not handled domain: %s", domain.c_str());
}
......
......@@ -26,7 +26,7 @@ AuthDbBackend *AuthDbBackend::sUnique = NULL;
AuthDbListener::~AuthDbListener(){
}
void AuthDbListener::onResults(list<std::string> &phones, set<std::string> &users) {
void AuthDbListener::onResults(list<string> &phones, set<string> &users) {
}
......@@ -35,11 +35,11 @@ public:
FixedAuthDb() {
}
virtual void getUserWithPhoneFromBackend(const std::string & phone, const std::string &domain, AuthDbListener *listener) {
virtual void getUserWithPhoneFromBackend(const string & phone, const string &domain, AuthDbListener *listener) {
if (listener) listener->onResult(PASSWORD_FOUND, "user@domain.com");
}
virtual void getPasswordFromBackend(const std::string &id, const std::string &domain,
const std::string &authid, AuthDbListener *listener, AuthDbListener *listener_ref) {
virtual void getPasswordFromBackend(const string &id, const string &domain,
const string &authid, AuthDbListener *listener, AuthDbListener *listener_ref) {
if (listener) listener->onResult(PASSWORD_FOUND, "fixed");
}
static void declareConfig(GenericStruct *mc){};
......@@ -95,15 +95,13 @@ string AuthDbBackend::createPasswordKey(const string &user, const string &auth_u
return key.str();
}
AuthDbBackend::CacheResult AuthDbBackend::getCachedPassword(const string &key, const string &domain, passwd_algo_t &pass) {
AuthDbBackend::CacheResult AuthDbBackend::getCachedPassword(const string &key, const string &domain, vector<passwd_algo_t> &pass) {
time_t now = getCurrentTime();
auto &passwords = mCachedPasswords[domain];
unique_lock<mutex> lck(mCachedPasswordMutex);
auto it = passwords.find(key);
if (it != passwords.end()) {
pass.pass.assign(it->second.pass.pass);
pass.passmd5.assign(it->second.pass.passmd5);
pass.passsha256.assign(it->second.pass.passsha256);
pass = it->second.pass;
if (now < it->second.expire_date) {
return VALID_PASS_FOUND;
} else {
......@@ -118,7 +116,7 @@ void AuthDbBackend::clearCache() {
mCachedPasswords.clear();
}
bool AuthDbBackend::cachePassword(const string &key, const string &domain, const passwd_algo_t &pass, int expires) {
bool AuthDbBackend::cachePassword(const string &key, const string &domain, const vector<passwd_algo_t> &pass, int expires) {
time_t now = getCurrentTime();
map<string, CachedPassword> &passwords = mCachedPasswords[domain];
unique_lock<mutex> lck(mCachedPasswordMutex);
......@@ -134,7 +132,7 @@ bool AuthDbBackend::cachePassword(const string &key, const string &domain, const
return true;
}
bool AuthDbBackend::cacheUserWithPhone(const std::string &phone, const std::string &domain, const std::string &user) {
bool AuthDbBackend::cacheUserWithPhone(const string &phone, const string &domain, const string &user) {
unique_lock<mutex> lck(mCachedUserWithPhoneMutex);
if (!phone.empty()) {
......@@ -148,11 +146,11 @@ bool AuthDbBackend::cacheUserWithPhone(const std::string &phone, const std::stri
return true;
}
void AuthDbBackend::getPassword(const std::string &user, const std::string &host, const std::string &auth_username,
void AuthDbBackend::getPassword(const string &user, const string &host, const string &auth_username,
AuthDbListener *listener) {
// Check for usable cached password
string key(createPasswordKey(user, auth_username));
passwd_algo_t pass;
vector<passwd_algo_t> pass;
switch (getCachedPassword(key, host, pass)) {
case VALID_PASS_FOUND:
if (listener) listener->onResult(AuthDbResult::PASSWORD_FOUND, pass);
......@@ -170,15 +168,16 @@ void AuthDbBackend::getPassword(const std::string &user, const std::string &host
getPasswordFromBackend(user, host, auth_username, listener, NULL);
}
void AuthDbBackend::getPasswordForAlgo(const std::string &user, const std::string &host, const std::string &auth_username,
void AuthDbBackend::getPasswordForAlgo(const string &user, const string &host, const string &auth_username,
AuthDbListener *listener, AuthDbListener *listener_ref) {
// Check for usable cached password
string key(createPasswordKey(user, auth_username));
passwd_algo_t pass;
vector<passwd_algo_t> pass;
switch (getCachedPassword(key, host, pass)) {
case VALID_PASS_FOUND:
if (listener) listener->onResult(AuthDbResult::PASSWORD_FOUND, pass);
if(listener_ref) listener_ref->finish_verify_algos(pass);
if (listener_ref) listener_ref->finishVerifyAlgos(pass);
return;
case EXPIRED_PASS_FOUND:
// Might check here if connection is failing
......@@ -192,8 +191,9 @@ void AuthDbBackend::getPasswordForAlgo(const std::string &user, const std::strin
// if we reach here, password wasn't cached: we have to grab the password from the actual backend
getPasswordFromBackend(user, host, auth_username, listener, listener_ref);
}
void AuthDbBackend::createCachedAccount(const std::string &user, const std::string &host, const std::string &auth_username, const passwd_algo_t &password,
int expires, const std::string & phone_alias) {
void AuthDbBackend::createCachedAccount(const string &user, const string &host, const string &auth_username, const vector<passwd_algo_t> &password,
int expires, const string & phone_alias) {
if (!user.empty() && !host.empty()) {
string key = createPasswordKey(user, auth_username);
cachePassword(key, host, password, expires);
......@@ -223,28 +223,27 @@ string AuthDbBackend::syncMd5(const char* input,size_t size){
return out;
}
void AuthDbBackend::verifyAlgo(const passwd_algo_t &pass, std::list<std::string> &algorithms){
for(auto algo = algorithms.begin(); algo != algorithms.end();)
{
auto algo_ref=algo++;
if((!strcmp(algo_ref->c_str(),"MD5")&&(pass.passmd5==""))||(!strcmp(algo_ref->c_str(),"SHA-256")&&(pass.passsha256=="")))
{
algorithms.remove(algo_ref->c_str());
}
}
}
void AuthDbBackend::createAccount(const std::string & user, const std::string & host, const std::string &auth_username, const std::string &password,
int expires, const std::string & phone_alias) {
void AuthDbBackend::createAccount(const string & user, const string & host, const string &auth_username, const string &password,
int expires, const string & phone_alias) {
// Password here is in mod clrtxt. Calcul passmd5 and passsha256 before createCachedAccount.
passwd_algo_t pass;
pass.pass = password;
if(pass.pass!=""){
string input;
input = user+":"+host+":"+pass.pass;
pass.passmd5=syncMd5(input.c_str(), 16);
pass.passsha256=syncSha256(input.c_str(), 32);
}
vector<passwd_algo_t> pass;
passwd_algo_t clrtxt, md5, sha256;
clrtxt.pass = password;
clrtxt.algo = "CLRTXT";
pass.push_back(clrtxt);
string input;
input = user+":"+host+":"+clrtxt.pass;
md5.pass = syncMd5(input.c_str(), 16);
md5.algo = "MD5";
pass.push_back(md5);
sha256.pass = syncSha256(input.c_str(), 32);
sha256.algo = "SHA-256";
pass.push_back(sha256);
createCachedAccount(user, host, auth_username, pass, expires, phone_alias);
}
......@@ -261,7 +260,7 @@ AuthDbBackend::CacheResult AuthDbBackend::getCachedUserWithPhone(const string &p
return NO_PASS_FOUND;
}
void AuthDbBackend::getUserWithPhone(const std::string & phone, const std::string & domain, AuthDbListener *listener) {
void AuthDbBackend::getUserWithPhone(const string & phone, const string & domain, AuthDbListener *listener) {
// Check for usable cached password
string user;
switch (getCachedUserWithPhone(phone, domain, user)) {
......@@ -277,9 +276,9 @@ void AuthDbBackend::getUserWithPhone(const std::string & phone, const std::strin
getUserWithPhoneFromBackend(phone, domain, listener);
}
void AuthDbBackend::getUsersWithPhone(list<tuple<std::string,std::string,AuthDbListener*>> & creds, AuthDbListener *listener) {
list<tuple<std::string,std::string,AuthDbListener*>> needed_creds;
for (tuple<std::string,std::string,AuthDbListener*> cred : creds) {
void AuthDbBackend::getUsersWithPhone(list<tuple<string,string,AuthDbListener*>> & creds, AuthDbListener *listener) {
list<tuple<string,string,AuthDbListener*>> needed_creds;
for (tuple<string,string,AuthDbListener*> cred : creds) {
// Check for usable cached password
string user;
string phone = std::get<0>(cred);
......@@ -300,8 +299,8 @@ void AuthDbBackend::getUsersWithPhone(list<tuple<std::string,std::string,AuthDbL
getUsersWithPhonesFromBackend(needed_creds, listener);
}
void AuthDbBackend::getUsersWithPhonesFromBackend(list<tuple<std::string,std::string,AuthDbListener*>> &creds, AuthDbListener *listener) {
for(tuple<std::string,std::string,AuthDbListener*> cred : creds) {
void AuthDbBackend::getUsersWithPhonesFromBackend(list<tuple<string,string,AuthDbListener*>> &creds, AuthDbListener *listener) {
for(tuple<string,string,AuthDbListener*> cred : creds) {
string phone = std::get<0>(cred);
string domain = std::get<1>(cred);
AuthDbListener* l = std::get<2>(cred);
......
......@@ -44,8 +44,7 @@ enum AuthDbResult { PENDING, PASSWORD_FOUND, PASSWORD_NOT_FOUND, AUTH_ERROR };
struct passwd_algo_t {
std::string pass;
std::string passmd5;
std::string passsha256;
std::string algo;
};
// Fw declaration
......@@ -54,9 +53,9 @@ struct AuthDbTimings;
class AuthDbListener : public StatFinishListener {
public:
virtual void onResult(AuthDbResult result, const std::string &passwd) = 0;
virtual void onResult(AuthDbResult result, const passwd_algo_t &passwd)=0;
virtual void onResult(AuthDbResult result, const std::vector<passwd_algo_t> &passwd)=0;
virtual void onResults(std::list<std::string> &phones, std::set<std::string> &users);
virtual void finish_verify_algos(const passwd_algo_t &pass)=0;
virtual void finishVerifyAlgos(const std::vector<passwd_algo_t> &pass)=0;
virtual ~AuthDbListener();
};
......@@ -64,9 +63,9 @@ class AuthDbBackend {
static AuthDbBackend *sUnique;
struct CachedPassword {
passwd_algo_t pass;
std::vector<passwd_algo_t> pass;
time_t expire_date;
CachedPassword(const passwd_algo_t &ipass, time_t idate) : pass(ipass), expire_date(idate) {
CachedPassword(const std::vector<passwd_algo_t> &ipass, time_t idate) : pass(ipass), expire_date(idate) {
}
};
......@@ -80,11 +79,11 @@ protected:
AuthDbBackend();
enum CacheResult { VALID_PASS_FOUND, EXPIRED_PASS_FOUND, NO_PASS_FOUND };
std::string createPasswordKey(const std::string &user, const std::string &auth);
bool cachePassword(const std::string &key, const std::string &domain, const passwd_algo_t &pass, int expires);
bool cachePassword(const std::string &key, const std::string &domain, const std::vector<passwd_algo_t> &pass, int expires);
bool cacheUserWithPhone(const std::string &phone, const std::string &domain, const std::string &user);
CacheResult getCachedPassword(const std::string &key, const std::string &domain, passwd_algo_t &pass);
CacheResult getCachedPassword(const std::string &key, const std::string &domain, std::vector<passwd_algo_t> &pass);
CacheResult getCachedUserWithPhone(const std::string &phone, const std::string &domain, std::string &user);
void createCachedAccount(const std::string & user, const std::string & domain, const std::string &auth_username, const passwd_algo_t &password, int expires, const std::string & phone_alias = "");
void createCachedAccount(const std::string & user, const std::string & domain, const std::string &auth_username, const std::vector<passwd_algo_t> &password, int expires, const std::string & phone_alias = "");
void clearCache();
int mCacheExpire;
public:
......@@ -106,17 +105,15 @@ public:
static AuthDbBackend *get();
/* called by module_auth so that backends can declare their configuration to the ConfigurationManager */
static void declareConfig(GenericStruct *mc);
static void verifyAlgo(const passwd_algo_t &pass, std::list<std::string> &algorithms);
static std::string syncSha256(const char* input,size_t size);
static std::string syncMd5(const char* input,size_t size);
};
class FileAuthDb : public AuthDbBackend {
private:
std::string mFileString;
time_t mLastSync;
void parsePasswd(std::string* pass, std::string user, std::string domain, passwd_algo_t* password);
void parsePasswd(std::vector<std::string> &pass, std::string user, std::string domain, std::vector<passwd_algo_t> &password);
protected:
void sync();
......
......@@ -188,6 +188,8 @@ class RelaySession : public std::enable_shared_from_this<RelaySession> {
class MediaFilter {
public:
virtual ~MediaFilter() = default;
/// Should return false if the incoming packet must not be transfered.
virtual bool onIncomingTransfer(uint8_t *data, size_t size, const sockaddr *addr, socklen_t addrlen) = 0;
/// Should return false if the packet output must not be sent.
......
This diff is collapsed.
......@@ -123,15 +123,16 @@ class GatewayRegister {
delete this;
}
virtual void onResult(AuthDbResult result, const passwd_algo_t &passwd) {
virtual void onResult(AuthDbResult result, const vector<passwd_algo_t> &passwd) {
if (result == AuthDbResult::PASSWORD_FOUND) {
checkPassword(passwd.pass.c_str());
checkPassword(passwd.front().pass.c_str());
} else {
LOGE("GatewayRegister onResult(): Can't find user password, give up.");
}
delete this;
}
virtual void finish_verify_algos(const passwd_algo_t &pass) {
virtual void finishVerifyAlgos(const vector<passwd_algo_t> &pass) {
return;
}
};
......
......@@ -476,7 +476,7 @@ void ModuleRegistrar::reply(shared_ptr<RequestSipEvent> &ev, int code, const cha
for (sip_contact_t *contact = modified_contacts; contact!=NULL ; contact=contact->m_next) {
if(sip->sip_request->rq_method == sip_method_register && code == 200
&& contact && contact->m_url && url_has_param(contact->m_url, "gr")) {
&& contact && url_has_param(contact->m_url, "gr")) {
string gruu;
char *buffer = new char[255];
isize_t result = url_param(contact->m_url->url_params, "gr", buffer, 255);
......
......@@ -29,9 +29,9 @@ public:
belle_sip_object_unref(timer);
}
virtual void onResult(AuthDbResult result, const passwd_algo_t &passwd) {
virtual void onResult(AuthDbResult result, const vector<passwd_algo_t> &passwd) {
belle_sip_source_cpp_func_t *func = new belle_sip_source_cpp_func_t([this, result, passwd](unsigned int events) {
this->processResponse(result, passwd.pass);
this->processResponse(result, passwd.front().pass);
return BELLE_SIP_STOP;
});
belle_sip_source_t *timer = belle_sip_main_loop_create_cpp_timeout( mMainLoop
......@@ -41,7 +41,7 @@ public:
belle_sip_object_unref(timer);
}
virtual void finish_verify_algos(const passwd_algo_t &pass) {
virtual void finishVerifyAlgos(const vector<passwd_algo_t> &pass) {
return;
}
......
......@@ -54,6 +54,7 @@ class PushNotificationRequest {
Successful,
Failed
};
virtual ~PushNotificationRequest() = default;
const std::string &getAppIdentifier() {
return mAppId;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment