Commit c0ba6f1f authored by DanmeiChen's avatar DanmeiChen

enhance compatibility for algorithm and change method to read userdb.conf

parent 36bf7431
......@@ -36,7 +36,7 @@ void FileAuthDb::parsePasswd(string* pass, string user, string domain, passwd_al
}
}
if(password->pass!=""){
if(password->pass !=""){
string input;
input = user+":"+domain+":"+password->pass;
password->passmd5=syncMd5(input.c_str(), 16);
......@@ -113,6 +113,9 @@ void FileAuthDb::sync() {
string userid;
string phone;
string pass[3];
string version;
string passwd_tag;
int i;
LOGD("Opening file %s", mFileString.c_str());
file.open(mFileString);
......@@ -121,47 +124,80 @@ void FileAuthDb::sync() {
if (line.empty()) continue;
ss.clear();
ss.str(line);
user.clear();
domain.clear();
pass[0].clear();
pass[1].clear();
pass[2].clear();
userid.clear();
phone.clear();
try {
getline(ss, user, '@');
getline(ss, domain, ' ');
getline(ss, pass[0], ' ');
getline(ss, pass[1], ' ');
getline(ss, pass[2], ' ');
version.clear();
getline(ss, version, ' ');
if(version.substr(0,8)=="version:")
version = version.substr(8);
else
LOGA("userdb.conf must start by version:X to be used.");
break;
}
if(version=="1"){
while (file.good() && getline(file, line)) {
if (line.empty()) continue;
ss.clear();
ss.str(line);
user.clear();
domain.clear();
pass[0].clear();
pass[1].clear();
pass[2].clear();
password.pass.clear();
password.passmd5.clear();
password.passsha256.clear();
userid.clear();
phone.clear();
try {
getline(ss, user, '@');
getline(ss, domain, ' ');
for(i=0;i<3 && (!ss.eof());i++){
passwd_tag.clear();
getline(ss, passwd_tag, ' ');
if(passwd_tag!=";")
pass[i]=strdup(passwd_tag.c_str());
else break;
}
if(passwd_tag!=";"){
if(ss.eof())
LOGA("In userdb.conf, the section of password must end with ';'");
else {
passwd_tag.clear();
getline(ss, passwd_tag, ' ');
if((!ss.eof())&&(passwd_tag!=";"))
LOGA("In userdb.conf, the section of password must end with ';'");
}
}
if (!ss.eof()) {
getline(ss, userid, ' ');
if (!ss.eof()) {
getline(ss, phone);
getline(ss, userid, ' ');
if (!ss.eof()) {
getline(ss, phone);
} else {
phone = "";
}
} else {
userid = user;
phone = "";
}
} else {
userid = user;
phone = "";
}
cacheUserWithPhone(phone, domain, user);
parsePasswd(pass,user,domain,&password);
cacheUserWithPhone(phone, domain, user);
parsePasswd(pass,user,domain,&password);
if (find(domains.begin(), domains.end(), domain) != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
} else if (find(domains.begin(), domains.end(), "*") != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
} else {
LOGW("Not handled domain: %s", domain.c_str());
if (find(domains.begin(), domains.end(), domain) != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
} else if (find(domains.begin(), domains.end(), "*") != domains.end()) {
string key(createPasswordKey(user, userid));
cachePassword(key, domain, password, mCacheExpire);
} else {
LOGW("Not handled domain: %s", domain.c_str());
}
} catch (const stringstream::failure &e) {
LOGW("Incorrect line format: %s (error: %s)", line.c_str(), e.what());
}
} catch (const stringstream::failure &e) {
LOGW("Incorrect line format: %s (error: %s)", line.c_str(), e.what());
}
} else {
LOGE("Version %s is not supported",version.c_str());
}
} else {
LOGE("Can't open file %s", mFileString.c_str());
......
......@@ -170,6 +170,40 @@ void AuthDbBackend::getPassword(const std::string &user, const std::string &host
getPasswordFromBackend(user, host, auth_username, listener);
}
void AuthDbBackend::getPasswordForAlgo(const std::string &user, const std::string &host, const std::string &auth_username,
AuthDbListener *listener, std::list<std::string> &list_algorithm) {
// Check for usable cached password
string key(createPasswordKey(user, auth_username));
passwd_algo_t pass;
switch (getCachedPassword(key, host, pass)) {
case VALID_PASS_FOUND:
if (listener) listener->onResult(AuthDbResult::PASSWORD_FOUND, pass);
else if(pass.pass==""){
for(auto algo = list_algorithm.begin(); algo != list_algorithm.end();)
{
auto algo_ref=algo++;
if((!strcmp(algo_ref->c_str(),"MD5")&&(pass.passmd5==""))||(!strcmp(algo_ref->c_str(),"SHA-256")&&(pass.passsha256=="")))
{
list_algorithm.remove(algo_ref->c_str());
if(list_algorithm.size()==0){
LOGA("There is no password for the given algorithm");
}
}
}
}
return;
case EXPIRED_PASS_FOUND:
// Might check here if connection is failing
// If it is the case use fallback password and
// return AuthDbResult::PASSWORD_FOUND;
break;
case NO_PASS_FOUND:
break;
}
// if we reach here, password wasn't cached: we have to grab the password from the actual backend
getPasswordFromBackend(user, host, auth_username, listener);
}
void AuthDbBackend::createCachedAccount(const std::string &user, const std::string &host, const std::string &auth_username, const passwd_algo_t &password,
int expires, const std::string & phone_alias) {
if (!user.empty() && !host.empty()) {
......
......@@ -90,6 +90,8 @@ class AuthDbBackend {
virtual ~AuthDbBackend();
// warning: listener may be invoked on authdb backend thread, so listener must be threadsafe somehow!
void getPassword(const std::string & user, const std::string & domain, const std::string &auth_username, AuthDbListener *listener);
void getPasswordForAlgo(const std::string &user, const std::string &host, const std::string &auth_username,
AuthDbListener *listener, std::list<std::string> &list_algorithm);
void getUserWithPhone(const std::string &phone, const std::string &domain, AuthDbListener *listener);
void getUsersWithPhone(std::list<std::tuple<std::string,std::string,AuthDbListener *>> & creds, AuthDbListener *listener);
virtual void getUserWithPhoneFromBackend(const std::string &, const std::string &, AuthDbListener *listener) = 0;
......
......@@ -488,10 +488,14 @@ public:
return;
}
}
if(mAlgorithm.size()==1){
auto algo = mAlgorithm.begin();
algorithm.assign(algo->c_str());
}
if(mAlgorithm.size()==0){
mAlgorithm.push_back("MD5");
}
for (it = mDomains.begin(); it != mDomains.end(); ++it) {
auto domain = *it;
......@@ -884,6 +888,7 @@ public:
SIPTAG_SERVER_STR(getAgent()->getServerString()), TAG_END());
}
}
/**
* return true if the event is terminated
*/
......@@ -1169,7 +1174,8 @@ public:
if (listener->mImmediateRetrievePass) {
SLOGD << "Searching for " << as->as_user_uri->url_user
<< " password to have it when the authenticated request comes";
AuthDbBackend::get()->getPassword(as->as_user_uri->url_user, as->as_user_uri->url_host, as->as_user_uri->url_user, NULL);
//AuthDbBackend::get()->getPassword(as->as_user_uri->url_user, as->as_user_uri->url_host, as->as_user_uri->url_user, NULL);
AuthDbBackend::get()->getPasswordForAlgo(as->as_user_uri->url_user, as->as_user_uri->url_host, as->as_user_uri->url_user, NULL, listener->mAlgoUsed);
}
listener->finish();
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment