/*************************************************************************** * authentication.c * * Fri Jul 16 12:08:34 2004 * Copyright 2004-2009 Simon MORLAT * simon.morlat@linphone.org ****************************************************************************/ /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Library General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "linphone/core.h" #include "private.h" #include "linphone/lpconfig.h" static void _linphone_auth_info_uninit(LinphoneAuthInfo *obj); static void _linphone_auth_info_copy(LinphoneAuthInfo *dst, const LinphoneAuthInfo *src); BELLE_SIP_DECLARE_NO_IMPLEMENTED_INTERFACES(LinphoneAuthInfo); BELLE_SIP_DECLARE_VPTR_NO_EXPORT(LinphoneAuthInfo); BELLE_SIP_INSTANCIATE_VPTR( LinphoneAuthInfo, belle_sip_object_t, _linphone_auth_info_uninit, // destroy _linphone_auth_info_copy, // clone NULL, // marshal FALSE ); LinphoneAuthInfo *linphone_auth_info_new(const char *username, const char *userid, const char *passwd, const char *ha1, const char *realm, const char *domain){ LinphoneAuthInfo *obj=belle_sip_object_new(LinphoneAuthInfo); if (username!=NULL && (strlen(username)>0) ) obj->username=ms_strdup(username); if (userid!=NULL && (strlen(userid)>0)) obj->userid=ms_strdup(userid); if (passwd!=NULL && (strlen(passwd)>0)) obj->passwd=ms_strdup(passwd); if (ha1!=NULL && (strlen(ha1)>0)) obj->ha1=ms_strdup(ha1); if (realm!=NULL && (strlen(realm)>0)) obj->realm=ms_strdup(realm); if (domain!=NULL && (strlen(domain)>0)) obj->domain=ms_strdup(domain); return obj; } static void _linphone_auth_info_copy(LinphoneAuthInfo *dst, const LinphoneAuthInfo *src) { if (src->username) dst->username = ms_strdup(src->username); if (src->userid) dst->userid = ms_strdup(src->userid); if (src->passwd) dst->passwd = ms_strdup(src->passwd); if (src->ha1) dst->ha1 = ms_strdup(src->ha1); if (src->realm) dst->realm = ms_strdup(src->realm); if (src->domain) dst->domain = ms_strdup(src->domain); if (src->tls_cert) dst->tls_cert = ms_strdup(src->tls_cert); if (src->tls_key) dst->tls_key = ms_strdup(src->tls_key); if (src->tls_cert_path) dst->tls_cert_path = ms_strdup(src->tls_cert_path); if (src->tls_key_path) dst->tls_key_path = ms_strdup(src->tls_key_path); } LinphoneAuthInfo *linphone_auth_info_clone(const LinphoneAuthInfo *ai){ return LINPHONE_AUTH_INFO(belle_sip_object_clone(BELLE_SIP_OBJECT(ai))); } LinphoneAuthInfo *linphone_auth_info_ref(LinphoneAuthInfo *obj) { return LINPHONE_AUTH_INFO(belle_sip_object_ref(obj)); } void linphone_auth_info_unref(LinphoneAuthInfo *obj) { belle_sip_object_unref(obj); } const char *linphone_auth_info_get_username(const LinphoneAuthInfo *i) { return i->username; } const char *linphone_auth_info_get_passwd(const LinphoneAuthInfo *i) { return i->passwd; } const char *linphone_auth_info_get_userid(const LinphoneAuthInfo *i) { return i->userid; } const char *linphone_auth_info_get_realm(const LinphoneAuthInfo *i) { return i->realm; } const char *linphone_auth_info_get_domain(const LinphoneAuthInfo *i) { return i->domain; } const char *linphone_auth_info_get_ha1(const LinphoneAuthInfo *i) { return i->ha1; } const char *linphone_auth_info_get_tls_cert(const LinphoneAuthInfo *i) { return i->tls_cert; } const char *linphone_auth_info_get_tls_key(const LinphoneAuthInfo *i) { return i->tls_key; } const char *linphone_auth_info_get_tls_cert_path(const LinphoneAuthInfo *i) { return i->tls_cert_path; } const char *linphone_auth_info_get_tls_key_path(const LinphoneAuthInfo *i) { return i->tls_key_path; } void linphone_auth_info_set_passwd(LinphoneAuthInfo *info, const char *passwd) { if (info->passwd) { ms_free(info->passwd); info->passwd = NULL; } if (passwd && strlen(passwd) > 0) info->passwd = ms_strdup(passwd); } void linphone_auth_info_set_username(LinphoneAuthInfo *info, const char *username) { if (info->username) { ms_free(info->username); info->username = NULL; } if (username && strlen(username) > 0) info->username = ms_strdup(username); } void linphone_auth_info_set_userid(LinphoneAuthInfo *info, const char *userid) { if (info->userid) { ms_free(info->userid); info->userid = NULL; } if (userid && strlen(userid) > 0) info->userid = ms_strdup(userid); } void linphone_auth_info_set_realm(LinphoneAuthInfo *info, const char *realm) { if (info->realm) { ms_free(info->realm); info->realm = NULL; } if (realm && strlen(realm) > 0) info->realm = ms_strdup(realm); } void linphone_auth_info_set_domain(LinphoneAuthInfo *info, const char *domain) { if (info->domain) { ms_free(info->domain); info->domain = NULL; } if (domain && strlen(domain) > 0) info->domain = ms_strdup(domain); } void linphone_auth_info_set_ha1(LinphoneAuthInfo *info, const char *ha1) { if (info->ha1) { ms_free(info->ha1); info->ha1 = NULL; } if (ha1 && strlen(ha1) > 0) info->ha1 = ms_strdup(ha1); } void linphone_auth_info_set_tls_cert(LinphoneAuthInfo *info, const char *tls_cert) { if (info->tls_cert) { ms_free(info->tls_cert); info->tls_cert = NULL; } if (tls_cert && strlen(tls_cert) > 0) info->tls_cert = ms_strdup(tls_cert); } void linphone_auth_info_set_tls_key(LinphoneAuthInfo *info, const char *tls_key) { if (info->tls_key) { ms_free(info->tls_key); info->tls_key = NULL; } if (tls_key && strlen(tls_key) > 0) info->tls_key = ms_strdup(tls_key); } void linphone_auth_info_set_tls_cert_path(LinphoneAuthInfo *info, const char *tls_cert_path) { if (info->tls_cert_path) { ms_free(info->tls_cert_path); info->tls_cert_path = NULL; } if (tls_cert_path && strlen(tls_cert_path) > 0) info->tls_cert_path = ms_strdup(tls_cert_path); } void linphone_auth_info_set_tls_key_path(LinphoneAuthInfo *info, const char *tls_key_path) { if (info->tls_key_path) { ms_free(info->tls_key_path); info->tls_key_path = NULL; } if (tls_key_path && strlen(tls_key_path) > 0) info->tls_key_path = ms_strdup(tls_key_path); } static void _linphone_auth_info_uninit(LinphoneAuthInfo *obj) { if (obj->username != NULL) ms_free(obj->username); if (obj->userid != NULL) ms_free(obj->userid); if (obj->passwd != NULL) ms_free(obj->passwd); if (obj->ha1 != NULL) ms_free(obj->ha1); if (obj->realm != NULL) ms_free(obj->realm); if (obj->domain != NULL) ms_free(obj->domain); if (obj->tls_cert != NULL) ms_free(obj->tls_cert); if (obj->tls_key != NULL) ms_free(obj->tls_key); if (obj->tls_cert_path != NULL) ms_free(obj->tls_cert_path); if (obj->tls_key_path != NULL) ms_free(obj->tls_key_path); } /** * Destroys a LinphoneAuthInfo object. **/ void linphone_auth_info_destroy(LinphoneAuthInfo *obj){ belle_sip_object_unref(obj); } void linphone_auth_info_write_config(LpConfig *config, LinphoneAuthInfo *obj, int pos) { char key[50]; bool_t store_ha1_passwd = lp_config_get_int(config, "sip", "store_ha1_passwd", 1); sprintf(key, "auth_info_%i", pos); lp_config_clean_section(config, key); if (obj == NULL || lp_config_get_int(config, "sip", "store_auth_info", 1) == 0) { return; } if (!obj->ha1 && obj->realm && obj->passwd && (obj->username || obj->userid) && store_ha1_passwd) { /*compute ha1 to avoid storing clear text password*/ obj->ha1 = ms_malloc(33); sal_auth_compute_ha1(obj->userid ? obj->userid : obj->username, obj->realm, obj->passwd, obj->ha1); } if (obj->username != NULL) { lp_config_set_string(config, key, "username", obj->username); } if (obj->userid != NULL) { lp_config_set_string(config, key, "userid", obj->userid); } if (obj->ha1 != NULL) { lp_config_set_string(config, key, "ha1", obj->ha1); } if (obj->passwd != NULL) { if (store_ha1_passwd && obj->ha1) { /*if we have our ha1 and store_ha1_passwd set to TRUE, then drop the clear text password for security*/ linphone_auth_info_set_passwd(obj, NULL); } else { /*we store clear text password only if store_ha1_passwd is FALSE AND we have an ha1 to store. Otherwise, passwd would simply be removed, which might bring major auth issue*/ lp_config_set_string(config, key, "passwd", obj->passwd); } } if (obj->realm != NULL) { lp_config_set_string(config, key, "realm", obj->realm); } if (obj->domain != NULL) { lp_config_set_string(config, key, "domain", obj->domain); } if (obj->tls_cert_path != NULL) { lp_config_set_string(config, key, "client_cert_chain", obj->tls_cert_path); } if (obj->tls_key_path != NULL) { lp_config_set_string(config, key, "client_cert_key", obj->tls_key_path); } } LinphoneAuthInfo *linphone_auth_info_new_from_config_file(LpConfig * config, int pos) { char key[50]; const char *username,*userid,*passwd,*ha1,*realm,*domain,*tls_cert_path,*tls_key_path; LinphoneAuthInfo *ret; sprintf(key, "auth_info_%i", pos); if (!lp_config_has_section(config, key)) { return NULL; } username = lp_config_get_string(config, key, "username", NULL); userid = lp_config_get_string(config, key, "userid", NULL); passwd = lp_config_get_string(config, key, "passwd", NULL); ha1 = lp_config_get_string(config, key, "ha1", NULL); realm = lp_config_get_string(config, key, "realm", NULL); domain = lp_config_get_string(config, key, "domain", NULL); tls_cert_path = lp_config_get_string(config, key, "client_cert_chain", NULL); tls_key_path = lp_config_get_string(config, key, "client_cert_key", NULL); ret = linphone_auth_info_new(username, userid, passwd, ha1, realm, domain); linphone_auth_info_set_tls_cert_path(ret, tls_cert_path); linphone_auth_info_set_tls_key_path(ret, tls_key_path); return ret; } static char * remove_quotes(char * input){ char *tmp; if (*input=='"') input++; tmp=strchr(input,'"'); if (tmp) *tmp='\0'; return input; } static bool_t realm_match(const char *realm1, const char *realm2){ if (realm1==NULL && realm2==NULL) return TRUE; if (realm1!=NULL && realm2!=NULL){ if (strcmp(realm1,realm2)==0) return TRUE; else{ char tmp1[128]; char tmp2[128]; char *p1,*p2; strncpy(tmp1,realm1,sizeof(tmp1)-1); strncpy(tmp2,realm2,sizeof(tmp2)-1); p1=remove_quotes(tmp1); p2=remove_quotes(tmp2); return strcmp(p1,p2)==0; } } return FALSE; } static const LinphoneAuthInfo *find_auth_info(LinphoneCore *lc, const char *username, const char *realm, const char *domain, bool_t ignore_realm){ bctbx_list_t *elem; const LinphoneAuthInfo *ret=NULL; for (elem=lc->auth_info;elem!=NULL;elem=elem->next) { LinphoneAuthInfo *pinfo = (LinphoneAuthInfo*)elem->data; if (username && pinfo->username && strcmp(username,pinfo->username)==0) { if (realm && domain){ if (pinfo->realm && realm_match(realm,pinfo->realm) && pinfo->domain && strcmp(domain,pinfo->domain)==0) { return pinfo; } } else if (realm) { if (pinfo->realm && realm_match(realm,pinfo->realm)) { if (ret!=NULL) { ms_warning("Non unique realm found for %s",username); return NULL; } ret=pinfo; } } else if (domain && pinfo->domain && strcmp(domain,pinfo->domain)==0 && (pinfo->ha1==NULL || ignore_realm)) { return pinfo; } else if (!domain && (pinfo->ha1==NULL || ignore_realm)) { return pinfo; } } } return ret; } const LinphoneAuthInfo *_linphone_core_find_tls_auth_info(LinphoneCore *lc) { bctbx_list_t *elem; for (elem=lc->auth_info;elem!=NULL;elem=elem->next) { LinphoneAuthInfo *pinfo = (LinphoneAuthInfo*)elem->data; if (pinfo->tls_cert && pinfo->tls_key) { return pinfo; } else if (pinfo->tls_cert_path && pinfo->tls_key_path) { return pinfo; } } return NULL; } const LinphoneAuthInfo *_linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain, bool_t ignore_realm){ const LinphoneAuthInfo *ai=NULL; if (realm){ ai=find_auth_info(lc,username,realm,NULL, FALSE); if (ai==NULL && domain){ ai=find_auth_info(lc,username,realm,domain, FALSE); } } if (ai == NULL && domain != NULL) { ai=find_auth_info(lc,username,NULL,domain, ignore_realm); } if (ai==NULL){ ai=find_auth_info(lc,username,NULL,NULL, ignore_realm); } if (ai) ms_message("linphone_core_find_auth_info(): returning auth info username=%s, realm=%s", ai->username ? ai->username : "", ai->realm ? ai->realm : ""); return ai; } const LinphoneAuthInfo *linphone_core_find_auth_info(LinphoneCore *lc, const char *realm, const char *username, const char *domain){ return _linphone_core_find_auth_info(lc, realm, username, domain, TRUE); } /*the auth info is expected to be in the core's list*/ void linphone_core_write_auth_info(LinphoneCore *lc, LinphoneAuthInfo *ai){ int i; bctbx_list_t *elem = lc->auth_info; if (!lc->sip_conf.save_auth_info) return; for (i=0; elem != NULL; elem = elem->next, i++){ if (ai == elem->data){ linphone_auth_info_write_config(lc->config, ai, i); } } } static void write_auth_infos(LinphoneCore *lc){ bctbx_list_t *elem; int i; if (!linphone_core_ready(lc)) return; if (!lc->sip_conf.save_auth_info) return; for(elem=lc->auth_info,i=0;elem!=NULL;elem=bctbx_list_next(elem),i++){ LinphoneAuthInfo *ai=(LinphoneAuthInfo*)(elem->data); linphone_auth_info_write_config(lc->config,ai,i); } linphone_auth_info_write_config(lc->config,NULL,i); /* mark the end */ } LinphoneAuthInfo * linphone_core_create_auth_info(LinphoneCore *lc, const char *username, const char *userid, const char *passwd, const char *ha1, const char *realm, const char *domain) { return linphone_auth_info_new(username, userid, passwd, ha1, realm, domain); } void linphone_core_add_auth_info(LinphoneCore *lc, const LinphoneAuthInfo *info){ LinphoneAuthInfo *ai; bctbx_list_t *elem; bctbx_list_t *l; int restarted_op_count=0; bool_t updating=FALSE; if (info->tls_key == NULL && info->tls_key_path == NULL && info->ha1==NULL && info->passwd==NULL){ ms_error("linphone_core_add_auth_info(): info supplied with empty password, ha1 or TLS client/key"); return; } /* find if we are attempting to modify an existing auth info */ ai=(LinphoneAuthInfo*)linphone_core_find_auth_info(lc,info->realm,info->username,info->domain); if (ai!=NULL && ai->domain && info->domain && strcmp(ai->domain, info->domain)==0){ lc->auth_info=bctbx_list_remove(lc->auth_info,ai); linphone_auth_info_unref(ai); updating=TRUE; } lc->auth_info=bctbx_list_append(lc->auth_info,linphone_auth_info_clone(info)); /* retry pending authentication operations */ for(l=elem=sal_get_pending_auths(lc->sal);elem!=NULL;elem=elem->next){ SalOp *op=(SalOp*)elem->data; LinphoneAuthInfo *ai; const SalAuthInfo *req_sai=sal_op_get_auth_requested(op); ai=(LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,req_sai->realm,req_sai->username,req_sai->domain, FALSE); if (ai){ SalAuthInfo sai; bctbx_list_t* proxy; sai.username=ai->username; sai.userid=ai->userid; sai.realm=ai->realm; sai.password=ai->passwd; sai.ha1=ai->ha1; if (ai->tls_cert && ai->tls_key) { sal_certificates_chain_parse(&sai, ai->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM); sal_signing_key_parse(&sai, ai->tls_key, ""); } else if (ai->tls_cert_path && ai->tls_key_path) { sal_certificates_chain_parse_file(&sai, ai->tls_cert_path, SAL_CERTIFICATE_RAW_FORMAT_PEM); sal_signing_key_parse_file(&sai, ai->tls_key_path, ""); } /*proxy case*/ for (proxy=(bctbx_list_t*)linphone_core_get_proxy_config_list(lc);proxy!=NULL;proxy=proxy->next) { if (proxy->data == sal_op_get_user_pointer(op)) { linphone_proxy_config_set_state((LinphoneProxyConfig*)(proxy->data),LinphoneRegistrationProgress,"Authentication..."); break; } } sal_op_authenticate(op,&sai); restarted_op_count++; } } if (l){ ms_message("linphone_core_add_auth_info(): restarted [%i] operation(s) after %s auth info for\n" "\tusername: [%s]\n" "\trealm [%s]\n" "\tdomain [%s]\n", restarted_op_count, updating ? "updating" : "adding", info->username ? info->username : "", info->realm ? info->realm : "", info->domain ? info->domain : ""); } bctbx_list_free(l); write_auth_infos(lc); } void linphone_core_abort_authentication(LinphoneCore *lc, LinphoneAuthInfo *info){ } void linphone_core_remove_auth_info(LinphoneCore *lc, const LinphoneAuthInfo *info){ LinphoneAuthInfo *r; r=(LinphoneAuthInfo*)linphone_core_find_auth_info(lc,info->realm,info->username,info->domain); if (r){ lc->auth_info=bctbx_list_remove(lc->auth_info,r); linphone_auth_info_unref(r); write_auth_infos(lc); } } const bctbx_list_t *linphone_core_get_auth_info_list(const LinphoneCore *lc){ return lc->auth_info; } void linphone_core_clear_all_auth_info(LinphoneCore *lc){ bctbx_list_t *elem; int i; for(i=0,elem=lc->auth_info;elem!=NULL;elem=bctbx_list_next(elem),i++){ LinphoneAuthInfo *info=(LinphoneAuthInfo*)elem->data; linphone_auth_info_unref(info); linphone_auth_info_write_config(lc->config,NULL,i); } bctbx_list_free(lc->auth_info); lc->auth_info=NULL; }