mirror of
https://github.com/asterisk/asterisk.git
synced 2025-10-26 06:26:41 +00:00
ae6795f3ec
https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r42421 | tilghman | 2006-09-08 11:06:17 -0500 (Fri, 08 Sep 2006) | 2 lines Jump logic was backwards: goto returns 0 if it succeeds, and we should jump if authentication fails. (Bug #7907) ........ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@42422 65c4cc65-6c06-0410-ace0-fbb531ad65f3
251 lines
6.9 KiB
C
251 lines
6.9 KiB
C
/*
|
|
* Asterisk -- An open source telephony toolkit.
|
|
*
|
|
* Copyright (C) 1999 - 2005, Digium, Inc.
|
|
*
|
|
* Mark Spencer <markster@digium.com>
|
|
*
|
|
* See http://www.asterisk.org for more information about
|
|
* the Asterisk project. Please do not directly contact
|
|
* any of the maintainers of this project for assistance;
|
|
* the project provides a web site, mailing lists and IRC
|
|
* channels for your use.
|
|
*
|
|
* This program is free software, distributed under the terms of
|
|
* the GNU General Public License Version 2. See the LICENSE file
|
|
* at the top of the source tree.
|
|
*/
|
|
|
|
/*! \file
|
|
*
|
|
* \brief Execute arbitrary authenticate commands
|
|
*
|
|
* \author Mark Spencer <markster@digium.com>
|
|
*
|
|
* \ingroup applications
|
|
*/
|
|
|
|
#include "asterisk.h"
|
|
|
|
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
|
|
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
|
|
#include "asterisk/lock.h"
|
|
#include "asterisk/file.h"
|
|
#include "asterisk/logger.h"
|
|
#include "asterisk/channel.h"
|
|
#include "asterisk/pbx.h"
|
|
#include "asterisk/module.h"
|
|
#include "asterisk/app.h"
|
|
#include "asterisk/astdb.h"
|
|
#include "asterisk/utils.h"
|
|
#include "asterisk/options.h"
|
|
|
|
enum {
|
|
OPT_ACCOUNT = (1 << 0),
|
|
OPT_DATABASE = (1 << 1),
|
|
OPT_JUMP = (1 << 2),
|
|
OPT_MULTIPLE = (1 << 3),
|
|
OPT_REMOVE = (1 << 4),
|
|
} auth_option_flags;
|
|
|
|
AST_APP_OPTIONS(auth_app_options, {
|
|
AST_APP_OPTION('a', OPT_ACCOUNT),
|
|
AST_APP_OPTION('d', OPT_DATABASE),
|
|
AST_APP_OPTION('j', OPT_JUMP),
|
|
AST_APP_OPTION('m', OPT_MULTIPLE),
|
|
AST_APP_OPTION('r', OPT_REMOVE),
|
|
});
|
|
|
|
|
|
static char *app = "Authenticate";
|
|
|
|
static char *synopsis = "Authenticate a user";
|
|
|
|
static char *descrip =
|
|
" Authenticate(password[|options[|maxdigits]]): This application asks the caller\n"
|
|
"to enter a given password in order to continue dialplan execution. If the password\n"
|
|
"begins with the '/' character, it is interpreted as a file which contains a list of\n"
|
|
"valid passwords, listed 1 password per line in the file.\n"
|
|
" When using a database key, the value associated with the key can be anything.\n"
|
|
"Users have three attempts to authenticate before the channel is hung up. If the\n"
|
|
"passsword is invalid, the 'j' option is specified, and priority n+101 exists,\n"
|
|
"dialplan execution will continnue at this location.\n"
|
|
" Options:\n"
|
|
" a - Set the channels' account code to the password that is entered\n"
|
|
" d - Interpret the given path as database key, not a literal file\n"
|
|
" j - Support jumping to n+101 if authentication fails\n"
|
|
" m - Interpret the given path as a file which contains a list of account\n"
|
|
" codes and password hashes delimited with ':', listed one per line in\n"
|
|
" the file. When one of the passwords is matched, the channel will have\n"
|
|
" its account code set to the corresponding account code in the file.\n"
|
|
" r - Remove the database key upon successful entry (valid with 'd' only)\n"
|
|
" maxdigits - maximum acceptable number of digits. Stops reading after\n"
|
|
" maxdigits have been entered (without requiring the user to\n"
|
|
" press the '#' key).\n"
|
|
" Defaults to 0 - no limit - wait for the user press the '#' key.\n"
|
|
;
|
|
|
|
static int auth_exec(struct ast_channel *chan, void *data)
|
|
{
|
|
int res=0;
|
|
int retries;
|
|
struct ast_module_user *u;
|
|
char passwd[256];
|
|
char *prompt;
|
|
int maxdigits;
|
|
char *argcopy =NULL;
|
|
struct ast_flags flags = {0};
|
|
|
|
AST_DECLARE_APP_ARGS(arglist,
|
|
AST_APP_ARG(password);
|
|
AST_APP_ARG(options);
|
|
AST_APP_ARG(maxdigits);
|
|
);
|
|
|
|
if (ast_strlen_zero(data)) {
|
|
ast_log(LOG_WARNING, "Authenticate requires an argument(password)\n");
|
|
return -1;
|
|
}
|
|
|
|
u = ast_module_user_add(chan);
|
|
|
|
if (chan->_state != AST_STATE_UP) {
|
|
res = ast_answer(chan);
|
|
if (res) {
|
|
ast_module_user_remove(u);
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
argcopy = ast_strdupa(data);
|
|
|
|
AST_STANDARD_APP_ARGS(arglist,argcopy);
|
|
|
|
if (!ast_strlen_zero(arglist.options)) {
|
|
ast_app_parse_options(auth_app_options, &flags, NULL, arglist.options);
|
|
}
|
|
|
|
if (!ast_strlen_zero(arglist.maxdigits)) {
|
|
maxdigits = atoi(arglist.maxdigits);
|
|
if ((maxdigits<1) || (maxdigits>sizeof(passwd)-2))
|
|
maxdigits = sizeof(passwd) - 2;
|
|
} else {
|
|
maxdigits = sizeof(passwd) - 2;
|
|
}
|
|
|
|
/* Start asking for password */
|
|
prompt = "agent-pass";
|
|
for (retries = 0; retries < 3; retries++) {
|
|
res = ast_app_getdata(chan, prompt, passwd, maxdigits, 0);
|
|
if (res < 0)
|
|
break;
|
|
res = 0;
|
|
if (arglist.password[0] == '/') {
|
|
if (ast_test_flag(&flags,OPT_DATABASE)) {
|
|
char tmp[256];
|
|
/* Compare against a database key */
|
|
if (!ast_db_get(arglist.password + 1, passwd, tmp, sizeof(tmp))) {
|
|
/* It's a good password */
|
|
if (ast_test_flag(&flags,OPT_REMOVE)) {
|
|
ast_db_del(arglist.password + 1, passwd);
|
|
}
|
|
break;
|
|
}
|
|
} else {
|
|
/* Compare against a file */
|
|
FILE *f;
|
|
f = fopen(arglist.password, "r");
|
|
if (f) {
|
|
char buf[256] = "";
|
|
char md5passwd[33] = "";
|
|
char *md5secret = NULL;
|
|
|
|
while (!feof(f)) {
|
|
fgets(buf, sizeof(buf), f);
|
|
if (!feof(f) && !ast_strlen_zero(buf)) {
|
|
buf[strlen(buf) - 1] = '\0';
|
|
if (ast_test_flag(&flags,OPT_MULTIPLE)) {
|
|
md5secret = strchr(buf, ':');
|
|
if (md5secret == NULL)
|
|
continue;
|
|
*md5secret = '\0';
|
|
md5secret++;
|
|
ast_md5_hash(md5passwd, passwd);
|
|
if (!strcmp(md5passwd, md5secret)) {
|
|
if (ast_test_flag(&flags,OPT_ACCOUNT))
|
|
ast_cdr_setaccount(chan, buf);
|
|
break;
|
|
}
|
|
} else {
|
|
if (!strcmp(passwd, buf)) {
|
|
if (ast_test_flag(&flags,OPT_ACCOUNT))
|
|
ast_cdr_setaccount(chan, buf);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
fclose(f);
|
|
if (!ast_strlen_zero(buf)) {
|
|
if (ast_test_flag(&flags,OPT_MULTIPLE)) {
|
|
if (md5secret && !strcmp(md5passwd, md5secret))
|
|
break;
|
|
} else {
|
|
if (!strcmp(passwd, buf))
|
|
break;
|
|
}
|
|
}
|
|
} else
|
|
ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", arglist.password, strerror(errno));
|
|
}
|
|
} else {
|
|
/* Compare against a fixed password */
|
|
if (!strcmp(passwd, arglist.password))
|
|
break;
|
|
}
|
|
prompt="auth-incorrect";
|
|
}
|
|
if ((retries < 3) && !res) {
|
|
if (ast_test_flag(&flags,OPT_ACCOUNT) && !ast_test_flag(&flags,OPT_MULTIPLE))
|
|
ast_cdr_setaccount(chan, passwd);
|
|
res = ast_streamfile(chan, "auth-thankyou", chan->language);
|
|
if (!res)
|
|
res = ast_waitstream(chan, "");
|
|
} else {
|
|
if (ast_test_flag(&flags,OPT_JUMP) && ast_goto_if_exists(chan, chan->context, chan->exten, chan->priority + 101) == 0) {
|
|
res = 0;
|
|
} else {
|
|
if (!ast_streamfile(chan, "vm-goodbye", chan->language))
|
|
res = ast_waitstream(chan, "");
|
|
res = -1;
|
|
}
|
|
}
|
|
ast_module_user_remove(u);
|
|
return res;
|
|
}
|
|
|
|
static int unload_module(void)
|
|
{
|
|
int res;
|
|
|
|
ast_module_user_hangup_all();
|
|
|
|
res = ast_unregister_application(app);
|
|
|
|
|
|
return res;
|
|
}
|
|
|
|
static int load_module(void)
|
|
{
|
|
return ast_register_application(app, auth_exec, synopsis, descrip);
|
|
}
|
|
|
|
AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Authentication Application");
|