mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 01:58:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed configuration by really using reference of parameter in hook instead of copy, fixed provisioning for subdomains, added logs in case of digest auth fail

Browse source
This commit is contained in:
Peio Rigaux 2020-12-03 11:28:01 +01:00
parent 5c7c0e1c01
commit 220d596a7f
3 changed files with 27 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
conf/hooks.conf
View file

@ -21,17 +21,17 @@ function hook_on_account_activated($account) {
/** ### request_params array my contain username, domain, transport, ha1 and algo ### */
function provisioning_hook_on_proxy_config($xml, $request_params) {
function provisioning_hook_on_proxy_config(&$xml, $request_params) {
$xml .= '<entry name="conference_factory_uri" overwrite="true">sip:conference-factory@' . $request_params["domain"] . '</entry>';
}
function provisioning_hook_on_auth_info($xml, $request_params) {
function provisioning_hook_on_auth_info(&$xml, $request_params) {
}
function provisioning_hook_on_additional_section($xml, $request_params) {
function provisioning_hook_on_additional_section(&$xml, $request_params) {
$xml .= '<section name="sip">';
$xml .= '<entry name="rls_uri" overwrite="true">sips:rls@' . $request_params["domain"] . '</entry>';
$xml .= '</section>';
}
?>
?>

18
src/xmlrpc/authentication.php
View file

@ -113,8 +113,11 @@ function request_authentication($realm = "sip.example.org", $username = null)
function authenticate($auth_digest, $realm = "sip.example.org")
{
Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm);
// Parse the client authentication data
// Parse the client authentication data in 3 arrays.
// One containing raw auth_digest, the second containing keys and the third containing values
preg_match_all('@(realm|username|nonce|uri|nc|cnonce|qop|response|opaque|algorithm)=[\'"]?([^\'",]+)@', $auth_digest, $a);
//Combining array of keys and array of values to get a dictionary
$data = array_combine($a[1], $a[2]);
// Get the password/hash from database
@ -165,6 +168,19 @@ function authenticate($auth_digest, $realm = "sip.example.org")
if ($data['response'] === $valid_response) {
return $data['username'];
}
Logger::getInstance()->debug("Digest : received username=" . $data['username']);
Logger::getInstance()->debug("Digest : received realm=" . $data['realm']);
Logger::getInstance()->debug("Digest : computed A1 hashed([username]:[realm]:[password])=" . $A1);
Logger::getInstance()->debug("Digest : received method=" . getenv('REQUEST_METHOD'));
Logger::getInstance()->debug("Digest : received uri=" . $data['uri']);
Logger::getInstance()->debug("Digest : computed A2 hashed([request_method]:[uri])='" . $A2);
Logger::getInstance()->debug("Digest : received nonce=" . $data['nonce']);
Logger::getInstance()->debug("Digest : received nc=" . $data['nc']);
Logger::getInstance()->debug("Digest : received cnonce=" . $data['cnonce']);
Logger::getInstance()->debug("Digest : received qop=" . $data['qop']);
Logger::getInstance()->debug("Digest : computed A2 hashed([request_method]:[uri])=" . $A2);
Logger::getInstance()->debug("Digest : expected response hashed([A1]:[nonce]:[nc]:[cnonce]:[qop]:[A2])=" . $valid_response);
Logger::getInstance()->debug("Digest : got instead response ([request_method]:[uri])=" . $data['response']);
}
Logger::getInstance()->error("Failed to authenticate request");

12
src/xmlrpc/provisioning.php
View file

@ -30,6 +30,8 @@ include_once __DIR__ . '/authentication.php';
$logger = Logger::getInstance();
$username = isset($_GET['username']) ? $_GET['username'] : null;
$domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN;
$realm = isset($_GET['domain']) ? $_GET['domain'] : AUTH_REALM;
if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
$headers = getallheaders();
@ -53,17 +55,17 @@ if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
}
if (!empty($authorization)) {
$authentication_status = authenticate($authorization, AUTH_REALM);
$authentication_status = authenticate($authorization, $realm);
if ($authentication_status != null) {
Logger::getInstance()->debug("Authentication successful");
} else {
Logger::getInstance()->debug("Authentication failed");
request_authentication(AUTH_REALM, $from);
request_authentication($realm, $from);
}
} else {
Logger::getInstance()->debug("No authentication header");
request_authentication(AUTH_REALM, $from);
request_authentication($realm, $from);
}
}
@ -119,7 +121,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) {
}
}
$domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN;
$transport = isset($_GET['transport']) ? $_GET['transport'] : REMOTE_PROVISIONING_DEFAULT_TRANSPORT;
$request_params = array(
@ -181,8 +183,6 @@ if (!empty($username)) {
$xml .= '<section name="proxy_' . $proxy_config_index . '">';
$xml .= '<entry name="reg_identity"' . (REMOTE_PROVISIONING_OVERWRITE_ALL ? ' overwrite="true"' : '') . '>&lt;sip:' . $username . '@' . $domain . '&gt;</entry>';
$xml .= '<entry name="reg_proxy"' . (REMOTE_PROVISIONING_OVERWRITE_ALL ? ' overwrite="true"' : '') . '>&lt;sip:' . $domain . ';transport=' . $transport . '&gt;</entry>';
$xml .= '<entry name="reg_route">&lt;sip:' . $domain . ';transport=' . $transport . '&gt;</entry>';
$xml .= '<entry name="reg_sendregister"' . (REMOTE_PROVISIONING_OVERWRITE_ALL ? ' overwrite="true"' : '') . '>1</entry>';
$xml .= '<entry name="refkey"' . (REMOTE_PROVISIONING_OVERWRITE_ALL ? ' overwrite="true"' : '') . '>push_notification</entry>';
if (get_config_value(CUSTOM_HOOKS, FALSE)) {