From 220d596a7f93725b5dc3a4be0bdd5c98b6617cd2 Mon Sep 17 00:00:00 2001 From: Peio Rigaux Date: Thu, 3 Dec 2020 11:28:01 +0100 Subject: [PATCH] Fixed configuration by really using reference of parameter in hook instead of copy, fixed provisioning for subdomains, added logs in case of digest auth fail --- conf/hooks.conf | 8 ++++---- src/xmlrpc/authentication.php | 18 +++++++++++++++++- src/xmlrpc/provisioning.php | 12 ++++++------ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/conf/hooks.conf b/conf/hooks.conf index 2f1c9ac..50e80a0 100644 --- a/conf/hooks.conf +++ b/conf/hooks.conf @@ -21,17 +21,17 @@ function hook_on_account_activated($account) { /** ### request_params array my contain username, domain, transport, ha1 and algo ### */ -function provisioning_hook_on_proxy_config($xml, $request_params) { +function provisioning_hook_on_proxy_config(&$xml, $request_params) { $xml .= 'sip:conference-factory@' . $request_params["domain"] . ''; } -function provisioning_hook_on_auth_info($xml, $request_params) { +function provisioning_hook_on_auth_info(&$xml, $request_params) { } -function provisioning_hook_on_additional_section($xml, $request_params) { +function provisioning_hook_on_additional_section(&$xml, $request_params) { $xml .= '
'; $xml .= 'sips:rls@' . $request_params["domain"] . ''; $xml .= '
'; } -?> \ No newline at end of file +?> diff --git a/src/xmlrpc/authentication.php b/src/xmlrpc/authentication.php index db6bc47..a6bb28b 100644 --- a/src/xmlrpc/authentication.php +++ b/src/xmlrpc/authentication.php @@ -113,8 +113,11 @@ function request_authentication($realm = "sip.example.org", $username = null) function authenticate($auth_digest, $realm = "sip.example.org") { Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm); - // Parse the client authentication data + // Parse the client authentication data in 3 arrays. + // One containing raw auth_digest, the second containing keys and the third containing values preg_match_all('@(realm|username|nonce|uri|nc|cnonce|qop|response|opaque|algorithm)=[\'"]?([^\'",]+)@', $auth_digest, $a); + + //Combining array of keys and array of values to get a dictionary $data = array_combine($a[1], $a[2]); // Get the password/hash from database @@ -165,6 +168,19 @@ function authenticate($auth_digest, $realm = "sip.example.org") if ($data['response'] === $valid_response) { return $data['username']; } + Logger::getInstance()->debug("Digest : received username=" . $data['username']); + Logger::getInstance()->debug("Digest : received realm=" . $data['realm']); + Logger::getInstance()->debug("Digest : computed A1 hashed([username]:[realm]:[password])=" . $A1); + Logger::getInstance()->debug("Digest : received method=" . getenv('REQUEST_METHOD')); + Logger::getInstance()->debug("Digest : received uri=" . $data['uri']); + Logger::getInstance()->debug("Digest : computed A2 hashed([request_method]:[uri])='" . $A2); + Logger::getInstance()->debug("Digest : received nonce=" . $data['nonce']); + Logger::getInstance()->debug("Digest : received nc=" . $data['nc']); + Logger::getInstance()->debug("Digest : received cnonce=" . $data['cnonce']); + Logger::getInstance()->debug("Digest : received qop=" . $data['qop']); + Logger::getInstance()->debug("Digest : computed A2 hashed([request_method]:[uri])=" . $A2); + Logger::getInstance()->debug("Digest : expected response hashed([A1]:[nonce]:[nc]:[cnonce]:[qop]:[A2])=" . $valid_response); + Logger::getInstance()->debug("Digest : got instead response ([request_method]:[uri])=" . $data['response']); } Logger::getInstance()->error("Failed to authenticate request"); diff --git a/src/xmlrpc/provisioning.php b/src/xmlrpc/provisioning.php index 8acb720..6b25069 100644 --- a/src/xmlrpc/provisioning.php +++ b/src/xmlrpc/provisioning.php @@ -30,6 +30,8 @@ include_once __DIR__ . '/authentication.php'; $logger = Logger::getInstance(); $username = isset($_GET['username']) ? $_GET['username'] : null; +$domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN; +$realm = isset($_GET['domain']) ? $_GET['domain'] : AUTH_REALM; if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) { $headers = getallheaders(); @@ -53,17 +55,17 @@ if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) { } if (!empty($authorization)) { - $authentication_status = authenticate($authorization, AUTH_REALM); + $authentication_status = authenticate($authorization, $realm); if ($authentication_status != null) { Logger::getInstance()->debug("Authentication successful"); } else { Logger::getInstance()->debug("Authentication failed"); - request_authentication(AUTH_REALM, $from); + request_authentication($realm, $from); } } else { Logger::getInstance()->debug("No authentication header"); - request_authentication(AUTH_REALM, $from); + request_authentication($realm, $from); } } @@ -119,7 +121,7 @@ if (file_exists(REMOTE_PROVISIONING_DEFAULT_CONFIG)) { } } -$domain = isset($_GET['domain']) ? $_GET['domain'] : SIP_DOMAIN; + $transport = isset($_GET['transport']) ? $_GET['transport'] : REMOTE_PROVISIONING_DEFAULT_TRANSPORT; $request_params = array( @@ -181,8 +183,6 @@ if (!empty($username)) { $xml .= '
'; $xml .= '<sip:' . $username . '@' . $domain . '>'; - $xml .= '<sip:' . $domain . ';transport=' . $transport . '>'; - $xml .= '<sip:' . $domain . ';transport=' . $transport . '>'; $xml .= '1'; $xml .= 'push_notification'; if (get_config_value(CUSTOM_HOOKS, FALSE)) {