9455052d980246df5f54e7d97b0277f302f224af
[sip-router] / src / modules / utils / xcap_auth.c
1 /*
2  * xcap_auth.c
3  *
4  * Copyright (C) 2007 Voice Sistem S.R.L.
5  *
6  * Copyright (C) 2009 Juha Heinanen
7  *
8  * This file is part of Kamailio, a free SIP server.
9  *
10  * Kamailio is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version
14  *
15  * Kamailio is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, write to the Free Software
22  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
23  *
24  */
25
26 /*!
27  * \file
28  * \brief Kamailio utils ::
29  * \ingroup utils
30  * Module: \ref utils
31  */
32
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <time.h>
37 #include <libxml/parser.h>
38
39 #include "../../core/str.h"
40 #include "../../core/dprint.h"
41 #include "../../core/pvar.h"
42 #include "../../core/mod_fix.h"
43 #include "../../core/parser/parse_uri.h"
44 #include "../../modules/presence/subscribe.h"
45 #include "../../modules/presence/utils_func.h"
46 #include "../../modules/presence/hash.h"
47 #include "../../modules/xcap_client/xcap_callbacks.h"
48 #include "utils.h"
49 #include "pidf.h"
50
51 xmlNodePtr get_rule_node(subs_t* subs, xmlDocPtr xcap_tree)
52 {
53         str w_uri = {0, 0};
54         char* id = NULL, *domain = NULL, *time_cont= NULL;
55         int apply_rule = -1;
56         xmlNodePtr ruleset_node = NULL, node1= NULL, node2= NULL;
57         xmlNodePtr cond_node = NULL, except_node = NULL;
58         xmlNodePtr identity_node = NULL;
59         xmlNodePtr iden_child;
60         xmlNodePtr validity_node, time_node;
61         time_t t_init, t_fin, t;
62         int valid= 0;
63
64         uandd_to_uri(subs->from_user, subs->from_domain, &w_uri);
65         if (w_uri.s == NULL) {
66                 LM_ERR("while creating uri\n");
67                 return NULL;
68         }
69         ruleset_node = xmlDocGetNodeByName(xcap_tree, "ruleset", NULL);
70         if (ruleset_node == NULL) {
71                 LM_DBG("ruleset_node NULL\n");
72                 goto error;
73         }
74         for (node1 = ruleset_node->children; node1; node1 = node1->next) {
75                 if (xmlStrcasecmp(node1->name, (unsigned char*)"text") == 0)
76                         continue;
77
78                 /* process conditions */
79                 LM_DBG("node1->name= %s\n", node1->name);
80
81                 cond_node = xmlNodeGetChildByName(node1, "conditions");
82                 if(cond_node == NULL) {
83                         LM_DBG("cond node NULL\n");
84                         goto error;
85                 }
86                 LM_DBG("cond_node->name= %s\n", cond_node->name);
87
88                 validity_node = xmlNodeGetChildByName(cond_node, "validity");
89                 if (validity_node != NULL) {
90                         LM_DBG("found validity tag\n");
91
92                         t= time(NULL);
93
94                         /* search all from-until pair */
95                         for (time_node = validity_node->children; time_node;
96                                         time_node = time_node->next) {
97                                 if (xmlStrcasecmp(time_node->name, (unsigned char*)"from")!= 0)
98                                         continue;
99
100                                 time_cont= (char*)xmlNodeGetContent(time_node);
101                                 t_init= xml_parse_dateTime(time_cont);
102                                 xmlFree(time_cont);
103                                 if (t_init< 0) {
104                                         LM_ERR("failed to parse xml dateTime\n");
105                                         goto error;
106                                 }
107
108                                 if (t< t_init) {
109                                         LM_DBG("the lower time limit is not respected\n");
110                                         continue;
111                                 }
112
113                                 time_node= time_node->next;
114                                 while (1) {
115                                         if (time_node == NULL) {
116                                                 LM_ERR("bad formatted xml doc:until child not found in"
117                                                                 " validity pair\n");
118                                                 goto error;
119                                         }
120                                         if( xmlStrcasecmp(time_node->name,
121                                                                 (unsigned char*)"until")== 0)
122                                                 break;
123                                         time_node= time_node->next;
124                                 }
125
126                                 time_cont = (char*)xmlNodeGetContent(time_node);
127                                 t_fin= xml_parse_dateTime(time_cont);
128                                 xmlFree(time_cont);
129
130                                 if (t_fin< 0) {
131                                         LM_ERR("failed to parse xml dateTime\n");
132                                         goto error;
133                                 }
134
135                                 if (t <= t_fin) {
136                                         LM_DBG("the rule is active at this time\n");
137                                         valid= 1;
138                                 }
139
140                         }
141
142                         if (!valid) {
143                                 LM_DBG("the rule is not active at this time\n");
144                                 continue;
145                         }
146
147                 }
148
149                 identity_node = xmlNodeGetChildByName(cond_node, "identity");
150                 if (identity_node == NULL) {
151                         LM_ERR("didn't find identity tag\n");
152                         goto error;
153                 }
154
155                 iden_child = xmlNodeGetChildByName(identity_node, "one");
156                 if(iden_child) {
157                         for (node2 = identity_node->children; node2; node2 = node2->next) {
158                                 if(xmlStrcasecmp(node2->name, (unsigned char*)"one")!= 0)
159                                         continue;
160
161                                 id = xmlNodeGetAttrContentByName(node2, "id");
162                                 if(id== NULL) {
163                                         LM_ERR("while extracting attribute\n");
164                                         goto error;
165                                 }
166                                 if ((strlen(id)== w_uri.len &&
167                                                         (strncmp(id, w_uri.s, w_uri.len)==0))) {
168                                         apply_rule = 1;
169                                         xmlFree(id);
170                                         break;
171                                 }
172                                 xmlFree(id);
173                         }
174                 }
175
176                 /* search for many node*/
177                 iden_child = xmlNodeGetChildByName(identity_node, "many");
178                 if (iden_child) {
179                         domain = NULL;
180                         for (node2 = identity_node->children; node2; node2 = node2->next) {
181                                 if (xmlStrcasecmp(node2->name, (unsigned char*)"many") != 0)
182                                         continue;
183
184                                 domain = xmlNodeGetAttrContentByName(node2, "domain");
185                                 if(domain == NULL) {
186                                         LM_DBG("No domain attribute to many\n");
187                                 } else  {
188                                         LM_DBG("<many domain= %s>\n", domain);
189                                         if((strlen(domain)!= subs->from_domain.len &&
190                                                                 strncmp(domain, subs->from_domain.s,
191                                                                         subs->from_domain.len) )) {
192                                                 xmlFree(domain);
193                                                 continue;
194                                         }
195                                 }
196                                 xmlFree(domain);
197                                 apply_rule = 1;
198                                 if (node2->children == NULL)       /* there is no exception */
199                                         break;
200
201                                 for (except_node = node2->children; except_node;
202                                                 except_node= except_node->next) {
203                                         if(xmlStrcasecmp(except_node->name,
204                                                                 (unsigned char*)"except"))
205                                                 continue;
206
207                                         id = xmlNodeGetAttrContentByName(except_node, "id");
208                                         if (id != NULL) {
209                                                 if((strlen(id)- 1== w_uri.len &&
210                                                                         (strncmp(id, w_uri.s, w_uri.len)==0))) {
211                                                         xmlFree(id);
212                                                         apply_rule = 0;
213                                                         break;
214                                                 }
215                                                 xmlFree(id);
216                                         } else {
217                                                 domain = NULL;
218                                                 domain = xmlNodeGetAttrContentByName(except_node,
219                                                                 "domain");
220                                                 if(domain!=NULL) {
221                                                         LM_DBG("Found except domain= %s\n- strlen(domain)= %d\n",
222                                                                         domain, (int)strlen(domain));
223                                                         if (strlen(domain)==subs->from_domain.len &&
224                                                                         (strncmp(domain,subs->from_domain.s ,
225                                                                                         subs->from_domain.len)==0)) {
226                                                                 LM_DBG("except domain match\n");
227                                                                 xmlFree(domain);
228                                                                 apply_rule = 0;
229                                                                 break;
230                                                         }
231                                                         xmlFree(domain);
232                                                 }
233                                         }
234                                 }
235                                 if (apply_rule == 1)  /* if a match was found no need to keep searching*/
236                                         break;
237                         }
238                 }
239                 if (apply_rule ==1)
240                         break;
241         }
242
243         LM_DBG("apply_rule= %d\n", apply_rule);
244         if(w_uri.s!=NULL)
245                 pkg_free(w_uri.s);
246
247         if( !apply_rule || !node1)
248                 return NULL;
249
250         return node1;
251
252 error:
253         if(w_uri.s)
254                 pkg_free(w_uri.s);
255         return NULL;
256 }
257
258 int pres_watcher_allowed(subs_t* subs)
259 {
260         xmlDocPtr xcap_tree= NULL;
261         xmlNodePtr node= NULL,  actions_node = NULL;
262         xmlNodePtr sub_handling_node = NULL;
263         char* sub_handling = NULL;
264
265         subs->status= PENDING_STATUS;
266         subs->reason.s= NULL;
267         subs->reason.len= 0;
268
269         if (subs->auth_rules_doc== NULL)
270                 return 0;
271
272         xcap_tree= xmlParseMemory(subs->auth_rules_doc->s,
273                         subs->auth_rules_doc->len);
274         if (xcap_tree== NULL) {
275                 LM_ERR("parsing xml memory\n");
276                 return -1;
277         }
278
279         node= get_rule_node(subs, xcap_tree);
280         if (node== NULL) {
281                 xmlFreeDoc(xcap_tree);
282                 return 0;
283         }
284
285         /* process actions */
286         actions_node = xmlNodeGetChildByName(node, "actions");
287         if (actions_node == NULL) {
288                 LM_DBG("actions_node NULL\n");
289                 xmlFreeDoc(xcap_tree);
290                 return 0;
291         }
292         LM_DBG("actions_node->name= %s\n", actions_node->name);
293
294         sub_handling_node = xmlNodeGetChildByName(actions_node, "sub-handling");
295         if (sub_handling_node== NULL) {
296                 LM_DBG("sub_handling_node NULL\n");
297                 xmlFreeDoc(xcap_tree);
298                 return 0;
299         }
300         sub_handling = (char*)xmlNodeGetContent(sub_handling_node);
301         LM_DBG("sub_handling_node->name= %s\n", sub_handling_node->name);
302         LM_DBG("sub_handling_node->content= %s\n", sub_handling);
303
304         if (sub_handling == NULL) {
305                 LM_ERR("Couldn't get sub-handling content\n");
306                 xmlFreeDoc(xcap_tree);
307                 return -1;
308         }
309         if (strncmp((char*)sub_handling, "block", 5) == 0) {
310                 subs->status = TERMINATED_STATUS;
311                 subs->reason.s= "rejected";
312                 subs->reason.len = 8;
313         } else {
314                 if (strncmp((char*)sub_handling, "confirm", 7) == 0) {
315                         subs->status = PENDING_STATUS;
316                 } else {
317                         if (strncmp((char*)sub_handling , "polite-block", 12) == 0) {
318                                 subs->status = ACTIVE_STATUS;
319                                 subs->reason.s= "polite-block";
320                                 subs->reason.len = 12;
321                         } else {
322                                 if (strncmp((char*)sub_handling, "allow", 5) == 0) {
323                                         subs->status = ACTIVE_STATUS;
324                                         subs->reason.s = NULL;
325                                 } else {
326                                         LM_ERR("unknown subscription handling action\n");
327                                         xmlFreeDoc(xcap_tree);
328                                         xmlFree(sub_handling);
329                                         return -1;
330                                 }
331                         }
332                 }
333         }
334
335         xmlFreeDoc(xcap_tree);
336         xmlFree(sub_handling);
337
338         return 0;
339
340 }
341
342 int get_rules_doc(str* user, str* domain, int type, str** rules_doc)
343 {
344         db_key_t query_cols[5];
345         db_val_t query_vals[5];
346         db_key_t result_cols[3];
347         int n_query_cols = 0;
348         db1_res_t *result = 0;
349         db_row_t *row;
350         db_val_t *row_vals;
351         str body;
352         str* doc= NULL;
353         int n_result_cols= 0, xcap_doc_col;
354         static str tmp1 = str_init("username");
355         static str tmp2 = str_init("domain");
356         static str tmp3 = str_init("doc_type");
357         static str tmp4 = str_init("doc");
358
359         LM_DBG("[user]= %.*s\t[domain]= %.*s",
360                         user->len, user->s, domain->len, domain->s);
361
362         query_cols[n_query_cols] = &tmp1;
363         query_vals[n_query_cols].type = DB1_STR;
364         query_vals[n_query_cols].nul = 0;
365         query_vals[n_query_cols].val.str_val = *user;
366         n_query_cols++;
367
368         query_cols[n_query_cols] = &tmp2;
369         query_vals[n_query_cols].type = DB1_STR;
370         query_vals[n_query_cols].nul = 0;
371         query_vals[n_query_cols].val.str_val = *domain;
372         n_query_cols++;
373
374         query_cols[n_query_cols] = &tmp3;
375         query_vals[n_query_cols].type = DB1_INT;
376         query_vals[n_query_cols].nul = 0;
377         query_vals[n_query_cols].val.int_val= type;
378         n_query_cols++;
379
380         result_cols[xcap_doc_col= n_result_cols++] = &tmp4;
381
382         if (pres_dbf.query(pres_dbh, query_cols, 0 , query_vals, result_cols,
383                                 n_query_cols, 1, 0, &result) < 0) {
384                 LM_ERR("while querying table xcap for [user]=%.*s\t[domain]= %.*s\n",
385                                 user->len, user->s, domain->len, domain->s);
386                 if (result)
387                         pres_dbf.free_result(pres_dbh, result);
388                 return -1;
389         }
390
391         if(result == NULL)
392                 return -1;
393
394         if (result->n <= 0) {
395                 LM_DBG("No document found in db table for [user]=%.*s"
396                                 "\t[domain]= %.*s\t[doc_type]= %d\n",user->len, user->s,
397                                 domain->len, domain->s, type);
398                 pres_dbf.free_result(pres_dbh, result);
399                 return 0;
400         }
401
402         row = &result->rows[xcap_doc_col];
403         row_vals = ROW_VALUES(row);
404
405         body.s = (char*)row_vals[0].val.string_val;
406         if (body.s== NULL) {
407                 LM_ERR("Xcap doc NULL\n");
408                 goto error;
409         }
410         body.len = strlen(body.s);
411         if (body.len== 0) {
412                 LM_ERR("Xcap doc empty\n");
413                 goto error;
414         }
415         LM_DBG("xcap document:\n%.*s", body.len,body.s);
416
417         doc= (str*)pkg_malloc(sizeof(str));
418         if (doc== NULL) {
419                 ERR_MEM(PKG_MEM_STR);
420         }
421         doc->s= (char*)pkg_malloc(body.len* sizeof(char));
422         if (doc->s== NULL) {
423                 pkg_free(doc);
424                 ERR_MEM(PKG_MEM_STR);
425         }
426         memcpy(doc->s, body.s, body.len);
427         doc->len= body.len;
428
429         *rules_doc= doc;
430
431         if (result)
432                 pres_dbf.free_result(pres_dbh, result);
433
434         return 0;
435
436 error:
437         if (result)
438                 pres_dbf.free_result(pres_dbh, result);
439
440         return -1;
441
442 }
443
444
445 /*
446  * Checks from presence server xcap table if watcher is authorized
447  * to subscribe event 'presence' of presentity.
448  */
449 int ki_xcap_auth_status(sip_msg_t* _msg, str* watcher_uri, str* presentity_uri)
450 {
451         struct sip_uri uri;
452         str* rules_doc = NULL;
453         subs_t subs;
454         int res;
455
456         if (pres_dbh == 0) {
457                 LM_ERR("function is disabled, to enable define pres_db_url\n");
458                 return -1;
459         }
460
461         if (parse_uri(presentity_uri->s, presentity_uri->len, &uri) < 0) {
462                 LM_ERR("failed to parse presentity uri\n");
463                 return -1;
464         }
465         res = get_rules_doc(&uri.user, &uri.host, PRES_RULES, &rules_doc);
466         if ((res < 0) || (rules_doc == NULL) || (rules_doc->s == NULL)) {
467                 LM_DBG("no xcap rules doc found for presentity uri\n");
468                 return PENDING_STATUS;
469         }
470
471         if (parse_uri(watcher_uri->s, watcher_uri->len, &uri) < 0) {
472                 LM_ERR("failed to parse watcher uri\n");
473                 goto err;
474         }
475
476         subs.from_user = uri.user;
477         subs.from_domain = uri.host;
478         subs.pres_uri = *presentity_uri;
479         subs.auth_rules_doc = rules_doc;
480         if (pres_watcher_allowed(&subs) < 0) {
481                 LM_ERR("getting status from rules document\n");
482                 goto err;
483         }
484         LM_DBG("auth status of watcher <%.*s> on presentity <%.*s> is %d\n",
485                         watcher_uri->len, watcher_uri->s,
486                         presentity_uri->len, presentity_uri->s,
487                         subs.status);
488         pkg_free(rules_doc->s);
489         pkg_free(rules_doc);
490         return subs.status;
491
492 err:
493         pkg_free(rules_doc->s);
494         pkg_free(rules_doc);
495         return -1;
496 }
497
498 int w_xcap_auth_status(struct sip_msg* _msg, char* _sp1, char* _sp2)
499 {
500         str watcher_uri, presentity_uri;
501
502         if(fixup_get_svalue(_msg, (gparam_t*)_sp1, &watcher_uri)<0) {
503                 LM_ERR("cannot get the watcher uri\n");
504                 return -1;
505         }
506         if(fixup_get_svalue(_msg, (gparam_t*)_sp2, &presentity_uri)<0) {
507                 LM_ERR("cannot get the presentity uri\n");
508                 return -1;
509         }
510
511         return ki_xcap_auth_status(_msg, &watcher_uri, &presentity_uri);
512 }