tmp » snapshot2008729 » ser_ims » modules » icscf

nds.c File Reference

Detailed Description

Interrogating-CSCF - Network Domain Security Operations.

Author:
Dragos Vingarzan vingarzan -at- fokus dot fraunhofer dot de

Definition in file nds.c.

#include "nds.h"
#include "../../parser/hf.h"
#include "../../parser/msg_parser.h"
#include "../../parser/parse_via.h"
#include "../../mem/shm_mem.h"
#include "mod.h"
#include "sip.h"
#include "db.h"

Go to the source code of this file.

Functions

int I_NDS_check_trusted (struct sip_msg *msg, char *str1, char *str2)
 Checks if a request comes from a trusted domain.
int I_NDS_is_trusted (struct sip_msg *msg, char *str1, char *str2)
 Decides if a message comes from a trusted domain.
int I_NDS_strip_headers (struct sip_msg *msg, char *str1, char *str2)
 Strips untrusty headers from a SIP request.
int I_NDS_get_trusted_domains ()
 Refreshes the trusted domain list reading them from the db.

Variables

int(*) sl_reply (struct sip_msg *_msg, char *_str1, char *_str2)
 link to the stateless reply function in sl module
str untrusted_headers []
 Defines the untrusted headers.
static str * trusted_domains = 0
 The cached list of trusted domains.

Function Documentation

int I_NDS_check_trusted ( struct sip_msg *  msg,
char *  str1,
char *  str2 
)

Checks if a request comes from a trusted domain.

If not calls function to respond with 403 to REGISTER or clean the message of untrusted headers

Parameters:
msg - the SIP message
str1 - not used
str2 - not used
Returns:
CSCF_RETURN_TRUE if trusted, CSCF_RETURN_FALSE if not , CSCF_RETURN_ERROR on REGISTER or error

Definition at line 93 of file nds.c.

References CSCF_RETURN_ERROR, CSCF_RETURN_FALSE, CSCF_RETURN_TRUE, I_NDS_is_trusted(), I_NDS_strip_headers(), M_NAME, MSG_403, MSG_500, and sl_reply.

00094 {
00095     int result;
00096     LOG(L_ERR,"DBG:"M_NAME":I_NDS_check_trusted: Starting ...\n");
00097     if (msg->first_line.type!=SIP_REQUEST) {
00098         LOG(L_ERR,"ERR:"M_NAME":I_NDS_check_trusted: The message is not a request\n");
00099         result = CSCF_RETURN_TRUE;  
00100         goto done;
00101     }
00102     if (I_NDS_is_trusted(msg,str1,str2)){
00103         LOG(L_INFO,"INF:"M_NAME":I_NDS_check_trusted: Message comes from a trusted domain\n");
00104         result = CSCF_RETURN_TRUE;  
00105         goto done;
00106     } else {
00107         LOG(L_INFO,"INF:"M_NAME":I_NDS_check_trusted: Message comes from an untrusted domain\n");
00108         result = CSCF_RETURN_FALSE;                 
00109         if (msg->first_line.u.request.method.len==8 &&
00110             memcmp(msg->first_line.u.request.method.s,"REGISTER",8)==0){
00111             sl_reply(msg,(char*)403,MSG_403);
00112             LOG(L_INFO,"INF:"M_NAME":I_NDS_check_trusted: REGISTER request terminated.\n");
00113         } else {
00114             if (!I_NDS_strip_headers(msg,str1,str2)){
00115                 result = CSCF_RETURN_ERROR;
00116                 sl_reply(msg,(char*)500,MSG_500);
00117                 LOG(L_INFO,"INF:"M_NAME":I_NDS_check_trusted: Stripping untrusted headers failed, Responding with 500.\n");             
00118             }
00119         }                   
00120     }
00121     
00122 done:   
00123     LOG(L_ERR,"DBG:"M_NAME":I_NDS_check_trusted: ... Done\n");
00124     return result;
00125 }

int I_NDS_is_trusted ( struct sip_msg *  msg,
char *  str1,
char *  str2 
)

Decides if a message comes from a trusted domain.

Todo:
  • SOLVE THE LOCKING PROBLEM - THIS IS A READER
Parameters:
msg - the SIP request message
str1 - not used
str2 - not used
Returns:
CSCF_RETURN_TRUE if trusted, CSCF_RETURN_FALSE

Definition at line 135 of file nds.c.

References CSCF_RETURN_FALSE, CSCF_RETURN_TRUE, M_NAME, and trusted_domains.

Referenced by I_NDS_check_trusted().

00136 {
00137     struct via_body *vb;
00138     str subdomain;
00139     int i;
00140     
00141     vb = msg->via1;
00142     if (!vb) {
00143         LOG(L_ERR,"ERR:"M_NAME":I_NDS_is_trusted: Error VIA1 hdr not found\n");
00144         return 0;
00145     }
00146     subdomain=vb->host;
00147     LOG(L_DBG,"DBG:"M_NAME":I_NDS_is_trusted: Message comes from <%.*s>\n",
00148         subdomain.len,subdomain.s);
00149         
00150     i=0;
00151     while(trusted_domains[i].len){
00152         if (trusted_domains[i].len<=subdomain.len){
00153             if (strncasecmp(subdomain.s+subdomain.len-trusted_domains[i].len,
00154                 trusted_domains[i].s,
00155                 trusted_domains[i].len)==0 &&
00156                     (trusted_domains[i].len==subdomain.len ||
00157                      subdomain.s[subdomain.len-trusted_domains[i].len-1]=='.'))
00158             {                   
00159                 LOG(L_DBG,"DBG:"M_NAME":I_NDS_is_trusted: <%.*s> matches <%.*s>\n",
00160                     subdomain.len,subdomain.s,trusted_domains[i].len,trusted_domains[i].s);
00161                 return CSCF_RETURN_TRUE;
00162             } else {
00163 //              LOG(L_DBG,"DBG:"M_NAME":I_NDS_is_trusted: <%.*s> !matches <%.*s>\n",
00164 //                  subdomain.len,subdomain.s,trusted_domains[i].len,trusted_domains[i].s);
00165             }                   
00166         }
00167         i++;
00168     }
00169     return CSCF_RETURN_FALSE;
00170 }

int I_NDS_strip_headers ( struct sip_msg *  msg,
char *  str1,
char *  str2 
)

Strips untrusty headers from a SIP request.

Searched headers are declared in untrusted_headers

Parameters:
msg - the SIP request message
str1 - not used
str2 - not used
Returns:
the number of headers stripped

Definition at line 182 of file nds.c.

References cscf_del_header(), if, and untrusted_headers.

Referenced by I_NDS_check_trusted().

00183 {
00184     struct hdr_field *hdr;
00185     int i,cnt=0;
00186     if (parse_headers(msg,HDR_EOH_F,0)<0) return 0;
00187     for (hdr = msg->headers;hdr;hdr = hdr->next)
00188         for (i=0;untrusted_headers[i].len;i++)
00189             if (hdr->name.len == untrusted_headers[i].len &&
00190                 strncasecmp(hdr->name.s,untrusted_headers[i].s,hdr->name.len)==0){              
00191                 if (!cscf_del_header(msg,hdr)) return 0;
00192                 cnt++;
00193             }
00194     LOG(L_DBG,"DBG:"M_NAME":I_NDS_strip_headers: Deleted %d headers\n",cnt);            
00195     return cnt;
00196 }

int I_NDS_get_trusted_domains (  ) 

Refreshes the trusted domain list reading them from the db.

Drops the old cache and queries the db

Todo:
  • IMPLEMENT A WAY TO PUSH AN EXTERNAL EVENT FOR THIS
Todo:
  • SOLVE THE LOCKING PROBLEM - THIS IS A WRITER
Returns:
1 on success, 0 on failure

Definition at line 207 of file nds.c.

References icscf_db_get_nds(), and trusted_domains.

Referenced by icscf_mod_init().

00208 {
00209     int i;
00210     /* free the old cache */
00211     if (trusted_domains!=0){
00212         i=0;
00213         while(trusted_domains[i].s){
00214             shm_free(trusted_domains[i].s);
00215             i++;
00216         }
00217         shm_free(trusted_domains);
00218     }
00219     return icscf_db_get_nds(&trusted_domains);
00220 }

Variable Documentation

int(*) sl_reply(struct sip_msg *_msg, char *_str1, char *_str2)

link to the stateless reply function in sl module

Definition at line 254 of file mod.c.

str untrusted_headers[]

Initial value:

{
    {"P-Asserted-Identity",19},
    {"P-Access-Network-Info",21},
    {"P-Charging-Vector",17},
    {"P-Charging-Function-Addresses",29},
    {0,0}   
}
Defines the untrusted headers.

Definition at line 71 of file nds.c.

Referenced by I_NDS_strip_headers().

str* trusted_domains = 0 [static]

The cached list of trusted domains.

Definition at line 80 of file nds.c.

Referenced by I_NDS_get_trusted_domains(), and I_NDS_is_trusted().

Generated on Tue Jul 29 04:19:15 2008 for Open IMS Core CSCFs by  doxygen 1.5.2