d6/d0f/app__authenticate_8c_source.html

/*

 * Asterisk -- An open source telephony toolkit.

 *

 * Copyright (C) 1999 - 2005, Digium, Inc.

 *

 * Mark Spencer <markster@digium.com>

 *

 * See http://www.asterisk.org for more information about

 * the Asterisk project. Please do not directly contact

 * any of the maintainers of this project for assistance;

 * the project provides a web site, mailing lists and IRC

 * channels for your use.

 *

 * This program is free software, distributed under the terms of

 * the GNU General Public License Version 2. See the LICENSE file

 * at the top of the source tree.

 */


/*! \file

 *

 * \brief Execute arbitrary authenticate commands

 *

 * \author Mark Spencer <markster@digium.com>

 *

 * \ingroup applications

 */


/*** MODULEINFO

    <support_level>core</support_level>

 ***/


#include "asterisk.h"


#include "asterisk/lock.h"

#include "asterisk/file.h"

#include "asterisk/channel.h"

#include "asterisk/pbx.h"

#include "asterisk/module.h"

#include "asterisk/app.h"

#include "asterisk/astdb.h"

#include "asterisk/utils.h"


enum {

    OPT_ACCOUNT = (1 << 0),

    OPT_DATABASE = (1 << 1),

    OPT_MULTIPLE = (1 << 3),

    OPT_REMOVE = (1 << 4),

};


AST_APP_OPTIONS(auth_app_options, {

    AST_APP_OPTION('a', OPT_ACCOUNT),

    AST_APP_OPTION('d', OPT_DATABASE),

    AST_APP_OPTION('m', OPT_MULTIPLE),

    AST_APP_OPTION('r', OPT_REMOVE),

});


static const char app[] = "Authenticate";

/*** DOCUMENTATION

    <application name="Authenticate" language="en_US">

        <since>

            <version>0.4.0</version>

        </since>

        <synopsis>

            Authenticate a user

        </synopsis>

        <syntax>

            <parameter name="password" required="true">

                <para>Password the user should know</para>

            </parameter>

            <parameter name="options" required="false">

                <optionlist>

                    <option name="a">

                        <para>Set the channels' account code to the password that is entered</para>

                    </option>

                    <option name="d">

                        <para>Interpret the given path as database key, not a literal file.</para>

                        <note>

                            <para>The value is not used at all in the authentication when using this option.

                            If the family/key is set to <literal>/pin/100</literal> (value does not matter)

                            then the password field needs to be set to <literal>/pin</literal> and the pin entered

                            by the user would be authenticated against <literal>100</literal>.</para>

                        </note>

                    </option>

                    <option name="m">

                        <para>Interpret the given path as a file which contains a list of account

                        codes and password hashes delimited with <literal>:</literal>, listed one per line in

                        the file. When one of the passwords is matched, the channel will have

                        its account code set to the corresponding account code in the file.</para>

                    </option>

                    <option name="r">

                        <para>Remove the database key upon successful entry (valid with <literal>d</literal> only)</para>

                    </option>

                </optionlist>

            </parameter>

            <parameter name="maxdigits" required="false">

                <para>maximum acceptable number of digits. Stops reading after

                maxdigits have been entered (without requiring the user to press the <literal>#</literal> key).

                Defaults to 0 - no limit - wait for the user press the <literal>#</literal> key.</para>

            </parameter>

            <parameter name="prompt" required="false" argsep="&amp;">

                <para>Override the &quot;agent-pass&quot; sound file. Can be

                an ampersand separated list of filenames. If the filename

                is a relative filename (it does not begin with a slash), it

                will be searched for in the Asterisk sounds directory. If the

                filename is able to be parsed as a URL, Asterisk will

                download the file and then begin playback on it. To include a

                literal <literal>&amp;</literal> in the URL you can enclose

                the URL in single quotes.</para>

                <argument name="prompt" required="true" />

                <argument name="prompt2" multiple="true" />

            </parameter>

        </syntax>

        <description>

            <para>This application asks the caller to enter a given password in order to continue dialplan execution.</para>

            <para>If the password begins with the <literal>/</literal> character,

            it is interpreted as a file which contains a list of valid passwords, listed 1 password per line in the file.</para>

            <para>When using a database key, the value associated with the key can be anything.</para>

            <para>Users have three attempts to authenticate before the channel is hung up.</para>

        </description>

        <see-also>

            <ref type="application">VMAuthenticate</ref>

            <ref type="application">DISA</ref>

        </see-also>

    </application>

 ***/


static int auth_exec(struct ast_channel *chan, const char *data)

{

    int res = 0, retries, maxdigits;

    char passwd[256], *prompt = "agent-pass", *argcopy = NULL;

    struct ast_flags flags = {0};


    AST_DECLARE_APP_ARGS(arglist,

        AST_APP_ARG(password);

        AST_APP_ARG(options);

        AST_APP_ARG(maxdigits);

        AST_APP_ARG(prompt);

    );


    if (ast_strlen_zero(data)) {

        ast_log(LOG_WARNING, "Authenticate requires an argument(password)\n");

        return -1;

    }


    if (ast_channel_state(chan) != AST_STATE_UP) {

        if ((res = ast_answer(chan)))

            return -1;

    }


    argcopy = ast_strdupa(data);


    AST_STANDARD_APP_ARGS(arglist, argcopy);


    if (!ast_strlen_zero(arglist.options))

        ast_app_parse_options(auth_app_options, &flags, NULL, arglist.options);


    if (!ast_strlen_zero(arglist.maxdigits)) {

        maxdigits = atoi(arglist.maxdigits);

        if ((maxdigits<1) || (maxdigits>sizeof(passwd)-2))

            maxdigits = sizeof(passwd) - 2;

    } else {

        maxdigits = sizeof(passwd) - 2;

    }


    if (!ast_strlen_zero(arglist.prompt)) {

        prompt = arglist.prompt;

    } else {

        prompt = "agent-pass";

    }


    /* Start asking for password */

    for (retries = 0; retries < 3; retries++) {

        if ((res = ast_app_getdata(chan, prompt, passwd, maxdigits, 0)) < 0)

            break;


        res = 0;


        if (arglist.password[0] != '/') {

            /* Compare against a fixed password */

            if (!strcmp(passwd, arglist.password))

                break;

        } else if (ast_test_flag(&flags,OPT_DATABASE)) {

            char tmp[256];

            /* Compare against a database key */

            if (!ast_db_get(arglist.password + 1, passwd, tmp, sizeof(tmp))) {

                /* It's a good password */

                if (ast_test_flag(&flags,OPT_REMOVE))

                    ast_db_del(arglist.password + 1, passwd);

                break;

            }

        } else {

            /* Compare against a file */

            FILE *f;

            char buf[256] = "", md5passwd[33] = "", *md5secret = NULL;


            if (!(f = fopen(arglist.password, "r"))) {

                ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", arglist.password, strerror(errno));

                continue;

            }


            for (;;) {

                size_t len;


                if (feof(f))

                    break;


                if (!fgets(buf, sizeof(buf), f)) {

                    continue;

                }


                if (ast_strlen_zero(buf))

                    continue;


                len = strlen(buf) - 1;

                if (buf[len] == '\n')

                    buf[len] = '\0';


                if (ast_test_flag(&flags, OPT_MULTIPLE)) {

                    md5secret = buf;

                    strsep(&md5secret, ":");

                    if (!md5secret)

                        continue;

                    ast_md5_hash(md5passwd, passwd);

                    if (!strcmp(md5passwd, md5secret)) {

                        if (ast_test_flag(&flags, OPT_ACCOUNT)) {

                            ast_channel_lock(chan);

                            ast_channel_accountcode_set(chan, buf);

                            ast_channel_unlock(chan);

                        }

                        break;

                    }

                } else {

                    if (!strcmp(passwd, buf)) {

                        if (ast_test_flag(&flags, OPT_ACCOUNT)) {

                            ast_channel_lock(chan);

                            ast_channel_accountcode_set(chan, buf);

                            ast_channel_unlock(chan);

                        }

                        break;

                    }

                }

            }


            fclose(f);


            if (!ast_strlen_zero(buf)) {

                if (ast_test_flag(&flags, OPT_MULTIPLE)) {

                    if (md5secret && !strcmp(md5passwd, md5secret))

                        break;

                } else {

                    if (!strcmp(passwd, buf))

                        break;

                }

            }

        }

        prompt = "auth-incorrect";

    }


    if ((retries < 3) && !res) {

        if (ast_test_flag(&flags,OPT_ACCOUNT) && !ast_test_flag(&flags,OPT_MULTIPLE)) {

            ast_channel_lock(chan);

            ast_channel_accountcode_set(chan, passwd);

            ast_channel_unlock(chan);

        }

        if (!(res = ast_streamfile(chan, "auth-thankyou", ast_channel_language(chan))))

            res = ast_waitstream(chan, "");

    } else {

        if (!ast_streamfile(chan, "vm-goodbye", ast_channel_language(chan)))

            res = ast_waitstream(chan, "");

        res = -1;

    }


    return res;

}


static int unload_module(void)

{

    return ast_unregister_application(app);

}


static int load_module(void)

{

    if (ast_register_application_xml(app, auth_exec))

        return AST_MODULE_LOAD_DECLINE;

    return AST_MODULE_LOAD_SUCCESS;

}


AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Authentication Application");

OPT_MULTIPLE
@ OPT_MULTIPLE
Definition: app_authenticate.c:46

OPT_DATABASE
@ OPT_DATABASE
Definition: app_authenticate.c:45

OPT_ACCOUNT
@ OPT_ACCOUNT
Definition: app_authenticate.c:44

OPT_REMOVE
@ OPT_REMOVE
Definition: app_authenticate.c:47

app
static const char app[]
Definition: app_authenticate.c:58

auth_exec
static int auth_exec(struct ast_channel *chan, const char *data)
Definition: app_authenticate.c:128

auth_app_options
static const struct ast_app_option auth_app_options[128]
Definition: app_authenticate.c:55

load_module
static int load_module(void)
Definition: app_authenticate.c:282

unload_module
static int unload_module(void)
Definition: app_authenticate.c:277

astdb.h
Persistent data storage (akin to *doze registry)

ast_db_get
int ast_db_get(const char *family, const char *key, char *value, int valuelen)
Get key value specified by family/key.
Definition: db.c:421

ast_db_del
int ast_db_del(const char *family, const char *key)
Delete entry in astdb.
Definition: db.c:472

strsep
char * strsep(char **str, const char *delims)

prompt
static struct ast_str * prompt
Definition: asterisk.c:2786

asterisk.h
Asterisk main include file. File version handling, generic pbx functions.

ast_strdupa
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298

ast_log
#define ast_log
Definition: astobj2.c:42

channel.h
General Asterisk PBX channel definitions.

ast_channel_lock
#define ast_channel_lock(chan)
Definition: channel.h:2970

ast_channel_language
const char * ast_channel_language(const struct ast_channel *chan)

ast_answer
int ast_answer(struct ast_channel *chan)
Answer a channel.
Definition: channel.c:2834

ast_channel_unlock
#define ast_channel_unlock(chan)
Definition: channel.h:2971

ast_channel_state
ast_channel_state
ast_channel states
Definition: channelstate.h:35

AST_STATE_UP
@ AST_STATE_UP
Definition: channelstate.h:42

buf
char buf[BUFSIZE]
Definition: eagi_proxy.c:66

file.h
Generic File Format Support. Should be included by clients of the file handling routines....

ast_streamfile
int ast_streamfile(struct ast_channel *c, const char *filename, const char *preflang)
Streams a file.
Definition: file.c:1301

ast_waitstream
int ast_waitstream(struct ast_channel *c, const char *breakon)
Waits for a stream to stop or digit to be pressed.
Definition: file.c:1848

len
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
Definition: func_strings.c:1669

app.h
Application convenience functions, designed to give consistent look and feel to Asterisk apps.

AST_APP_ARG
#define AST_APP_ARG(name)
Define an application argument.
Definition: include/asterisk/app.h:1230

AST_APP_OPTIONS
#define AST_APP_OPTIONS(holder, options...)
Declares an array of options for an application.
Definition: include/asterisk/app.h:1391

ast_app_getdata
enum ast_getdata_result ast_app_getdata(struct ast_channel *c, const char *prompt, char *s, int maxlen, int timeout)
Plays a stream and gets DTMF data from a channel.
Definition: main/app.c:188

AST_DECLARE_APP_ARGS
#define AST_DECLARE_APP_ARGS(name, arglist)
Declare a structure to hold an application's arguments.
Definition: include/asterisk/app.h:1247

AST_STANDARD_APP_ARGS
#define AST_STANDARD_APP_ARGS(args, parse)
Performs the 'standard' argument separation process for an application.
Definition: include/asterisk/app.h:1283

AST_APP_OPTION
#define AST_APP_OPTION(option, flagno)
Declares an application option that does not accept an argument.
Definition: include/asterisk/app.h:1400

ast_app_parse_options
int ast_app_parse_options(const struct ast_app_option *options, struct ast_flags *flags, char **args, char *optstr)
Parses a string containing application options and sets flags/arguments.
Definition: main/app.c:3066

LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:278

lock.h
Asterisk locking-related definitions:

errno
int errno

module.h
Asterisk module definitions.

AST_MODULE_INFO_STANDARD
#define AST_MODULE_INFO_STANDARD(keystr, desc)
Definition: module.h:581

ASTERISK_GPL_KEY
#define ASTERISK_GPL_KEY
The text the key() function should return.
Definition: module.h:46

ast_unregister_application
int ast_unregister_application(const char *app)
Unregister an application.
Definition: pbx_app.c:392

AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70

AST_MODULE_LOAD_DECLINE
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78

ast_register_application_xml
#define ast_register_application_xml(app, execute)
Register an application using XML documentation.
Definition: module.h:640

pbx.h
Core PBX routines and definitions.

NULL
#define NULL
Definition: resample.c:96

ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65

ast_channel
Main Channel structure associated with a channel.
Definition: channel_internal_api.c:74

ast_flags
Structure used to handle boolean flags.
Definition: utils.h:199

ast_flags::flags
unsigned int flags
Definition: utils.h:200

options
static struct test_options options
Definition: test_http_media_cache.c:63

utils.h
Utility functions.

ast_test_flag
#define ast_test_flag(p, flag)
Definition: utils.h:63

ast_md5_hash
void ast_md5_hash(char *output, const char *input)
Produces MD5 hash based on input string.
Definition: utils.c:250