Comparison, not set :) Thanks mvanbaak.
[asterisk/asterisk.git] / apps / app_authenticate.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2005, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*! \file
20  *
21  * \brief Execute arbitrary authenticate commands
22  *
23  * \author Mark Spencer <markster@digium.com>
24  * 
25  * \ingroup applications
26  */
27
28 #include "asterisk.h"
29
30 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
31
32 #include "asterisk/lock.h"
33 #include "asterisk/file.h"
34 #include "asterisk/channel.h"
35 #include "asterisk/pbx.h"
36 #include "asterisk/module.h"
37 #include "asterisk/app.h"
38 #include "asterisk/astdb.h"
39 #include "asterisk/utils.h"
40
41 enum {
42         OPT_ACCOUNT = (1 << 0),
43         OPT_DATABASE = (1 << 1),
44         OPT_MULTIPLE = (1 << 3),
45         OPT_REMOVE = (1 << 4),
46 } auth_option_flags;
47
48 AST_APP_OPTIONS(auth_app_options, {
49         AST_APP_OPTION('a', OPT_ACCOUNT),
50         AST_APP_OPTION('d', OPT_DATABASE),
51         AST_APP_OPTION('m', OPT_MULTIPLE),
52         AST_APP_OPTION('r', OPT_REMOVE),
53 });
54
55
56 static char *app = "Authenticate";
57
58 static char *synopsis = "Authenticate a user";
59
60 static char *descrip =
61 "  Authenticate(password[,options[,maxdigits]]): This application asks the caller\n"
62 "to enter a given password in order to continue dialplan execution. If the password\n"
63 "begins with the '/' character, it is interpreted as a file which contains a list of\n"
64 "valid passwords, listed 1 password per line in the file.\n"
65 "  When using a database key, the value associated with the key can be anything.\n"
66 "Users have three attempts to authenticate before the channel is hung up.\n"
67 "  Options:\n"
68 "     a - Set the channels' account code to the password that is entered\n"
69 "     d - Interpret the given path as database key, not a literal file\n"
70 "     m - Interpret the given path as a file which contains a list of account\n"
71 "         codes and password hashes delimited with ':', listed one per line in\n"
72 "         the file. When one of the passwords is matched, the channel will have\n"
73 "         its account code set to the corresponding account code in the file.\n"
74 "     r - Remove the database key upon successful entry (valid with 'd' only)\n"
75 "     maxdigits  - maximum acceptable number of digits. Stops reading after\n"
76 "         maxdigits have been entered (without requiring the user to\n"
77 "         press the '#' key).\n"
78 "         Defaults to 0 - no limit - wait for the user press the '#' key.\n"
79 ;
80
81 static int auth_exec(struct ast_channel *chan, void *data)
82 {
83         int res = 0, retries, maxdigits;
84         char passwd[256], *prompt = "agent-pass", *argcopy = NULL;
85         struct ast_flags flags = {0};
86
87         AST_DECLARE_APP_ARGS(arglist,
88                 AST_APP_ARG(password);
89                 AST_APP_ARG(options);
90                 AST_APP_ARG(maxdigits);
91         );
92         
93         if (ast_strlen_zero(data)) {
94                 ast_log(LOG_WARNING, "Authenticate requires an argument(password)\n");
95                 return -1;
96         }
97
98         if (chan->_state != AST_STATE_UP) {
99                 if ((res = ast_answer(chan)))
100                         return -1;
101         }
102         
103         argcopy = ast_strdupa(data);
104
105         AST_STANDARD_APP_ARGS(arglist, argcopy);
106         
107         if (!ast_strlen_zero(arglist.options))
108                 ast_app_parse_options(auth_app_options, &flags, NULL, arglist.options);
109
110         if (!ast_strlen_zero(arglist.maxdigits)) {
111                 maxdigits = atoi(arglist.maxdigits);
112                 if ((maxdigits<1) || (maxdigits>sizeof(passwd)-2))
113                         maxdigits = sizeof(passwd) - 2;
114         } else {
115                 maxdigits = sizeof(passwd) - 2;
116         }
117
118         /* Start asking for password */
119         for (retries = 0; retries < 3; retries++) {
120                 if ((res = ast_app_getdata(chan, prompt, passwd, maxdigits, 0)) < 0)
121                         break;
122
123                 res = 0;
124
125                 if (arglist.password[0] != '/') {
126                         /* Compare against a fixed password */
127                         if (!strcmp(passwd, arglist.password)) 
128                                 break;
129                 }
130
131                 if (ast_test_flag(&flags,OPT_DATABASE)) {
132                         char tmp[256];
133                         /* Compare against a database key */
134                         if (!ast_db_get(arglist.password + 1, passwd, tmp, sizeof(tmp))) {
135                                 /* It's a good password */
136                                 if (ast_test_flag(&flags,OPT_REMOVE))
137                                         ast_db_del(arglist.password + 1, passwd);
138                                 break;
139                         }
140                 } else {
141                         /* Compare against a file */
142                         FILE *f;
143                         char buf[256] = "", md5passwd[33] = "", *md5secret = NULL;
144                                 
145                         if (!(f = fopen(arglist.password, "r"))) {
146                                 ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", arglist.password, strerror(errno));
147                                 continue;
148                         }
149
150                         for (;;) {
151                                 size_t len;
152
153                                 if (feof(f))
154                                         break;
155
156                                 fgets(buf, sizeof(buf), f);
157
158                                 if (ast_strlen_zero(buf))
159                                         continue;
160
161                                 len = strlen(buf) - 1;
162                                 if (buf[len - 1] == '\n')
163                                         buf[len - 1] = '\0';
164
165                                 if (ast_test_flag(&flags, OPT_MULTIPLE)) {
166                                         md5secret = buf;
167                                         strsep(&md5secret, ":");
168                                         if (!md5secret)
169                                                 continue;
170                                         ast_md5_hash(md5passwd, passwd);
171                                         if (!strcmp(md5passwd, md5secret)) {
172                                                 if (ast_test_flag(&flags,OPT_ACCOUNT))
173                                                         ast_cdr_setaccount(chan, buf);
174                                                 break;
175                                         }
176                                 } else {
177                                         if (!strcmp(passwd, buf)) {
178                                                 if (ast_test_flag(&flags, OPT_ACCOUNT))
179                                                         ast_cdr_setaccount(chan, buf);
180                                                 break;
181                                         }
182                                 }
183                         }
184
185                         fclose(f);
186
187                         if (!ast_strlen_zero(buf)) {
188                                 if (ast_test_flag(&flags, OPT_MULTIPLE)) {
189                                         if (md5secret && !strcmp(md5passwd, md5secret))
190                                                 break;
191                                 } else {
192                                         if (!strcmp(passwd, buf))
193                                                 break;
194                                 }
195                         }
196                 }
197                 prompt = "auth-incorrect";
198         }
199
200         if ((retries < 3) && !res) {
201                 if (ast_test_flag(&flags,OPT_ACCOUNT) && !ast_test_flag(&flags,OPT_MULTIPLE)) 
202                         ast_cdr_setaccount(chan, passwd);
203                 if (!(res = ast_streamfile(chan, "auth-thankyou", chan->language)))
204                         res = ast_waitstream(chan, "");
205         } else {
206                 if (!ast_streamfile(chan, "vm-goodbye", chan->language))
207                         res = ast_waitstream(chan, "");
208                 res = -1;
209         }
210
211         return res;
212 }
213
214 static int unload_module(void)
215 {
216         return ast_unregister_application(app);
217 }
218
219 static int load_module(void)
220 {
221         if (ast_register_application(app, auth_exec, synopsis, descrip))
222                 return AST_MODULE_LOAD_FAILURE;
223         return AST_MODULE_LOAD_SUCCESS;
224 }
225
226 AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Authentication Application");