4cd85ce4f24e0c1d6082ea18135558cae0bef270
[asterisk/asterisk.git] / apps / app_authenticate.c
1 /*
2  * Asterisk -- An open source telephony toolkit.
3  *
4  * Copyright (C) 1999 - 2005, Digium, Inc.
5  *
6  * Mark Spencer <markster@digium.com>
7  *
8  * See http://www.asterisk.org for more information about
9  * the Asterisk project. Please do not directly contact
10  * any of the maintainers of this project for assistance;
11  * the project provides a web site, mailing lists and IRC
12  * channels for your use.
13  *
14  * This program is free software, distributed under the terms of
15  * the GNU General Public License Version 2. See the LICENSE file
16  * at the top of the source tree.
17  */
18
19 /*! \file
20  *
21  * \brief Execute arbitrary authenticate commands
22  *
23  * \author Mark Spencer <markster@digium.com>
24  * 
25  * \ingroup applications
26  */
27
28 #include "asterisk.h"
29
30 ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
31
32 #include <stdlib.h>
33 #include <unistd.h>
34 #include <string.h>
35 #include <errno.h>
36 #include <stdio.h>
37
38 #include "asterisk/lock.h"
39 #include "asterisk/file.h"
40 #include "asterisk/logger.h"
41 #include "asterisk/channel.h"
42 #include "asterisk/pbx.h"
43 #include "asterisk/module.h"
44 #include "asterisk/app.h"
45 #include "asterisk/astdb.h"
46 #include "asterisk/utils.h"
47 #include "asterisk/options.h"
48
49 enum {
50         OPT_ACCOUNT = (1 << 0),
51         OPT_DATABASE = (1 << 1),
52         OPT_MULTIPLE = (1 << 3),
53         OPT_REMOVE = (1 << 4),
54 } auth_option_flags;
55
56 AST_APP_OPTIONS(auth_app_options, {
57         AST_APP_OPTION('a', OPT_ACCOUNT),
58         AST_APP_OPTION('d', OPT_DATABASE),
59         AST_APP_OPTION('m', OPT_MULTIPLE),
60         AST_APP_OPTION('r', OPT_REMOVE),
61 });
62
63
64 static char *app = "Authenticate";
65
66 static char *synopsis = "Authenticate a user";
67
68 static char *descrip =
69 "  Authenticate(password[|options[|maxdigits]]): This application asks the caller\n"
70 "to enter a given password in order to continue dialplan execution. If the password\n"
71 "begins with the '/' character, it is interpreted as a file which contains a list of\n"
72 "valid passwords, listed 1 password per line in the file.\n"
73 "  When using a database key, the value associated with the key can be anything.\n"
74 "Users have three attempts to authenticate before the channel is hung up.\n"
75 "  Options:\n"
76 "     a - Set the channels' account code to the password that is entered\n"
77 "     d - Interpret the given path as database key, not a literal file\n"
78 "     m - Interpret the given path as a file which contains a list of account\n"
79 "         codes and password hashes delimited with ':', listed one per line in\n"
80 "         the file. When one of the passwords is matched, the channel will have\n"
81 "         its account code set to the corresponding account code in the file.\n"
82 "     r - Remove the database key upon successful entry (valid with 'd' only)\n"
83 "     maxdigits  - maximum acceptable number of digits. Stops reading after\n"
84 "         maxdigits have been entered (without requiring the user to\n"
85 "         press the '#' key).\n"
86 "         Defaults to 0 - no limit - wait for the user press the '#' key.\n"
87 ;
88
89 static int auth_exec(struct ast_channel *chan, void *data)
90 {
91         int res=0;
92         int retries;
93         struct ast_module_user *u;
94         char passwd[256];
95         char *prompt;
96         int maxdigits;
97         char *argcopy =NULL;
98         struct ast_flags flags = {0};
99
100         AST_DECLARE_APP_ARGS(arglist,
101                 AST_APP_ARG(password);
102                 AST_APP_ARG(options);
103                 AST_APP_ARG(maxdigits);
104         );
105         
106         if (ast_strlen_zero(data)) {
107                 ast_log(LOG_WARNING, "Authenticate requires an argument(password)\n");
108                 return -1;
109         }
110         
111         u = ast_module_user_add(chan);
112
113         if (chan->_state != AST_STATE_UP) {
114                 res = ast_answer(chan);
115                 if (res) {
116                         ast_module_user_remove(u);
117                         return -1;
118                 }
119         }
120         
121         argcopy = ast_strdupa(data);
122
123         AST_STANDARD_APP_ARGS(arglist,argcopy);
124         
125         if (!ast_strlen_zero(arglist.options)) {
126                 ast_app_parse_options(auth_app_options, &flags, NULL, arglist.options);
127         }
128
129         if (!ast_strlen_zero(arglist.maxdigits)) {
130                 maxdigits = atoi(arglist.maxdigits);
131                 if ((maxdigits<1) || (maxdigits>sizeof(passwd)-2))
132                         maxdigits = sizeof(passwd) - 2;
133         } else {
134                 maxdigits = sizeof(passwd) - 2;
135         }
136
137         /* Start asking for password */
138         prompt = "agent-pass";
139         for (retries = 0; retries < 3; retries++) {
140                 res = ast_app_getdata(chan, prompt, passwd, maxdigits, 0);
141                 if (res < 0)
142                         break;
143                 res = 0;
144                 if (arglist.password[0] == '/') {
145                         if (ast_test_flag(&flags,OPT_DATABASE)) {
146                                 char tmp[256];
147                                 /* Compare against a database key */
148                                 if (!ast_db_get(arglist.password + 1, passwd, tmp, sizeof(tmp))) {
149                                         /* It's a good password */
150                                         if (ast_test_flag(&flags,OPT_REMOVE)) {
151                                                 ast_db_del(arglist.password + 1, passwd);
152                                         }
153                                         break;
154                                 }
155                         } else {
156                                 /* Compare against a file */
157                                 FILE *f;
158                                 f = fopen(arglist.password, "r");
159                                 if (f) {
160                                         char buf[256] = "";
161                                         char md5passwd[33] = "";
162                                         char *md5secret = NULL;
163
164                                         while (!feof(f)) {
165                                                 fgets(buf, sizeof(buf), f);
166                                                 if (!feof(f) && !ast_strlen_zero(buf)) {
167                                                         buf[strlen(buf) - 1] = '\0';
168                                                         if (ast_test_flag(&flags,OPT_MULTIPLE)) {
169                                                                 md5secret = strchr(buf, ':');
170                                                                 if (md5secret == NULL)
171                                                                         continue;
172                                                                 *md5secret = '\0';
173                                                                 md5secret++;
174                                                                 ast_md5_hash(md5passwd, passwd);
175                                                                 if (!strcmp(md5passwd, md5secret)) {
176                                                                         if (ast_test_flag(&flags,OPT_ACCOUNT))
177                                                                                 ast_cdr_setaccount(chan, buf);
178                                                                         break;
179                                                                 }
180                                                         } else {
181                                                                 if (!strcmp(passwd, buf)) {
182                                                                         if (ast_test_flag(&flags,OPT_ACCOUNT))
183                                                                                 ast_cdr_setaccount(chan, buf);
184                                                                         break;
185                                                                 }
186                                                         }
187                                                 }
188                                         }
189                                         fclose(f);
190                                         if (!ast_strlen_zero(buf)) {
191                                                 if (ast_test_flag(&flags,OPT_MULTIPLE)) {
192                                                         if (md5secret && !strcmp(md5passwd, md5secret))
193                                                                 break;
194                                                 } else {
195                                                         if (!strcmp(passwd, buf))
196                                                                 break;
197                                                 }
198                                         }
199                                 } else 
200                                         ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", arglist.password, strerror(errno));
201                         }
202                 } else {
203                         /* Compare against a fixed password */
204                         if (!strcmp(passwd, arglist.password)) 
205                                 break;
206                 }
207                 prompt="auth-incorrect";
208         }
209         if ((retries < 3) && !res) {
210                 if (ast_test_flag(&flags,OPT_ACCOUNT) && !ast_test_flag(&flags,OPT_MULTIPLE)) 
211                         ast_cdr_setaccount(chan, passwd);
212                 res = ast_streamfile(chan, "auth-thankyou", chan->language);
213                 if (!res)
214                         res = ast_waitstream(chan, "");
215         } else {
216                 if (!ast_streamfile(chan, "vm-goodbye", chan->language))
217                         res = ast_waitstream(chan, "");
218                 res = -1;
219         }
220         ast_module_user_remove(u);
221         return res;
222 }
223
224 static int unload_module(void)
225 {
226         return ast_unregister_application(app);
227 }
228
229 static int load_module(void)
230 {
231         return ast_register_application(app, auth_exec, synopsis, descrip);
232 }
233
234 AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Authentication Application");