2003-02-16 06:00:12 +00:00
|
|
|
/*
|
2005-09-14 20:46:50 +00:00
|
|
|
* Asterisk -- An open source telephony toolkit.
|
2003-02-16 06:00:12 +00:00
|
|
|
*
|
2005-09-14 20:46:50 +00:00
|
|
|
* Copyright (C) 1999 - 2005, Digium, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Mark Spencer <markster@digium.com>
|
2003-02-16 06:00:12 +00:00
|
|
|
*
|
2005-09-14 20:46:50 +00:00
|
|
|
* See http://www.asterisk.org for more information about
|
|
|
|
|
* the Asterisk project. Please do not directly contact
|
|
|
|
|
* any of the maintainers of this project for assistance;
|
|
|
|
|
* the project provides a web site, mailing lists and IRC
|
|
|
|
|
* channels for your use.
|
2003-02-16 06:00:12 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software, distributed under the terms of
|
2005-09-14 20:46:50 +00:00
|
|
|
* the GNU General Public License Version 2. See the LICENSE file
|
|
|
|
|
* at the top of the source tree.
|
|
|
|
|
*/
|
|
|
|
|
|
2005-10-24 20:12:06 +00:00
|
|
|
/*! \file
|
2005-12-30 21:18:06 +00:00
|
|
|
*
|
2005-10-24 20:12:06 +00:00
|
|
|
* \brief Execute arbitrary authenticate commands
|
2005-12-30 21:18:06 +00:00
|
|
|
*
|
|
|
|
|
* \author Mark Spencer <markster@digium.com>
|
2008-02-09 11:27:10 +00:00
|
|
|
*
|
2005-11-06 15:09:47 +00:00
|
|
|
* \ingroup applications
|
2003-02-16 06:00:12 +00:00
|
|
|
*/
|
|
|
|
|
|
2011-07-14 20:28:54 +00:00
|
|
|
/*** MODULEINFO
|
|
|
|
|
<support_level>core</support_level>
|
|
|
|
|
***/
|
|
|
|
|
|
2006-06-07 18:54:56 +00:00
|
|
|
#include "asterisk.h"
|
|
|
|
|
|
2005-04-21 06:02:45 +00:00
|
|
|
#include "asterisk/lock.h"
|
|
|
|
|
#include "asterisk/file.h"
|
|
|
|
|
#include "asterisk/channel.h"
|
|
|
|
|
#include "asterisk/pbx.h"
|
|
|
|
|
#include "asterisk/module.h"
|
|
|
|
|
#include "asterisk/app.h"
|
|
|
|
|
#include "asterisk/astdb.h"
|
|
|
|
|
#include "asterisk/utils.h"
|
2006-01-05 21:47:44 +00:00
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
OPT_ACCOUNT = (1 << 0),
|
|
|
|
|
OPT_DATABASE = (1 << 1),
|
|
|
|
|
OPT_MULTIPLE = (1 << 3),
|
|
|
|
|
OPT_REMOVE = (1 << 4),
|
2009-06-07 14:55:51 +00:00
|
|
|
};
|
2006-01-05 21:47:44 +00:00
|
|
|
|
|
|
|
|
AST_APP_OPTIONS(auth_app_options, {
|
|
|
|
|
AST_APP_OPTION('a', OPT_ACCOUNT),
|
|
|
|
|
AST_APP_OPTION('d', OPT_DATABASE),
|
|
|
|
|
AST_APP_OPTION('m', OPT_MULTIPLE),
|
|
|
|
|
AST_APP_OPTION('r', OPT_REMOVE),
|
|
|
|
|
});
|
2003-02-16 06:00:12 +00:00
|
|
|
|
|
|
|
|
|
2009-06-07 14:55:51 +00:00
|
|
|
static const char app[] = "Authenticate";
|
2008-11-01 21:10:07 +00:00
|
|
|
/*** DOCUMENTATION
|
|
|
|
|
<application name="Authenticate" language="en_US">
|
|
|
|
|
<synopsis>
|
|
|
|
|
Authenticate a user
|
|
|
|
|
</synopsis>
|
|
|
|
|
<syntax>
|
|
|
|
|
<parameter name="password" required="true">
|
|
|
|
|
<para>Password the user should know</para>
|
|
|
|
|
</parameter>
|
|
|
|
|
<parameter name="options" required="false">
|
|
|
|
|
<optionlist>
|
|
|
|
|
<option name="a">
|
|
|
|
|
<para>Set the channels' account code to the password that is entered</para>
|
|
|
|
|
</option>
|
|
|
|
|
<option name="d">
|
2011-11-02 19:33:49 +00:00
|
|
|
<para>Interpret the given path as database key, not a literal file.</para>
|
|
|
|
|
<note>
|
|
|
|
|
<para>The value is not used at all in the authentication when using this option.
|
|
|
|
|
If the family/key is set to <literal>/pin/100</literal> (value does not matter)
|
|
|
|
|
then the password field needs to be set to <literal>/pin</literal> and the pin entered
|
|
|
|
|
by the user would be authenticated against <literal>100</literal>.</para>
|
|
|
|
|
</note>
|
2008-11-01 21:10:07 +00:00
|
|
|
</option>
|
|
|
|
|
<option name="m">
|
|
|
|
|
<para>Interpret the given path as a file which contains a list of account
|
|
|
|
|
codes and password hashes delimited with <literal>:</literal>, listed one per line in
|
|
|
|
|
the file. When one of the passwords is matched, the channel will have
|
|
|
|
|
its account code set to the corresponding account code in the file.</para>
|
|
|
|
|
</option>
|
|
|
|
|
<option name="r">
|
|
|
|
|
<para>Remove the database key upon successful entry (valid with <literal>d</literal> only)</para>
|
|
|
|
|
</option>
|
|
|
|
|
</optionlist>
|
|
|
|
|
</parameter>
|
|
|
|
|
<parameter name="maxdigits" required="false">
|
|
|
|
|
<para>maximum acceptable number of digits. Stops reading after
|
|
|
|
|
maxdigits have been entered (without requiring the user to press the <literal>#</literal> key).
|
|
|
|
|
Defaults to 0 - no limit - wait for the user press the <literal>#</literal> key.</para>
|
|
|
|
|
</parameter>
|
app.c: Allow ampersands in playback lists to be escaped.
Any function or application that accepts a `&`-separated list of
filenames can now include a literal `&` in a filename by wrapping the
entire filename in single quotes, e.g.:
```
exten = _X.,n,Playback('https://example.com/sound.cgi?a=b&c=d'&hello-world)
```
Fixes #172
UpgradeNote: Ampersands in URLs passed to the `Playback()`,
`Background()`, `SpeechBackground()`, `Read()`, `Authenticate()`, or
`Queue()` applications as filename arguments can now be escaped by
single quoting the filename. Additionally, this is also possible when
using the `CONFBRIDGE` dialplan function, or configuring various
features in `confbridge.conf` and `queues.conf`.
2023-11-07 20:03:53 +00:00
|
|
|
<parameter name="prompt" required="false" argsep="&">
|
|
|
|
|
<para>Override the "agent-pass" sound file. Can be
|
|
|
|
|
an ampersand separated list of filenames. If the filename
|
|
|
|
|
is a relative filename (it does not begin with a slash), it
|
|
|
|
|
will be searched for in the Asterisk sounds directory. If the
|
|
|
|
|
filename is able to be parsed as a URL, Asterisk will
|
|
|
|
|
download the file and then begin playback on it. To include a
|
|
|
|
|
literal <literal>&</literal> in the URL you can enclose
|
|
|
|
|
the URL in single quotes.</para>
|
|
|
|
|
<argument name="prompt" required="true" />
|
|
|
|
|
<argument name="prompt2" multiple="true" />
|
2008-11-01 21:10:07 +00:00
|
|
|
</parameter>
|
|
|
|
|
</syntax>
|
|
|
|
|
<description>
|
|
|
|
|
<para>This application asks the caller to enter a given password in order to continue dialplan execution.</para>
|
2017-12-22 14:23:22 +00:00
|
|
|
<para>If the password begins with the <literal>/</literal> character,
|
2008-11-01 21:10:07 +00:00
|
|
|
it is interpreted as a file which contains a list of valid passwords, listed 1 password per line in the file.</para>
|
|
|
|
|
<para>When using a database key, the value associated with the key can be anything.</para>
|
|
|
|
|
<para>Users have three attempts to authenticate before the channel is hung up.</para>
|
|
|
|
|
</description>
|
2008-11-05 13:07:29 +00:00
|
|
|
<see-also>
|
|
|
|
|
<ref type="application">VMAuthenticate</ref>
|
|
|
|
|
<ref type="application">DISA</ref>
|
|
|
|
|
</see-also>
|
2008-11-01 21:10:07 +00:00
|
|
|
</application>
|
|
|
|
|
***/
|
2003-02-16 06:00:12 +00:00
|
|
|
|
2009-05-21 21:13:09 +00:00
|
|
|
static int auth_exec(struct ast_channel *chan, const char *data)
|
2003-02-16 06:00:12 +00:00
|
|
|
{
|
2007-09-19 17:20:43 +00:00
|
|
|
int res = 0, retries, maxdigits;
|
|
|
|
|
char passwd[256], *prompt = "agent-pass", *argcopy = NULL;
|
2006-01-05 21:47:44 +00:00
|
|
|
struct ast_flags flags = {0};
|
|
|
|
|
|
|
|
|
|
AST_DECLARE_APP_ARGS(arglist,
|
|
|
|
|
AST_APP_ARG(password);
|
|
|
|
|
AST_APP_ARG(options);
|
|
|
|
|
AST_APP_ARG(maxdigits);
|
2008-10-18 03:35:24 +00:00
|
|
|
AST_APP_ARG(prompt);
|
2006-01-05 21:47:44 +00:00
|
|
|
);
|
2008-02-09 11:27:10 +00:00
|
|
|
|
2005-10-26 19:48:14 +00:00
|
|
|
if (ast_strlen_zero(data)) {
|
2003-02-16 06:00:12 +00:00
|
|
|
ast_log(LOG_WARNING, "Authenticate requires an argument(password)\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2005-10-19 18:19:02 +00:00
|
|
|
|
2012-02-20 23:43:27 +00:00
|
|
|
if (ast_channel_state(chan) != AST_STATE_UP) {
|
2007-07-16 14:39:29 +00:00
|
|
|
if ((res = ast_answer(chan)))
|
2003-02-16 06:00:12 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
2008-02-09 11:27:10 +00:00
|
|
|
|
2006-05-10 13:22:15 +00:00
|
|
|
argcopy = ast_strdupa(data);
|
2006-01-05 21:47:44 +00:00
|
|
|
|
2007-09-19 17:20:43 +00:00
|
|
|
AST_STANDARD_APP_ARGS(arglist, argcopy);
|
2008-02-09 11:27:10 +00:00
|
|
|
|
2007-09-19 17:20:43 +00:00
|
|
|
if (!ast_strlen_zero(arglist.options))
|
2006-01-05 21:47:44 +00:00
|
|
|
ast_app_parse_options(auth_app_options, &flags, NULL, arglist.options);
|
|
|
|
|
|
|
|
|
|
if (!ast_strlen_zero(arglist.maxdigits)) {
|
|
|
|
|
maxdigits = atoi(arglist.maxdigits);
|
|
|
|
|
if ((maxdigits<1) || (maxdigits>sizeof(passwd)-2))
|
|
|
|
|
maxdigits = sizeof(passwd) - 2;
|
|
|
|
|
} else {
|
|
|
|
|
maxdigits = sizeof(passwd) - 2;
|
|
|
|
|
}
|
|
|
|
|
|
2008-10-18 03:35:24 +00:00
|
|
|
if (!ast_strlen_zero(arglist.prompt)) {
|
|
|
|
|
prompt = arglist.prompt;
|
|
|
|
|
} else {
|
|
|
|
|
prompt = "agent-pass";
|
|
|
|
|
}
|
2017-12-22 14:23:22 +00:00
|
|
|
|
2003-02-16 06:00:12 +00:00
|
|
|
/* Start asking for password */
|
|
|
|
|
for (retries = 0; retries < 3; retries++) {
|
2007-09-19 17:20:43 +00:00
|
|
|
if ((res = ast_app_getdata(chan, prompt, passwd, maxdigits, 0)) < 0)
|
2003-02-16 06:00:12 +00:00
|
|
|
break;
|
2008-02-01 06:20:24 +00:00
|
|
|
|
2003-02-16 06:00:12 +00:00
|
|
|
res = 0;
|
2008-02-01 06:20:24 +00:00
|
|
|
|
|
|
|
|
if (arglist.password[0] != '/') {
|
|
|
|
|
/* Compare against a fixed password */
|
2008-02-09 11:27:10 +00:00
|
|
|
if (!strcmp(passwd, arglist.password))
|
2008-02-01 06:20:24 +00:00
|
|
|
break;
|
2008-04-21 15:34:37 +00:00
|
|
|
} else if (ast_test_flag(&flags,OPT_DATABASE)) {
|
2008-02-01 06:20:24 +00:00
|
|
|
char tmp[256];
|
|
|
|
|
/* Compare against a database key */
|
|
|
|
|
if (!ast_db_get(arglist.password + 1, passwd, tmp, sizeof(tmp))) {
|
|
|
|
|
/* It's a good password */
|
|
|
|
|
if (ast_test_flag(&flags,OPT_REMOVE))
|
|
|
|
|
ast_db_del(arglist.password + 1, passwd);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* Compare against a file */
|
|
|
|
|
FILE *f;
|
|
|
|
|
char buf[256] = "", md5passwd[33] = "", *md5secret = NULL;
|
2008-02-09 11:27:10 +00:00
|
|
|
|
2008-02-01 06:20:24 +00:00
|
|
|
if (!(f = fopen(arglist.password, "r"))) {
|
|
|
|
|
ast_log(LOG_WARNING, "Unable to open file '%s' for authentication: %s\n", arglist.password, strerror(errno));
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2007-09-19 17:20:43 +00:00
|
|
|
|
2008-02-01 06:27:41 +00:00
|
|
|
for (;;) {
|
2008-02-01 17:26:31 +00:00
|
|
|
size_t len;
|
|
|
|
|
|
2008-02-01 06:27:41 +00:00
|
|
|
if (feof(f))
|
|
|
|
|
break;
|
|
|
|
|
|
2008-11-02 18:52:13 +00:00
|
|
|
if (!fgets(buf, sizeof(buf), f)) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2008-02-01 17:44:32 +00:00
|
|
|
|
2008-02-01 06:27:41 +00:00
|
|
|
if (ast_strlen_zero(buf))
|
|
|
|
|
continue;
|
|
|
|
|
|
2008-02-01 17:26:31 +00:00
|
|
|
len = strlen(buf) - 1;
|
2008-02-19 19:27:50 +00:00
|
|
|
if (buf[len] == '\n')
|
|
|
|
|
buf[len] = '\0';
|
2008-02-01 06:27:41 +00:00
|
|
|
|
|
|
|
|
if (ast_test_flag(&flags, OPT_MULTIPLE)) {
|
|
|
|
|
md5secret = buf;
|
|
|
|
|
strsep(&md5secret, ":");
|
|
|
|
|
if (!md5secret)
|
|
|
|
|
continue;
|
|
|
|
|
ast_md5_hash(md5passwd, passwd);
|
|
|
|
|
if (!strcmp(md5passwd, md5secret)) {
|
2013-06-17 03:00:38 +00:00
|
|
|
if (ast_test_flag(&flags, OPT_ACCOUNT)) {
|
2011-12-16 21:10:19 +00:00
|
|
|
ast_channel_lock(chan);
|
2013-06-17 03:00:38 +00:00
|
|
|
ast_channel_accountcode_set(chan, buf);
|
2011-12-16 21:10:19 +00:00
|
|
|
ast_channel_unlock(chan);
|
|
|
|
|
}
|
2008-02-01 06:27:41 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (!strcmp(passwd, buf)) {
|
2011-12-16 21:10:19 +00:00
|
|
|
if (ast_test_flag(&flags, OPT_ACCOUNT)) {
|
|
|
|
|
ast_channel_lock(chan);
|
2013-06-17 03:00:38 +00:00
|
|
|
ast_channel_accountcode_set(chan, buf);
|
2011-12-16 21:10:19 +00:00
|
|
|
ast_channel_unlock(chan);
|
|
|
|
|
}
|
2008-02-01 06:27:41 +00:00
|
|
|
break;
|
2007-09-19 17:20:43 +00:00
|
|
|
}
|
|
|
|
|
}
|
2004-01-29 20:54:37 +00:00
|
|
|
}
|
2008-02-01 06:20:24 +00:00
|
|
|
|
|
|
|
|
fclose(f);
|
|
|
|
|
|
|
|
|
|
if (!ast_strlen_zero(buf)) {
|
2008-02-01 06:27:41 +00:00
|
|
|
if (ast_test_flag(&flags, OPT_MULTIPLE)) {
|
2008-02-01 06:20:24 +00:00
|
|
|
if (md5secret && !strcmp(md5passwd, md5secret))
|
|
|
|
|
break;
|
|
|
|
|
} else {
|
|
|
|
|
if (!strcmp(passwd, buf))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2003-02-16 06:00:12 +00:00
|
|
|
}
|
2007-09-19 17:20:43 +00:00
|
|
|
prompt = "auth-incorrect";
|
2003-02-16 06:00:12 +00:00
|
|
|
}
|
2008-02-01 06:20:24 +00:00
|
|
|
|
2003-02-16 06:00:12 +00:00
|
|
|
if ((retries < 3) && !res) {
|
2011-12-16 21:10:19 +00:00
|
|
|
if (ast_test_flag(&flags,OPT_ACCOUNT) && !ast_test_flag(&flags,OPT_MULTIPLE)) {
|
|
|
|
|
ast_channel_lock(chan);
|
2013-06-17 03:00:38 +00:00
|
|
|
ast_channel_accountcode_set(chan, passwd);
|
2011-12-16 21:10:19 +00:00
|
|
|
ast_channel_unlock(chan);
|
|
|
|
|
}
|
2012-01-24 20:12:09 +00:00
|
|
|
if (!(res = ast_streamfile(chan, "auth-thankyou", ast_channel_language(chan))))
|
2003-02-18 18:15:30 +00:00
|
|
|
res = ast_waitstream(chan, "");
|
2003-02-16 06:00:12 +00:00
|
|
|
} else {
|
2012-01-24 20:12:09 +00:00
|
|
|
if (!ast_streamfile(chan, "vm-goodbye", ast_channel_language(chan)))
|
2007-06-12 15:58:28 +00:00
|
|
|
res = ast_waitstream(chan, "");
|
|
|
|
|
res = -1;
|
2003-02-16 06:00:12 +00:00
|
|
|
}
|
2007-07-16 14:39:29 +00:00
|
|
|
|
2003-02-16 06:00:12 +00:00
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2006-08-21 02:11:39 +00:00
|
|
|
static int unload_module(void)
|
2003-02-16 06:00:12 +00:00
|
|
|
{
|
2007-07-16 13:35:20 +00:00
|
|
|
return ast_unregister_application(app);
|
2003-02-16 06:00:12 +00:00
|
|
|
}
|
|
|
|
|
|
2006-08-21 02:11:39 +00:00
|
|
|
static int load_module(void)
|
2003-02-16 06:00:12 +00:00
|
|
|
{
|
2008-11-01 21:10:07 +00:00
|
|
|
if (ast_register_application_xml(app, auth_exec))
|
2017-04-11 16:07:39 +00:00
|
|
|
return AST_MODULE_LOAD_DECLINE;
|
2007-12-26 20:02:27 +00:00
|
|
|
return AST_MODULE_LOAD_SUCCESS;
|
2003-02-16 06:00:12 +00:00
|
|
|
}
|
|
|
|
|
|
2006-08-21 02:11:39 +00:00
|
|
|
AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Authentication Application");
|
