Module: sip-router Branch: 4.1 Commit: 9a697d04e7bb041e1ec6748727a418866dc0ba54 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9a697d04...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Mon May 26 14:47:37 2014 +0200
auth_db: auth_check() to get the auth header from the used api
- this avoids using a different auth header that might be in the request before checking usernames in from/to headers against auth user
(cherry picked from commit 4992519eed88d94847d742c52e882082b1b41264)
---
modules/auth_db/authorize.c | 28 +++++++++++++++++++--------- 1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/modules/auth_db/authorize.c b/modules/auth_db/authorize.c index cf97a8f..e2b0f4f 100644 --- a/modules/auth_db/authorize.c +++ b/modules/auth_db/authorize.c @@ -223,10 +223,10 @@ static int generate_avps(struct sip_msg* msg, db1_res_t* db_res)
/* - * Authorize digest credentials + * Authorize digest credentials and set the pointer to used hdr */ -static int digest_authenticate(struct sip_msg* msg, str *realm, - str *table, hdr_types_t hftype, str *method) +static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, + str *table, hdr_types_t hftype, str *method, hdr_field_t **ahdr) { char ha1[256]; int res; @@ -277,6 +277,7 @@ static int digest_authenticate(struct sip_msg* msg, str *realm, }
cred = (auth_body_t*)h->parsed; + if(ahdr!=NULL) *ahdr = h;
res = get_ha1(&cred->digest.username, realm, table, ha1, &result); if (res < 0) { @@ -315,6 +316,15 @@ end: return ret; }
+/* + * Authorize digest credentials + */ +static int digest_authenticate(sip_msg_t* msg, str *realm, + str *table, hdr_types_t hftype, str *method) +{ + return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL); +} +
/* * Authenticate using Proxy-Authorize header field @@ -475,15 +485,15 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags) LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s, stable.len, stable.s, iflags);
+ hdr = NULL; if(_m->REQ_METHOD==METHOD_REGISTER) - ret = digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T, - &_m->first_line.u.request.method); + ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T, + &_m->first_line.u.request.method, &hdr); else - ret = digest_authenticate(_m, &srealm, &stable, HDR_PROXYAUTH_T, - &_m->first_line.u.request.method); + ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T, + &_m->first_line.u.request.method, &hdr);
- if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) { - hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth; + if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) { srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user; if((furi=parse_from_uri(_m))==NULL)