[sr-dev] git:master:3763e9c8: auth: new function auth_algorithm(...) to dynamically override algorithm

Module: kamailio Branch: master Commit: 3763e9c826640402c798d4581d0b2f1b13e4519b URL: https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1… Author: Juha Heinanen &lt;jh(a)tutpro.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2024-05-14T17:52:29+02:00 auth: new function auth_algorithm(...) to dynamically override algorithm - GH #3849 --- Modified: src/modules/auth/auth_mod.c Modified: src/modules/auth/doc/auth_functions.xml --- Diff: https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1… Patch: https://github.com/kamailio/kamailio/commit/3763e9c826640402c798d4581d0b2f1… --- diff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f7..b2854d468bf 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -70,11 +70,17 @@ static int mod_init(void); * Remove used credentials from a SIP message header */ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2); + /* * Check for credentials with given realm */ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/* + * Set authentication algorithm + */ +int w_auth_algorithm(struct sip_msg *msg, char *alg, char *s2); + static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); static int pv_www_authenticate( @@ -170,6 +176,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE}, + {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0, + REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0}, {0, 0, 0, 0, 0, 0} @@ -477,6 +485,33 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return ki_has_credentials(msg, &srealm); } +/** + * + */ +int w_auth_algorithm(sip_msg_t *msg, char *alg, char *s2) +{ + if(fixup_get_svalue(msg, (gparam_t *)alg, &auth_algorithm) < 0) { + LM_ERR("failed to get algorithm value\n"); + return -1; + } + + if(strcmp(auth_algorithm.s, "MD5") == 0) { + hash_hex_len = HASHHEXLEN; + calc_HA1 = calc_HA1_md5; + calc_response = calc_response_md5; + } else if(strcmp(auth_algorithm.s, "SHA-256") == 0) { + hash_hex_len = HASHHEXLEN_SHA256; + calc_HA1 = calc_HA1_sha256; + calc_response = calc_response_sha256; + } else { + LM_ERR("Invalid algorithm provided." + " Possible values are \"\", \"MD5\" or \"SHA-256\"\n"); + return -1; + } + + return 1; +} + #ifdef USE_NC /** * Calls auth_check_hdr_md5 with the update_nonce flag set to false. diff --git a/src/modules/auth/doc/auth_functions.xml b/src/modules/auth/doc/auth_functions.xml index 4b6f19ac05b..6a789e9e5b4 100644 --- a/src/modules/auth/doc/auth_functions.xml +++ b/src/modules/auth/doc/auth_functions.xml @@ -412,5 +412,21 @@ if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) { </programlisting> </example> </section> + <section id="auth.f.auth_algorithm"> + <title><function>auth_algorithm(algorithm)</function></title> + <para> + Set hash algorithm used for digest authentication thus overriding + algorithm parameter. Possible values are the same as those of + algorithm parameter. The parameter may be a pseudo variable. + </para> + <example> + <title>auth_algorithm example</title> + <programlisting> +... +auth_algorithm("$alg"); +... + </programlisting> + </example> + </section> </section>