Module: sip-router Branch: master Commit: 414af8a49bae2a41069b003aa9da83823c729bd0 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=414af8a4...

Author: Juha Heinanen jh@tutpro.com Committer: Juha Heinanen jh@tutpro.com Date: Tue Aug 9 08:36:39 2011 +0300

modules_k/auth_radius: added optional uri_user param to radius_www_authorize() - Useful for http authorization.

---

modules_k/auth_radius/README | 13 +++++++++---- modules_k/auth_radius/authorize.c | 14 ++++++++++++-- modules_k/auth_radius/authorize.h | 15 ++++++++++----- modules_k/auth_radius/authrad_mod.c | 4 +++- modules_k/auth_radius/doc/auth_radius_admin.xml | 13 ++++++++++++- 5 files changed, 46 insertions(+), 13 deletions(-)

diff --git a/modules_k/auth_radius/README b/modules_k/auth_radius/README index 3222d50..e40fa57 100644 --- a/modules_k/auth_radius/README +++ b/modules_k/auth_radius/README @@ -49,7 +49,7 @@ Jan Janak

5. Exported Functions

- 5.1. radius_www_authorize(realm) + 5.1. radius_www_authorize(realm [, uri_user]) 5.2. radius_proxy_authorize(realm [, uri_user])

List of Examples @@ -82,7 +82,7 @@ Chapter 1. Admin Guide

5. Exported Functions

- 5.1. radius_www_authorize(realm) + 5.1. radius_www_authorize(realm [, uri_user]) 5.2. radius_proxy_authorize(realm [, uri_user])

1. Overview @@ -206,10 +206,10 @@ modparam("auth_radius", "use_ruri_flag", 22)

5. Exported Functions

- 5.1. radius_www_authorize(realm) + 5.1. radius_www_authorize(realm [, uri_user]) 5.2. radius_proxy_authorize(realm [, uri_user])

-5.1. radius_www_authorize(realm) +5.1. radius_www_authorize(realm [, uri_user])

The function verifies credentials according to RFC2617. If the credentials are verified successfully then the function will succeed @@ -240,6 +240,11 @@ modparam("auth_radius", "use_ruri_flag", 22) to the user so he can decide what username and password to use. In case of REGISTER requests it is usually hostpart of To URI. The string may contain pseudo variables. + * uri_user - Uri_user is an optional pseudo variable parameter whose + value, if present, will be given to Radius server as value of + SIP-URI-User check item. If uri_user pseudo variable parameter is + not present, the server will generate SIP-URI-User check item value + from user part of To/From URI.

This function can be used from REQUEST_ROUTE.

diff --git a/modules_k/auth_radius/authorize.c b/modules_k/auth_radius/authorize.c index c84deec..9dfc9b3 100644 --- a/modules_k/auth_radius/authorize.c +++ b/modules_k/auth_radius/authorize.c @@ -236,10 +236,20 @@ int radius_proxy_authorize_2(struct sip_msg* _msg, char* _realm,

/* - * Authorize using WWW-Authorize header field + * Authorize using WWW-Authorize header field (no URI user parameter given) */ -int radius_www_authorize(struct sip_msg* _msg, char* _realm, char* _s2) +int radius_www_authorize_1(struct sip_msg* _msg, char* _realm, char* _s2) { return authorize(_msg, (pv_elem_t*)_realm, (pv_spec_t *)0, HDR_AUTHORIZATION_T); } + + +/* + * Authorize using WWW-Authorize header field (URI user parameter given) + */ +int radius_www_authorize_2(struct sip_msg* _msg, char* _realm, char* _uri_user) +{ + return authorize(_msg, (pv_elem_t*)_realm, (pv_spec_t *)_uri_user, + HDR_AUTHORIZATION_T); +} diff --git a/modules_k/auth_radius/authorize.h b/modules_k/auth_radius/authorize.h index 33cfb5f..014ed9d 100644 --- a/modules_k/auth_radius/authorize.h +++ b/modules_k/auth_radius/authorize.h @@ -33,21 +33,26 @@

/* - * Authorize using Proxy-Authorize header field (no from parameter given) + * Authorize using Proxy-Authorize header field (no URI user parameter given) */ int radius_proxy_authorize_1(struct sip_msg* _msg, char* _realm, char* _s2);

/* - * Authorize using Proxy-Authorize header field (from parameter given) + * Authorize using Proxy-Authorize header field (URI user parameter given) */ -int radius_proxy_authorize_2(struct sip_msg* _msg, char* _realm, char* _from); +int radius_proxy_authorize_2(struct sip_msg* _msg, char* _realm, char* _uri_user);

/* - * Authorize using WWW-Authorization header field + * Authorize using WWW-Authorization header field (no URI user parameter given) */ -int radius_www_authorize(struct sip_msg* _msg, char* _realm, char* _s2); +int radius_www_authorize_1(struct sip_msg* _msg, char* _realm, char* _s2); + +/* + * Authorize using WWW-Authorization header field (URI user parameter given) + */ +int radius_www_authorize_2(struct sip_msg* _msg, char* _realm, char* _uri_user);

#endif /* AUTHORIZE_H */ diff --git a/modules_k/auth_radius/authrad_mod.c b/modules_k/auth_radius/authrad_mod.c index 59e27c5..f0ef531 100644 --- a/modules_k/auth_radius/authrad_mod.c +++ b/modules_k/auth_radius/authrad_mod.c @@ -73,7 +73,9 @@ struct extra_attr *auth_extra = 0; * Exported functions */ static cmd_export_t cmds[] = { - {"radius_www_authorize", (cmd_function)radius_www_authorize, 1, auth_fixup, + {"radius_www_authorize", (cmd_function)radius_www_authorize_1, 1, auth_fixup, + 0, REQUEST_ROUTE}, + {"radius_www_authorize", (cmd_function)radius_www_authorize_2, 2, auth_fixup, 0, REQUEST_ROUTE}, {"radius_proxy_authorize", (cmd_function)radius_proxy_authorize_1, 1, auth_fixup, 0, REQUEST_ROUTE}, diff --git a/modules_k/auth_radius/doc/auth_radius_admin.xml b/modules_k/auth_radius/doc/auth_radius_admin.xml index eb99ca8..699d454 100644 --- a/modules_k/auth_radius/doc/auth_radius_admin.xml +++ b/modules_k/auth_radius/doc/auth_radius_admin.xml @@ -193,7 +193,7 @@ modparam("auth_radius", "use_ruri_flag", 22) <section> <title>Exported Functions</title> <section> - <title><function moreinfo="none">radius_www_authorize(realm)</function></title> + <title><function moreinfo="none">radius_www_authorize(realm [, uri_user])</function></title> <para> The function verifies credentials according to <ulink url="http://www.ietf.org/rfc/rfc2617.txt">RFC2617</ulink>. If @@ -253,6 +253,17 @@ modparam("auth_radius", "use_ruri_flag", 22) The string may contain pseudo variables. </para> </listitem> + <listitem> + <para><emphasis>uri_user</emphasis> - Uri_user is an + optional pseudo variable parameter whose value, if + present, will be given to Radius server as value of + SIP-URI-User check item. + If uri_user pseudo variable parameter is not + present, the server will generate + SIP-URI-User check item value from user part of + To/From URI. + </para> + </listitem> </itemizedlist> <para> This function can be used from REQUEST_ROUTE.