Module: sip-router Branch: master Commit: 00d758fbf7c7db97f15db061b67e0cfb49e28768 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=00d758fb...

Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: Thu Jan 5 10:48:10 2012 +0100

auth: re-introduced realm_prefix parameter

- strip its value from realm, if parameter is set - reported by Kelvin Chua

---

modules/auth/api.c | 1 + modules/auth/auth_mod.c | 6 ++++++ modules/auth/challenge.c | 26 ++++++++++++++++++++++++++ modules/auth/challenge.h | 2 ++ 4 files changed, 35 insertions(+), 0 deletions(-)

diff --git a/modules/auth/api.c b/modules/auth/api.c index 14281c9..2ee39a7 100644 --- a/modules/auth/api.c +++ b/modules/auth/api.c @@ -76,6 +76,7 @@ auth_result_t pre_auth(struct sip_msg* msg, str* realm, hdr_types_t hftype, * in the message, parse them and return pointer to * parsed structure */ + strip_realm(realm); ret = find_credentials(msg, realm, hftype, hdr); if (ret < 0) { LOG(L_ERR, "auth:pre_auth: Error while looking for credentials\n"); diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c index 4dabc10..8050d81 100644 --- a/modules/auth/auth_mod.c +++ b/modules/auth/auth_mod.c @@ -100,6 +100,9 @@ int nonce_expire = 300; /* Nonce lifetime */ int protect_contacts = 0; /* Do not include contacts in nonce by default */ int force_stateless_reply = 0; /* Always send reply statelessly */

+/*! Prefix to strip from realm */ +str auth_realm_prefix = {"", 0}; + str secret1; str secret2; char* sec_rand1 = 0; @@ -177,6 +180,7 @@ static param_export_t params[] = { {"otn_in_flight_order", PARAM_INT, &otn_in_flight_k }, {"nid_pool_no", PARAM_INT, &nid_pool_no }, {"force_stateless_reply", PARAM_INT, &force_stateless_reply }, + {"realm_prefix", PARAM_STRING, &auth_realm_prefix.s }, {0, 0, 0} };

@@ -244,6 +248,8 @@ static int mod_init(void)

DBG("auth module - initializing\n");

+ auth_realm_prefix.len = strlen(auth_realm_prefix.s); + /* bind the SL API */ if (sl_load_api(&slb)!=0) { LM_ERR("cannot bind to SL API\n"); diff --git a/modules/auth/challenge.c b/modules/auth/challenge.c index decebf0..8c2ec01 100644 --- a/modules/auth/challenge.c +++ b/modules/auth/challenge.c @@ -66,6 +66,31 @@ #define DIGEST_ALGORITHM_LEN (sizeof(DIGEST_ALGORITHM)-1)

+extern str auth_realm_prefix; +/** + * @brief Strip the beginning of a realm string + * + * Strip the beginning of a realm string, depending on the length of + * the realm_prefix. + * @param _realm realm string + */ +void strip_realm(str* _realm) +{ + /* no param defined -- return */ + if (!auth_realm_prefix.len) return; + + /* prefix longer than realm -- return */ + if (auth_realm_prefix.len > _realm->len) return; + + /* match ? -- if so, shorten realm -*/ + if (memcmp(auth_realm_prefix.s, _realm->s, auth_realm_prefix.len) == 0) { + _realm->s += auth_realm_prefix.len; + _realm->len -= auth_realm_prefix.len; + } + return; +} + + /** * Create and return {WWW,Proxy}-Authenticate header field * @param nonce nonce value @@ -98,6 +123,7 @@ int get_challenge_hf(struct sip_msg* msg, int stale, str* realm, return -1; }

+ strip_realm(realm); if (realm) { DEBUG("build_challenge_hf: realm='%.*s'\n", realm->len, realm->s); } diff --git a/modules/auth/challenge.h b/modules/auth/challenge.h index 92e9b4f..711f6b4 100644 --- a/modules/auth/challenge.h +++ b/modules/auth/challenge.h @@ -53,4 +53,6 @@ int build_challenge_hf(struct sip_msg* msg, int stale, str* realm, int get_challenge_hf(struct sip_msg* msg, int stale, str* realm, str* nonce, str* algorithm, struct qp* qop, int hftype, str *ahf);

+void strip_realm(str* _realm); + #endif /* CHALLENGE_H */