Module: kamailio Branch: master Commit: e52aada2a9ffa87136bdc5e1fe44273e601c32b8 URL: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e...
Author: Stefan Mititelu stefan.mititelu92@gmail.com Committer: Stefan Mititelu stefan.mititelu@enea.com Date: 2020-03-10T13:11:56+02:00
auth_db: add force_generate_avps parameter
In order to fetch user DB attributes even when user authentication failed. Default behavior unchanged.
---
Modified: src/modules/auth_db/auth_db_mod.c Modified: src/modules/auth_db/authorize.c Modified: src/modules/auth_db/authorize.h Modified: src/modules/auth_db/doc/auth_db_admin.xml
---
Diff: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e... Patch: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e...
---
diff --git a/src/modules/auth_db/auth_db_mod.c b/src/modules/auth_db/auth_db_mod.c index faea44f612..ce8baae838 100644 --- a/src/modules/auth_db/auth_db_mod.c +++ b/src/modules/auth_db/auth_db_mod.c @@ -82,6 +82,7 @@ static int version_table_check = 1;
int calc_ha1 = 0; int use_domain = 0; /* Use also domain when looking up in table */ +int force_generate_avps = 0; /* Even when user failed to authenticate */
db1_con_t* auth_db_handle = 0; /* database connection handle */ db_func_t auth_dbf; @@ -128,6 +129,7 @@ static param_export_t params[] = { {"use_domain", INT_PARAM, &use_domain }, {"load_credentials", PARAM_STRING, &credentials_list }, {"version_table", INT_PARAM, &version_table_check }, + {"force_generate_avps", INT_PARAM, &force_generate_avps}, {0, 0, 0} };
diff --git a/src/modules/auth_db/authorize.c b/src/modules/auth_db/authorize.c index b45a2d128a..4f8d967454 100644 --- a/src/modules/auth_db/authorize.c +++ b/src/modules/auth_db/authorize.c @@ -294,13 +294,21 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm, goto end; }
+ /* Even when user failed to authenticate */ + if (force_generate_avps) { + generate_avps(msg, result); + } + /* Recalculate response, it must be same to authorize successfully */ rauth = auth_api.check_response(&(cred->digest), method, ha1); if(rauth==AUTHENTICATED) { ret = AUTH_OK; switch(auth_api.post_auth(msg, h, ha1)) { case AUTHENTICATED: - generate_avps(msg, result); + /* Only when user succeded to authenticate */ + if (!force_generate_avps) { + generate_avps(msg, result); + } break; default: ret = AUTH_ERROR; diff --git a/src/modules/auth_db/authorize.h b/src/modules/auth_db/authorize.h index e3638a25af..fd26f39e75 100644 --- a/src/modules/auth_db/authorize.h +++ b/src/modules/auth_db/authorize.h @@ -28,6 +28,8 @@ #include "../../core/parser/msg_parser.h" #include "api.h"
+extern int force_generate_avps; + int auth_db_init(const str* db_url); int auth_db_bind(const str* db_url); void auth_db_close(void); diff --git a/src/modules/auth_db/doc/auth_db_admin.xml b/src/modules/auth_db/doc/auth_db_admin.xml index 654c889415..422738e869 100644 --- a/src/modules/auth_db/doc/auth_db_admin.xml +++ b/src/modules/auth_db/doc/auth_db_admin.xml @@ -300,6 +300,24 @@ modparam("auth_db", "version_table", 0) </example> </section>
+ <section id="auth_db.p.force_generate_avps"> + <title><varname>force_generate_avps</varname> (integer)</title> + <para> + If set to different than 0, the module will fetch user DB attributes even if authentication failed. + </para> + <para> + Default value is <quote>0</quote> (don't fetch user DB attributes if authentication failed). + </para> + <example> + <title><varname>force_generate_avps</varname> parameter usage</title> + <programlisting format="linespecific"> +... +modparam("auth_db", "force_generate_avps", 1) +... + </programlisting> + </example> + </section> + </section>
<section>
-
Stefan Mititelu