Module: sip-router
Branch: master
Commit: 4992519eed88d94847d742c52e882082b1b41264
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=4992519…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Mon May 26 14:47:37 2014 +0200
auth_db: auth_check() to get the auth header from the used api
- this avoids using a different auth header that might be in the request
before checking usernames in from/to headers against auth user
---
modules/auth_db/authorize.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/modules/auth_db/authorize.c b/modules/auth_db/authorize.c
index cf97a8f..e2b0f4f 100644
--- a/modules/auth_db/authorize.c
+++ b/modules/auth_db/authorize.c
@@ -223,10 +223,10 @@ static int generate_avps(struct sip_msg* msg, db1_res_t* db_res)
/*
- * Authorize digest credentials
+ * Authorize digest credentials and set the pointer to used hdr
*/
-static int digest_authenticate(struct sip_msg* msg, str *realm,
- str *table, hdr_types_t hftype, str *method)
+static int digest_authenticate_hdr(sip_msg_t* msg, str *realm,
+ str *table, hdr_types_t hftype, str *method, hdr_field_t **ahdr)
{
char ha1[256];
int res;
@@ -277,6 +277,7 @@ static int digest_authenticate(struct sip_msg* msg, str *realm,
}
cred = (auth_body_t*)h->parsed;
+ if(ahdr!=NULL) *ahdr = h;
res = get_ha1(&cred->digest.username, realm, table, ha1, &result);
if (res < 0) {
@@ -315,6 +316,15 @@ end:
return ret;
}
+/*
+ * Authorize digest credentials
+ */
+static int digest_authenticate(sip_msg_t* msg, str *realm,
+ str *table, hdr_types_t hftype, str *method)
+{
+ return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL);
+}
+
/*
* Authenticate using Proxy-Authorize header field
@@ -475,15 +485,15 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char
*_flags)
LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s,
stable.len, stable.s, iflags);
+ hdr = NULL;
if(_m->REQ_METHOD==METHOD_REGISTER)
- ret = digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T,
- &_m->first_line.u.request.method);
+ ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T,
+ &_m->first_line.u.request.method, &hdr);
else
- ret = digest_authenticate(_m, &srealm, &stable, HDR_PROXYAUTH_T,
- &_m->first_line.u.request.method);
+ ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T,
+ &_m->first_line.u.request.method, &hdr);
- if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) {
- hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth;
+ if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) {
srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
if((furi=parse_from_uri(_m))==NULL)