[sr-dev] where is s proxy_challenge function?
Jan Janak
jan at ryngle.com
Thu Jul 1 21:32:59 CEST 2010
On Thu, Jul 1, 2010 at 3:13 PM, Juha Heinanen <jh at tutpro.com> wrote:
> Jan Janak writes:
>
>> See the function "authenticate" in modules_s/auth_db/authorize.c for
>> an example, grep for the string "build_challenge".
>
> jan,
>
> i see that this thing in the code builds the challenge (p-a header):
>
> if (ret < 0) {
> if (auth_api.build_challenge(msg, (cred ? cred->stale : 0), realm, NULL, NULL, hftype) < 0) {
> ERR("Error while creating challenge\n");
> ret = -2;
> }
>
> is there a way to prevent p-a header from being added to reply in case
> after proxy_authorize failure i want to reply with "403 Forbidden"
> instead of "407 Proxy Authentication Required"?
Yes. The function only creates the corresponding AVP, it does not add
anything to the reply itself. This is done in the configuration file
and there you can test the return value of proxy_authorize and either
send "403 Forbidden" or "407 Proxy Authorization Required".
So, you can return any reply you want, the proxy authorization header
will only be added if you call append_to_reply("%$digest_challenge");
-Jan
More information about the sr-dev
mailing list