[sr-dev] git:master: auth: new function auth_challenge()

Daniel-Constantin Mierla miconda at gmail.com
Mon Nov 14 22:41:30 CET 2011 

Module: sip-router
Branch: master
Commit: ef6bb4541687862f2f2cc09a5a784a7b7045672f
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=ef6bb4541687862f2f2cc09a5a784a7b7045672f

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Mon Nov 14 22:39:24 2011 +0100

auth: new function auth_challenge()

- combines www_challenge() and proxy_challenge() by calling the first
  for REGISTER and the second for the rest of request types
- it is usefull to simplify the config file for default auth handling

---

 modules/auth/README            |   46 ++++++++++++++++++++++++++++-----------
 modules/auth/auth_mod.c        |   44 ++++++++++++++++++++++++++++++++++++++
 modules/auth/doc/functions.xml |   29 ++++++++++++++++++++++++-
 3 files changed, 105 insertions(+), 14 deletions(-)

diff --git a/modules/auth/README b/modules/auth/README
index 04d7594..a29bcf5 100644
--- a/modules/auth/README
+++ b/modules/auth/README
@@ -15,7 +15,7 @@ Daniel-Constantin Mierla
    asipto.com
    <miconda at gmail.com>
 
-   Copyright © 2002, 2003 FhG FOKUS
+   Copyright © 2002, 2003 FhG FOKUS
      __________________________________________________________________
 
    1.1. Overview
@@ -43,8 +43,9 @@ Daniel-Constantin Mierla
         1.4.1. consume_credentials()
         1.4.2. www_challenge(realm, flags)
         1.4.3. proxy_challenge(realm, flags)
-        1.4.4. pv_www_authenticate(realm, passwd, flags)
-        1.4.5. pv_proxy_authenticate(realm, passwd, flags)
+        1.4.4. auth_challenge(realm, flags)
+        1.4.5. pv_www_authenticate(realm, passwd, flags)
+        1.4.6. pv_proxy_authenticate(realm, passwd, flags)
 
 1.1. Overview
 
@@ -66,7 +67,7 @@ Daniel-Constantin Mierla
 
 1.3. Parameters
 
-1.3.1.  auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
+1.3.1. auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
 (flags)
 
    These three module parameters control which optional integrity checks
@@ -514,7 +515,7 @@ if (www_authenticate("realm", "subscriber)) {
 };
 ...
 
-1.4.2.  www_challenge(realm, flags)
+1.4.2. www_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a WWW-Authorize
    header field containing a digest challenge, it will put the header
@@ -528,7 +529,7 @@ if (www_authenticate("realm", "subscriber)) {
      * realm - Realm is a opaque string that the user agent should present
        to the user so he can decide what username and password to use.
        Usually this is domain of the host the server is running on.
-       It must not be empty string “”. In case of REGISTER requests To
+       It must not be empty string "". In case of REGISTER requests To
        header field domain (e.g., variable $td) can be used (because this
        header field represents the user being registered), for all other
        messages From header field domain can be used (e.g., variable $fd).
@@ -550,7 +551,7 @@ if (!www_authenticate("$td", "subscriber")) {
 }
 ...
 
-1.4.3.  proxy_challenge(realm, flags)
+1.4.3. proxy_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a
    Proxy-Authorize header field containing a digest challenge, it will put
@@ -567,12 +568,31 @@ if (!www_authenticate("$td", "subscriber")) {
 
    Example 16. proxy_challenge usage
 ...
-if (!proxy_authenticate("$fd", "subscriber)) {
+if (!proxy_authenticate("$fd", "subscriber")) {
         proxy_challenge("$fd", "1");
 };
 ...
 
-1.4.4.  pv_www_authenticate(realm, passwd, flags)
+1.4.4. auth_challenge(realm, flags)
+
+   The function challenges a user agent for authentication. It combines
+   the functions www_challenge() and proxy_challenge(), by calling
+   internally the first one for REGISTER requests and the second one for
+   the rest of the request types.
+
+   Meaning of the parameters the same as for function www_challenge(realm,
+   flags)
+
+   This function can be used from REQUEST_ROUTE.
+
+   Example 17. proxy_challenge usage
+...
+if (!auth_check("$fd", "subscriber", "1")) {
+        auth_challenge("$fd", "1");
+};
+...
+
+1.4.5. pv_www_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -596,7 +616,7 @@ if (!proxy_authenticate("$fd", "subscriber)) {
      * realm - Realm is a opaque string that the user agent should present
        to the user so he can decide what username and password to use.
        Usually this is domain of the host the server is running on.
-       It must not be empty string “”. In case of REGISTER requests To
+       It must not be empty string "". In case of REGISTER requests To
        header field domain (e.g., varibale $td) can be used (because this
        header field represents a user being registered), for all other
        messages From header field domain can be used (e.g., varibale $fd).
@@ -616,14 +636,14 @@ if (!proxy_authenticate("$fd", "subscriber)) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 17. pv_www_authenticate usage
+   Example 18. pv_www_authenticate usage
 ...
 if (!pv_www_authenticate("$td", "123abc", "0")) {
         www_challenge("$td", "1");
 };
 ...
 
-1.4.5.  pv_proxy_authenticate(realm, passwd, flags)
+1.4.6. pv_proxy_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -638,7 +658,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 18. pv_proxy_authenticate usage
+   Example 19. pv_proxy_authenticate usage
 ...
 $avp(password)="xyz";
 if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c
index a28c2ba..4dabc10 100644
--- a/modules/auth/auth_mod.c
+++ b/modules/auth/auth_mod.c
@@ -87,6 +87,7 @@ static int fixup_pv_auth(void **param, int param_no);
 
 static int proxy_challenge(struct sip_msg *msg, char* realm, char *flags);
 static int www_challenge(struct sip_msg *msg, char* realm, char *flags);
+static int w_auth_challenge(struct sip_msg *msg, char* realm, char *flags);
 static int fixup_auth_challenge(void **param, int param_no);
 
 
@@ -138,6 +139,8 @@ static cmd_export_t cmds[] = {
 			fixup_auth_challenge, REQUEST_ROUTE},
     {"proxy_challenge",        (cmd_function)proxy_challenge,        2,
 			fixup_auth_challenge, REQUEST_ROUTE},
+    {"auth_challenge",         (cmd_function)w_auth_challenge,       2,
+			fixup_auth_challenge, REQUEST_ROUTE},
     {"pv_www_authorize",       (cmd_function)pv_www_authenticate,    3,
 			fixup_pv_auth, REQUEST_ROUTE},
     {"pv_www_authenticate",    (cmd_function)pv_www_authenticate,    3,
@@ -750,6 +753,47 @@ error:
 }
 
 /**
+ *
+ */
+static int w_auth_challenge(struct sip_msg *msg, char* realm, char *flags)
+{
+	int vflags = 0;
+	str srealm  = {0, 0};
+
+	if((msg->REQ_METHOD == METHOD_ACK) || (msg->REQ_METHOD == METHOD_CANCEL)) {
+		return 1;
+	}
+
+	if(get_str_fparam(&srealm, msg, (fparam_t*)realm) < 0) {
+		LM_ERR("failed to get realm value\n");
+		goto error;
+	}
+
+	if(srealm.len==0) {
+		LM_ERR("invalid realm value - empty content\n");
+		goto error;
+	}
+
+	if(get_int_fparam(&vflags, msg, (fparam_t*)flags) < 0) {
+		LM_ERR("invalid flags value\n");
+		goto error;
+	}
+
+	if(msg->REQ_METHOD==METHOD_REGISTER)
+		return auth_challenge(msg, &srealm, vflags, HDR_AUTHORIZATION_T);
+	else
+		return auth_challenge(msg, &srealm, vflags, HDR_PROXYAUTH_T);
+
+error:
+	if(!(vflags&4)) {
+		if(auth_send_reply(msg, 500, "Internal Server Error", 0, 0) <0 )
+			return -4;
+	}
+	return -1;
+}
+
+
+/**
  * @brief fixup function for {www,proxy}_challenge
  */
 static int fixup_auth_challenge(void **param, int param_no)
diff --git a/modules/auth/doc/functions.xml b/modules/auth/doc/functions.xml
index d328def..f094e44 100644
--- a/modules/auth/doc/functions.xml
+++ b/modules/auth/doc/functions.xml
@@ -126,7 +126,7 @@ if (!www_authenticate("$td", "subscriber")) {
 		<title>proxy_challenge usage</title>
 		<programlisting format="linespecific">
 ...
-if (!proxy_authenticate("$fd", "subscriber)) {
+if (!proxy_authenticate("$fd", "subscriber")) {
 	proxy_challenge("$fd", "1");
 };
 ...
@@ -134,6 +134,33 @@ if (!proxy_authenticate("$fd", "subscriber)) {
 		</example>
 	</section>
 
+	<section id="auth_challenge">
+		<title>
+			<function moreinfo="none">auth_challenge(realm, flags)</function>
+		</title>
+		<para>
+		The function challenges a user agent for authentication. It combines
+		the functions www_challenge() and proxy_challenge(), by calling
+		internally the first one for REGISTER requests and the second one for
+		the rest of the request types.
+		</para>
+		<para>Meaning of the parameters the same as for function
+		www_challenge(realm, flags)</para>
+		<para>
+		This function can be used from REQUEST_ROUTE.
+		</para>
+		<example>
+		<title>proxy_challenge usage</title>
+		<programlisting format="linespecific">
+...
+if (!auth_check("$fd", "subscriber", "1")) {
+	auth_challenge("$fd", "1");
+};
+...
+</programlisting>
+		</example>
+	</section>
+
 	<section id="pv_www_authenticate">
 		<title>
 		<function moreinfo="none">pv_www_authenticate(realm, passwd, flags)</function>

More information about the sr-dev mailing list