[sr-dev] git:master: auth: re-introduced realm_prefix parameter
Daniel-Constantin Mierla
miconda at gmail.com
Thu Jan 5 10:52:27 CET 2012
Module: sip-router
Branch: master
Commit: 00d758fbf7c7db97f15db061b67e0cfb49e28768
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=00d758fbf7c7db97f15db061b67e0cfb49e28768
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Thu Jan 5 10:48:10 2012 +0100
auth: re-introduced realm_prefix parameter
- strip its value from realm, if parameter is set
- reported by Kelvin Chua
---
modules/auth/api.c | 1 +
modules/auth/auth_mod.c | 6 ++++++
modules/auth/challenge.c | 26 ++++++++++++++++++++++++++
modules/auth/challenge.h | 2 ++
4 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/modules/auth/api.c b/modules/auth/api.c
index 14281c9..2ee39a7 100644
--- a/modules/auth/api.c
+++ b/modules/auth/api.c
@@ -76,6 +76,7 @@ auth_result_t pre_auth(struct sip_msg* msg, str* realm, hdr_types_t hftype,
* in the message, parse them and return pointer to
* parsed structure
*/
+ strip_realm(realm);
ret = find_credentials(msg, realm, hftype, hdr);
if (ret < 0) {
LOG(L_ERR, "auth:pre_auth: Error while looking for credentials\n");
diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c
index 4dabc10..8050d81 100644
--- a/modules/auth/auth_mod.c
+++ b/modules/auth/auth_mod.c
@@ -100,6 +100,9 @@ int nonce_expire = 300; /* Nonce lifetime */
int protect_contacts = 0; /* Do not include contacts in nonce by default */
int force_stateless_reply = 0; /* Always send reply statelessly */
+/*! Prefix to strip from realm */
+str auth_realm_prefix = {"", 0};
+
str secret1;
str secret2;
char* sec_rand1 = 0;
@@ -177,6 +180,7 @@ static param_export_t params[] = {
{"otn_in_flight_order", PARAM_INT, &otn_in_flight_k },
{"nid_pool_no", PARAM_INT, &nid_pool_no },
{"force_stateless_reply", PARAM_INT, &force_stateless_reply },
+ {"realm_prefix", PARAM_STRING, &auth_realm_prefix.s },
{0, 0, 0}
};
@@ -244,6 +248,8 @@ static int mod_init(void)
DBG("auth module - initializing\n");
+ auth_realm_prefix.len = strlen(auth_realm_prefix.s);
+
/* bind the SL API */
if (sl_load_api(&slb)!=0) {
LM_ERR("cannot bind to SL API\n");
diff --git a/modules/auth/challenge.c b/modules/auth/challenge.c
index decebf0..8c2ec01 100644
--- a/modules/auth/challenge.c
+++ b/modules/auth/challenge.c
@@ -66,6 +66,31 @@
#define DIGEST_ALGORITHM_LEN (sizeof(DIGEST_ALGORITHM)-1)
+extern str auth_realm_prefix;
+/**
+ * @brief Strip the beginning of a realm string
+ *
+ * Strip the beginning of a realm string, depending on the length of
+ * the realm_prefix.
+ * @param _realm realm string
+ */
+void strip_realm(str* _realm)
+{
+ /* no param defined -- return */
+ if (!auth_realm_prefix.len) return;
+
+ /* prefix longer than realm -- return */
+ if (auth_realm_prefix.len > _realm->len) return;
+
+ /* match ? -- if so, shorten realm -*/
+ if (memcmp(auth_realm_prefix.s, _realm->s, auth_realm_prefix.len) == 0) {
+ _realm->s += auth_realm_prefix.len;
+ _realm->len -= auth_realm_prefix.len;
+ }
+ return;
+}
+
+
/**
* Create and return {WWW,Proxy}-Authenticate header field
* @param nonce nonce value
@@ -98,6 +123,7 @@ int get_challenge_hf(struct sip_msg* msg, int stale, str* realm,
return -1;
}
+ strip_realm(realm);
if (realm) {
DEBUG("build_challenge_hf: realm='%.*s'\n", realm->len, realm->s);
}
diff --git a/modules/auth/challenge.h b/modules/auth/challenge.h
index 92e9b4f..711f6b4 100644
--- a/modules/auth/challenge.h
+++ b/modules/auth/challenge.h
@@ -53,4 +53,6 @@ int build_challenge_hf(struct sip_msg* msg, int stale, str* realm,
int get_challenge_hf(struct sip_msg* msg, int stale, str* realm,
str* nonce, str* algorithm, struct qp* qop, int hftype, str *ahf);
+void strip_realm(str* _realm);
+
#endif /* CHALLENGE_H */
More information about the sr-dev
mailing list