[sr-dev] git:master: auth: new function has_credentials(realm)
Daniel-Constantin Mierla
miconda at gmail.com
Wed Oct 3 15:00:09 CEST 2012
Module: sip-router
Branch: master
Commit: 1a0d7653139c04d2ab32fa68c86513faf82d5c17
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1a0d7653139c04d2ab32fa68c86513faf82d5c17
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Wed Oct 3 14:58:44 2012 +0200
auth: new function has_credentials(realm)
- returns true if an authorization header matching the realm is found
---
modules/auth/README | 52 +++++++++++++++++++++++++--------------
modules/auth/auth_mod.c | 35 +++++++++++++++++++++++++++
modules/auth/doc/functions.xml | 20 ++++++++++++++-
3 files changed, 87 insertions(+), 20 deletions(-)
diff --git a/modules/auth/README b/modules/auth/README
index 04dbf8a..48febf3 100644
--- a/modules/auth/README
+++ b/modules/auth/README
@@ -42,12 +42,13 @@ Daniel-Constantin Mierla
1.4. Functions
1.4.1. consume_credentials()
- 1.4.2. www_challenge(realm, flags)
- 1.4.3. proxy_challenge(realm, flags)
- 1.4.4. auth_challenge(realm, flags)
- 1.4.5. pv_www_authenticate(realm, passwd, flags)
- 1.4.6. pv_proxy_authenticate(realm, passwd, flags)
- 1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
+ 1.4.2. has_credentials(realm)
+ 1.4.3. www_challenge(realm, flags)
+ 1.4.4. proxy_challenge(realm, flags)
+ 1.4.5. auth_challenge(realm, flags)
+ 1.4.6. pv_www_authenticate(realm, passwd, flags)
+ 1.4.7. pv_proxy_authenticate(realm, passwd, flags)
+ 1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
1.1. Overview
@@ -526,12 +527,25 @@ modparam("auth", "realm_prefix", "sip.")
Example 15. consume_credentials example
...
-if (www_authenticate("realm", "subscriber)) {
+if (www_authenticate("realm", "subscriber")) {
consume_credentials();
};
...
-1.4.2. www_challenge(realm, flags)
+1.4.2. has_credentials(realm)
+
+ This function returns true of the request has Autorization or
+ Proxy-Authorization header with provided realm. The parameter can be
+ string with pseudo-variables.
+
+ Example 16. consume_credentials example
+...
+if (has_credentials("myrealm")) {
+ ...
+}
+...
+
+1.4.3. www_challenge(realm, flags)
The function challenges a user agent. It will generate a WWW-Authorize
header field containing a digest challenge, it will put the header
@@ -560,14 +574,14 @@ if (www_authenticate("realm", "subscriber)) {
This function can be used from REQUEST_ROUTE.
- Example 16. www_challenge usage
+ Example 17. www_challenge usage
...
if (!www_authenticate("$td", "subscriber")) {
www_challenge("$td", "1");
}
...
-1.4.3. proxy_challenge(realm, flags)
+1.4.4. proxy_challenge(realm, flags)
The function challenges a user agent. It will generate a
Proxy-Authorize header field containing a digest challenge, it will put
@@ -582,14 +596,14 @@ if (!www_authenticate("$td", "subscriber")) {
This function can be used from REQUEST_ROUTE.
- Example 17. proxy_challenge usage
+ Example 18. proxy_challenge usage
...
if (!proxy_authenticate("$fd", "subscriber")) {
proxy_challenge("$fd", "1");
};
...
-1.4.4. auth_challenge(realm, flags)
+1.4.5. auth_challenge(realm, flags)
The function challenges a user agent for authentication. It combines
the functions www_challenge() and proxy_challenge(), by calling
@@ -601,14 +615,14 @@ if (!proxy_authenticate("$fd", "subscriber")) {
This function can be used from REQUEST_ROUTE.
- Example 18. proxy_challenge usage
+ Example 19. proxy_challenge usage
...
if (!auth_check("$fd", "subscriber", "1")) {
auth_challenge("$fd", "1");
};
...
-1.4.5. pv_www_authenticate(realm, passwd, flags)
+1.4.6. pv_www_authenticate(realm, passwd, flags)
The function verifies credentials according to RFC2617. If the
credentials are verified successfully then the function will succeed
@@ -652,14 +666,14 @@ if (!auth_check("$fd", "subscriber", "1")) {
This function can be used from REQUEST_ROUTE.
- Example 19. pv_www_authenticate usage
+ Example 20. pv_www_authenticate usage
...
if (!pv_www_authenticate("$td", "123abc", "0")) {
www_challenge("$td", "1");
};
...
-1.4.6. pv_proxy_authenticate(realm, passwd, flags)
+1.4.7. pv_proxy_authenticate(realm, passwd, flags)
The function verifies credentials according to RFC2617. If the
credentials are verified successfully then the function will succeed
@@ -674,7 +688,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
This function can be used from REQUEST_ROUTE.
- Example 20. pv_proxy_authenticate usage
+ Example 21. pv_proxy_authenticate usage
...
$avp(password)="xyz";
if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
@@ -682,7 +696,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
};
...
-1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
+1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
Build WWW-Authentication header and set the resulting value in 'pvdest'
parameter.
@@ -692,7 +706,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
This function can be used from ANY_ROUTE.
- Example 21. auth_get_www_authenticate
+ Example 22. auth_get_www_authenticate
...
if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
xlog("www authenticate header is [$var(wauth)]\n");
diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c
index 4a03af4..95b59ec 100644
--- a/modules/auth/auth_mod.c
+++ b/modules/auth/auth_mod.c
@@ -81,6 +81,10 @@ static int mod_init(void);
* Remove used credentials from a SIP message header
*/
int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2);
+/*
+ * Check for credentials with given realm
+ */
+int w_has_credentials(struct sip_msg* msg, char* s1, char* s2);
static int pv_proxy_authenticate(struct sip_msg* msg, char* realm,
char *passwd, char *flags);
@@ -160,6 +164,8 @@ static cmd_export_t cmds[] = {
fixup_pv_auth, REQUEST_ROUTE},
{"auth_get_www_authenticate", (cmd_function)w_auth_get_www_authenticate, 3,
fixup_auth_get_www_authenticate, REQUEST_ROUTE},
+ {"has_credentials", w_has_credentials, 1,
+ fixup_spve_null, REQUEST_ROUTE},
{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0 },
{0, 0, 0, 0, 0}
};
@@ -409,6 +415,35 @@ int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2)
}
/**
+ *
+ */
+int w_has_credentials(sip_msg_t *msg, char* realm, char* s2)
+{
+ str srealm = {0, 0};
+ hdr_field_t *hdr = NULL;
+ int ret;
+
+ if (fixup_get_svalue(msg, (gparam_t*)realm, &srealm) < 0) {
+ LM_ERR("failed to get realm value\n");
+ return -1;
+ }
+
+ ret = find_credentials(msg, &srealm, HDR_PROXYAUTH_T, &hdr);
+ if(ret==0) {
+ LM_DBG("found www credentials with realm [%.*s]\n", srealm.len, srealm.s);
+ return 1;
+ }
+ ret = find_credentials(msg, &srealm, HDR_AUTHORIZATION_T, &hdr);
+ if(ret==0) {
+ LM_DBG("found proxy credentials with realm [%.*s]\n", srealm.len, srealm.s);
+ return 1;
+ }
+
+ LM_DBG("no credentials with realm [%.*s]\n", srealm.len, srealm.s);
+ return -1;
+}
+
+/**
* @brief do WWW-Digest authentication with password taken from cfg var
*/
int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd,
diff --git a/modules/auth/doc/functions.xml b/modules/auth/doc/functions.xml
index 59c7422..fa6de4e 100644
--- a/modules/auth/doc/functions.xml
+++ b/modules/auth/doc/functions.xml
@@ -24,13 +24,31 @@
<title>consume_credentials example</title>
<programlisting>
...
-if (www_authenticate("realm", "subscriber)) {
+if (www_authenticate("realm", "subscriber")) {
consume_credentials();
};
...
</programlisting>
</example>
</section>
+ <section id="has_credentials">
+ <title><function>has_credentials(realm)</function></title>
+ <para>
+ This function returns true of the request has Autorization or
+ Proxy-Authorization header with provided realm. The parameter
+ can be string with pseudo-variables.
+ </para>
+ <example>
+ <title>consume_credentials example</title>
+ <programlisting>
+...
+if (has_credentials("myrealm")) {
+ ...
+}
+...
+ </programlisting>
+ </example>
+ </section>
<section id="www_challenge">
<title>
<function moreinfo="none">www_challenge(realm, flags)</function>
More information about the sr-dev
mailing list