[sr-dev] git:master: auth: new function has_credentials(realm)

Daniel-Constantin Mierla miconda at gmail.com
Wed Oct 3 15:00:09 CEST 2012


Module: sip-router
Branch: master
Commit: 1a0d7653139c04d2ab32fa68c86513faf82d5c17
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1a0d7653139c04d2ab32fa68c86513faf82d5c17

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Wed Oct  3 14:58:44 2012 +0200

auth: new function has_credentials(realm)

- returns true if an authorization header matching the realm is found

---

 modules/auth/README            |   52 +++++++++++++++++++++++++--------------
 modules/auth/auth_mod.c        |   35 +++++++++++++++++++++++++++
 modules/auth/doc/functions.xml |   20 ++++++++++++++-
 3 files changed, 87 insertions(+), 20 deletions(-)

diff --git a/modules/auth/README b/modules/auth/README
index 04dbf8a..48febf3 100644
--- a/modules/auth/README
+++ b/modules/auth/README
@@ -42,12 +42,13 @@ Daniel-Constantin Mierla
    1.4. Functions
 
         1.4.1. consume_credentials()
-        1.4.2. www_challenge(realm, flags)
-        1.4.3. proxy_challenge(realm, flags)
-        1.4.4. auth_challenge(realm, flags)
-        1.4.5. pv_www_authenticate(realm, passwd, flags)
-        1.4.6. pv_proxy_authenticate(realm, passwd, flags)
-        1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
+        1.4.2. has_credentials(realm)
+        1.4.3. www_challenge(realm, flags)
+        1.4.4. proxy_challenge(realm, flags)
+        1.4.5. auth_challenge(realm, flags)
+        1.4.6. pv_www_authenticate(realm, passwd, flags)
+        1.4.7. pv_proxy_authenticate(realm, passwd, flags)
+        1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
 
 1.1. Overview
 
@@ -526,12 +527,25 @@ modparam("auth", "realm_prefix", "sip.")
 
    Example 15. consume_credentials example
 ...
-if (www_authenticate("realm", "subscriber)) {
+if (www_authenticate("realm", "subscriber")) {
     consume_credentials();
 };
 ...
 
-1.4.2. www_challenge(realm, flags)
+1.4.2. has_credentials(realm)
+
+   This function returns true of the request has Autorization or
+   Proxy-Authorization header with provided realm. The parameter can be
+   string with pseudo-variables.
+
+   Example 16. consume_credentials example
+...
+if (has_credentials("myrealm")) {
+    ...
+}
+...
+
+1.4.3. www_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a WWW-Authorize
    header field containing a digest challenge, it will put the header
@@ -560,14 +574,14 @@ if (www_authenticate("realm", "subscriber)) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 16. www_challenge usage
+   Example 17. www_challenge usage
 ...
 if (!www_authenticate("$td", "subscriber")) {
         www_challenge("$td", "1");
 }
 ...
 
-1.4.3. proxy_challenge(realm, flags)
+1.4.4. proxy_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a
    Proxy-Authorize header field containing a digest challenge, it will put
@@ -582,14 +596,14 @@ if (!www_authenticate("$td", "subscriber")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 17. proxy_challenge usage
+   Example 18. proxy_challenge usage
 ...
 if (!proxy_authenticate("$fd", "subscriber")) {
         proxy_challenge("$fd", "1");
 };
 ...
 
-1.4.4. auth_challenge(realm, flags)
+1.4.5. auth_challenge(realm, flags)
 
    The function challenges a user agent for authentication. It combines
    the functions www_challenge() and proxy_challenge(), by calling
@@ -601,14 +615,14 @@ if (!proxy_authenticate("$fd", "subscriber")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 18. proxy_challenge usage
+   Example 19. proxy_challenge usage
 ...
 if (!auth_check("$fd", "subscriber", "1")) {
         auth_challenge("$fd", "1");
 };
 ...
 
-1.4.5. pv_www_authenticate(realm, passwd, flags)
+1.4.6. pv_www_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -652,14 +666,14 @@ if (!auth_check("$fd", "subscriber", "1")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 19. pv_www_authenticate usage
+   Example 20. pv_www_authenticate usage
 ...
 if (!pv_www_authenticate("$td", "123abc", "0")) {
         www_challenge("$td", "1");
 };
 ...
 
-1.4.6. pv_proxy_authenticate(realm, passwd, flags)
+1.4.7. pv_proxy_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -674,7 +688,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 20. pv_proxy_authenticate usage
+   Example 21. pv_proxy_authenticate usage
 ...
 $avp(password)="xyz";
 if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
@@ -682,7 +696,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
 };
 ...
 
-1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
+1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
 
    Build WWW-Authentication header and set the resulting value in 'pvdest'
    parameter.
@@ -692,7 +706,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
 
    This function can be used from ANY_ROUTE.
 
-   Example 21. auth_get_www_authenticate
+   Example 22. auth_get_www_authenticate
 ...
 if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
         xlog("www authenticate header is [$var(wauth)]\n");
diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c
index 4a03af4..95b59ec 100644
--- a/modules/auth/auth_mod.c
+++ b/modules/auth/auth_mod.c
@@ -81,6 +81,10 @@ static int mod_init(void);
  * Remove used credentials from a SIP message header
  */
 int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2);
+/*
+ * Check for credentials with given realm
+ */
+int w_has_credentials(struct sip_msg* msg, char* s1, char* s2);
 
 static int pv_proxy_authenticate(struct sip_msg* msg, char* realm,
 		char *passwd, char *flags);
@@ -160,6 +164,8 @@ static cmd_export_t cmds[] = {
 			fixup_pv_auth, REQUEST_ROUTE},
     {"auth_get_www_authenticate",  (cmd_function)w_auth_get_www_authenticate,  3,
 			fixup_auth_get_www_authenticate, REQUEST_ROUTE},
+    {"has_credentials",        w_has_credentials,                    1,
+			fixup_spve_null, REQUEST_ROUTE},
     {"bind_auth_s",           (cmd_function)bind_auth_s, 0, 0, 0        },
     {0, 0, 0, 0, 0}
 };
@@ -409,6 +415,35 @@ int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2)
 }
 
 /**
+ *
+ */
+int w_has_credentials(sip_msg_t *msg, char* realm, char* s2)
+{
+    str srealm  = {0, 0};
+	hdr_field_t *hdr = NULL;
+	int ret;
+
+	if (fixup_get_svalue(msg, (gparam_t*)realm, &srealm) < 0) {
+		LM_ERR("failed to get realm value\n");
+		return -1;
+	}
+
+	ret = find_credentials(msg, &srealm, HDR_PROXYAUTH_T, &hdr);
+	if(ret==0) {
+		LM_DBG("found www credentials with realm [%.*s]\n", srealm.len, srealm.s);
+		return 1;
+	}
+	ret = find_credentials(msg, &srealm, HDR_AUTHORIZATION_T, &hdr);
+	if(ret==0) {
+		LM_DBG("found proxy credentials with realm [%.*s]\n", srealm.len, srealm.s);
+		return 1;
+	}
+
+	LM_DBG("no credentials with realm [%.*s]\n", srealm.len, srealm.s);
+	return -1;
+}
+
+/**
  * @brief do WWW-Digest authentication with password taken from cfg var
  */
 int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd,
diff --git a/modules/auth/doc/functions.xml b/modules/auth/doc/functions.xml
index 59c7422..fa6de4e 100644
--- a/modules/auth/doc/functions.xml
+++ b/modules/auth/doc/functions.xml
@@ -24,13 +24,31 @@
 	    <title>consume_credentials example</title>
 	    <programlisting>
 ...
-if (www_authenticate("realm", "subscriber)) {
+if (www_authenticate("realm", "subscriber")) {
     consume_credentials();
 };
 ...
 	    </programlisting>
 	</example>
     </section>
+    <section id="has_credentials">
+	<title><function>has_credentials(realm)</function></title>
+	<para>
+		This function returns true of the request has Autorization or
+		Proxy-Authorization header with provided realm. The parameter
+		can be string with pseudo-variables.
+	</para>
+	<example>
+	    <title>consume_credentials example</title>
+	    <programlisting>
+...
+if (has_credentials("myrealm")) {
+    ...
+}
+...
+	    </programlisting>
+	</example>
+    </section>
 	<section id="www_challenge">
 		<title>
 			<function moreinfo="none">www_challenge(realm, flags)</function>




More information about the sr-dev mailing list