[sr-dev] git:4.1: auth_db: auth_check() to get the auth header from the used api

Daniel-Constantin Mierla miconda at gmail.com
Mon May 26 15:50:24 CEST 2014


Module: sip-router
Branch: 4.1
Commit: 9a697d04e7bb041e1ec6748727a418866dc0ba54
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9a697d04e7bb041e1ec6748727a418866dc0ba54

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Mon May 26 14:47:37 2014 +0200

auth_db: auth_check() to get the auth header from the used api

- this avoids using a different auth header that might be in the request
  before checking usernames in from/to headers against auth user

(cherry picked from commit 4992519eed88d94847d742c52e882082b1b41264)

---

 modules/auth_db/authorize.c |   28 +++++++++++++++++++---------
 1 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/modules/auth_db/authorize.c b/modules/auth_db/authorize.c
index cf97a8f..e2b0f4f 100644
--- a/modules/auth_db/authorize.c
+++ b/modules/auth_db/authorize.c
@@ -223,10 +223,10 @@ static int generate_avps(struct sip_msg* msg, db1_res_t* db_res)
 
 
 /*
- * Authorize digest credentials
+ * Authorize digest credentials and set the pointer to used hdr
  */
-static int digest_authenticate(struct sip_msg* msg, str *realm,
-				str *table, hdr_types_t hftype, str *method)
+static int digest_authenticate_hdr(sip_msg_t* msg, str *realm,
+				str *table, hdr_types_t hftype, str *method, hdr_field_t **ahdr)
 {
 	char ha1[256];
 	int res;
@@ -277,6 +277,7 @@ static int digest_authenticate(struct sip_msg* msg, str *realm,
 	}
 
 	cred = (auth_body_t*)h->parsed;
+	if(ahdr!=NULL) *ahdr = h;
 
 	res = get_ha1(&cred->digest.username, realm, table, ha1, &result);
 	if (res < 0) {
@@ -315,6 +316,15 @@ end:
 	return ret;
 }
 
+/*
+ * Authorize digest credentials
+ */
+static int digest_authenticate(sip_msg_t* msg, str *realm,
+				str *table, hdr_types_t hftype, str *method)
+{
+	return digest_authenticate_hdr(msg, realm, table, hftype, method, NULL);
+}
+
 
 /*
  * Authenticate using Proxy-Authorize header field
@@ -475,15 +485,15 @@ int auth_check(struct sip_msg* _m, char* _realm, char* _table, char *_flags)
 	LM_DBG("realm [%.*s] table [%.*s] flags [%d]\n", srealm.len, srealm.s,
 			stable.len,  stable.s, iflags);
 
+	hdr = NULL;
 	if(_m->REQ_METHOD==METHOD_REGISTER)
-		ret = digest_authenticate(_m, &srealm, &stable, HDR_AUTHORIZATION_T,
-						&_m->first_line.u.request.method);
+		ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_AUTHORIZATION_T,
+						&_m->first_line.u.request.method, &hdr);
 	else
-		ret = digest_authenticate(_m, &srealm, &stable, HDR_PROXYAUTH_T,
-						&_m->first_line.u.request.method);
+		ret = digest_authenticate_hdr(_m, &srealm, &stable, HDR_PROXYAUTH_T,
+						&_m->first_line.u.request.method, &hdr);
 
-	if(ret==AUTH_OK && (iflags&AUTH_CHECK_ID_F)) {
-		hdr = (_m->proxy_auth==0)?_m->authorization:_m->proxy_auth;
+	if(ret==AUTH_OK && hdr!=NULL && (iflags&AUTH_CHECK_ID_F)) {
 		srealm = ((auth_body_t*)(hdr->parsed))->digest.username.user;
 			
 		if((furi=parse_from_uri(_m))==NULL)




More information about the sr-dev mailing list