[sr-dev] git:master:d354446a: auth, auth_ephemeral: return code for expired username

Fri Mar 29 10:18:41 CET 2019

Module: kamailio
Branch: master
Commit: d354446ab40b7cf13ec3286c2cda9ccc7edfdf42
URL: https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9ccc7edfdf42

Author: Juha Heinanen <jh at tutpro.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-03-29T10:10:29+01:00

auth,auth_ephemeral: return code for expired username

- added AUTH_USERNAME_EXPIRED auth api return code and used it in auth
  ephemeral authentication, when username is expired

---

Modified: src/modules/auth/api.h
Modified: src/modules/auth_ephemeral/authorize.c

---

Diff:  https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9ccc7edfdf42.diff
Patch: https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9ccc7edfdf42.patch

---

diff --git a/src/modules/auth/api.h b/src/modules/auth/api.h
index 9730b409ed..33d131840a 100644
--- a/src/modules/auth/api.h
+++ b/src/modules/auth/api.h
@@ -39,6 +39,7 @@
  */
 typedef enum auth_cfg_result {
 	AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
+	AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */
 	AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than once */
 	AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
 	AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c
index 745f12d7ab..216332b321 100644
--- a/src/modules/auth_ephemeral/authorize.c
+++ b/src/modules/auth_ephemeral/authorize.c
@@ -203,7 +203,7 @@ int autheph_verify_timestamp(str *_username)
 	if (cur_time > expires)
 	{
 		LM_WARN("username has expired\n");
-		return -1;
+		return AUTH_USERNAME_EXPIRED;
 	}
 
 	return 0;
@@ -255,10 +255,16 @@ static inline int digest_authenticate(struct sip_msg *_m, str *_realm,
 	username = ((auth_body_t *) h->parsed)->digest.username.whole;
 	LM_DBG("username: %.*s\n", username.len, username.s);
 
-	if (autheph_verify_timestamp(&username) < 0)
+	int res = autheph_verify_timestamp(&username);
+	if (res < 0)
 	{
-		LM_ERR("invalid timestamp in username\n");
-		return AUTH_ERROR;
+		if (res == -1)
+		{
+			LM_ERR("invalid timestamp in username\n");
+			return AUTH_ERROR;
+		} else {
+			return AUTH_USERNAME_EXPIRED;
+		}
 	}
 
 	SECRET_LOCK;
@@ -489,10 +495,16 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
 		return AUTH_ERROR;
 	}
 
-	if (autheph_verify_timestamp(susername) < 0)
+	int res = autheph_verify_timestamp(susername);
+	if (res < 0)
 	{
-		LM_ERR("invalid timestamp in username\n");
-		return AUTH_ERROR;
+		if (res == -1)
+		{
+			LM_ERR("invalid timestamp in username\n");
+			return AUTH_ERROR;
+		} else {
+			return AUTH_USERNAME_EXPIRED;
+		}
 	}
 
 	LM_DBG("username: %.*s\n", susername->len, susername->s);


