[sr-dev] git:master:e52aada2: auth_db: add force_generate_avps parameter

Stefan Mititelu stefan.mititelu at enea.com
Tue Mar 10 12:12:05 CET 2020


Module: kamailio
Branch: master
Commit: e52aada2a9ffa87136bdc5e1fe44273e601c32b8
URL: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e601c32b8

Author: Stefan Mititelu <stefan.mititelu92 at gmail.com>
Committer: Stefan Mititelu <stefan.mititelu at enea.com>
Date: 2020-03-10T13:11:56+02:00

auth_db: add force_generate_avps parameter

In order to fetch user DB attributes even when user authentication
failed. Default behavior unchanged.

---

Modified: src/modules/auth_db/auth_db_mod.c
Modified: src/modules/auth_db/authorize.c
Modified: src/modules/auth_db/authorize.h
Modified: src/modules/auth_db/doc/auth_db_admin.xml

---

Diff:  https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e601c32b8.diff
Patch: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273e601c32b8.patch

---

diff --git a/src/modules/auth_db/auth_db_mod.c b/src/modules/auth_db/auth_db_mod.c
index faea44f612..ce8baae838 100644
--- a/src/modules/auth_db/auth_db_mod.c
+++ b/src/modules/auth_db/auth_db_mod.c
@@ -82,6 +82,7 @@ static int version_table_check = 1;
 
 int calc_ha1                = 0;
 int use_domain              = 0; /* Use also domain when looking up in table */
+int force_generate_avps     = 0; /* Even when user failed to authenticate */
 
 db1_con_t* auth_db_handle    = 0; /* database connection handle */
 db_func_t auth_dbf;
@@ -128,6 +129,7 @@ static param_export_t params[] = {
 	{"use_domain",        INT_PARAM, &use_domain          },
 	{"load_credentials",  PARAM_STRING, &credentials_list    },
 	{"version_table",     INT_PARAM, &version_table_check },
+	{"force_generate_avps", INT_PARAM, &force_generate_avps},
 	{0, 0, 0}
 };
 
diff --git a/src/modules/auth_db/authorize.c b/src/modules/auth_db/authorize.c
index b45a2d128a..4f8d967454 100644
--- a/src/modules/auth_db/authorize.c
+++ b/src/modules/auth_db/authorize.c
@@ -294,13 +294,21 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm,
 		goto end;
 	}
 
+	/* Even when user failed to authenticate */
+	if (force_generate_avps) {
+		generate_avps(msg, result);
+	}
+
 	/* Recalculate response, it must be same to authorize successfully */
 	rauth = auth_api.check_response(&(cred->digest), method, ha1);
 	if(rauth==AUTHENTICATED) {
 		ret = AUTH_OK;
 		switch(auth_api.post_auth(msg, h, ha1)) {
 			case AUTHENTICATED:
-				generate_avps(msg, result);
+				/* Only when user succeded to authenticate */
+				if (!force_generate_avps) {
+					generate_avps(msg, result);
+				}
 				break;
 			default:
 				ret = AUTH_ERROR;
diff --git a/src/modules/auth_db/authorize.h b/src/modules/auth_db/authorize.h
index e3638a25af..fd26f39e75 100644
--- a/src/modules/auth_db/authorize.h
+++ b/src/modules/auth_db/authorize.h
@@ -28,6 +28,8 @@
 #include "../../core/parser/msg_parser.h"
 #include "api.h"
 
+extern int force_generate_avps;
+
 int auth_db_init(const str* db_url);
 int auth_db_bind(const str* db_url);
 void auth_db_close(void);
diff --git a/src/modules/auth_db/doc/auth_db_admin.xml b/src/modules/auth_db/doc/auth_db_admin.xml
index 654c889415..422738e869 100644
--- a/src/modules/auth_db/doc/auth_db_admin.xml
+++ b/src/modules/auth_db/doc/auth_db_admin.xml
@@ -300,6 +300,24 @@ modparam("auth_db", "version_table", 0)
 		</example>
 	</section>
 
+	<section id="auth_db.p.force_generate_avps">
+		<title><varname>force_generate_avps</varname> (integer)</title>
+		<para>
+			If set to different than 0, the module will fetch user DB attributes even if authentication failed.
+		</para>
+		<para>
+			Default value is <quote>0</quote> (don't fetch user DB attributes if authentication failed).
+		</para>
+		<example>
+		<title><varname>force_generate_avps</varname> parameter usage</title>
+		<programlisting format="linespecific">
+...
+modparam("auth_db", "force_generate_avps", 1)
+...
+		</programlisting>
+		</example>
+	</section>
+
 	</section>
 
 	<section>




More information about the sr-dev mailing list