Module: sip-router Branch: master Commit: 1a0d7653139c04d2ab32fa68c86513faf82d5c17 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1a0d765… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: Wed Oct 3 14:58:44 2012 +0200 auth: new function has_credentials(realm) - returns true if an authorization header matching the realm is found --- modules/auth/README | 52 +++++++++++++++++++++++++-------------- modules/auth/auth_mod.c | 35 +++++++++++++++++++++++++++ modules/auth/doc/functions.xml | 20 ++++++++++++++- 3 files changed, 87 insertions(+), 20 deletions(-) diff --git a/modules/auth/README b/modules/auth/README index 04dbf8a..48febf3 100644 --- a/modules/auth/README +++ b/modules/auth/README @@ -42,12 +42,13 @@ Daniel-Constantin Mierla 1.4. Functions 1.4.1. consume_credentials() - 1.4.2. www_challenge(realm, flags) - 1.4.3. proxy_challenge(realm, flags) - 1.4.4. auth_challenge(realm, flags) - 1.4.5. pv_www_authenticate(realm, passwd, flags) - 1.4.6. pv_proxy_authenticate(realm, passwd, flags) - 1.4.7. auth_get_www_authenticate(realm, flags, pvdst) + 1.4.2. has_credentials(realm) + 1.4.3. www_challenge(realm, flags) + 1.4.4. proxy_challenge(realm, flags) + 1.4.5. auth_challenge(realm, flags) + 1.4.6. pv_www_authenticate(realm, passwd, flags) + 1.4.7. pv_proxy_authenticate(realm, passwd, flags) + 1.4.8. auth_get_www_authenticate(realm, flags, pvdst) 1.1. Overview @@ -526,12 +527,25 @@ modparam("auth", "realm_prefix", "sip.") Example 15. consume_credentials example ... -if (www_authenticate("realm", "subscriber)) { +if (www_authenticate("realm", "subscriber")) { consume_credentials(); }; ... -1.4.2. www_challenge(realm, flags) +1.4.2. has_credentials(realm) + + This function returns true of the request has Autorization or + Proxy-Authorization header with provided realm. The parameter can be + string with pseudo-variables. + + Example 16. consume_credentials example +... +if (has_credentials("myrealm")) { + ... +} +... + +1.4.3. www_challenge(realm, flags) The function challenges a user agent. It will generate a WWW-Authorize header field containing a digest challenge, it will put the header @@ -560,14 +574,14 @@ if (www_authenticate("realm", "subscriber)) { This function can be used from REQUEST_ROUTE. - Example 16. www_challenge usage + Example 17. www_challenge usage ... if (!www_authenticate("$td", "subscriber")) { www_challenge("$td", "1"); } ... -1.4.3. proxy_challenge(realm, flags) +1.4.4. proxy_challenge(realm, flags) The function challenges a user agent. It will generate a Proxy-Authorize header field containing a digest challenge, it will put @@ -582,14 +596,14 @@ if (!www_authenticate("$td", "subscriber")) { This function can be used from REQUEST_ROUTE. - Example 17. proxy_challenge usage + Example 18. proxy_challenge usage ... if (!proxy_authenticate("$fd", "subscriber")) { proxy_challenge("$fd", "1"); }; ... -1.4.4. auth_challenge(realm, flags) +1.4.5. auth_challenge(realm, flags) The function challenges a user agent for authentication. It combines the functions www_challenge() and proxy_challenge(), by calling @@ -601,14 +615,14 @@ if (!proxy_authenticate("$fd", "subscriber")) { This function can be used from REQUEST_ROUTE. - Example 18. proxy_challenge usage + Example 19. proxy_challenge usage ... if (!auth_check("$fd", "subscriber", "1")) { auth_challenge("$fd", "1"); }; ... -1.4.5. pv_www_authenticate(realm, passwd, flags) +1.4.6. pv_www_authenticate(realm, passwd, flags) The function verifies credentials according to RFC2617. If the credentials are verified successfully then the function will succeed @@ -652,14 +666,14 @@ if (!auth_check("$fd", "subscriber", "1")) { This function can be used from REQUEST_ROUTE. - Example 19. pv_www_authenticate usage + Example 20. pv_www_authenticate usage ... if (!pv_www_authenticate("$td", "123abc", "0")) { www_challenge("$td", "1"); }; ... -1.4.6. pv_proxy_authenticate(realm, passwd, flags) +1.4.7. pv_proxy_authenticate(realm, passwd, flags) The function verifies credentials according to RFC2617. If the credentials are verified successfully then the function will succeed @@ -674,7 +688,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) { This function can be used from REQUEST_ROUTE. - Example 20. pv_proxy_authenticate usage + Example 21. pv_proxy_authenticate usage ... $avp(password)="xyz"; if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) { @@ -682,7 +696,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) { }; ... -1.4.7. auth_get_www_authenticate(realm, flags, pvdst) +1.4.8. auth_get_www_authenticate(realm, flags, pvdst) Build WWW-Authentication header and set the resulting value in 'pvdest' parameter. @@ -692,7 +706,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) { This function can be used from ANY_ROUTE. - Example 21. auth_get_www_authenticate + Example 22. auth_get_www_authenticate ... if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) { xlog("www authenticate header is [$var(wauth)]\n"); diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c index 4a03af4..95b59ec 100644 --- a/modules/auth/auth_mod.c +++ b/modules/auth/auth_mod.c @@ -81,6 +81,10 @@ static int mod_init(void); * Remove used credentials from a SIP message header */ int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2); +/* + * Check for credentials with given realm + */ +int w_has_credentials(struct sip_msg* msg, char* s1, char* s2); static int pv_proxy_authenticate(struct sip_msg* msg, char* realm, char *passwd, char *flags); @@ -160,6 +164,8 @@ static cmd_export_t cmds[] = { fixup_pv_auth, REQUEST_ROUTE}, {"auth_get_www_authenticate", (cmd_function)w_auth_get_www_authenticate, 3, fixup_auth_get_www_authenticate, REQUEST_ROUTE}, + {"has_credentials", w_has_credentials, 1, + fixup_spve_null, REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0 }, {0, 0, 0, 0, 0} }; @@ -409,6 +415,35 @@ int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2) } /** + * + */ +int w_has_credentials(sip_msg_t *msg, char* realm, char* s2) +{ + str srealm = {0, 0}; + hdr_field_t *hdr = NULL; + int ret; + + if (fixup_get_svalue(msg, (gparam_t*)realm, &srealm) < 0) { + LM_ERR("failed to get realm value\n"); + return -1; + } + + ret = find_credentials(msg, &srealm, HDR_PROXYAUTH_T, &hdr); + if(ret==0) { + LM_DBG("found www credentials with realm [%.*s]\n", srealm.len, srealm.s); + return 1; + } + ret = find_credentials(msg, &srealm, HDR_AUTHORIZATION_T, &hdr); + if(ret==0) { + LM_DBG("found proxy credentials with realm [%.*s]\n", srealm.len, srealm.s); + return 1; + } + + LM_DBG("no credentials with realm [%.*s]\n", srealm.len, srealm.s); + return -1; +} + +/** * @brief do WWW-Digest authentication with password taken from cfg var */ int pv_authenticate(struct sip_msg *msg, str *realm, str *passwd, diff --git a/modules/auth/doc/functions.xml b/modules/auth/doc/functions.xml index 59c7422..fa6de4e 100644 --- a/modules/auth/doc/functions.xml +++ b/modules/auth/doc/functions.xml @@ -24,13 +24,31 @@ <title>consume_credentials example</title> <programlisting> ... -if (www_authenticate("realm", "subscriber)) { +if (www_authenticate("realm", "subscriber")) { consume_credentials(); }; ... </programlisting> </example> </section> + <section id="has_credentials"> + <title><function>has_credentials(realm)</function></title> + <para> + This function returns true of the request has Autorization or + Proxy-Authorization header with provided realm. The parameter + can be string with pseudo-variables. + </para> + <example> + <title>consume_credentials example</title> + <programlisting> +... +if (has_credentials("myrealm")) { + ... +} +... + </programlisting> + </example> + </section> <section id="www_challenge"> <title> <function moreinfo="none">www_challenge(realm, flags)</function>