10 Mar
2020
10 Mar
'20
2:12 p.m.
Module: kamailio
Branch: master
Commit: e52aada2a9ffa87136bdc5e1fe44273e601c32b8
URL: https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273…
Author: Stefan Mititelu <stefan.mititelu92(a)gmail.com>
Committer: Stefan Mititelu <stefan.mititelu(a)enea.com>
Date: 2020-03-10T13:11:56+02:00
auth_db: add force_generate_avps parameter
In order to fetch user DB attributes even when user authentication
failed. Default behavior unchanged.
---
Modified: src/modules/auth_db/auth_db_mod.c
Modified: src/modules/auth_db/authorize.c
Modified: src/modules/auth_db/authorize.h
Modified: src/modules/auth_db/doc/auth_db_admin.xml
---
Diff:
https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273…
Patch:
https://github.com/kamailio/kamailio/commit/e52aada2a9ffa87136bdc5e1fe44273…
---
diff --git a/src/modules/auth_db/auth_db_mod.c b/src/modules/auth_db/auth_db_mod.c
index faea44f612..ce8baae838 100644
--- a/src/modules/auth_db/auth_db_mod.c
+++ b/src/modules/auth_db/auth_db_mod.c
@@ -82,6 +82,7 @@ static int version_table_check = 1;
int calc_ha1 = 0;
int use_domain = 0; /* Use also domain when looking up in table */
+int force_generate_avps = 0; /* Even when user failed to authenticate */
db1_con_t* auth_db_handle = 0; /* database connection handle */
db_func_t auth_dbf;
@@ -128,6 +129,7 @@ static param_export_t params[] = {
{"use_domain", INT_PARAM, &use_domain },
{"load_credentials", PARAM_STRING, &credentials_list },
{"version_table", INT_PARAM, &version_table_check },
+ {"force_generate_avps", INT_PARAM, &force_generate_avps},
{0, 0, 0}
};
diff --git a/src/modules/auth_db/authorize.c b/src/modules/auth_db/authorize.c
index b45a2d128a..4f8d967454 100644
--- a/src/modules/auth_db/authorize.c
+++ b/src/modules/auth_db/authorize.c
@@ -294,13 +294,21 @@ static int digest_authenticate_hdr(sip_msg_t* msg, str *realm,
goto end;
}
+ /* Even when user failed to authenticate */
+ if (force_generate_avps) {
+ generate_avps(msg, result);
+ }
+
/* Recalculate response, it must be same to authorize successfully */
rauth = auth_api.check_response(&(cred->digest), method, ha1);
if(rauth==AUTHENTICATED) {
ret = AUTH_OK;
switch(auth_api.post_auth(msg, h, ha1)) {
case AUTHENTICATED:
- generate_avps(msg, result);
+ /* Only when user succeded to authenticate */
+ if (!force_generate_avps) {
+ generate_avps(msg, result);
+ }
break;
default:
ret = AUTH_ERROR;
diff --git a/src/modules/auth_db/authorize.h b/src/modules/auth_db/authorize.h
index e3638a25af..fd26f39e75 100644
--- a/src/modules/auth_db/authorize.h
+++ b/src/modules/auth_db/authorize.h
@@ -28,6 +28,8 @@
#include "../../core/parser/msg_parser.h"
#include "api.h"
+extern int force_generate_avps;
+
int auth_db_init(const str* db_url);
int auth_db_bind(const str* db_url);
void auth_db_close(void);
diff --git a/src/modules/auth_db/doc/auth_db_admin.xml
b/src/modules/auth_db/doc/auth_db_admin.xml
index 654c889415..422738e869 100644
--- a/src/modules/auth_db/doc/auth_db_admin.xml
+++ b/src/modules/auth_db/doc/auth_db_admin.xml
@@ -300,6 +300,24 @@ modparam("auth_db", "version_table", 0)
</example>
</section>
+ <section id="auth_db.p.force_generate_avps">
+ <title><varname>force_generate_avps</varname>
(integer)</title>
+ <para>
+ If set to different than 0, the module will fetch user DB attributes even if
authentication failed.
+ </para>
+ <para>
+ Default value is <quote>0</quote> (don't fetch user DB attributes if
authentication failed).
+ </para>
+ <example>
+ <title><varname>force_generate_avps</varname> parameter
usage</title>
+ <programlisting format="linespecific">
+...
+modparam("auth_db", "force_generate_avps", 1)
+...
+ </programlisting>
+ </example>
+ </section>
+
</section>
<section>
1721
days inactive
1721
days old
0 comments
1 participants
participants (1)
-
Stefan Mititelu