Module: kamailio Branch: master Commit: d354446ab40b7cf13ec3286c2cda9ccc7edfdf42 URL: https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9cc… Author: Juha Heinanen &lt;jh(a)tutpro.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2019-03-29T10:10:29+01:00 auth,auth_ephemeral: return code for expired username - added AUTH_USERNAME_EXPIRED auth api return code and used it in auth ephemeral authentication, when username is expired --- Modified: src/modules/auth/api.h Modified: src/modules/auth_ephemeral/authorize.c --- Diff: https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9cc… Patch: https://github.com/kamailio/kamailio/commit/d354446ab40b7cf13ec3286c2cda9cc… --- diff --git a/src/modules/auth/api.h b/src/modules/auth/api.h index 9730b409ed..33d131840a 100644 --- a/src/modules/auth/api.h +++ b/src/modules/auth/api.h @@ -39,6 +39,7 @@ */ typedef enum auth_cfg_result { AUTH_USER_MISMATCH = -8, /*!< Auth user != From/To user */ + AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */ AUTH_NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */ AUTH_NO_CREDENTIALS = -5, /*!< Credentials missing */ AUTH_STALE_NONCE = -4, /*!< Stale nonce */ diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c index 745f12d7ab..216332b321 100644 --- a/src/modules/auth_ephemeral/authorize.c +++ b/src/modules/auth_ephemeral/authorize.c @@ -203,7 +203,7 @@ int autheph_verify_timestamp(str *_username) if (cur_time > expires) { LM_WARN("username has expired\n"); - return -1; + return AUTH_USERNAME_EXPIRED; } return 0; @@ -255,10 +255,16 @@ static inline int digest_authenticate(struct sip_msg *_m, str *_realm, username = ((auth_body_t *) h->parsed)->digest.username.whole; LM_DBG("username: %.*s\n", username.len, username.s); - if (autheph_verify_timestamp(&username) < 0) + int res = autheph_verify_timestamp(&username); + if (res < 0) { - LM_ERR("invalid timestamp in username\n"); - return AUTH_ERROR; + if (res == -1) + { + LM_ERR("invalid timestamp in username\n"); + return AUTH_ERROR; + } else { + return AUTH_USERNAME_EXPIRED; + } } SECRET_LOCK; @@ -489,10 +495,16 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword) return AUTH_ERROR; } - if (autheph_verify_timestamp(susername) < 0) + int res = autheph_verify_timestamp(susername); + if (res < 0) { - LM_ERR("invalid timestamp in username\n"); - return AUTH_ERROR; + if (res == -1) + { + LM_ERR("invalid timestamp in username\n"); + return AUTH_ERROR; + } else { + return AUTH_USERNAME_EXPIRED; + } } LM_DBG("username: %.*s\n", susername->len, susername->s);