How about this new function that sets the algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2); * Check for credentials with given realm */ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/* + * Set authentication algorithm + */ +int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE}, + {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0, + REQUEST_ROUTE}, {"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0} @@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm); + +} +/** + * + */ +int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{ + if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) { + LM_ERR("failed to get algorithm value\n"); + return -1; + } + + if (strcmp(auth_algorithm.s, "MD5") == 0) { + hash_hex_len = HASHHEXLEN; + calc_HA1 = calc_HA1_md5; + calc_response = calc_response_md5; + } + else if (strcmp(auth_algorithm.s, "SHA-256") == 0) { + hash_hex_len = HASHHEXLEN_SHA256; + calc_HA1 = calc_HA1_sha256; + calc_response = calc_response_sha256; + } + else { + LM_ERR("Invalid algorithm provided." + " Possible values are "", "MD5" or "SHA-256"\n"); + return -1; + } + + return 1; }
#ifdef USE_NC
Hello,
it is an acceptable variant, you can go ahead and push the commit and docs for the new function.
Later over the time, I might look at adding also a parameter option to the existing functions.
Cheers, Daniel
On 20.04.24 19:57, Juha Heinanen via sr-users wrote:
How about this new function that sets the algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
- Check for credentials with given realm
*/ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/*
- Set authentication algorithm
- */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE},
{"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
REQUEST_ROUTE},{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0}
@@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm);
+} +/**
- */
+int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{
- if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) {
LM_ERR("failed to get algorithm value\n");return -1;- }
- if (strcmp(auth_algorithm.s, "MD5") == 0) {
hash_hex_len = HASHHEXLEN;calc_HA1 = calc_HA1_md5;calc_response = calc_response_md5;- }
- else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
hash_hex_len = HASHHEXLEN_SHA256;calc_HA1 = calc_HA1_sha256;calc_response = calc_response_sha256;- }
- else {
LM_ERR("Invalid algorithm provided."" Possible values are \"\", \"MD5\" or \"SHA-256\"\n");return -1;- }
- return 1;
}
#ifdef USE_NC __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hello,
are you still planning to add this patch to the repo?
Cheers, Daniel
On 28.04.24 23:10, Daniel-Constantin Mierla wrote:
Hello,
it is an acceptable variant, you can go ahead and push the commit and docs for the new function.
Later over the time, I might look at adding also a parameter option to the existing functions.
Cheers, Daniel
On 20.04.24 19:57, Juha Heinanen via sr-users wrote:
How about this new function that sets the algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c index 534ad9e20f..4e3a584d22 100644 --- a/src/modules/auth/auth_mod.c +++ b/src/modules/auth/auth_mod.c @@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
- Check for credentials with given realm
*/ int w_has_credentials(struct sip_msg *msg, char *s1, char *s2); +/*
- Set authentication algorithm
- */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate( struct sip_msg *msg, char *realm, char *passwd, char *flags); @@ -170,6 +174,8 @@ static cmd_export_t cmds[] = { REQUEST_ROUTE}, {"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check, 0, REQUEST_ROUTE},
{"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
REQUEST_ROUTE},{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0}
@@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2) return -1; } return ki_has_credentials(msg, &srealm);
+} +/**
- */
+int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2) +{
- if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) {
LM_ERR("failed to get algorithm value\n");return -1;- }
- if (strcmp(auth_algorithm.s, "MD5") == 0) {
hash_hex_len = HASHHEXLEN;calc_HA1 = calc_HA1_md5;calc_response = calc_response_md5;- }
- else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
hash_hex_len = HASHHEXLEN_SHA256;calc_HA1 = calc_HA1_sha256;calc_response = calc_response_sha256;- }
- else {
LM_ERR("Invalid algorithm provided."" Possible values are \"\", \"MD5\" or \"SHA-256\"\n");return -1;- }
- return 1;
}
#ifdef USE_NC __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com
Hello,
I probably missed that feedback was expected.
I would be interested in this functionality in git master.
Cheers,
Henning
-----Original Message----- From: Juha Heinanen via sr-users sr-users@lists.kamailio.org Sent: Dienstag, 14. Mai 2024 13:01 To: miconda@gmail.com Cc: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org; Juha Heinanen jh@tutpro.com Subject: [SR-Users] Re: dynamic selection of authentication algorithm
Daniel-Constantin Mierla writes:
are you still planning to add this patch to the repo?
Based on non-existing comments, looks like I'm the only one interested. So it is not worth to create a PR.
-- Juha __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
On 14.05.24 13:01, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
are you still planning to add this patch to the repo?
Based on non-existing comments, looks like I'm the only one interested. So it is not worth to create a PR.
I actually replied on you initial email at that time, saying that is interesting to add it. My previous email was a follow up of that email.
Cheers, Daniel
-
Daniel-Constantin Mierla -
Henning Westerholt -
Juha Heinanen