20 Apr
2024
20 Apr
'24
8:57 p.m.
How about this new function that sets the algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c
index 534ad9e20f..4e3a584d22 100644
--- a/src/modules/auth/auth_mod.c
+++ b/src/modules/auth/auth_mod.c
@@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
* Check for credentials with given realm
*/
int w_has_credentials(struct sip_msg *msg, char *s1, char *s2);
+/*
+ * Set authentication algorithm
+ */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate(
struct sip_msg *msg, char *realm, char *passwd, char *flags);
@@ -170,6 +174,8 @@ static cmd_export_t cmds[] = {
REQUEST_ROUTE},
{"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check,
0, REQUEST_ROUTE},
+ {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
+ REQUEST_ROUTE},
{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0}
@@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2)
return -1;
}
return ki_has_credentials(msg, &srealm);
+
+}
+/**
+ *
+ */
+int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2)
+{
+ if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) {
+ LM_ERR("failed to get algorithm value\n");
+ return -1;
+ }
+
+ if (strcmp(auth_algorithm.s, "MD5") == 0) {
+ hash_hex_len = HASHHEXLEN;
+ calc_HA1 = calc_HA1_md5;
+ calc_response = calc_response_md5;
+ }
+ else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
+ hash_hex_len = HASHHEXLEN_SHA256;
+ calc_HA1 = calc_HA1_sha256;
+ calc_response = calc_response_sha256;
+ }
+ else {
+ LM_ERR("Invalid algorithm provided."
+ " Possible values are \"\", \"MD5\" or
\"SHA-256\"\n");
+ return -1;
+ }
+
+ return 1;
}
#ifdef USE_NC
29 Apr
29 Apr
12:10 a.m.
Hello,
it is an acceptable variant, you can go ahead and push the commit and
docs for the new function.
Later over the time, I might look at adding also a parameter option to
the existing functions.
Cheers,
Daniel
On 20.04.24 19:57, Juha Heinanen via sr-users wrote:
How about this new function that sets the algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c
index 534ad9e20f..4e3a584d22 100644
--- a/src/modules/auth/auth_mod.c
+++ b/src/modules/auth/auth_mod.c
@@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
* Check for credentials with given realm
*/
int w_has_credentials(struct sip_msg *msg, char *s1, char *s2);
+/*
+ * Set authentication algorithm
+ */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate(
struct sip_msg *msg, char *realm, char *passwd, char *flags);
@@ -170,6 +174,8 @@ static cmd_export_t cmds[] = {
REQUEST_ROUTE},
{"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check,
0, REQUEST_ROUTE},
+ {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
+ REQUEST_ROUTE},
{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0}
@@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2)
return -1;
}
return ki_has_credentials(msg, &srealm);
+
+}
+/**
+ *
+ */
+int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2)
+{
+ if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) {
+ LM_ERR("failed to get algorithm value\n");
+ return -1;
+ }
+
+ if (strcmp(auth_algorithm.s, "MD5") == 0) {
+ hash_hex_len = HASHHEXLEN;
+ calc_HA1 = calc_HA1_md5;
+ calc_response = calc_response_md5;
+ }
+ else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
+ hash_hex_len = HASHHEXLEN_SHA256;
+ calc_HA1 = calc_HA1_sha256;
+ calc_response = calc_response_sha256;
+ }
+ else {
+ LM_ERR("Invalid algorithm provided."
+ " Possible values are \"\", \"MD5\" or
\"SHA-256\"\n");
+ return -1;
+ }
+
+ return 1;
}
#ifdef USE_NC
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com
14 May
14 May
1:35 p.m.
Hello,
are you still planning to add this patch to the repo?
Cheers,
Daniel
On 28.04.24 23:10, Daniel-Constantin Mierla wrote:
Hello,
it is an acceptable variant, you can go ahead and push the commit and
docs for the new function.
Later over the time, I might look at adding also a parameter option to
the existing functions.
Cheers,
Daniel
On 20.04.24 19:57, Juha Heinanen via sr-users wrote:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
How about this new function that sets the
algorithm?
-- Juha
iff --git a/src/modules/auth/auth_mod.c b/src/modules/auth/auth_mod.c
index 534ad9e20f..4e3a584d22 100644
--- a/src/modules/auth/auth_mod.c
+++ b/src/modules/auth/auth_mod.c
@@ -74,6 +74,10 @@ int w_consume_credentials(struct sip_msg *msg, char *s1, char *s2);
* Check for credentials with given realm
*/
int w_has_credentials(struct sip_msg *msg, char *s1, char *s2);
+/*
+ * Set authentication algorithm
+ */
+int w_auth_algorithm(struct sip_msg *msg, char *alg, char* s2);
static int pv_proxy_authenticate(
struct sip_msg *msg, char *realm, char *passwd, char *flags);
@@ -170,6 +174,8 @@ static cmd_export_t cmds[] = {
REQUEST_ROUTE},
{"pv_auth_check", (cmd_function)w_pv_auth_check, 4, fixup_pv_auth_check,
0, REQUEST_ROUTE},
+ {"auth_algorithm", w_auth_algorithm, 1, fixup_spve_null, 0,
+ REQUEST_ROUTE},
{"bind_auth_s", (cmd_function)bind_auth_s, 0, 0, 0},
{0, 0, 0, 0, 0, 0}
@@ -475,6 +481,35 @@ int w_has_credentials(sip_msg_t *msg, char *realm, char *s2)
return -1;
}
return ki_has_credentials(msg, &srealm);
+
+}
+/**
+ *
+ */
+int w_auth_algorithm(sip_msg_t *msg, char* alg, char* s2)
+{
+ if (fixup_get_svalue(msg, (gparam_t*)alg, &auth_algorithm) < 0) {
+ LM_ERR("failed to get algorithm value\n");
+ return -1;
+ }
+
+ if (strcmp(auth_algorithm.s, "MD5") == 0) {
+ hash_hex_len = HASHHEXLEN;
+ calc_HA1 = calc_HA1_md5;
+ calc_response = calc_response_md5;
+ }
+ else if (strcmp(auth_algorithm.s, "SHA-256") == 0) {
+ hash_hex_len = HASHHEXLEN_SHA256;
+ calc_HA1 = calc_HA1_sha256;
+ calc_response = calc_response_sha256;
+ }
+ else {
+ LM_ERR("Invalid algorithm provided."
+ " Possible values are \"\", \"MD5\" or
\"SHA-256\"\n");
+ return -1;
+ }
+
+ return 1;
}
#ifdef USE_NC
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
Kamailio World Conference, April 18-19, 2024, Berlin -- kamailioworld.com
2:32 p.m.
Hello,
I probably missed that feedback was expected.
I would be interested in this functionality in git master.
Cheers,
Henning
-----Original Message-----
From: Juha Heinanen via sr-users <sr-users(a)lists.kamailio.org>
Sent: Dienstag, 14. Mai 2024 13:01
To: miconda(a)gmail.com
Cc: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>rg>; Juha
Heinanen <jh(a)tutpro.com>
Subject: [SR-Users] Re: dynamic selection of authentication algorithm
Daniel-Constantin Mierla writes:
are you still planning to add this patch to the
repo?
Based on non-existing comments, looks like I'm the only one interested.
So it is not worth to create a PR.
-- Juha
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe
send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
3:07 p.m.
On 14.05.24 13:01, Juha Heinanen wrote:
Daniel-Constantin Mierla writes:
I actually replied on you initial email at that time, saying that is
interesting to add it. My previous email was a follow up of that email.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
are you still planning to add this patch to the
repo?
Based on non-existing comments, looks like I'm the only one interested.
So it is not worth to create a PR.
192
days inactive
216
days old
6 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Henning Westerholt -
Juha Heinanen