Browse code

auth: new function has_credentials(realm)

- returns true if an authorization header matching the realm is found

Daniel-Constantin Mierla authored on 03/10/2012 12:58:44
Showing 3 changed files
... ...
@@ -42,12 +42,13 @@ Daniel-Constantin Mierla
42 42
    1.4. Functions
43 43
 
44 44
         1.4.1. consume_credentials()
45
-        1.4.2. www_challenge(realm, flags)
46
-        1.4.3. proxy_challenge(realm, flags)
47
-        1.4.4. auth_challenge(realm, flags)
48
-        1.4.5. pv_www_authenticate(realm, passwd, flags)
49
-        1.4.6. pv_proxy_authenticate(realm, passwd, flags)
50
-        1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
45
+        1.4.2. has_credentials(realm)
46
+        1.4.3. www_challenge(realm, flags)
47
+        1.4.4. proxy_challenge(realm, flags)
48
+        1.4.5. auth_challenge(realm, flags)
49
+        1.4.6. pv_www_authenticate(realm, passwd, flags)
50
+        1.4.7. pv_proxy_authenticate(realm, passwd, flags)
51
+        1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
51 52
 
52 53
 1.1. Overview
53 54
 
... ...
@@ -526,12 +527,25 @@ modparam("auth", "realm_prefix", "sip.")
526 527
 
527 528
    Example 15. consume_credentials example
528 529
 ...
529
-if (www_authenticate("realm", "subscriber)) {
530
+if (www_authenticate("realm", "subscriber")) {
530 531
     consume_credentials();
531 532
 };
532 533
 ...
533 534
 
534
-1.4.2. www_challenge(realm, flags)
535
+1.4.2. has_credentials(realm)
536
+
537
+   This function returns true of the request has Autorization or
538
+   Proxy-Authorization header with provided realm. The parameter can be
539
+   string with pseudo-variables.
540
+
541
+   Example 16. consume_credentials example
542
+...
543
+if (has_credentials("myrealm")) {
544
+    ...
545
+}
546
+...
547
+
548
+1.4.3. www_challenge(realm, flags)
535 549
 
536 550
    The function challenges a user agent. It will generate a WWW-Authorize
537 551
    header field containing a digest challenge, it will put the header
... ...
@@ -560,14 +574,14 @@ if (www_authenticate("realm", "subscriber)) {
560 574
 
561 575
    This function can be used from REQUEST_ROUTE.
562 576
 
563
-   Example 16. www_challenge usage
577
+   Example 17. www_challenge usage
564 578
 ...
565 579
 if (!www_authenticate("$td", "subscriber")) {
566 580
         www_challenge("$td", "1");
567 581
 }
568 582
 ...
569 583
 
570
-1.4.3. proxy_challenge(realm, flags)
584
+1.4.4. proxy_challenge(realm, flags)
571 585
 
572 586
    The function challenges a user agent. It will generate a
573 587
    Proxy-Authorize header field containing a digest challenge, it will put
... ...
@@ -582,14 +596,14 @@ if (!www_authenticate("$td", "subscriber")) {
582 596
 
583 597
    This function can be used from REQUEST_ROUTE.
584 598
 
585
-   Example 17. proxy_challenge usage
599
+   Example 18. proxy_challenge usage
586 600
 ...
587 601
 if (!proxy_authenticate("$fd", "subscriber")) {
588 602
         proxy_challenge("$fd", "1");
589 603
 };
590 604
 ...
591 605
 
592
-1.4.4. auth_challenge(realm, flags)
606
+1.4.5. auth_challenge(realm, flags)
593 607
 
594 608
    The function challenges a user agent for authentication. It combines
595 609
    the functions www_challenge() and proxy_challenge(), by calling
... ...
@@ -601,14 +615,14 @@ if (!proxy_authenticate("$fd", "subscriber")) {
601 615
 
602 616
    This function can be used from REQUEST_ROUTE.
603 617
 
604
-   Example 18. proxy_challenge usage
618
+   Example 19. proxy_challenge usage
605 619
 ...
606 620
 if (!auth_check("$fd", "subscriber", "1")) {
607 621
         auth_challenge("$fd", "1");
608 622
 };
609 623
 ...
610 624
 
611
-1.4.5. pv_www_authenticate(realm, passwd, flags)
625
+1.4.6. pv_www_authenticate(realm, passwd, flags)
612 626
 
613 627
    The function verifies credentials according to RFC2617. If the
614 628
    credentials are verified successfully then the function will succeed
... ...
@@ -652,14 +666,14 @@ if (!auth_check("$fd", "subscriber", "1")) {
652 666
 
653 667
    This function can be used from REQUEST_ROUTE.
654 668
 
655
-   Example 19. pv_www_authenticate usage
669
+   Example 20. pv_www_authenticate usage
656 670
 ...
657 671
 if (!pv_www_authenticate("$td", "123abc", "0")) {
658 672
         www_challenge("$td", "1");
659 673
 };
660 674
 ...
661 675
 
662
-1.4.6. pv_proxy_authenticate(realm, passwd, flags)
676
+1.4.7. pv_proxy_authenticate(realm, passwd, flags)
663 677
 
664 678
    The function verifies credentials according to RFC2617. If the
665 679
    credentials are verified successfully then the function will succeed
... ...
@@ -674,7 +688,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
674 688
 
675 689
    This function can be used from REQUEST_ROUTE.
676 690
 
677
-   Example 20. pv_proxy_authenticate usage
691
+   Example 21. pv_proxy_authenticate usage
678 692
 ...
679 693
 $avp(password)="xyz";
680 694
 if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
... ...
@@ -682,7 +696,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
682 696
 };
683 697
 ...
684 698
 
685
-1.4.7. auth_get_www_authenticate(realm, flags, pvdst)
699
+1.4.8. auth_get_www_authenticate(realm, flags, pvdst)
686 700
 
687 701
    Build WWW-Authentication header and set the resulting value in 'pvdest'
688 702
    parameter.
... ...
@@ -692,7 +706,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
692 706
 
693 707
    This function can be used from ANY_ROUTE.
694 708
 
695
-   Example 21. auth_get_www_authenticate
709
+   Example 22. auth_get_www_authenticate
696 710
 ...
697 711
 if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
698 712
         xlog("www authenticate header is [$var(wauth)]\n");
... ...
@@ -81,6 +81,10 @@ static int mod_init(void);
81 81
  * Remove used credentials from a SIP message header
82 82
  */
83 83
 int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2);
84
+/*
85
+ * Check for credentials with given realm
86
+ */
87
+int w_has_credentials(struct sip_msg* msg, char* s1, char* s2);
84 88
 
85 89
 static int pv_proxy_authenticate(struct sip_msg* msg, char* realm,
86 90
 		char *passwd, char *flags);
... ...
@@ -160,6 +164,8 @@ static cmd_export_t cmds[] = {
160 164
 			fixup_pv_auth, REQUEST_ROUTE},
161 165
     {"auth_get_www_authenticate",  (cmd_function)w_auth_get_www_authenticate,  3,
162 166
 			fixup_auth_get_www_authenticate, REQUEST_ROUTE},
167
+    {"has_credentials",        w_has_credentials,                    1,
168
+			fixup_spve_null, REQUEST_ROUTE},
163 169
     {"bind_auth_s",           (cmd_function)bind_auth_s, 0, 0, 0        },
164 170
     {0, 0, 0, 0, 0}
165 171
 };
... ...
@@ -408,6 +414,35 @@ int w_consume_credentials(struct sip_msg* msg, char* s1, char* s2)
408 414
 	return consume_credentials(msg);
409 415
 }
410 416
 
417
+/**
418
+ *
419
+ */
420
+int w_has_credentials(sip_msg_t *msg, char* realm, char* s2)
421
+{
422
+    str srealm  = {0, 0};
423
+	hdr_field_t *hdr = NULL;
424
+	int ret;
425
+
426
+	if (fixup_get_svalue(msg, (gparam_t*)realm, &srealm) < 0) {
427
+		LM_ERR("failed to get realm value\n");
428
+		return -1;
429
+	}
430
+
431
+	ret = find_credentials(msg, &srealm, HDR_PROXYAUTH_T, &hdr);
432
+	if(ret==0) {
433
+		LM_DBG("found www credentials with realm [%.*s]\n", srealm.len, srealm.s);
434
+		return 1;
435
+	}
436
+	ret = find_credentials(msg, &srealm, HDR_AUTHORIZATION_T, &hdr);
437
+	if(ret==0) {
438
+		LM_DBG("found proxy credentials with realm [%.*s]\n", srealm.len, srealm.s);
439
+		return 1;
440
+	}
441
+
442
+	LM_DBG("no credentials with realm [%.*s]\n", srealm.len, srealm.s);
443
+	return -1;
444
+}
445
+
411 446
 /**
412 447
  * @brief do WWW-Digest authentication with password taken from cfg var
413 448
  */
... ...
@@ -24,9 +24,27 @@
24 24
 	    <title>consume_credentials example</title>
25 25
 	    <programlisting>
26 26
 ...
27
-if (www_authenticate("realm", "subscriber)) {
27
+if (www_authenticate("realm", "subscriber")) {
28 28
     consume_credentials();
29 29
 };
30
+...
31
+	    </programlisting>
32
+	</example>
33
+    </section>
34
+    <section id="has_credentials">
35
+	<title><function>has_credentials(realm)</function></title>
36
+	<para>
37
+		This function returns true of the request has Autorization or
38
+		Proxy-Authorization header with provided realm. The parameter
39
+		can be string with pseudo-variables.
40
+	</para>
41
+	<example>
42
+	    <title>consume_credentials example</title>
43
+	    <programlisting>
44
+...
45
+if (has_credentials("myrealm")) {
46
+    ...
47
+}
30 48
 ...
31 49
 	    </programlisting>
32 50
 	</example>