Browse code

code cleanup.

Jan Janak authored on 07/03/2003 15:01:33
Showing 1 changed files
... ...
@@ -43,86 +43,73 @@
43 43
 #include "rfc2617.h"
44 44
 
45 45
 
46
-
47 46
 #define MESSAGE_500 "Server Internal Error"
48 47
 
49 48
 
50
-/*
51
- * Get or calculate HA1 string, if calculate_ha1 is set, the function will
52
- * simply fetch the string from the database, otherwise it will fetch plaintext
53
- * password and will calculate the string
54
- */
55
-static inline int get_ha1(str* _user, str* _realm, char* _table, char* _ha1)
49
+static inline int get_ha1(str* _user, str* _domain, str* _realm, char* _table, char* _ha1)
56 50
 {
57 51
 	db_key_t keys[] = {username_column, domain_column};
58 52
 	db_val_t vals[2];
59 53
 	db_key_t col[] = {pass_column};
60 54
 	db_res_t* res;
61
-
62 55
 	str result;
63
-
64 56
 	char* at;
65 57
 
66 58
 	VAL_TYPE(vals) = VAL_TYPE(vals + 1) = DB_STR;
67 59
 	VAL_NULL(vals) = VAL_NULL(vals + 1) = 0;
68 60
 	
69
-	VAL_STR(vals) = *_user;
70
-	VAL_STR(vals + 1) = *_realm;
71
-
72
-	     /*
73
-	      * Some user agents put domain in the username, since we
74
-	      * have only usernames in database, remove domain part
75
-	      * if the server uses HA1 precalculated strings in the
76
-	      * database, then switch over to another column, which
77
-	      * contains HA1 strings calculated also with domain, the
78
-	      * original column contains HA1 strings calculated without
79
-	      * the domain part
80
-	      */
81
-	at = memchr(_user->s, '@', _user->len);
82
-	if (at) {
83
-		DBG("get_ha1(): @ found in username, removing domain part\n");
84
-		VAL_STR(vals).len = at - _user->s;
61
+	VAL_STR(vals).s = _user->s;
62
+	VAL_STR(vals).len = _user->len;
63
+	
64
+	VAL_STR(vals + 1).s = _realm->s;
65
+	VAL_STR(vals + 1).len = _realm->len;
66
+
67
+	     /* If username contains also domain U */
68
+	if (_domain->len) {
69
+		     /* Use that domain instead of realm */
70
+		VAL_STR(vals + 1).s = _domain->s;
71
+		VAL_STR(vals + 1).len = _domain->len;		
72
+		     /*
73
+		      * If we do not calculate HA1 strings on the fly,
74
+		      * we must use another column here, because the original
75
+		      * column contains HA1 hashed without the domain. So we
76
+		      * use another column which contains HA1 string including
77
+		      * also the domain
78
+		      *
79
+		      * This is not necessarry if we calculate HA1 strings on the
80
+		      * fly (i.e. plaintext passwords are stored in the database),
81
+		      * because in this case HA1 will be always calculated correctly
82
+		      * by the server.
83
+		      */
85 84
 		if (!calc_ha1) {
86 85
 			col[0] = pass_column_2;
87 86
 		}
88 87
 	}
89 88
 
90
-	     /* 
91
-	      * Query the database either for HA1 string or plaintext password,
92
-	      * it depends on calculate_ha1 variable value
93
-	      */
94 89
 	db_use_table(db_handle, _table);
95 90
 	if (db_query(db_handle, keys, 0, vals, col, 2, 1, 0, &res) < 0) {
96 91
 		LOG(L_ERR, "get_ha1(): Error while querying database\n");
97 92
 		return -1;
98 93
 	}
99 94
 
100
-	     /*
101
-	      * There is no such username in the database, return 1
102
-	      */
103 95
 	if (RES_ROW_N(res) == 0) {
104
-		DBG("get_ha1(): no result for user \'%.*s\'\n", _user->len, _user->s);
96
+		DBG("get_ha1(): no result for user \'%.*s@%.*s\'\n", 
97
+		    _user->len, _user->s,
98
+		    (_domain->len) ? (_domain->len) : (_realm->len),
99
+		    (_domain->len) ? (_domain->s) : (_realm->s)
100
+		    );
105 101
 		db_free_query(db_handle, res);
106
-		return 1;
102
+		return -1;
107 103
 	}
108 104
 
109 105
         result.s = (char*)ROW_VALUES(RES_ROWS(res))[0].val.string_val;
110 106
 	result.len = strlen(result.s);
111 107
 
112
-	     /*
113
-	      * If calculate_ha1 variable is set to true, calculate HA1 
114
-	      * string on the fly from username, realm and plaintext 
115
-	      * password obtained from the database and return the 
116
-	      * calculated HA1 string
117
-	      *
118
-	      * If calculate_ha1 is not set, we have the HA1 already,
119
-	      * just return it
120
-	      */
121 108
 	if (calc_ha1) {
122 109
 		     /* Only plaintext passwords are stored in database,
123 110
 		      * we have to calculate HA1 */
124 111
 		calc_HA1(HA_MD5, _user, _realm, &result, 0, 0, _ha1);
125
-		DBG("get_ha1(): HA1 string calculated: \'%s\'\n", _ha1);
112
+		DBG("HA1 string calculated: %s\n", _ha1);
126 113
 	} else {
127 114
 		memcpy(_ha1, result.s, result.len);
128 115
 		_ha1[result.len] = '\0';
... ...
@@ -197,7 +184,7 @@ static inline int authorize(struct sip_msg* _m, str* _realm, char* _table, int _
197 184
 
198 185
 	cred = (auth_body_t*)h->parsed;
199 186
 
200
-	res = get_ha1(&cred->digest.username.whole, _realm, _table, ha1);
187
+	res = get_ha1(&cred->digest.username.user, &cred->digest.username.domain, _realm, _table, ha1);
201 188
         if (res < 0) {
202 189
 		     /* Error while accessing the database */
203 190
 		if (sl_reply(_m, (char*)500, MESSAGE_500) == -1) {
... ...
@@ -212,7 +199,11 @@ static inline int authorize(struct sip_msg* _m, str* _realm, char* _table, int _
212 199
 	     /* Recalculate response, it must be same to authorize sucessfully */
213 200
         if (!check_response(&(cred->digest), &_m->first_line.u.request.method, ha1)) {
214 201
 		ret = post_auth_func(_m, h);
215
-		if (ret == AUTHORIZED) return 1;
202
+		switch(ret) {
203
+		case ERROR:          return 0;
204
+		case NOT_AUTHORIZED: return -1;
205
+		case AUTHORIZED:     return 1;
206
+		}
216 207
 	}
217 208
 
218 209
 	return -1;