Browse code

auth,auth_ephemeral: return code for expired username

- added AUTH_USERNAME_EXPIRED auth api return code and used it in auth
ephemeral authentication, when username is expired

Juha Heinanen authored on 27/03/2019 09:10:16 • Daniel-Constantin Mierla committed on 29/03/2019 09:10:29
Showing 2 changed files
... ...
@@ -39,6 +39,7 @@
39 39
  */
40 40
 typedef enum auth_cfg_result {
41 41
 	AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
42
+	AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */
42 43
 	AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than once */
43 44
 	AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
44 45
 	AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
... ...
@@ -203,7 +203,7 @@ int autheph_verify_timestamp(str *_username)
203 203
 	if (cur_time > expires)
204 204
 	{
205 205
 		LM_WARN("username has expired\n");
206
-		return -1;
206
+		return AUTH_USERNAME_EXPIRED;
207 207
 	}
208 208
 
209 209
 	return 0;
... ...
@@ -255,10 +255,16 @@ static inline int digest_authenticate(struct sip_msg *_m, str *_realm,
255 255
 	username = ((auth_body_t *) h->parsed)->digest.username.whole;
256 256
 	LM_DBG("username: %.*s\n", username.len, username.s);
257 257
 
258
-	if (autheph_verify_timestamp(&username) < 0)
258
+	int res = autheph_verify_timestamp(&username);
259
+	if (res < 0)
259 260
 	{
260
-		LM_ERR("invalid timestamp in username\n");
261
-		return AUTH_ERROR;
261
+		if (res == -1)
262
+		{
263
+			LM_ERR("invalid timestamp in username\n");
264
+			return AUTH_ERROR;
265
+		} else {
266
+			return AUTH_USERNAME_EXPIRED;
267
+		}
262 268
 	}
263 269
 
264 270
 	SECRET_LOCK;
... ...
@@ -489,10 +495,16 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword)
489 495
 		return AUTH_ERROR;
490 496
 	}
491 497
 
492
-	if (autheph_verify_timestamp(susername) < 0)
498
+	int res = autheph_verify_timestamp(susername);
499
+	if (res < 0)
493 500
 	{
494
-		LM_ERR("invalid timestamp in username\n");
495
-		return AUTH_ERROR;
501
+		if (res == -1)
502
+		{
503
+			LM_ERR("invalid timestamp in username\n");
504
+			return AUTH_ERROR;
505
+		} else {
506
+			return AUTH_USERNAME_EXPIRED;
507
+		}
496 508
 	}
497 509
 
498 510
 	LM_DBG("username: %.*s\n", susername->len, susername->s);