|
|
@@ -15,7 +15,7 @@ Daniel-Constantin Mierla
|
|
|
asipto.com
|
|
|
<[email protected]>
|
|
|
|
|
|
- Copyright © 2002, 2003 FhG FOKUS
|
|
|
+ Copyright © 2002, 2003 FhG FOKUS
|
|
|
__________________________________________________________________
|
|
|
|
|
|
1.1. Overview
|
|
|
@@ -47,7 +47,7 @@ Daniel-Constantin Mierla
|
|
|
1.4.3. www_challenge(realm, flags)
|
|
|
1.4.4. proxy_challenge(realm, flags)
|
|
|
1.4.5. auth_challenge(realm, flags)
|
|
|
- 1.4.6. pv_www_authenticate(realm, passwd, flags)
|
|
|
+ 1.4.6. pv_www_authenticate(realm, passwd, flags [, method])
|
|
|
1.4.7. pv_proxy_authenticate(realm, passwd, flags)
|
|
|
1.4.8. pv_auth_check(realm, passwd, flags, checks)
|
|
|
1.4.9. auth_get_www_authenticate(realm, flags, pvdst)
|
|
|
@@ -72,7 +72,7 @@ Daniel-Constantin Mierla
|
|
|
|
|
|
1.3. Parameters
|
|
|
|
|
|
-1.3.1. auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
|
|
|
+1.3.1. auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
|
|
|
(flags)
|
|
|
|
|
|
These three module parameters control which optional integrity checks
|
|
|
@@ -507,7 +507,7 @@ modparam("auth", "force_stateless_reply", 1)
|
|
|
records (not all SIP clients support SRV lookup), a subdomain of the
|
|
|
master domain can be defined for SIP purposes (like sip.mydomain.net
|
|
|
pointing to same IP address as the SRV record for mydomain.net). By
|
|
|
- ignoring the realm_prefix "sip.", at authentication, sip.mydomain.net
|
|
|
+ ignoring the realm_prefix “sip.�, at authentication, sip.mydomain.net
|
|
|
will be equivalent to mydomain.net .
|
|
|
|
|
|
Default value is empty string.
|
|
|
@@ -557,7 +557,7 @@ if (has_credentials("myrealm")) {
|
|
|
}
|
|
|
...
|
|
|
|
|
|
-1.4.3. www_challenge(realm, flags)
|
|
|
+1.4.3. www_challenge(realm, flags)
|
|
|
|
|
|
The function challenges a user agent. It will generate a WWW-Authorize
|
|
|
header field containing a digest challenge, it will put the header
|
|
|
@@ -571,7 +571,7 @@ if (has_credentials("myrealm")) {
|
|
|
* realm - Realm is a opaque string that the user agent should present
|
|
|
to the user so he can decide what username and password to use.
|
|
|
Usually this is domain of the host the server is running on.
|
|
|
- It must not be empty string "". In case of REGISTER requests To
|
|
|
+ It must not be empty string “�. In case of REGISTER requests To
|
|
|
header field domain (e.g., variable $td) can be used (because this
|
|
|
header field represents the user being registered), for all other
|
|
|
messages From header field domain can be used (e.g., variable $fd).
|
|
|
@@ -593,7 +593,7 @@ if (!www_authenticate("$td", "subscriber")) {
|
|
|
}
|
|
|
...
|
|
|
|
|
|
-1.4.4. proxy_challenge(realm, flags)
|
|
|
+1.4.4. proxy_challenge(realm, flags)
|
|
|
|
|
|
The function challenges a user agent. It will generate a
|
|
|
Proxy-Authorize header field containing a digest challenge, it will put
|
|
|
@@ -615,7 +615,7 @@ if (!proxy_authenticate("$fd", "subscriber")) {
|
|
|
};
|
|
|
...
|
|
|
|
|
|
-1.4.5. auth_challenge(realm, flags)
|
|
|
+1.4.5. auth_challenge(realm, flags)
|
|
|
|
|
|
The function challenges a user agent for authentication. It combines
|
|
|
the functions www_challenge() and proxy_challenge(), by calling
|
|
|
@@ -634,7 +634,7 @@ if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
};
|
|
|
...
|
|
|
|
|
|
-1.4.6. pv_www_authenticate(realm, passwd, flags)
|
|
|
+1.4.6. pv_www_authenticate(realm, passwd, flags [, method])
|
|
|
|
|
|
The function verifies credentials according to RFC2617. If the
|
|
|
credentials are verified successfully then the function will succeed
|
|
|
@@ -658,7 +658,7 @@ if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
* realm - Realm is a opaque string that the user agent should present
|
|
|
to the user so he can decide what username and password to use.
|
|
|
Usually this is domain of the host the server is running on.
|
|
|
- It must not be empty string "". In case of REGISTER requests To
|
|
|
+ It must not be empty string “�. In case of REGISTER requests To
|
|
|
header field domain (e.g., varibale $td) can be used (because this
|
|
|
header field represents a user being registered), for all other
|
|
|
messages From header field domain can be used (e.g., varibale $fd).
|
|
|
@@ -671,6 +671,8 @@ if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
+ 4 - build challenge header with qop=auth and add it to avp
|
|
|
+ 8 - build challenge header with qop=auth-int and add it to avp
|
|
|
+ 16 - build challenge header with stale=true
|
|
|
+ * method - the method to be used for authentication. This parameter
|
|
|
+ is optional and if not set is the first "word" on the request-line.
|
|
|
|
|
|
When challenge header is built and stored in avp, append_to_reply() and
|
|
|
sl reply functions can be used to send appropriate SIP reply to
|
|
|
@@ -685,7 +687,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
|
|
|
};
|
|
|
...
|
|
|
|
|
|
-1.4.7. pv_proxy_authenticate(realm, passwd, flags)
|
|
|
+1.4.7. pv_proxy_authenticate(realm, passwd, flags)
|
|
|
|
|
|
The function verifies credentials according to RFC2617. If the
|
|
|
credentials are verified successfully then the function will succeed
|
|
|
@@ -708,7 +710,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
|
|
|
};
|
|
|
...
|
|
|
|
|
|
-1.4.8. pv_auth_check(realm, passwd, flags, checks)
|
|
|
+1.4.8. pv_auth_check(realm, passwd, flags, checks)
|
|
|
|
|
|
The function combines the functionalities of pv_www_authenticate and
|
|
|
pv_proxy_authenticate, first being exectuted if the SIP request is a
|
|
|
@@ -733,7 +735,7 @@ if (!pv_auth_check("$fd", "$avp(password)", "0", "1")) {
|
|
|
};
|
|
|
...
|
|
|
|
|
|
-1.4.9. auth_get_www_authenticate(realm, flags, pvdst)
|
|
|
+1.4.9. auth_get_www_authenticate(realm, flags, pvdst)
|
|
|
|
|
|
Build WWW-Authentication header and set the resulting value in 'pvdest'
|
|
|
parameter.
|
Peter Dunkley