|
|
@@ -43,6 +43,7 @@ Daniel-Constantin Mierla
|
|
|
3.15. force_stateless_reply (boolean)
|
|
|
3.16. realm_prefix (string)
|
|
|
3.17. use_domain (boolean)
|
|
|
+ 3.18. algorithm (string)
|
|
|
|
|
|
4. Functions
|
|
|
|
|
|
@@ -73,15 +74,16 @@ Daniel-Constantin Mierla
|
|
|
1.13. force_stateless_reply example
|
|
|
1.14. realm_prefix parameter example
|
|
|
1.15. force_stateless_reply example
|
|
|
- 1.16. consume_credentials example
|
|
|
+ 1.16. use SHA-256 example
|
|
|
1.17. consume_credentials example
|
|
|
- 1.18. www_challenge usage
|
|
|
- 1.19. proxy_challenge usage
|
|
|
- 1.20. auth_challenge usage
|
|
|
- 1.21. pv_www_authenticate usage
|
|
|
- 1.22. pv_proxy_authenticate usage
|
|
|
- 1.23. pv_auth_check usage
|
|
|
- 1.24. auth_get_www_authenticate
|
|
|
+ 1.18. consume_credentials example
|
|
|
+ 1.19. www_challenge usage
|
|
|
+ 1.20. proxy_challenge usage
|
|
|
+ 1.21. auth_challenge usage
|
|
|
+ 1.22. pv_www_authenticate usage
|
|
|
+ 1.23. pv_proxy_authenticate usage
|
|
|
+ 1.24. pv_auth_check usage
|
|
|
+ 1.25. auth_get_www_authenticate
|
|
|
|
|
|
Chapter 1. Admin Guide
|
|
|
|
|
|
@@ -108,6 +110,7 @@ Chapter 1. Admin Guide
|
|
|
3.15. force_stateless_reply (boolean)
|
|
|
3.16. realm_prefix (string)
|
|
|
3.17. use_domain (boolean)
|
|
|
+ 3.18. algorithm (string)
|
|
|
|
|
|
4. Functions
|
|
|
|
|
|
@@ -158,6 +161,7 @@ Chapter 1. Admin Guide
|
|
|
3.15. force_stateless_reply (boolean)
|
|
|
3.16. realm_prefix (string)
|
|
|
3.17. use_domain (boolean)
|
|
|
+ 3.18. algorithm (string)
|
|
|
|
|
|
3.1. auth_checks_register (flags)
|
|
|
|
|
|
@@ -630,6 +634,24 @@ modparam("auth", "realm_prefix", "sip.")
|
|
|
modparam("auth", "use_domain", 1)
|
|
|
...
|
|
|
|
|
|
+3.18. algorithm (string)
|
|
|
+
|
|
|
+ Configure hash algorithm used for digest authentication. Possible
|
|
|
+ values are "MD5" or "SHA-256". If left empty MD5 is used. If specified,
|
|
|
+ the specified algorithm is used and is also but in the 'algorithm'
|
|
|
+ field of the challenge header.
|
|
|
+
|
|
|
+ Warning: SHA-256 hash values take twice the space of MD5 hash values.
|
|
|
+ So a buffer overflow might occur if this option is used in combination
|
|
|
+ with another auth_* module that does not allocate at least 65 bytes to
|
|
|
+ store hash values. SHA-256 can safely be used with the module auth_db
|
|
|
+ as it allocates 256 bytes to store HA1 values.
|
|
|
+
|
|
|
+ Example 1.16. use SHA-256 example
|
|
|
+...
|
|
|
+modparam("auth", "algorithm", "SHA-256")
|
|
|
+...
|
|
|
+
|
|
|
4. Functions
|
|
|
|
|
|
4.1. consume_credentials()
|
|
|
@@ -652,7 +674,7 @@ modparam("auth", "use_domain", 1)
|
|
|
little bit shorter. The function must be called after www_authorize,
|
|
|
proxy_authorize, www_authenticate or proxy_authenticate.
|
|
|
|
|
|
- Example 1.16. consume_credentials example
|
|
|
+ Example 1.17. consume_credentials example
|
|
|
...
|
|
|
if (www_authenticate("realm", "subscriber")) {
|
|
|
consume_credentials();
|
|
|
@@ -665,7 +687,7 @@ if (www_authenticate("realm", "subscriber")) {
|
|
|
Proxy-Authorization header with provided realm. The parameter can be
|
|
|
string with pseudo-variables.
|
|
|
|
|
|
- Example 1.17. consume_credentials example
|
|
|
+ Example 1.18. consume_credentials example
|
|
|
...
|
|
|
if (has_credentials("myrealm")) {
|
|
|
...
|
|
|
@@ -702,7 +724,7 @@ if (has_credentials("myrealm")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.18. www_challenge usage
|
|
|
+ Example 1.19. www_challenge usage
|
|
|
...
|
|
|
if (!www_authenticate("$td", "subscriber")) {
|
|
|
www_challenge("$td", "1");
|
|
|
@@ -724,7 +746,7 @@ if (!www_authenticate("$td", "subscriber")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.19. proxy_challenge usage
|
|
|
+ Example 1.20. proxy_challenge usage
|
|
|
...
|
|
|
if (!proxy_authenticate("$fd", "subscriber")) {
|
|
|
proxy_challenge("$fd", "1");
|
|
|
@@ -743,7 +765,7 @@ if (!proxy_authenticate("$fd", "subscriber")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.20. auth_challenge usage
|
|
|
+ Example 1.21. auth_challenge usage
|
|
|
...
|
|
|
if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
auth_challenge("$fd", "1");
|
|
|
@@ -795,7 +817,7 @@ if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.21. pv_www_authenticate usage
|
|
|
+ Example 1.22. pv_www_authenticate usage
|
|
|
...
|
|
|
if (!pv_www_authenticate("$td", "123abc", "0")) {
|
|
|
www_challenge("$td", "1");
|
|
|
@@ -817,7 +839,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.22. pv_proxy_authenticate usage
|
|
|
+ Example 1.23. pv_proxy_authenticate usage
|
|
|
...
|
|
|
$avp(password)="xyz";
|
|
|
if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
|
|
|
@@ -848,7 +870,7 @@ if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {
|
|
|
|
|
|
This function can be used from REQUEST_ROUTE.
|
|
|
|
|
|
- Example 1.23. pv_auth_check usage
|
|
|
+ Example 1.24. pv_auth_check usage
|
|
|
...
|
|
|
$avp(password)="xyz";
|
|
|
if (!pv_auth_check("$fd", "$avp(password)", "0", "1")) {
|
|
|
@@ -866,7 +888,7 @@ if (!pv_auth_check("$fd", "$avp(password)", "0", "1")) {
|
|
|
|
|
|
This function can be used from ANY_ROUTE.
|
|
|
|
|
|
- Example 1.24. auth_get_www_authenticate
|
|
|
+ Example 1.25. auth_get_www_authenticate
|
|
|
...
|
|
|
if (auth_get_www_authenticate("$fd", "0", "$var(wauth)")) {
|
|
|
xlog("www authenticate header is [$var(wauth)]\n");
|
Daniel-Constantin Mierla