auth: new function auth_challenge()

- combines www_challenge() and proxy_challenge() by calling the first
  for REGISTER and the second for the rest of request types
- it is usefull to simplify the config file for default auth handling

modules/auth/README

@@ -15,7 +15,7 @@ Daniel-Constantin Mierla
    asipto.com
    <[email protected]>
 
-   Copyright © 2002, 2003 FhG FOKUS
+   Copyright © 2002, 2003 FhG FOKUS
      __________________________________________________________________
 
    1.1. Overview
@@ -43,8 +43,9 @@ Daniel-Constantin Mierla
         1.4.1. consume_credentials()
         1.4.2. www_challenge(realm, flags)
         1.4.3. proxy_challenge(realm, flags)
-        1.4.4. pv_www_authenticate(realm, passwd, flags)
-        1.4.5. pv_proxy_authenticate(realm, passwd, flags)
+        1.4.4. auth_challenge(realm, flags)
+        1.4.5. pv_www_authenticate(realm, passwd, flags)
+        1.4.6. pv_proxy_authenticate(realm, passwd, flags)
 
 1.1. Overview
 
@@ -66,7 +67,7 @@ Daniel-Constantin Mierla
 
 1.3. Parameters
 
-1.3.1.  auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
+1.3.1. auth_checks_register, auth_checks_no_dlg, and auth_checks_in_dlg
 (flags)
 
    These three module parameters control which optional integrity checks
@@ -514,7 +515,7 @@ if (www_authenticate("realm", "subscriber)) {
 };
 ...
 
-1.4.2.  www_challenge(realm, flags)
+1.4.2. www_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a WWW-Authorize
    header field containing a digest challenge, it will put the header
@@ -528,7 +529,7 @@ if (www_authenticate("realm", "subscriber)) {
      * realm - Realm is a opaque string that the user agent should present
        to the user so he can decide what username and password to use.
        Usually this is domain of the host the server is running on.
-       It must not be empty string “�. In case of REGISTER requests To
+       It must not be empty string "". In case of REGISTER requests To
        header field domain (e.g., variable $td) can be used (because this
        header field represents the user being registered), for all other
        messages From header field domain can be used (e.g., variable $fd).
@@ -550,7 +551,7 @@ if (!www_authenticate("$td", "subscriber")) {
 }
 ...
 
-1.4.3.  proxy_challenge(realm, flags)
+1.4.3. proxy_challenge(realm, flags)
 
    The function challenges a user agent. It will generate a
    Proxy-Authorize header field containing a digest challenge, it will put
@@ -567,12 +568,31 @@ if (!www_authenticate("$td", "subscriber")) {
 
    Example 16. proxy_challenge usage
 ...
-if (!proxy_authenticate("$fd", "subscriber)) {
+if (!proxy_authenticate("$fd", "subscriber")) {
         proxy_challenge("$fd", "1");
 };
 ...
 
-1.4.4.  pv_www_authenticate(realm, passwd, flags)
+1.4.4. auth_challenge(realm, flags)
+
+   The function challenges a user agent for authentication. It combines
+   the functions www_challenge() and proxy_challenge(), by calling
+   internally the first one for REGISTER requests and the second one for
+   the rest of the request types.
+
+   Meaning of the parameters the same as for function www_challenge(realm,
+   flags)
+
+   This function can be used from REQUEST_ROUTE.
+
+   Example 17. proxy_challenge usage
+...
+if (!auth_check("$fd", "subscriber", "1")) {
+        auth_challenge("$fd", "1");
+};
+...
+
+1.4.5. pv_www_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -596,7 +616,7 @@ if (!proxy_authenticate("$fd", "subscriber)) {
      * realm - Realm is a opaque string that the user agent should present
        to the user so he can decide what username and password to use.
        Usually this is domain of the host the server is running on.
-       It must not be empty string “�. In case of REGISTER requests To
+       It must not be empty string "". In case of REGISTER requests To
        header field domain (e.g., varibale $td) can be used (because this
        header field represents a user being registered), for all other
        messages From header field domain can be used (e.g., varibale $fd).
@@ -616,14 +636,14 @@ if (!proxy_authenticate("$fd", "subscriber)) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 17. pv_www_authenticate usage
+   Example 18. pv_www_authenticate usage
 ...
 if (!pv_www_authenticate("$td", "123abc", "0")) {
         www_challenge("$td", "1");
 };
 ...
 
-1.4.5.  pv_proxy_authenticate(realm, passwd, flags)
+1.4.6. pv_proxy_authenticate(realm, passwd, flags)
 
    The function verifies credentials according to RFC2617. If the
    credentials are verified successfully then the function will succeed
@@ -638,7 +658,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 18. pv_proxy_authenticate usage
+   Example 19. pv_proxy_authenticate usage
 ...
 $avp(password)="xyz";
 if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {

modules/auth/auth_mod.c

@@ -87,6 +87,7 @@ static int fixup_pv_auth(void **param, int param_no);
 
 static int proxy_challenge(struct sip_msg *msg, char* realm, char *flags);
 static int www_challenge(struct sip_msg *msg, char* realm, char *flags);
+static int w_auth_challenge(struct sip_msg *msg, char* realm, char *flags);
 static int fixup_auth_challenge(void **param, int param_no);
 
 
@@ -138,6 +139,8 @@ static cmd_export_t cmds[] = {
 			fixup_auth_challenge, REQUEST_ROUTE},
     {"proxy_challenge",        (cmd_function)proxy_challenge,        2,
 			fixup_auth_challenge, REQUEST_ROUTE},
+    {"auth_challenge",         (cmd_function)w_auth_challenge,       2,
+			fixup_auth_challenge, REQUEST_ROUTE},
     {"pv_www_authorize",       (cmd_function)pv_www_authenticate,    3,
 			fixup_pv_auth, REQUEST_ROUTE},
     {"pv_www_authenticate",    (cmd_function)pv_www_authenticate,    3,
@@ -749,6 +752,47 @@ error:
 	return -1;
 }
 
+/**
+ *
+ */
+static int w_auth_challenge(struct sip_msg *msg, char* realm, char *flags)
+{
+	int vflags = 0;
+	str srealm  = {0, 0};
+
+	if((msg->REQ_METHOD == METHOD_ACK) || (msg->REQ_METHOD == METHOD_CANCEL)) {
+		return 1;
+	}
+
+	if(get_str_fparam(&srealm, msg, (fparam_t*)realm) < 0) {
+		LM_ERR("failed to get realm value\n");
+		goto error;
+	}
+
+	if(srealm.len==0) {
+		LM_ERR("invalid realm value - empty content\n");
+		goto error;
+	}
+
+	if(get_int_fparam(&vflags, msg, (fparam_t*)flags) < 0) {
+		LM_ERR("invalid flags value\n");
+		goto error;
+	}
+
+	if(msg->REQ_METHOD==METHOD_REGISTER)
+		return auth_challenge(msg, &srealm, vflags, HDR_AUTHORIZATION_T);
+	else
+		return auth_challenge(msg, &srealm, vflags, HDR_PROXYAUTH_T);
+
+error:
+	if(!(vflags&4)) {
+		if(auth_send_reply(msg, 500, "Internal Server Error", 0, 0) <0 )
+			return -4;
+	}
+	return -1;
+}
+
+
 /**
  * @brief fixup function for {www,proxy}_challenge
  */

modules/auth/doc/functions.xml

@@ -126,7 +126,7 @@ if (!www_authenticate("$td", "subscriber")) {
 		<title>proxy_challenge usage</title>
 		<programlisting format="linespecific">
 ...
-if (!proxy_authenticate("$fd", "subscriber)) {
+if (!proxy_authenticate("$fd", "subscriber")) {
 	proxy_challenge("$fd", "1");
 };
 ...
@@ -134,6 +134,33 @@ if (!proxy_authenticate("$fd", "subscriber)) {
 		</example>
 	</section>
 
+	<section id="auth_challenge">
+		<title>
+			<function moreinfo="none">auth_challenge(realm, flags)</function>
+		</title>
+		<para>
+		The function challenges a user agent for authentication. It combines
+		the functions www_challenge() and proxy_challenge(), by calling
+		internally the first one for REGISTER requests and the second one for
+		the rest of the request types.
+		</para>
+		<para>Meaning of the parameters the same as for function
+		www_challenge(realm, flags)</para>
+		<para>
+		This function can be used from REQUEST_ROUTE.
+		</para>
+		<example>
+		<title>proxy_challenge usage</title>
+		<programlisting format="linespecific">
+...
+if (!auth_check("$fd", "subscriber", "1")) {
+	auth_challenge("$fd", "1");
+};
+...
+</programlisting>
+		</example>
+	</section>
+
 	<section id="pv_www_authenticate">
 		<title>
 		<function moreinfo="none">pv_www_authenticate(realm, passwd, flags)</function>