auth: allow pre_auth to skip aditional checks

OpenSIPS · Apr 18, 2024 · 5235680 · 5235680
1 parent 4cb787c
commit 5235680
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 6 deletions.
diff --git a/modules/auth/api.c b/modules/auth/api.c
@@ -150,7 +150,7 @@ static inline int find_credentials(struct sip_msg* _m, str* _realm,
  * ACK and CANCEL
  */
 auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
-													struct hdr_field** _h)
+		struct hdr_field** _h, unsigned skip_flags)
 {
 	int ret, ecode;
 	auth_body_t* c;
@@ -197,6 +197,8 @@ auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
 		LM_DBG("credentials with given realm not found\n");
 		return NO_CREDENTIALS;
 	}
+	if (skip_flags & AUTH_SKIP_CRED_CHECK)
+		return DO_AUTHORIZATION;
 
 	/* Pointer to the parsed credentials */
 	c = (auth_body_t*)((*_h)->parsed);
@@ -217,6 +219,9 @@ auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
 		goto ereply;
 	}
 
+	if (skip_flags & AUTH_SKIP_NONCE_CHECK)
+		return DO_AUTHORIZATION;
+
 	struct nonce_params np;
 	if (decr_nonce(ncp, str2const(&dcp->nonce), &np) != 0) {
 		LM_DBG("failed to decrypt nonce (stale/invalid)\n");

diff --git a/modules/auth/api.h b/modules/auth/api.h
@@ -47,6 +47,9 @@ typedef enum auth_result {
 	                    /* Means to continue doing authorization */
 } auth_result_t;
 
+#define AUTH_SKIP_CRED_CHECK	(1<<0)
+#define AUTH_SKIP_NONCE_CHECK	(1<<1)
+
 
 /*
  * Purpose of this function is to find credentials with given realm,
@@ -55,9 +58,9 @@ typedef enum auth_result {
  * ACK and CANCEL
  */
 typedef auth_result_t (*pre_auth_t)(struct sip_msg* _m, str* _realm,
-		hdr_types_t _hftype, struct hdr_field** _h);
+		hdr_types_t _hftype, struct hdr_field** _h, unsigned skip_flags);
 auth_result_t pre_auth(struct sip_msg* _m, str* _realm,
-		hdr_types_t _hftype, struct hdr_field** _h);
+		hdr_types_t _hftype, struct hdr_field** _h, unsigned skip_flags);
 
 
 /*

diff --git a/modules/auth/auth_mod.c b/modules/auth/auth_mod.c
@@ -448,7 +448,7 @@ static inline int pv_authorize(struct sip_msg* msg, str *domain,
 	if (domain->len==0)
 		domain->s = 0;
 
-	ret = pre_auth(msg, domain, hftype, &h);
+	ret = pre_auth(msg, domain, hftype, &h, 0);
 
 	if (ret != DO_AUTHORIZATION)
 		return ret;

diff --git a/modules/auth_aaa/authorize.c b/modules/auth_aaa/authorize.c
@@ -89,7 +89,7 @@ static inline int authorize(struct sip_msg* _msg, str* _realm,
 	domain.s = 0;
     }
 
-    ret = auth_api.pre_auth(_msg, &domain, _hftype, &h);
+    ret = auth_api.pre_auth(_msg, &domain, _hftype, &h, 0);
 
     if (ret != DO_AUTHORIZATION)
 	return ret;

diff --git a/modules/auth_db/authorize.c b/modules/auth_db/authorize.c
@@ -262,7 +262,7 @@ static inline int authorize(struct sip_msg* _m, str *domain,
 	auth_result_t ret;
 	db_res_t* result = NULL;
 
-	ret = auth_api.pre_auth(_m, domain, _hftype, &h);
+	ret = auth_api.pre_auth(_m, domain, _hftype, &h, 0);
 
 	if (ret != DO_AUTHORIZATION)
 		return ret;