From 95c18631032c5510d4dc1e6b7aa815256ff3e688 Mon Sep 17 00:00:00 2001 From: Juha Heinanen Date: Wed, 27 Mar 2019 11:10:16 +0200 Subject: [PATCH] - added AUTH_USERNAME_EXPIRED auth api return code and used it in auth ephemeral authentication, when username is expired --- src/modules/auth/api.h | 1 + src/modules/auth_ephemeral/authorize.c | 26 +++++++++++++++++++------- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/src/modules/auth/api.h b/src/modules/auth/api.h index 9730b409edd2..33d131840a36 100644 --- a/src/modules/auth/api.h +++ b/src/modules/auth/api.h @@ -39,6 +39,7 @@ */ typedef enum auth_cfg_result { AUTH_USER_MISMATCH = -8, /*!< Auth user != From/To user */ + AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */ AUTH_NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */ AUTH_NO_CREDENTIALS = -5, /*!< Credentials missing */ AUTH_STALE_NONCE = -4, /*!< Stale nonce */ diff --git a/src/modules/auth_ephemeral/authorize.c b/src/modules/auth_ephemeral/authorize.c index 745f12d7ab24..216332b32117 100644 --- a/src/modules/auth_ephemeral/authorize.c +++ b/src/modules/auth_ephemeral/authorize.c @@ -203,7 +203,7 @@ int autheph_verify_timestamp(str *_username) if (cur_time > expires) { LM_WARN("username has expired\n"); - return -1; + return AUTH_USERNAME_EXPIRED; } return 0; @@ -255,10 +255,16 @@ static inline int digest_authenticate(struct sip_msg *_m, str *_realm, username = ((auth_body_t *) h->parsed)->digest.username.whole; LM_DBG("username: %.*s\n", username.len, username.s); - if (autheph_verify_timestamp(&username) < 0) + int res = autheph_verify_timestamp(&username); + if (res < 0) { - LM_ERR("invalid timestamp in username\n"); - return AUTH_ERROR; + if (res == -1) + { + LM_ERR("invalid timestamp in username\n"); + return AUTH_ERROR; + } else { + return AUTH_USERNAME_EXPIRED; + } } SECRET_LOCK; @@ -489,10 +495,16 @@ int ki_autheph_authenticate(sip_msg_t *_m, str *susername, str *spassword) return AUTH_ERROR; } - if (autheph_verify_timestamp(susername) < 0) + int res = autheph_verify_timestamp(susername); + if (res < 0) { - LM_ERR("invalid timestamp in username\n"); - return AUTH_ERROR; + if (res == -1) + { + LM_ERR("invalid timestamp in username\n"); + return AUTH_ERROR; + } else { + return AUTH_USERNAME_EXPIRED; + } } LM_DBG("username: %.*s\n", susername->len, susername->s);