[sr-dev] ephemeral auth username expired

Sun, 03 Mar 2019 22:05:28 -0800 

I would suggest the following diff that allows the script to learn that
timestamp in ephemeral auth username has expired.  The script can then
tell it to user via a suitable response.

-- Juha

----------------------------------------------------------------

diff --git a/src/modules/auth/api.h b/src/modules/auth/api.h
index 9730b409e..33d131840 100644
--- a/src/modules/auth/api.h
+++ b/src/modules/auth/api.h
@@ -39,6 +39,7 @@
  */
 typedef enum auth_cfg_result {
        AUTH_USER_MISMATCH = -8,    /*!< Auth user != From/To user */
+       AUTH_USERNAME_EXPIRED = -7, /*!< Ephemeral auth username expired */
        AUTH_NONCE_REUSED = -6,     /*!< Returned if nonce is used more than 
once */
        AUTH_NO_CREDENTIALS = -5,   /*!< Credentials missing */
        AUTH_STALE_NONCE = -4,      /*!< Stale nonce */
diff --git a/src/modules/auth_ephemeral/authorize.c 
b/src/modules/auth_ephemeral/authorize.c
index 745f12d7a..216332b32 100644
--- a/src/modules/auth_ephemeral/authorize.c
+++ b/src/modules/auth_ephemeral/authorize.c
@@ -203,7 +203,7 @@ int autheph_verify_timestamp(str *_username)
        if (cur_time > expires)
        {
                LM_WARN("username has expired\n");
-               return -1;
+               return AUTH_USERNAME_EXPIRED;
        }
 
        return 0;
@@ -255,10 +255,16 @@ static inline int digest_authenticate(struct sip_msg *_m, 
str *_realm,
        username = ((auth_body_t *) h->parsed)->digest.username.whole;
        LM_DBG("username: %.*s\n", username.len, username.s);
 
-       if (autheph_verify_timestamp(&username) < 0)
+       int res = autheph_verify_timestamp(&username);
+       if (res < 0)
        {
-               LM_ERR("invalid timestamp in username\n");
-               return AUTH_ERROR;
+               if (res == -1)
+               {
+                       LM_ERR("invalid timestamp in username\n");
+                       return AUTH_ERROR;
+               } else {
+                       return AUTH_USERNAME_EXPIRED;
+               }
        }
 
        SECRET_LOCK;
@@ -489,10 +495,16 @@ int ki_autheph_authenticate(sip_msg_t *_m, str 
*susername, str *spassword)
                return AUTH_ERROR;
        }
 
-       if (autheph_verify_timestamp(susername) < 0)
+       int res = autheph_verify_timestamp(susername);
+       if (res < 0)
        {
-               LM_ERR("invalid timestamp in username\n");
-               return AUTH_ERROR;
+               if (res == -1)
+               {
+                       LM_ERR("invalid timestamp in username\n");
+                       return AUTH_ERROR;
+               } else {
+                       return AUTH_USERNAME_EXPIRED;
+               }
        }
 
        LM_DBG("username: %.*s\n", susername->len, susername->s);

_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to