From 18ffbf8d3b0fe605f89984c26bf9446a65845c04 Mon Sep 17 00:00:00 2001 From: Nanang Izzuddin Date: Wed, 25 Jul 2012 14:29:28 +0000 Subject: Close #1561: Added new user credentials lookup callback that also passes 'pjsip_rx_data'. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4214 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/include/pjsip/sip_auth.h | 77 ++++++++++++++++++++++++++++++++++++++- pjsip/src/pjsip/sip_auth_server.c | 45 ++++++++++++++++++++--- 2 files changed, 116 insertions(+), 6 deletions(-) (limited to 'pjsip') diff --git a/pjsip/include/pjsip/sip_auth.h b/pjsip/include/pjsip/sip_auth.h index 9b5e2b9d..ce262ef9 100644 --- a/pjsip/include/pjsip/sip_auth.h +++ b/pjsip/include/pjsip/sip_auth.h @@ -275,6 +275,37 @@ typedef pj_status_t pjsip_auth_lookup_cred( pj_pool_t *pool, const pj_str_t *acc_name, pjsip_cred_info *cred_info ); + +/** + * This structure describes input param for credential lookup. + */ +typedef struct pjsip_auth_lookup_cred_param +{ + pj_str_t realm; /**< Realm to find the account. */ + pj_str_t acc_name; /**< Account name to look for. */ + pjsip_rx_data *rdata; /**< Incoming request to be authenticated. */ + +} pjsip_auth_lookup_cred_param; + + +/** + * Type of function to lookup credential for the specified name. + * + * @param pool Pool to initialize the credential info. + * @param param The input param for credential lookup. + * @param cred_info The structure to put the credential when it's found. + * + * @return The function MUST return PJ_SUCCESS when it found + * a correct credential for the specified account and + * realm. Otherwise it may return PJSIP_EAUTHACCNOTFOUND + * or PJSIP_EAUTHACCDISABLED. + */ +typedef pj_status_t pjsip_auth_lookup_cred2( + pj_pool_t *pool, + const pjsip_auth_lookup_cred_param *param, + pjsip_cred_info *cred_info ); + + /** Flag to specify that server is a proxy. */ #define PJSIP_AUTH_SRV_IS_PROXY 1 @@ -286,7 +317,8 @@ typedef struct pjsip_auth_srv pj_str_t realm; /**< Realm to serve. */ pj_bool_t is_proxy; /**< Will issue 407 instead of 401 */ pjsip_auth_lookup_cred *lookup; /**< Lookup function. */ - + pjsip_auth_lookup_cred2 *lookup2; /**< Lookup function with additional + info in its input param. */ } pjsip_auth_srv; @@ -433,6 +465,49 @@ PJ_DECL(pj_status_t) pjsip_auth_srv_init( pj_pool_t *pool, unsigned options ); +/** + * This structure describes initialization settings of server authorization + * session. + */ +typedef struct pjsip_auth_srv_init_param +{ + /** + * Realm to be served by the server. + */ + const pj_str_t *realm; + + /** + * Account lookup function. + */ + pjsip_auth_lookup_cred2 *lookup2; + + /** + * Options, bitmask of: + * - PJSIP_AUTH_SRV_IS_PROXY: to specify that the server will authorize + * clients as a proxy server (instead of as UAS), which means that + * Proxy-Authenticate will be used instead of WWW-Authenticate. + */ + unsigned options; + +} pjsip_auth_srv_init_param; + + +/** + * Initialize server authorization session data structure to serve the + * specified realm and to use lookup_func function to look for the credential + * info. + * + * @param pool Pool used to initialize the authentication server. + * @param auth_srv The authentication server structure. + * @param param The initialization param. + * + * @return PJ_SUCCESS on success. + */ +PJ_DECL(pj_status_t) pjsip_auth_srv_init2( + pj_pool_t *pool, + pjsip_auth_srv *auth_srv, + const pjsip_auth_srv_init_param *param); + /** * Request the authorization server framework to verify the authorization * information in the specified request in rdata. diff --git a/pjsip/src/pjsip/sip_auth_server.c b/pjsip/src/pjsip/sip_auth_server.c index 683a78d9..514d9d5a 100644 --- a/pjsip/src/pjsip/sip_auth_server.c +++ b/pjsip/src/pjsip/sip_auth_server.c @@ -40,6 +40,7 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_init( pj_pool_t *pool, { PJ_ASSERT_RETURN(pool && auth_srv && realm && lookup, PJ_EINVAL); + pj_bzero(auth_srv, sizeof(*auth_srv)); pj_strdup( pool, &auth_srv->realm, realm); auth_srv->lookup = lookup; auth_srv->is_proxy = (options & PJSIP_AUTH_SRV_IS_PROXY); @@ -47,6 +48,26 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_init( pj_pool_t *pool, return PJ_SUCCESS; } +/* + * Initialize server authorization session data structure to serve the + * specified realm and to use lookup_func function to look for the credential + * info. + */ +PJ_DEF(pj_status_t) pjsip_auth_srv_init2( + pj_pool_t *pool, + pjsip_auth_srv *auth_srv, + const pjsip_auth_srv_init_param *param) +{ + PJ_ASSERT_RETURN(pool && auth_srv && param, PJ_EINVAL); + + pj_bzero(auth_srv, sizeof(*auth_srv)); + pj_strdup( pool, &auth_srv->realm, param->realm); + auth_srv->lookup2 = param->lookup2; + auth_srv->is_proxy = (param->options & PJSIP_AUTH_SRV_IS_PROXY); + + return PJ_SUCCESS; +} + /* Verify incoming Authorization/Proxy-Authorization header against the * specified credential. @@ -148,11 +169,25 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_verify( pjsip_auth_srv *auth_srv, } /* Find the credential information for the account. */ - status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm, - &acc_name, &cred_info); - if (status != PJ_SUCCESS) { - *status_code = PJSIP_SC_FORBIDDEN; - return status; + if (auth_srv->lookup2) { + pjsip_auth_lookup_cred_param param; + + pj_bzero(¶m, sizeof(param)); + param.realm = auth_srv->realm; + param.acc_name = acc_name; + param.rdata = rdata; + status = (*auth_srv->lookup2)(rdata->tp_info.pool, ¶m, &cred_info); + if (status != PJ_SUCCESS) { + *status_code = PJSIP_SC_FORBIDDEN; + return status; + } + } else { + status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm, + &acc_name, &cred_info); + if (status != PJ_SUCCESS) { + *status_code = PJSIP_SC_FORBIDDEN; + return status; + } } /* Authenticate with the specified credential. */ -- cgit v1.2.3