comparison: opensips/opensips.patch.uac
opensips/opensips.patch.uac
- changeset 377
- 67e813202d53
- child 382
- b972dc20871f
equal
deleted
inserted
replaced
| -1:000000000000 | 0:d196322f6ffc |
|---|---|
| 1 Index: modules/uac/auth.c | |
| 2 diff -Nau modules/uac/auth.c.orig modules/uac/auth.c | |
| 3 --- modules/uac/auth.c.orig 2008-08-03 15:53:40.000000000 +0200 | |
| 4 +++ modules/uac/auth.c 2009-03-24 21:48:53.478867420 +0100 | |
| 5 @@ -143,14 +143,172 @@ | |
| 6 HASHHEX response; | |
| 7 str *new_hdr; | |
| 8 | |
| 9 + /* pretransact */ | |
| 10 + int nret = 0; | |
| 11 + pv_value_t pv_val; | |
| 12 + str *newuri = 0; | |
| 13 + struct uac_credential *tst = 0; | |
| 14 + struct hdr_field *tmp_hdr = 0; | |
| 15 + struct hdr_field *del_hdr = 0; | |
| 16 + | |
| 17 + | |
| 18 + /* Goes something like this... */ | |
| 19 + /* HA1 = echo -n 'username:realm:password' | md5sum */ | |
| 20 + /* echo -n 'itsme:mydom.com:stupidpass' | md5sum */ | |
| 21 + /* HA2 = echo -n 'message:uri' | md5sum */ | |
| 22 + /* echo -n 'INVITE:sip:danc@ing.fool.es' | md5sum */ | |
| 23 + /* Response = echo -n 'HA1:nonce:HA2' | md5sum */ | |
| 24 /* get transaction */ | |
| 25 t = uac_tmb.t_gett(); | |
| 26 - if (t==T_UNDEFINED || t==T_NULL_CELL) | |
| 27 - { | |
| 28 - LM_CRIT("no current transaction found\n"); | |
| 29 - goto error; | |
| 30 - } | |
| 31 + if (t==T_UNDEFINED || t==T_NULL_CELL) { | |
| 32 + /* begin without any transaction */ | |
| 33 + /* set relevant structure variables */ | |
| 34 + crd = 0; | |
| 35 + crd = pkg_malloc(sizeof(struct uac_credential)); | |
| 36 + if (!crd) { | |
| 37 + LM_ERR("no more pkg memory\n"); | |
| 38 + goto error; | |
| 39 + } | |
| 40 + | |
| 41 + /* set the realm from existing UAC message */ | |
| 42 + tmp_hdr = msg->proxy_auth; | |
| 43 + del_hdr = 0; | |
| 44 + while (tmp_hdr) { | |
| 45 + crd->realm.s = strchr(strstr(tmp_hdr->body.s, "realm="), '"') + 1; | |
| 46 + crd->realm.len = strchr(crd->realm.s, '"') - crd->realm.s; | |
| 47 + if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \ | |
| 48 + && pv_val.rs.len>0) /* ensure realm is the desired one */ | |
| 49 + if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) | |
| 50 + del_hdr = tmp_hdr; | |
| 51 + tmp_hdr = tmp_hdr->sibling; | |
| 52 + } | |
| 53 + if (del_hdr) | |
| 54 + crd->realm = pv_val.rs; /* success */ | |
| 55 + else | |
| 56 + nret++; /* failure */ | |
| 57 + | |
| 58 + /* set username from new AVP proxy values */ | |
| 59 + if(pv_get_spec_value(msg, &auth_username_spec, &pv_val)!=0 \ | |
| 60 + || pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0) | |
| 61 + nret++; /* signal failure with nonzero value */ | |
| 62 + else | |
| 63 + crd->user = pv_val.rs; | |
| 64 + | |
| 65 + /* set password from new AVP proxy values */ | |
| 66 + if(pv_get_spec_value(msg, &auth_password_spec, &pv_val)!=0 \ | |
| 67 + || pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0) | |
| 68 + nret++; /* signal failure with nonzero value */ | |
| 69 + else | |
| 70 + crd->passwd = pv_val.rs; | |
| 71 + | |
| 72 + if (nret) { /* if not found, look into predefined credentials */ | |
| 73 + tst = uac_auth_api._lookup_realm(&crd->realm); | |
| 74 + | |
| 75 + if (tst==0) { /* found? */ | |
| 76 + LM_DBG("no credential for realm \"%.*s\"\n", \ | |
| 77 + crd->realm.len, crd->realm.s); | |
| 78 + pkg_free(crd); | |
| 79 + goto error; | |
| 80 + } | |
| 81 + | |
| 82 + crd = tst; /* use predefined credentials */ | |
| 83 + /* set the realm from existing UAC message */ | |
| 84 + tmp_hdr = msg->proxy_auth; | |
| 85 + del_hdr = 0; | |
| 86 + while (tmp_hdr) { | |
| 87 + if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \ | |
| 88 + && pv_val.rs.len>0) /* ensure realm is the desired one */ | |
| 89 + if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) | |
| 90 + del_hdr = tmp_hdr; | |
| 91 + tmp_hdr = tmp_hdr->sibling; | |
| 92 + } | |
| 93 + if (del_hdr == 0) { /* proxy-auth header matching realm not found */ | |
| 94 + LM_DBG("no credential for realm \"%.*s\"\n", \ | |
| 95 + crd->realm.len, crd->realm.s); | |
| 96 + pkg_free(crd); | |
| 97 + goto error; | |
| 98 + } | |
| 99 + } | |
| 100 + | |
| 101 + /* set the uri from existing UAC message */ | |
| 102 + newuri = pkg_malloc(sizeof(str)); | |
| 103 + if (!newuri) { | |
| 104 + LM_ERR("no more pkg memory\n"); | |
| 105 + goto error; | |
| 106 + } | |
| 107 + newuri->s = pkg_malloc(msg->new_uri.len); | |
| 108 + if (!newuri->s) { | |
| 109 + LM_ERR("no more pkg memory\n"); | |
| 110 + pkg_free(newuri); | |
| 111 + goto error; | |
| 112 + } | |
| 113 + newuri->len = msg->new_uri.len; | |
| 114 + strncpy(newuri->s, msg->new_uri.s, msg->new_uri.len); | |
| 115 + if (!newuri->s) { | |
| 116 + LM_DBG("failed to retrieve URI from UAC message\n"); | |
| 117 + pkg_free(newuri->s); | |
| 118 + pkg_free(newuri); | |
| 119 + goto error; | |
| 120 + } | |
| 121 + | |
| 122 + /* set the nonce from existing UAC message */ | |
| 123 + tmp_hdr = msg->proxy_auth; | |
| 124 + auth->nonce.len = 0; | |
| 125 + auth->nonce.s = 0; | |
| 126 + while (tmp_hdr) { | |
| 127 + if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \ | |
| 128 + && pv_val.rs.len>0) /* ensure realm is the desired one */ | |
| 129 + if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) { | |
| 130 + auth->nonce.s = strchr(strstr(tmp_hdr->body.s, "nonce="), '"') + 1; | |
| 131 + auth->nonce.len = strchr(auth->nonce.s, '"') - auth->nonce.s; | |
| 132 + } | |
| 133 + tmp_hdr = tmp_hdr->sibling; | |
| 134 + } | |
| 135 + if (auth->nonce.s == 0) { | |
| 136 + LM_DBG("failed to retrieve nonce from UAC message\n"); | |
| 137 + pkg_free(crd); | |
| 138 + goto error; | |
| 139 + } | |
| 140 + | |
| 141 + /* do authentication */ | |
| 142 + uac_auth_api._do_uac_auth(msg, newuri, crd, auth, &auth_nc_cnonce, response); | |
| 143 + if (response==0) { | |
| 144 + LM_ERR("failed to calculate challenge response\n"); | |
| 145 + pkg_free(crd); | |
| 146 + goto error; | |
| 147 + } | |
| 148 + | |
| 149 + /* build the authorization header */ | |
| 150 + new_hdr = uac_auth_api._build_authorization_hdr(407, newuri, crd, auth, &auth_nc_cnonce, response); | |
| 151 + if (new_hdr==0) { | |
| 152 + LM_ERR("failed to build authorization hdr\n"); | |
| 153 + pkg_free(crd); | |
| 154 + goto error; | |
| 155 + } | |
| 156 + | |
| 157 + /* remove the old proxy-auth header and relink message index */ | |
| 158 + /* before updating the authorization credentials of the message */ | |
| 159 + if (del_hdr) { /* updated a record and must remove the old one */ | |
| 160 + if (del_lump(msg, del_hdr->name.s - msg->buf, del_hdr->len, 0)==0) { | |
| 161 + LM_ERR("can't remove credentials\n"); | |
| 162 + pkg_free(crd); | |
| 163 + goto error; | |
| 164 + } | |
| 165 + } | |
| 166 + | |
| 167 + /* so far, so good -> add the header and set the proper RURI */ | |
| 168 + if (apply_urihdr_changes(msg, newuri, new_hdr)<0) | |
| 169 + { | |
| 170 + LM_ERR("failed to apply changes\n"); | |
| 171 + pkg_free(crd); | |
| 172 + goto error; | |
| 173 + } | |
| 174 + | |
| 175 + pkg_free(crd); /* finished calculating new response string, success */ | |
| 176 + return 0; | |
| 177 + } /* if (t==T_UNDEFINED || t==T_NULL_CELL) */ | |
| 178 | |
| 179 + /* begin with transaction reply */ | |
| 180 /* get the selected branch */ | |
| 181 branch = uac_tmb.t_get_picked(); | |
| 182 if (branch<0) { | |
| 183 Index: modules/uac/uac.c | |
| 184 diff -Nau modules/uac/uac.c.orig modules/uac/uac.c | |
| 185 --- modules/uac/uac.c.orig 2008-08-03 15:53:40.000000000 +0200 | |
| 186 +++ modules/uac/uac.c 2009-03-24 21:49:48.922890737 +0100 | |
| 187 @@ -117,7 +117,7 @@ | |
| 188 REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE }, | |
| 189 {"uac_auth", (cmd_function)w_uac_auth, 0, | |
| 190 0, 0, | |
| 191 - FAILURE_ROUTE }, | |
| 192 + REQUEST_ROUTE|FAILURE_ROUTE }, | |
| 193 {0,0,0,0,0,0} | |
| 194 }; | |
| 195 |
