1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/opensips/opensips.patch.uac Wed Sep 21 14:04:16 2011 +0200
1.3 @@ -0,0 +1,195 @@
1.4 +Index: modules/uac/auth.c
1.5 +diff -Nau modules/uac/auth.c.orig modules/uac/auth.c
1.6 +--- modules/uac/auth.c.orig 2008-08-03 15:53:40.000000000 +0200
1.7 ++++ modules/uac/auth.c 2009-03-24 21:48:53.478867420 +0100
1.8 +@@ -143,14 +143,172 @@
1.9 + HASHHEX response;
1.10 + str *new_hdr;
1.11 +
1.12 ++ /* pretransact */
1.13 ++ int nret = 0;
1.14 ++ pv_value_t pv_val;
1.15 ++ str *newuri = 0;
1.16 ++ struct uac_credential *tst = 0;
1.17 ++ struct hdr_field *tmp_hdr = 0;
1.18 ++ struct hdr_field *del_hdr = 0;
1.19 ++
1.20 ++
1.21 ++ /* Goes something like this... */
1.22 ++ /* HA1 = echo -n 'username:realm:password' | md5sum */
1.23 ++ /* echo -n 'itsme:mydom.com:stupidpass' | md5sum */
1.24 ++ /* HA2 = echo -n 'message:uri' | md5sum */
1.25 ++ /* echo -n 'INVITE:sip:danc@ing.fool.es' | md5sum */
1.26 ++ /* Response = echo -n 'HA1:nonce:HA2' | md5sum */
1.27 + /* get transaction */
1.28 + t = uac_tmb.t_gett();
1.29 +- if (t==T_UNDEFINED || t==T_NULL_CELL)
1.30 +- {
1.31 +- LM_CRIT("no current transaction found\n");
1.32 +- goto error;
1.33 +- }
1.34 ++ if (t==T_UNDEFINED || t==T_NULL_CELL) {
1.35 ++ /* begin without any transaction */
1.36 ++ /* set relevant structure variables */
1.37 ++ crd = 0;
1.38 ++ crd = pkg_malloc(sizeof(struct uac_credential));
1.39 ++ if (!crd) {
1.40 ++ LM_ERR("no more pkg memory\n");
1.41 ++ goto error;
1.42 ++ }
1.43 ++
1.44 ++ /* set the realm from existing UAC message */
1.45 ++ tmp_hdr = msg->proxy_auth;
1.46 ++ del_hdr = 0;
1.47 ++ while (tmp_hdr) {
1.48 ++ crd->realm.s = strchr(strstr(tmp_hdr->body.s, "realm="), '"') + 1;
1.49 ++ crd->realm.len = strchr(crd->realm.s, '"') - crd->realm.s;
1.50 ++ if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \
1.51 ++ && pv_val.rs.len>0) /* ensure realm is the desired one */
1.52 ++ if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0)
1.53 ++ del_hdr = tmp_hdr;
1.54 ++ tmp_hdr = tmp_hdr->sibling;
1.55 ++ }
1.56 ++ if (del_hdr)
1.57 ++ crd->realm = pv_val.rs; /* success */
1.58 ++ else
1.59 ++ nret++; /* failure */
1.60 ++
1.61 ++ /* set username from new AVP proxy values */
1.62 ++ if(pv_get_spec_value(msg, &auth_username_spec, &pv_val)!=0 \
1.63 ++ || pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0)
1.64 ++ nret++; /* signal failure with nonzero value */
1.65 ++ else
1.66 ++ crd->user = pv_val.rs;
1.67 ++
1.68 ++ /* set password from new AVP proxy values */
1.69 ++ if(pv_get_spec_value(msg, &auth_password_spec, &pv_val)!=0 \
1.70 ++ || pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0)
1.71 ++ nret++; /* signal failure with nonzero value */
1.72 ++ else
1.73 ++ crd->passwd = pv_val.rs;
1.74 ++
1.75 ++ if (nret) { /* if not found, look into predefined credentials */
1.76 ++ tst = uac_auth_api._lookup_realm(&crd->realm);
1.77 ++
1.78 ++ if (tst==0) { /* found? */
1.79 ++ LM_DBG("no credential for realm \"%.*s\"\n", \
1.80 ++ crd->realm.len, crd->realm.s);
1.81 ++ pkg_free(crd);
1.82 ++ goto error;
1.83 ++ }
1.84 ++
1.85 ++ crd = tst; /* use predefined credentials */
1.86 ++ /* set the realm from existing UAC message */
1.87 ++ tmp_hdr = msg->proxy_auth;
1.88 ++ del_hdr = 0;
1.89 ++ while (tmp_hdr) {
1.90 ++ if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \
1.91 ++ && pv_val.rs.len>0) /* ensure realm is the desired one */
1.92 ++ if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0)
1.93 ++ del_hdr = tmp_hdr;
1.94 ++ tmp_hdr = tmp_hdr->sibling;
1.95 ++ }
1.96 ++ if (del_hdr == 0) { /* proxy-auth header matching realm not found */
1.97 ++ LM_DBG("no credential for realm \"%.*s\"\n", \
1.98 ++ crd->realm.len, crd->realm.s);
1.99 ++ pkg_free(crd);
1.100 ++ goto error;
1.101 ++ }
1.102 ++ }
1.103 ++
1.104 ++ /* set the uri from existing UAC message */
1.105 ++ newuri = pkg_malloc(sizeof(str));
1.106 ++ if (!newuri) {
1.107 ++ LM_ERR("no more pkg memory\n");
1.108 ++ goto error;
1.109 ++ }
1.110 ++ newuri->s = pkg_malloc(msg->new_uri.len);
1.111 ++ if (!newuri->s) {
1.112 ++ LM_ERR("no more pkg memory\n");
1.113 ++ pkg_free(newuri);
1.114 ++ goto error;
1.115 ++ }
1.116 ++ newuri->len = msg->new_uri.len;
1.117 ++ strncpy(newuri->s, msg->new_uri.s, msg->new_uri.len);
1.118 ++ if (!newuri->s) {
1.119 ++ LM_DBG("failed to retrieve URI from UAC message\n");
1.120 ++ pkg_free(newuri->s);
1.121 ++ pkg_free(newuri);
1.122 ++ goto error;
1.123 ++ }
1.124 ++
1.125 ++ /* set the nonce from existing UAC message */
1.126 ++ tmp_hdr = msg->proxy_auth;
1.127 ++ auth->nonce.len = 0;
1.128 ++ auth->nonce.s = 0;
1.129 ++ while (tmp_hdr) {
1.130 ++ if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \
1.131 ++ && pv_val.rs.len>0) /* ensure realm is the desired one */
1.132 ++ if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) {
1.133 ++ auth->nonce.s = strchr(strstr(tmp_hdr->body.s, "nonce="), '"') + 1;
1.134 ++ auth->nonce.len = strchr(auth->nonce.s, '"') - auth->nonce.s;
1.135 ++ }
1.136 ++ tmp_hdr = tmp_hdr->sibling;
1.137 ++ }
1.138 ++ if (auth->nonce.s == 0) {
1.139 ++ LM_DBG("failed to retrieve nonce from UAC message\n");
1.140 ++ pkg_free(crd);
1.141 ++ goto error;
1.142 ++ }
1.143 ++
1.144 ++ /* do authentication */
1.145 ++ uac_auth_api._do_uac_auth(msg, newuri, crd, auth, &auth_nc_cnonce, response);
1.146 ++ if (response==0) {
1.147 ++ LM_ERR("failed to calculate challenge response\n");
1.148 ++ pkg_free(crd);
1.149 ++ goto error;
1.150 ++ }
1.151 ++
1.152 ++ /* build the authorization header */
1.153 ++ new_hdr = uac_auth_api._build_authorization_hdr(407, newuri, crd, auth, &auth_nc_cnonce, response);
1.154 ++ if (new_hdr==0) {
1.155 ++ LM_ERR("failed to build authorization hdr\n");
1.156 ++ pkg_free(crd);
1.157 ++ goto error;
1.158 ++ }
1.159 ++
1.160 ++ /* remove the old proxy-auth header and relink message index */
1.161 ++ /* before updating the authorization credentials of the message */
1.162 ++ if (del_hdr) { /* updated a record and must remove the old one */
1.163 ++ if (del_lump(msg, del_hdr->name.s - msg->buf, del_hdr->len, 0)==0) {
1.164 ++ LM_ERR("can't remove credentials\n");
1.165 ++ pkg_free(crd);
1.166 ++ goto error;
1.167 ++ }
1.168 ++ }
1.169 ++
1.170 ++ /* so far, so good -> add the header and set the proper RURI */
1.171 ++ if (apply_urihdr_changes(msg, newuri, new_hdr)<0)
1.172 ++ {
1.173 ++ LM_ERR("failed to apply changes\n");
1.174 ++ pkg_free(crd);
1.175 ++ goto error;
1.176 ++ }
1.177 ++
1.178 ++ pkg_free(crd); /* finished calculating new response string, success */
1.179 ++ return 0;
1.180 ++ } /* if (t==T_UNDEFINED || t==T_NULL_CELL) */
1.181 +
1.182 ++ /* begin with transaction reply */
1.183 + /* get the selected branch */
1.184 + branch = uac_tmb.t_get_picked();
1.185 + if (branch<0) {
1.186 +Index: modules/uac/uac.c
1.187 +diff -Nau modules/uac/uac.c.orig modules/uac/uac.c
1.188 +--- modules/uac/uac.c.orig 2008-08-03 15:53:40.000000000 +0200
1.189 ++++ modules/uac/uac.c 2009-03-24 21:49:48.922890737 +0100
1.190 +@@ -117,7 +117,7 @@
1.191 + REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE },
1.192 + {"uac_auth", (cmd_function)w_uac_auth, 0,
1.193 + 0, 0,
1.194 +- FAILURE_ROUTE },
1.195 ++ REQUEST_ROUTE|FAILURE_ROUTE },
1.196 + {0,0,0,0,0,0}
1.197 + };
1.198 +
