OpenPKG Specs: opensips/opensips.patch.uac@67e813202d53

     1 Index: modules/uac/auth.c

     2 diff -Nau modules/uac/auth.c.orig modules/uac/auth.c

     3 --- modules/uac/auth.c.orig	2008-08-03 15:53:40.000000000 +0200

     4 +++ modules/uac/auth.c	2009-03-24 21:48:53.478867420 +0100

     5 @@ -143,14 +143,172 @@

     6  	HASHHEX response;

     7  	str *new_hdr;

     9 +	/* pretransact */

    10 +	int nret = 0;

    11 +	pv_value_t pv_val;

    12 +	str *newuri = 0;

    13 +	struct uac_credential *tst = 0;

    14 +	struct hdr_field *tmp_hdr = 0;

    15 +	struct hdr_field *del_hdr = 0;

    16 +

    17 +

    18 +	/* Goes something like this...                          */

    19 +	/* HA1 = echo -n 'username:realm:password' | md5sum     */

    20 +	/*       echo -n 'itsme:mydom.com:stupidpass' | md5sum  */

    21 +	/* HA2 = echo -n 'message:uri' | md5sum                 */

    22 +	/*       echo -n 'INVITE:sip:danc@ing.fool.es' | md5sum */

    23 +	/* Response = echo -n 'HA1:nonce:HA2' | md5sum          */

    24  	/* get transaction */

    25  	t = uac_tmb.t_gett();

    26 -	if (t==T_UNDEFINED || t==T_NULL_CELL)

    27 -	{

    28 -		LM_CRIT("no current transaction found\n");

    29 -		goto error;

    30 -	}

    31 +	if (t==T_UNDEFINED || t==T_NULL_CELL) {

    32 +		/* begin without any transaction */

    33 +		/* set relevant structure variables */

    34 +		crd = 0;

    35 +		crd = pkg_malloc(sizeof(struct uac_credential));

    36 +		if (!crd) {

    37 +			LM_ERR("no more pkg memory\n");

    38 +			goto error;

    39 +		}

    40 +

    41 +		/* set the realm from existing UAC message */

    42 +		tmp_hdr = msg->proxy_auth;

    43 +		del_hdr = 0;

    44 +		while (tmp_hdr) {

    45 +			crd->realm.s = strchr(strstr(tmp_hdr->body.s, "realm="), '"') + 1;

    46 +			crd->realm.len = strchr(crd->realm.s, '"') - crd->realm.s;

    47 +			if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \

    48 +				&& pv_val.rs.len>0) /* ensure realm is the desired one */

    49 +				if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0)

    50 +					del_hdr = tmp_hdr;

    51 +			tmp_hdr = tmp_hdr->sibling;

    52 +		}

    53 +		if (del_hdr)

    54 +			crd->realm = pv_val.rs;	/* success */

    55 +		else

    56 +			nret++;					/* failure */

    57 +

    58 +		/* set username from new AVP proxy values */

    59 +		if(pv_get_spec_value(msg, &auth_username_spec, &pv_val)!=0 \

    60 +			|| pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0)

    61 +			nret++; /* signal failure with nonzero value */

    62 +		else

    63 +			crd->user = pv_val.rs;

    64 +

    65 +		/* set password from new AVP proxy values */

    66 +		if(pv_get_spec_value(msg, &auth_password_spec, &pv_val)!=0 \

    67 +			|| pv_val.flags&PV_VAL_NULL || pv_val.rs.len<=0)

    68 +			nret++; /* signal failure with nonzero value */

    69 +		else

    70 +			crd->passwd = pv_val.rs;

    71 +

    72 +		if (nret) { /* if not found, look into predefined credentials */

    73 +			tst = uac_auth_api._lookup_realm(&crd->realm);

    74 +

    75 +			if (tst==0) { /* found? */

    76 +				LM_DBG("no credential for realm \"%.*s\"\n", \

    77 +					crd->realm.len, crd->realm.s);

    78 +				pkg_free(crd);

    79 +				goto error;

    80 +			}

    81 +

    82 +			crd = tst; /* use predefined credentials */

    83 +			/* set the realm from existing UAC message */

    84 +			tmp_hdr = msg->proxy_auth;

    85 +			del_hdr = 0;

    86 +			while (tmp_hdr) {

    87 +				if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \

    88 +					&& pv_val.rs.len>0) /* ensure realm is the desired one */

    89 +					if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0)

    90 +						del_hdr = tmp_hdr;

    91 +				tmp_hdr = tmp_hdr->sibling;

    92 +			}

    93 +			if (del_hdr == 0) { /* proxy-auth header matching realm not found */

    94 +				LM_DBG("no credential for realm \"%.*s\"\n", \

    95 +					crd->realm.len, crd->realm.s);

    96 +				pkg_free(crd);

    97 +				goto error;

    98 +			}

    99 +		}

   100 +

   101 +		/* set the uri from existing UAC message */

   102 +		newuri = pkg_malloc(sizeof(str));

   103 +		if (!newuri) {

   104 +			LM_ERR("no more pkg memory\n");

   105 +			goto error;

   106 +		}

   107 +		newuri->s = pkg_malloc(msg->new_uri.len);

   108 +		if (!newuri->s) {

   109 +			LM_ERR("no more pkg memory\n");

   110 +			pkg_free(newuri);

   111 +			goto error;

   112 +		}

   113 +		newuri->len = msg->new_uri.len;

   114 +		strncpy(newuri->s, msg->new_uri.s, msg->new_uri.len);

   115 +		if (!newuri->s) {

   116 +			LM_DBG("failed to retrieve URI from UAC message\n");

   117 +			pkg_free(newuri->s);

   118 +			pkg_free(newuri);

   119 +			goto error;

   120 +		}

   121 +

   122 +		/* set the nonce from existing UAC message */

   123 +		tmp_hdr = msg->proxy_auth;

   124 +		auth->nonce.len = 0;

   125 +		auth->nonce.s = 0;

   126 +		while (tmp_hdr) {

   127 +			if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \

   128 +				&& pv_val.rs.len>0) /* ensure realm is the desired one */

   129 +				if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) {

   130 +					auth->nonce.s = strchr(strstr(tmp_hdr->body.s, "nonce="), '"') + 1;

   131 +					auth->nonce.len = strchr(auth->nonce.s, '"') - auth->nonce.s;

   132 +				}

   133 +			tmp_hdr = tmp_hdr->sibling;

   134 +		}

   135 +		if (auth->nonce.s == 0) {

   136 +			LM_DBG("failed to retrieve nonce from UAC message\n");

   137 +			pkg_free(crd);

   138 +			goto error;

   139 +		}

   140 +

   141 +		/* do authentication */

   142 +		uac_auth_api._do_uac_auth(msg, newuri, crd, auth, &auth_nc_cnonce, response);

   143 +		if (response==0) {

   144 +			LM_ERR("failed to calculate challenge response\n");

   145 +			pkg_free(crd);

   146 +			goto error;

   147 +		}

   148 +

   149 +		/* build the authorization header */

   150 +		new_hdr = uac_auth_api._build_authorization_hdr(407, newuri, crd, auth, &auth_nc_cnonce, response);

   151 +		if (new_hdr==0) {

   152 +			LM_ERR("failed to build authorization hdr\n");

   153 +			pkg_free(crd);

   154 +			goto error;

   155 +		}

   156 +

   157 +		/* remove the old proxy-auth header and relink message index    */

   158 +		/* before updating the authorization credentials of the message */

   159 +		if (del_hdr) { /* updated a record and must remove the old one  */

   160 +			if (del_lump(msg, del_hdr->name.s - msg->buf, del_hdr->len, 0)==0) {

   161 +				LM_ERR("can't remove credentials\n");

   162 +				pkg_free(crd);

   163 +				goto error;

   164 +			}

   165 +		}

   166 +

   167 +		/* so far, so good -> add the header and set the proper RURI */

   168 +		if (apply_urihdr_changes(msg, newuri, new_hdr)<0)

   169 +		{

   170 +			LM_ERR("failed to apply changes\n");

   171 +			pkg_free(crd);

   172 +			goto error;

   173 +		}

   174 +

   175 +		pkg_free(crd); /* finished calculating new response string, success */

   176 +		return 0;

   177 +	} /* if (t==T_UNDEFINED || t==T_NULL_CELL) */

   179 +	/* begin with transaction reply */

   180  	/* get the selected branch */

   181  	branch = uac_tmb.t_get_picked();

   182  	if (branch<0) {

   183 Index: modules/uac/uac.c

   184 diff -Nau modules/uac/uac.c.orig modules/uac/uac.c

   185 --- modules/uac/uac.c.orig	2008-08-03 15:53:40.000000000 +0200

   186 +++ modules/uac/uac.c	2009-03-24 21:49:48.922890737 +0100

   187 @@ -117,7 +117,7 @@

   188  			REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE },

   189  	{"uac_auth",          (cmd_function)w_uac_auth,       0,

   190  			0, 0,

   191 -			FAILURE_ROUTE },

   192 +			REQUEST_ROUTE|FAILURE_ROUTE },

   193  	{0,0,0,0,0,0}

   194  };

OpenPKG Specs / file revision