Beispiel #1
0
int uac_auth( struct sip_msg *msg)
{
	static struct authenticate_body auth;
	struct uac_credential *crd;
	int picked_code, picked_br, b;
	struct sip_msg *rpl;
	struct cell *t;
	struct hdr_field *hdr;
	HASHHEX response;
	str *new_hdr;

	/* get transaction */
	t = uac_tmb.t_gett();
	if (t==T_UNDEFINED || t==T_NULL_CELL)
	{
		LOG(LOG_CRIT,"BUG:uac:uac_auth: no current transaction found\n");
		goto error;
	}

	/* pick the selected reply */
	picked_br = -1;
	picked_code = 999;
	for ( b=t->first_branch; b<t->nr_of_outgoings ; b++ )
	{
		/* skip 'empty branches' */
		if (!t->uac[b].request.buffer)
			continue;
		/* there is still an unfinished UAC transaction? */
		if ( t->uac[b].last_received<200 )
		{
			LOG(L_CRIT,"BUG:uac:uac_auth: incomplet transaction in failure "
				"route\n");
			goto error;
		}
		if ( t->uac[b].last_received<picked_code )
		{
			picked_br = b;
			picked_code = t->uac[b].last_received;
		}
	}
	if (picked_br<0)
	{
		LOG(L_CRIT,"BUG:uac:uac_auth: empty transaction in failure "
			"route\n");
		goto error;
	}

	rpl = t->uac[picked_br].reply;
	DBG("DEBUG:uac:uac_auth: picked reply is %p, code %d\n",rpl,picked_code);

	if (rpl==0)
	{
		LOG(L_CRIT,"BUG:uac:uac_auth: empty reply on picked branch\n");
		goto error;
	}
	if (rpl==FAKED_REPLY)
	{
		LOG(L_ERR,"ERROR:uac:uac_auth: cannot process a FAKED reply\n");
		goto error;
	}

	hdr = get_autenticate_hdr( rpl, picked_code);
	if (hdr==0)
	{
		LOG( L_ERR,"ERROR:uac:uac_auth: failed to extract authenticate hdr\n");
		goto error;
	}

	DBG("DEBUG:uac:uac_auth: header found; body=<%.*s>\n",
		hdr->body.len, hdr->body.s);

	if (parse_authenticate_body( &hdr->body, &auth)<0)
	{
		LOG(L_ERR,"ERROR:uac:uac_auth: failed to parse auth hdr body\n");
		goto error;
	}

	/* can we authenticate this realm? */
	crd = lookup_realm( &auth.realm );
	if (crd==0)
	{
		LOG(L_ERR,"ERROR:uac:uac_auth: no credential for realm \"%.*s\"\n",
			auth.realm.len, auth.realm.s);
		goto error;
	}

	/* do authentication */
	do_uac_auth( msg, &t->uac[picked_br].uri, crd, &auth, response);

	/* build the authorization header */
	new_hdr = build_authorization_hdr( picked_code, &t->uac[picked_br].uri,
		crd, &auth, response);
	if (new_hdr==0)
	{
		LOG(L_ERR,"ERROR:uac:uac_auth: failed to build authorization hdr\n");
		goto error;
	}

	/* so far, so good -> add the header and set the proper RURI */
	if ( apply_urihdr_changes( msg, &t->uac[picked_br].uri, new_hdr)<0 )
	{
		LOG(L_ERR,"ERROR:uac:uac_auth: failed to apply changes\n");
		goto error;
	}

	/* increas the Cseq nr */


	return 0;
error:
	return -1;
}
Beispiel #2
0
int uac_auth( struct sip_msg *msg)
{
	struct authenticate_body *auth = NULL;
	static struct authenticate_nc_cnonce auth_nc_cnonce;
	struct uac_credential *crd;
	int code, branch;
	unsigned int new_cseq;
	struct sip_msg *rpl;
	struct cell *t;
	HASHHEX response;
	str *new_hdr;
	str param;
	char *p;
	struct dlg_cell *dlg;

	/* get transaction */
	t = uac_tmb.t_gett();
	if (t==T_UNDEFINED || t==T_NULL_CELL)
	{
		LM_CRIT("no current transaction found\n");
		goto error;
	}

	/* get the selected branch */
	branch = uac_tmb.t_get_picked();
	if (branch<0) {
		LM_CRIT("no picked branch (%d)\n",branch);
		goto error;
	}

	rpl = t->uac[branch].reply;
	code = t->uac[branch].last_received;
	LM_DBG("picked reply is %p, code %d\n",rpl,code);

	if (rpl==0)
	{
		LM_CRIT("empty reply on picked branch\n");
		goto error;
	}
	if (rpl==FAKED_REPLY)
	{
		LM_ERR("cannot process a FAKED reply\n");
		goto error;
	}

	if (code==WWW_AUTH_CODE) {
		if (0 == parse_www_authenticate_header(rpl))
			auth = get_www_authenticate(rpl);
	} else if (code==PROXY_AUTH_CODE) {
		if (0 == parse_proxy_authenticate_header(rpl))
			auth = get_proxy_authenticate(rpl);
	}

	if (auth == NULL) {
		LM_ERR("Unable to extract authentication info\n");
		goto error;
	}

	/* can we authenticate this realm? */
	/* look into existing credentials */
	crd = uac_auth_api._lookup_realm( &auth->realm );
	/* found? */
	if (crd==0)
	{
		LM_DBG("no credential for realm \"%.*s\"\n",
			auth->realm.len, auth->realm.s);
		goto error;
	}

	/* do authentication */
	uac_auth_api._do_uac_auth( &msg->first_line.u.request.method,
			&t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response);

	/* build the authorization header */
	new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri,
		crd, auth, &auth_nc_cnonce, response);
	if (new_hdr==0)
	{
		LM_ERR("failed to build authorization hdr\n");
		goto error;
	}

	/* so far, so good -> add the header and set the proper RURI */
	if (apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0)
	{
		LM_ERR("failed to apply changes\n");
		pkg_free(new_hdr->s);
		new_hdr->s = NULL; new_hdr->len = 0;
		goto error;
	}

	if ( (new_cseq = apply_cseq_op(msg,1)) < 0) {
		LM_WARN("Failure to increment the CSEQ header - continue \n");
		goto error;
	}

	/* only register the TMCB once per transaction */
	if (!(msg->msg_flags & FL_USE_UAC_CSEQ || 
	t->uas.request->msg_flags & FL_USE_UAC_CSEQ)) {
		if (uac_tmb.register_tmcb( msg, 0, TMCB_RESPONSE_FWDED,
		apply_cseq_decrement,0,0)!=1) {
			LM_ERR("Failed to register TMCB response fwded - continue \n");
			goto error;
		}
	}

	if (dlg_api.get_dlg && (dlg = dlg_api.get_dlg())) {
		/* dlg->legs[dlg->legs_no[DLG_LEGS_USED]-1].last_gen_cseq = new_cseq; */
		dlg->flags |= DLG_FLAG_CSEQ_ENFORCE;
	} else {
		param.len=rr_uac_cseq_param.len+3;
		param.s=pkg_malloc(param.len);
		if (!param.s) {
			LM_ERR("No more pkg mem \n");
			goto error;
		}

		p = param.s;
		*p++=';';
		memcpy(p,rr_uac_cseq_param.s,rr_uac_cseq_param.len);
		p+=rr_uac_cseq_param.len;
		*p++='=';
		*p++='1';

		if (uac_rrb.add_rr_param( msg, &param)!=0) {
			LM_ERR("add_RR_param failed\n");
			pkg_free(param.s);
			goto error;
		}

		pkg_free(param.s);
	}

	msg->msg_flags |= FL_USE_UAC_CSEQ;
	t->uas.request->msg_flags |= FL_USE_UAC_CSEQ;

	return 0;
error:
	return -1;
}
Beispiel #3
0
int uac_auth(sip_msg_t *msg)
{
	static struct authenticate_body auth;
	struct uac_credential *crd;
	int code, branch;
	struct sip_msg *rpl;
	struct cell *t;
	struct hdr_field *hdr;
	HASHHEX response;
	str *new_hdr;
	sr_cfgenv_t *cenv = NULL;

	/* get transaction */
	t = uac_tmb.t_gett();
	if (t==T_UNDEFINED || t==T_NULL_CELL)
	{
		LM_CRIT("no current transaction found\n");
		goto error;
	}

	/* get the selected branch */
	branch = uac_tmb.t_get_picked_branch();
	if (branch<0) {
		LM_CRIT("no picked branch (%d)\n",branch);
		goto error;
	}

	rpl = t->uac[branch].reply;
	code = t->uac[branch].last_received;
	LM_DBG("picked reply is %p, code %d\n",rpl,code);

	if (rpl==0)
	{
		LM_CRIT("empty reply on picked branch\n");
		goto error;
	}
	if (rpl==FAKED_REPLY)
	{
		LM_ERR("cannot process a FAKED reply\n");
		goto error;
	}

	hdr = get_autenticate_hdr( rpl, code);
	if (hdr==0)
	{
		LM_ERR("failed to extract authenticate hdr\n");
		goto error;
	}

	LM_DBG("header found; body=<%.*s>\n",
		hdr->body.len, hdr->body.s);

	if (parse_authenticate_body( &hdr->body, &auth)<0)
	{
		LM_ERR("failed to parse auth hdr body\n");
		goto error;
	}

	/* can we authenticate this realm? */
	crd = 0;
	/* first look into AVP, if set */
	if ( auth_realm_spec.type!=PVT_NONE )
		crd = get_avp_credential( msg, &auth.realm );
	/* if not found, look into predefined credentials */
	if (crd==0)
		crd = lookup_realm( &auth.realm );
	/* found? */
	if (crd==0)
	{
		LM_DBG("no credential for realm \"%.*s\"\n",
			auth.realm.len, auth.realm.s);
		goto error;
	}

	/* do authentication */
	do_uac_auth( &msg->first_line.u.request.method,
			&t->uac[branch].uri, crd, &auth, response);

	/* build the authorization header */
	new_hdr = build_authorization_hdr( code, &t->uac[branch].uri,
		crd, &auth, response);
	if (new_hdr==0)
	{
		LM_ERR("failed to build authorization hdr\n");
		goto error;
	}

	/* so far, so good -> add the header and set the proper RURI */
	if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 )
	{
		LM_ERR("failed to apply changes\n");
		goto error;
	}

	/* mark request in T with uac auth for increase of cseq via dialog
	 * - this function is executed in failure route, msg_flags will be
	 *   reset afterwards by tm fake env */
	if(t->uas.request) {
		t->uas.request->msg_flags |= FL_UAC_AUTH;
		cenv = sr_cfgenv_get();
		if(cenv->cb_cseq_update != NULL) {
			if(cenv->cb_cseq_update(msg)<0) {
				goto error;
			}
		}
	}

	return 0;
error:
	return -1;
}
Beispiel #4
0
int uac_auth( struct sip_msg *msg)
{
	struct authenticate_body *auth = NULL;
	static struct authenticate_nc_cnonce auth_nc_cnonce;
	struct uac_credential *crd;
	int code, branch;
	struct sip_msg *rpl;
	struct cell *t;
	HASHHEX response;
	str *new_hdr;

	/* get transaction */
	t = uac_tmb.t_gett();
	if (t==T_UNDEFINED || t==T_NULL_CELL)
	{
		LM_CRIT("no current transaction found\n");
		goto error;
	}

	/* get the selected branch */
	branch = uac_tmb.t_get_picked();
	if (branch<0) {
		LM_CRIT("no picked branch (%d)\n",branch);
		goto error;
	}

	rpl = t->uac[branch].reply;
	code = t->uac[branch].last_received;
	LM_DBG("picked reply is %p, code %d\n",rpl,code);

	if (rpl==0)
	{
		LM_CRIT("empty reply on picked branch\n");
		goto error;
	}
	if (rpl==FAKED_REPLY)
	{
		LM_ERR("cannot process a FAKED reply\n");
		goto error;
	}

	if (code==WWW_AUTH_CODE) {
		if (0 == parse_www_authenticate_header(rpl))
			auth = get_www_authenticate(rpl);
	} else if (code==PROXY_AUTH_CODE) {
		if (0 == parse_proxy_authenticate_header(rpl))
			auth = get_proxy_authenticate(rpl);
	}

	if (auth == NULL) {
		LM_ERR("Unable to extract authentication info\n");
		goto error;
	}

	/* can we authenticate this realm? */
	crd = 0;
	/* first look into AVP, if set */
	if ( auth_realm_spec.type==PVT_AVP )
		crd = get_avp_credential( msg, &auth->realm );
	/* if not found, look into predefined credentials */
	if (crd==0)
		crd = uac_auth_api._lookup_realm( &auth->realm );
	/* found? */
	if (crd==0)
	{
		LM_DBG("no credential for realm \"%.*s\"\n",
			auth->realm.len, auth->realm.s);
		goto error;
	}

	/* do authentication */
	uac_auth_api._do_uac_auth( &msg->first_line.u.request.method,
			&t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response);

	/* build the authorization header */
	new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri,
		crd, auth, &auth_nc_cnonce, response);
	if (new_hdr==0)
	{
		LM_ERR("failed to build authorization hdr\n");
		goto error;
	}

	/* so far, so good -> add the header and set the proper RURI */
	if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 )
	{
		LM_ERR("failed to apply changes\n");
		goto error;
	}

	/* increas the Cseq nr */


	return 0;
error:
	return -1;
}