/*
* Create Authorization/Proxy-Authorization response header based on the challege
* in WWW-Authenticate/Proxy-Authenticate header.
*/
static pj_status_t auth_respond( pj_pool_t *req_pool,
const pjsip_www_authenticate_hdr *hdr,
const pjsip_uri *uri,
const pjsip_cred_info *cred_info,
const pjsip_method *method,
pj_pool_t *sess_pool,
pjsip_cached_auth *cached_auth,
pjsip_authorization_hdr **p_h_auth)
{
pjsip_authorization_hdr *hauth;
char tmp[PJSIP_MAX_URL_SIZE];
pj_str_t uri_str;
pj_pool_t *pool;
pj_status_t status;
/* Verify arguments. */
PJ_ASSERT_RETURN(req_pool && hdr && uri && cred_info && method &&
sess_pool && cached_auth && p_h_auth, PJ_EINVAL);
/* Print URL in the original request. */
uri_str.ptr = tmp;
uri_str.slen = pjsip_uri_print(PJSIP_URI_IN_REQ_URI, uri, tmp,sizeof(tmp));
if (uri_str.slen < 1) {
pj_assert(!"URL is too long!");
return PJSIP_EURITOOLONG;
}
# if (PJSIP_AUTH_HEADER_CACHING)
{
pool = sess_pool;
PJ_UNUSED_ARG(req_pool);
}
# else
{
pool = req_pool;
PJ_UNUSED_ARG(sess_pool);
}
# endif
if (hdr->type == PJSIP_H_WWW_AUTHENTICATE)
hauth = pjsip_authorization_hdr_create(pool);
else if (hdr->type == PJSIP_H_PROXY_AUTHENTICATE)
hauth = pjsip_proxy_authorization_hdr_create(pool);
else {
pj_assert(!"Invalid response header!");
return PJSIP_EINVALIDHDR;
}
/* Only support digest scheme at the moment. */
if (!pj_stricmp(&hdr->scheme, &pjsip_DIGEST_STR)) {
pj_str_t *cnonce = NULL;
pj_uint32_t nc = 1;
/* Update the session (nonce-count etc) if required. */
# if PJSIP_AUTH_QOP_SUPPORT
{
if (cached_auth) {
update_digest_session( sess_pool, cached_auth, hdr );
cnonce = &cached_auth->cnonce;
nc = cached_auth->nc;
}
}
# endif /* PJSIP_AUTH_QOP_SUPPORT */
hauth->scheme = pjsip_DIGEST_STR;
status = respond_digest( pool, &hauth->credential.digest,
&hdr->challenge.digest, &uri_str, cred_info,
cnonce, nc, &method->name);
if (status != PJ_SUCCESS)
return status;
/* Set qop type in auth session the first time only. */
if (hdr->challenge.digest.qop.slen != 0 && cached_auth) {
if (cached_auth->qop_value == PJSIP_AUTH_QOP_NONE) {
pj_str_t *qop_val = &hauth->credential.digest.qop;
if (!pj_strcmp(qop_val, &pjsip_AUTH_STR)) {
cached_auth->qop_value = PJSIP_AUTH_QOP_AUTH;
} else {
cached_auth->qop_value = PJSIP_AUTH_QOP_UNKNOWN;
}
}
}
} else {
return PJSIP_EINVALIDAUTHSCHEME;
}
/* Keep the new authorization header in the cache, only
* if no qop is not present.
*/
# if PJSIP_AUTH_HEADER_CACHING
{
if (hauth && cached_auth && cached_auth->qop_value == PJSIP_AUTH_QOP_NONE) {
pjsip_cached_auth_hdr *cached_hdr;
/* Delete old header with the same method. */
cached_hdr = cached_auth->cached_hdr.next;
while (cached_hdr != &cached_auth->cached_hdr) {
if (pjsip_method_cmp(method, &cached_hdr->method)==0)
break;
cached_hdr = cached_hdr->next;
}
/* Save the header to the list. */
if (cached_hdr != &cached_auth->cached_hdr) {
cached_hdr->hdr = hauth;
} else {
cached_hdr = pj_pool_alloc(pool, sizeof(*cached_hdr));
pjsip_method_copy( pool, &cached_hdr->method, method);
cached_hdr->hdr = hauth;
pj_list_insert_before( &cached_auth->cached_hdr, cached_hdr );
}
}
# if defined(PJSIP_AUTH_AUTO_SEND_NEXT) && PJSIP_AUTH_AUTO_SEND_NEXT!=0
if (hdr != cached_auth->last_chal) {
cached_auth->last_chal = pjsip_hdr_clone(sess_pool, hdr);
}
# endif
}
# endif
*p_h_auth = hauth;
return PJ_SUCCESS;
}
pjsip_auth_respond( pj_pool_t *req_pool,
const pjsip_www_authenticate_hdr *hdr,
const pjsip_uri *uri,
const pjsip_cred_info *cred_info,
const pjsip_method *method,
pj_pool_t *sess_pool,
pjsip_auth_session *auth_sess)
{
pjsip_authorization_hdr *auth;
char tmp[PJSIP_MAX_URL_SIZE];
pj_str_t uri_str;
pj_pool_t *pool;
pj_assert(hdr != NULL);
pj_assert(uri != NULL);
pj_assert(cred_info != NULL);
pj_assert(method != NULL);
/* Print URL in the original request. */
uri_str.ptr = tmp;
uri_str.slen = pjsip_uri_print(PJSIP_URI_IN_REQ_URI, uri, tmp, sizeof(tmp));
if (uri_str.slen < 1) {
pj_assert(!"URL is too long!");
PJ_LOG(4,(THIS_FILE, "Unable to authorize: URI is too long!"));
return NULL;
}
# if (PJSIP_AUTH_HEADER_CACHING)
{
pool = sess_pool;
PJ_UNUSED_ARG(req_pool);
}
# else
{
pool = req_pool;
PJ_UNUSED_ARG(sess_pool);
}
# endif
if (hdr->type == PJSIP_H_WWW_AUTHENTICATE)
auth = pjsip_authorization_hdr_create(pool);
else if (hdr->type == PJSIP_H_PROXY_AUTHENTICATE)
auth = pjsip_proxy_authorization_hdr_create(pool);
else {
pj_assert(0);
return NULL;
}
/* Only support digest scheme at the moment. */
if (!pj_stricmp(&hdr->scheme, &pjsip_DIGEST_STR)) {
pj_status_t rc;
pj_str_t *cnonce = NULL;
pj_uint32_t nc = 1;
/* Update the session (nonce-count etc) if required. */
# if PJSIP_AUTH_QOP_SUPPORT
{
if (auth_sess) {
update_digest_session( sess_pool, auth_sess, hdr );
cnonce = &auth_sess->cnonce;
nc = auth_sess->nc;
}
}
# endif /* PJSIP_AUTH_QOP_SUPPORT */
auth->scheme = pjsip_DIGEST_STR;
rc = respond_digest( pool, &auth->credential.digest,
&hdr->challenge.digest, &uri_str, cred_info,
cnonce, nc, &method->name);
if (rc != 0)
return NULL;
/* Set qop type in auth session the first time only. */
if (hdr->challenge.digest.qop.slen != 0 && auth_sess) {
if (auth_sess->qop_value == PJSIP_AUTH_QOP_NONE) {
pj_str_t *qop_val = &auth->credential.digest.qop;
if (!pj_strcmp(qop_val, &pjsip_AUTH_STR)) {
auth_sess->qop_value = PJSIP_AUTH_QOP_AUTH;
} else {
auth_sess->qop_value = PJSIP_AUTH_QOP_UNKNOWN;
}
}
}
} else {
auth = NULL;
}
/* Keep the new authorization header in the cache, only
* if no qop is not present.
*/
# if PJSIP_AUTH_HEADER_CACHING
{
if (auth && auth_sess && auth_sess->qop_value == PJSIP_AUTH_QOP_NONE) {
pjsip_cached_auth_hdr *cached_hdr;
/* Delete old header with the same method. */
cached_hdr = auth_sess->cached_hdr.next;
while (cached_hdr != &auth_sess->cached_hdr) {
if (pjsip_method_cmp(method, &cached_hdr->method)==0)
break;
cached_hdr = cached_hdr->next;
}
/* Save the header to the list. */
if (cached_hdr != &auth_sess->cached_hdr) {
cached_hdr->hdr = auth;
} else {
cached_hdr = pj_pool_alloc(pool, sizeof(*cached_hdr));
pjsip_method_copy( pool, &cached_hdr->method, method);
cached_hdr->hdr = auth;
pj_list_insert_before( &auth_sess->cached_hdr, cached_hdr );
}
}
}
# endif
return auth;
}
