int uac_auth( struct sip_msg *msg) { static struct authenticate_body auth; struct uac_credential *crd; int picked_code, picked_br, b; struct sip_msg *rpl; struct cell *t; struct hdr_field *hdr; HASHHEX response; str *new_hdr; /* get transaction */ t = uac_tmb.t_gett(); if (t==T_UNDEFINED || t==T_NULL_CELL) { LOG(LOG_CRIT,"BUG:uac:uac_auth: no current transaction found\n"); goto error; } /* pick the selected reply */ picked_br = -1; picked_code = 999; for ( b=t->first_branch; b<t->nr_of_outgoings ; b++ ) { /* skip 'empty branches' */ if (!t->uac[b].request.buffer) continue; /* there is still an unfinished UAC transaction? */ if ( t->uac[b].last_received<200 ) { LOG(L_CRIT,"BUG:uac:uac_auth: incomplet transaction in failure " "route\n"); goto error; } if ( t->uac[b].last_received<picked_code ) { picked_br = b; picked_code = t->uac[b].last_received; } } if (picked_br<0) { LOG(L_CRIT,"BUG:uac:uac_auth: empty transaction in failure " "route\n"); goto error; } rpl = t->uac[picked_br].reply; DBG("DEBUG:uac:uac_auth: picked reply is %p, code %d\n",rpl,picked_code); if (rpl==0) { LOG(L_CRIT,"BUG:uac:uac_auth: empty reply on picked branch\n"); goto error; } if (rpl==FAKED_REPLY) { LOG(L_ERR,"ERROR:uac:uac_auth: cannot process a FAKED reply\n"); goto error; } hdr = get_autenticate_hdr( rpl, picked_code); if (hdr==0) { LOG( L_ERR,"ERROR:uac:uac_auth: failed to extract authenticate hdr\n"); goto error; } DBG("DEBUG:uac:uac_auth: header found; body=<%.*s>\n", hdr->body.len, hdr->body.s); if (parse_authenticate_body( &hdr->body, &auth)<0) { LOG(L_ERR,"ERROR:uac:uac_auth: failed to parse auth hdr body\n"); goto error; } /* can we authenticate this realm? */ crd = lookup_realm( &auth.realm ); if (crd==0) { LOG(L_ERR,"ERROR:uac:uac_auth: no credential for realm \"%.*s\"\n", auth.realm.len, auth.realm.s); goto error; } /* do authentication */ do_uac_auth( msg, &t->uac[picked_br].uri, crd, &auth, response); /* build the authorization header */ new_hdr = build_authorization_hdr( picked_code, &t->uac[picked_br].uri, crd, &auth, response); if (new_hdr==0) { LOG(L_ERR,"ERROR:uac:uac_auth: failed to build authorization hdr\n"); goto error; } /* so far, so good -> add the header and set the proper RURI */ if ( apply_urihdr_changes( msg, &t->uac[picked_br].uri, new_hdr)<0 ) { LOG(L_ERR,"ERROR:uac:uac_auth: failed to apply changes\n"); goto error; } /* increas the Cseq nr */ return 0; error: return -1; }
int uac_auth( struct sip_msg *msg) { struct authenticate_body *auth = NULL; static struct authenticate_nc_cnonce auth_nc_cnonce; struct uac_credential *crd; int code, branch; unsigned int new_cseq; struct sip_msg *rpl; struct cell *t; HASHHEX response; str *new_hdr; str param; char *p; struct dlg_cell *dlg; /* get transaction */ t = uac_tmb.t_gett(); if (t==T_UNDEFINED || t==T_NULL_CELL) { LM_CRIT("no current transaction found\n"); goto error; } /* get the selected branch */ branch = uac_tmb.t_get_picked(); if (branch<0) { LM_CRIT("no picked branch (%d)\n",branch); goto error; } rpl = t->uac[branch].reply; code = t->uac[branch].last_received; LM_DBG("picked reply is %p, code %d\n",rpl,code); if (rpl==0) { LM_CRIT("empty reply on picked branch\n"); goto error; } if (rpl==FAKED_REPLY) { LM_ERR("cannot process a FAKED reply\n"); goto error; } if (code==WWW_AUTH_CODE) { if (0 == parse_www_authenticate_header(rpl)) auth = get_www_authenticate(rpl); } else if (code==PROXY_AUTH_CODE) { if (0 == parse_proxy_authenticate_header(rpl)) auth = get_proxy_authenticate(rpl); } if (auth == NULL) { LM_ERR("Unable to extract authentication info\n"); goto error; } /* can we authenticate this realm? */ /* look into existing credentials */ crd = uac_auth_api._lookup_realm( &auth->realm ); /* found? */ if (crd==0) { LM_DBG("no credential for realm \"%.*s\"\n", auth->realm.len, auth->realm.s); goto error; } /* do authentication */ uac_auth_api._do_uac_auth( &msg->first_line.u.request.method, &t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response); /* build the authorization header */ new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response); if (new_hdr==0) { LM_ERR("failed to build authorization hdr\n"); goto error; } /* so far, so good -> add the header and set the proper RURI */ if (apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0) { LM_ERR("failed to apply changes\n"); pkg_free(new_hdr->s); new_hdr->s = NULL; new_hdr->len = 0; goto error; } if ( (new_cseq = apply_cseq_op(msg,1)) < 0) { LM_WARN("Failure to increment the CSEQ header - continue \n"); goto error; } /* only register the TMCB once per transaction */ if (!(msg->msg_flags & FL_USE_UAC_CSEQ || t->uas.request->msg_flags & FL_USE_UAC_CSEQ)) { if (uac_tmb.register_tmcb( msg, 0, TMCB_RESPONSE_FWDED, apply_cseq_decrement,0,0)!=1) { LM_ERR("Failed to register TMCB response fwded - continue \n"); goto error; } } if (dlg_api.get_dlg && (dlg = dlg_api.get_dlg())) { /* dlg->legs[dlg->legs_no[DLG_LEGS_USED]-1].last_gen_cseq = new_cseq; */ dlg->flags |= DLG_FLAG_CSEQ_ENFORCE; } else { param.len=rr_uac_cseq_param.len+3; param.s=pkg_malloc(param.len); if (!param.s) { LM_ERR("No more pkg mem \n"); goto error; } p = param.s; *p++=';'; memcpy(p,rr_uac_cseq_param.s,rr_uac_cseq_param.len); p+=rr_uac_cseq_param.len; *p++='='; *p++='1'; if (uac_rrb.add_rr_param( msg, ¶m)!=0) { LM_ERR("add_RR_param failed\n"); pkg_free(param.s); goto error; } pkg_free(param.s); } msg->msg_flags |= FL_USE_UAC_CSEQ; t->uas.request->msg_flags |= FL_USE_UAC_CSEQ; return 0; error: return -1; }
int uac_auth(sip_msg_t *msg) { static struct authenticate_body auth; struct uac_credential *crd; int code, branch; struct sip_msg *rpl; struct cell *t; struct hdr_field *hdr; HASHHEX response; str *new_hdr; sr_cfgenv_t *cenv = NULL; /* get transaction */ t = uac_tmb.t_gett(); if (t==T_UNDEFINED || t==T_NULL_CELL) { LM_CRIT("no current transaction found\n"); goto error; } /* get the selected branch */ branch = uac_tmb.t_get_picked_branch(); if (branch<0) { LM_CRIT("no picked branch (%d)\n",branch); goto error; } rpl = t->uac[branch].reply; code = t->uac[branch].last_received; LM_DBG("picked reply is %p, code %d\n",rpl,code); if (rpl==0) { LM_CRIT("empty reply on picked branch\n"); goto error; } if (rpl==FAKED_REPLY) { LM_ERR("cannot process a FAKED reply\n"); goto error; } hdr = get_autenticate_hdr( rpl, code); if (hdr==0) { LM_ERR("failed to extract authenticate hdr\n"); goto error; } LM_DBG("header found; body=<%.*s>\n", hdr->body.len, hdr->body.s); if (parse_authenticate_body( &hdr->body, &auth)<0) { LM_ERR("failed to parse auth hdr body\n"); goto error; } /* can we authenticate this realm? */ crd = 0; /* first look into AVP, if set */ if ( auth_realm_spec.type!=PVT_NONE ) crd = get_avp_credential( msg, &auth.realm ); /* if not found, look into predefined credentials */ if (crd==0) crd = lookup_realm( &auth.realm ); /* found? */ if (crd==0) { LM_DBG("no credential for realm \"%.*s\"\n", auth.realm.len, auth.realm.s); goto error; } /* do authentication */ do_uac_auth( &msg->first_line.u.request.method, &t->uac[branch].uri, crd, &auth, response); /* build the authorization header */ new_hdr = build_authorization_hdr( code, &t->uac[branch].uri, crd, &auth, response); if (new_hdr==0) { LM_ERR("failed to build authorization hdr\n"); goto error; } /* so far, so good -> add the header and set the proper RURI */ if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 ) { LM_ERR("failed to apply changes\n"); goto error; } /* mark request in T with uac auth for increase of cseq via dialog * - this function is executed in failure route, msg_flags will be * reset afterwards by tm fake env */ if(t->uas.request) { t->uas.request->msg_flags |= FL_UAC_AUTH; cenv = sr_cfgenv_get(); if(cenv->cb_cseq_update != NULL) { if(cenv->cb_cseq_update(msg)<0) { goto error; } } } return 0; error: return -1; }
int uac_auth( struct sip_msg *msg) { struct authenticate_body *auth = NULL; static struct authenticate_nc_cnonce auth_nc_cnonce; struct uac_credential *crd; int code, branch; struct sip_msg *rpl; struct cell *t; HASHHEX response; str *new_hdr; /* get transaction */ t = uac_tmb.t_gett(); if (t==T_UNDEFINED || t==T_NULL_CELL) { LM_CRIT("no current transaction found\n"); goto error; } /* get the selected branch */ branch = uac_tmb.t_get_picked(); if (branch<0) { LM_CRIT("no picked branch (%d)\n",branch); goto error; } rpl = t->uac[branch].reply; code = t->uac[branch].last_received; LM_DBG("picked reply is %p, code %d\n",rpl,code); if (rpl==0) { LM_CRIT("empty reply on picked branch\n"); goto error; } if (rpl==FAKED_REPLY) { LM_ERR("cannot process a FAKED reply\n"); goto error; } if (code==WWW_AUTH_CODE) { if (0 == parse_www_authenticate_header(rpl)) auth = get_www_authenticate(rpl); } else if (code==PROXY_AUTH_CODE) { if (0 == parse_proxy_authenticate_header(rpl)) auth = get_proxy_authenticate(rpl); } if (auth == NULL) { LM_ERR("Unable to extract authentication info\n"); goto error; } /* can we authenticate this realm? */ crd = 0; /* first look into AVP, if set */ if ( auth_realm_spec.type==PVT_AVP ) crd = get_avp_credential( msg, &auth->realm ); /* if not found, look into predefined credentials */ if (crd==0) crd = uac_auth_api._lookup_realm( &auth->realm ); /* found? */ if (crd==0) { LM_DBG("no credential for realm \"%.*s\"\n", auth->realm.len, auth->realm.s); goto error; } /* do authentication */ uac_auth_api._do_uac_auth( &msg->first_line.u.request.method, &t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response); /* build the authorization header */ new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response); if (new_hdr==0) { LM_ERR("failed to build authorization hdr\n"); goto error; } /* so far, so good -> add the header and set the proper RURI */ if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 ) { LM_ERR("failed to apply changes\n"); goto error; } /* increas the Cseq nr */ return 0; error: return -1; }