static pj_bool_t outbound_auth(pjsip_rx_data *rdata)
{
RAII_VAR(struct ast_sip_endpoint *, endpoint, NULL, ao2_cleanup);
pjsip_transaction *tsx;
pjsip_dialog *dlg;
struct outbound_auth_cb_data *cb_data;
pjsip_tx_data *tdata;
if (rdata->msg_info.msg->line.status.code != 401 &&
rdata->msg_info.msg->line.status.code != 407) {
/* Doesn't pertain to us. Move on */
return PJ_FALSE;
}
tsx = pjsip_rdata_get_tsx(rdata);
dlg = pjsip_rdata_get_dlg(rdata);
if (!dlg || !tsx) {
return PJ_FALSE;
}
endpoint = ast_sip_dialog_get_endpoint(dlg);
if (!endpoint) {
return PJ_FALSE;
}
if (ast_sip_create_request_with_auth(&endpoint->outbound_auths, rdata, tsx, &tdata)) {
return PJ_FALSE;
}
cb_data = dlg->mod_data[outbound_auth_mod.id];
if (cb_data) {
cb_data->cb(dlg, tdata, cb_data->user_data);
return PJ_TRUE;
}
pjsip_dlg_send_request(dlg, tdata, -1, NULL);
return PJ_TRUE;
}
static int digest_create_request_with_auth(const struct ast_sip_auth_vector *auths,
pjsip_rx_data *challenge, pjsip_tx_data *old_request, pjsip_tx_data **new_request)
{
pjsip_auth_clt_sess auth_sess;
pjsip_cseq_hdr *cseq;
pj_status_t status;
struct ast_sip_endpoint *endpoint;
char *id = NULL;
const char *id_type;
pjsip_www_authenticate_hdr *auth_hdr;
struct ast_str *realms;
pjsip_dialog *dlg;
dlg = pjsip_rdata_get_dlg(challenge);
if (dlg) {
endpoint = ast_sip_dialog_get_endpoint(dlg);
id = endpoint ? ast_strdupa(ast_sorcery_object_get_id(endpoint)) : NULL;
ao2_cleanup(endpoint);
id_type = "Endpoint";
}
/* If there was no dialog, then this is probably a REGISTER so no endpoint */
if (!id) {
id = ast_alloca(strlen(challenge->pkt_info.src_name) + 7 /* ':' + port + NULL */);
sprintf(id, "%s:%d", challenge->pkt_info.src_name, challenge->pkt_info.src_port);
id_type = "Host";
}
auth_hdr = get_auth_header(challenge, NULL);
if (auth_hdr == NULL) {
ast_log(LOG_ERROR, "%s: '%s': Unable to find authenticate header in challenge.\n",
id_type, id);
return -1;
}
if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(),
old_request->pool, 0) != PJ_SUCCESS) {
ast_log(LOG_ERROR, "%s: '%s': Failed to initialize client authentication session\n",
id_type, id);
return -1;
}
if (set_outbound_authentication_credentials(&auth_sess, auths, challenge, auth_hdr)) {
ast_log(LOG_WARNING, "%s: '%s': Failed to set authentication credentials\n",
id_type, id);
#if defined(HAVE_PJSIP_AUTH_CLT_DEINIT)
/* In case it is not a noop here in the future. */
pjsip_auth_clt_deinit(&auth_sess);
#endif
return -1;
}
status = pjsip_auth_clt_reinit_req(&auth_sess, challenge, old_request, new_request);
#if defined(HAVE_PJSIP_AUTH_CLT_DEINIT)
/* Release any cached auths */
pjsip_auth_clt_deinit(&auth_sess);
#endif
switch (status) {
case PJ_SUCCESS:
/* PJSIP creates a new transaction for new_request (meaning it creates a new
* branch). However, it recycles the Call-ID, from-tag, and CSeq from the
* original request. Some SIP implementations will not process the new request
* since the CSeq is the same as the original request. Incrementing it here
* fixes the interop issue
*/
cseq = pjsip_msg_find_hdr((*new_request)->msg, PJSIP_H_CSEQ, NULL);
ast_assert(cseq != NULL);
++cseq->cseq;
return 0;
case PJSIP_ENOCREDENTIAL:
realms = ast_str_create(32);
if (realms) {
ast_str_append(&realms, 0, "%.*s", (int)auth_hdr->challenge.common.realm.slen,
auth_hdr->challenge.common.realm.ptr);
while((auth_hdr = get_auth_header(challenge, auth_hdr->next))) {
ast_str_append(&realms, 0, ",%.*s", (int)auth_hdr->challenge.common.realm.slen,
auth_hdr->challenge.common.realm.ptr);
}
}
ast_log(LOG_WARNING,
"%s: '%s': Unable to create request with auth. "
"No auth credentials for realm(s) '%s' in challenge.\n", id_type, id,
realms ? ast_str_buffer(realms) : "<unknown>");
ast_free(realms);
break;
case PJSIP_EAUTHSTALECOUNT:
ast_log(LOG_WARNING,
"%s: '%s': Unable to create request with auth. Number of stale retries exceeded.\n",
id_type, id);
break;
case PJSIP_EFAILEDCREDENTIAL:
ast_log(LOG_WARNING, "%s: '%s': Authentication credentials not accepted by server.\n",
id_type, id);
break;
default:
ast_log(LOG_WARNING, "%s: '%s': Unable to create request with auth. Unknown failure.\n",
id_type, id);
break;
}
return -1;
}
