// Test that an authenticated REFER without Replaces to a good target is allowed and not modified
void AuthenticatedRefer()
{
UtlString identity("controller@domain"); // an authenticated identity
Url requestUri("sip:someone@somewhere");
const char* message =
"REFER sip:someone@somewhere SIP/2.0\r\n"
"Refer-To: [email protected]\r\n"
"Via: SIP/2.0/TCP 10.1.1.3:33855\r\n"
"To: sip:someone@somewhere\r\n"
"From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n"
"Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n"
"Cseq: 1 INVITE\r\n"
"Max-Forwards: 20\r\n"
"Contact: [email protected]\r\n"
"Content-Length: 0\r\n"
"\r\n";
SipMessage testMsg(message, strlen(message));
UtlSList noRemovedRoutes;
UtlString myRouteName("myhost.example.com");
RouteState routeState( testMsg, noRemovedRoutes, myRouteName );
const char unmodifiedRejectReason[] = "unmodified";
UtlString rejectReason(unmodifiedRejectReason);
UtlString method("REFER");
bool bSpiralingRequest = false;
AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE;
CPPUNIT_ASSERT(AuthPlugin::CONTINUE
== xferctl->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
UtlString modifiedReferToStr;
CPPUNIT_ASSERT(testMsg.getReferToField(modifiedReferToStr));
Url modifiedReferTo(modifiedReferToStr);
CPPUNIT_ASSERT(Url::SipUrlScheme == modifiedReferTo.getScheme());
// check that the message has not been modified
UtlString outputMsg;
ssize_t outputSize;
testMsg.getBytes(&outputMsg, &outputSize);
ASSERT_STR_EQUAL(message, outputMsg.data());
}
// Test that a response message is allowed and is not modified
void testNoPermResponse()
{
OsConfigDb configuration;
configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml");
enforcer->readConfig(configuration);
UtlString identity; // no authenticated identity
Url requestUri("sip:somewhere@forbidden");
const char* message =
"SIP/2.0 200 Ok\r\n"
"Via: SIP/2.0/TCP 10.1.1.3:33855\r\n"
"To: sip:somewhere@forbidden\r\n"
"From: Caller <sip:[email protected]>; tag=99911983748\r\n"
"Call-Id: b1373e736d7d359ead76fa5cd467d999\r\n"
"Cseq: 2 ACK\r\n"
"Max-Forwards: 20\r\n"
"Contact: [email protected]\r\n"
"Content-Length: 0\r\n"
"Record-Route: <sip:example.com;lr;sipXecs-rs=enforce%2Aauth%7E%21d1e296555015a54cb746fa7ac5695cf7>\r\n"
"\r\n";
SipMessage testMsg(message, strlen(message));
UtlSList noRemovedRoutes;
UtlString routeName("example.com");
RouteState routeState( testMsg, noRemovedRoutes, routeName );
const char unmodifiedRejectReason[] = "unmodified";
UtlString rejectReason(unmodifiedRejectReason);
UtlString method("INVITE");
const bool bSpiralingRequest = false;
AuthPlugin::AuthResult priorResult = AuthPlugin::ALLOW; // SipRouter passes this for responses
CPPUNIT_ASSERT(AuthPlugin::CONTINUE
== enforcer->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
UtlString recordRoute;
CPPUNIT_ASSERT(testMsg.getRecordRouteField(0, &recordRoute));
ASSERT_STR_EQUAL( "<sip:example.com;lr;sipXecs-rs=enforce%2Aauth%7E%21d1e296555015a54cb746fa7ac5695cf7>", recordRoute );
}
// Test that a buggy REFER without Replaces from Exchange is modified
void BadReferFromExchangeWithPort()
{
UtlString identity; // no authenticated identity
Url requestUri("sip:[email protected]:56777");
const char* message =
"REFER sip:[email protected]:56777 SIP/2.0\r\n"
"Refer-To: [email protected]:56777\r\n"
"Via: SIP/2.0/TCP 10.1.1.3:33855\r\n"
"To: sip:someone@somewhere\r\n"
"From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n"
"Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n"
"Cseq: 1 INVITE\r\n"
"Max-Forwards: 20\r\n"
"User-Agent: RTCC/2\r\n"
"Contact: [email protected]\r\n"
"Content-Length: 0\r\n"
"\r\n";
SipMessage testMsg(message, strlen(message));
UtlSList noRemovedRoutes;
UtlString myRouteName("myhost.example.com");
RouteState routeState( testMsg, noRemovedRoutes, myRouteName );
const char unmodifiedRejectReason[] = "unmodified";
UtlString rejectReason(unmodifiedRejectReason);
UtlString method("REFER");
bool bSpiralingRequest = false;
AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE;
CPPUNIT_ASSERT(AuthPlugin::CONTINUE
== xferctl->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
// check that the target has been modified to our domain
UtlString modifiedReferToStr;
CPPUNIT_ASSERT(testMsg.getReferToField(modifiedReferToStr));
ASSERT_STR_EQUAL("sip:[email protected]", modifiedReferToStr.data());
}
// Test that an out-of-dialog request gets a Record-Route, even if it does not
// require authorization/authentication, and test that the Record-Route has no
// extraneous parameters applied.
void testNoPermNeededOut()
{
OsConfigDb configuration;
configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml");
enforcer->readConfig(configuration);
UtlString identity; // no authenticated identity
Url requestUri("sip:911@emergency-gw");
const char* message =
"INVITE sip:911@emergency-gw SIP/2.0\r\n"
"Via: SIP/2.0/TCP 10.1.1.3:33855\r\n"
"To: sip:911@emergency-gw\r\n"
"From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n"
"Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n"
"Cseq: 2 INVITE\r\n"
"Max-Forwards: 20\r\n"
"Contact: [email protected]\r\n"
"Content-Length: 0\r\n"
"\r\n";
SipMessage testMsg(message, strlen(message));
UtlSList noRemovedRoutes;
UtlString routeName("example.com");
RouteState routeState( testMsg, noRemovedRoutes, routeName );
const char unmodifiedRejectReason[] = "unmodified";
UtlString rejectReason(unmodifiedRejectReason);
UtlString method("INVITE");
const bool bSpiralingRequest = false;
AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE;
CPPUNIT_ASSERT(AuthPlugin::ALLOW
== enforcer->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
// No Record-Route header.
routeState.update(&testMsg);
UtlString recordRoute;
CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute));
RouteState spiraledRouteState(testMsg, noRemovedRoutes, routeName);
// now simulate a spiral with the same message
CPPUNIT_ASSERT(AuthPlugin::ALLOW
== enforcer->authorizeAndModify(identity,
requestUri,
spiraledRouteState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
// No Record-Route header.
spiraledRouteState.update(&testMsg);
CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute));
}
// Test that an ACK is not challenged and not RecordRouted
void testNoPermAck()
{
OsConfigDb configuration;
configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml");
enforcer->readConfig(configuration);
UtlString identity; // no authenticated identity
Url requestUri("sip:somewhere@forbidden");
const char* message =
"ACK sip:somewhere@forbidden SIP/2.0\r\n"
"Via: SIP/2.0/TCP 10.1.1.3:33855\r\n"
"To: sip:somewhere@forbidden\r\n"
"From: Caller <sip:[email protected]>; tag=99911983748\r\n"
"Call-Id: b1373e736d7d359ead76fa5cd467d999\r\n"
"Cseq: 2 ACK\r\n"
"Max-Forwards: 20\r\n"
"Contact: [email protected]\r\n"
"Content-Length: 0\r\n"
"\r\n";
SipMessage testMsg(message, strlen(message));
UtlSList noRemovedRoutes;
UtlString routeName("example.com");
RouteState routeState( testMsg, noRemovedRoutes, routeName );
const char unmodifiedRejectReason[] = "unmodified";
UtlString rejectReason(unmodifiedRejectReason);
UtlString method("ACK");
const bool bSpiralingRequest = false;
AuthPlugin::AuthResult priorResult = AuthPlugin::ALLOW;
CPPUNIT_ASSERT(AuthPlugin::CONTINUE
== enforcer->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
routeState.update(&testMsg);
UtlString recordRoute;
CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute));
// now simulate a spiral with the same message
CPPUNIT_ASSERT(AuthPlugin::CONTINUE
== enforcer->authorizeAndModify(identity,
requestUri,
routeState,
method,
priorResult,
testMsg,
bSpiralingRequest,
rejectReason
));
ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data());
routeState.update(&testMsg);
CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute));
}
