// Test that an authenticated REFER without Replaces to a good target is allowed and not modified void AuthenticatedRefer() { UtlString identity("controller@domain"); // an authenticated identity Url requestUri("sip:someone@somewhere"); const char* message = "REFER sip:someone@somewhere SIP/2.0\r\n" "Refer-To: [email protected]\r\n" "Via: SIP/2.0/TCP 10.1.1.3:33855\r\n" "To: sip:someone@somewhere\r\n" "From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n" "Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n" "Cseq: 1 INVITE\r\n" "Max-Forwards: 20\r\n" "Contact: [email protected]\r\n" "Content-Length: 0\r\n" "\r\n"; SipMessage testMsg(message, strlen(message)); UtlSList noRemovedRoutes; UtlString myRouteName("myhost.example.com"); RouteState routeState( testMsg, noRemovedRoutes, myRouteName ); const char unmodifiedRejectReason[] = "unmodified"; UtlString rejectReason(unmodifiedRejectReason); UtlString method("REFER"); bool bSpiralingRequest = false; AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE; CPPUNIT_ASSERT(AuthPlugin::CONTINUE == xferctl->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); UtlString modifiedReferToStr; CPPUNIT_ASSERT(testMsg.getReferToField(modifiedReferToStr)); Url modifiedReferTo(modifiedReferToStr); CPPUNIT_ASSERT(Url::SipUrlScheme == modifiedReferTo.getScheme()); // check that the message has not been modified UtlString outputMsg; ssize_t outputSize; testMsg.getBytes(&outputMsg, &outputSize); ASSERT_STR_EQUAL(message, outputMsg.data()); }
// Test that a response message is allowed and is not modified void testNoPermResponse() { OsConfigDb configuration; configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml"); enforcer->readConfig(configuration); UtlString identity; // no authenticated identity Url requestUri("sip:somewhere@forbidden"); const char* message = "SIP/2.0 200 Ok\r\n" "Via: SIP/2.0/TCP 10.1.1.3:33855\r\n" "To: sip:somewhere@forbidden\r\n" "From: Caller <sip:[email protected]>; tag=99911983748\r\n" "Call-Id: b1373e736d7d359ead76fa5cd467d999\r\n" "Cseq: 2 ACK\r\n" "Max-Forwards: 20\r\n" "Contact: [email protected]\r\n" "Content-Length: 0\r\n" "Record-Route: <sip:example.com;lr;sipXecs-rs=enforce%2Aauth%7E%21d1e296555015a54cb746fa7ac5695cf7>\r\n" "\r\n"; SipMessage testMsg(message, strlen(message)); UtlSList noRemovedRoutes; UtlString routeName("example.com"); RouteState routeState( testMsg, noRemovedRoutes, routeName ); const char unmodifiedRejectReason[] = "unmodified"; UtlString rejectReason(unmodifiedRejectReason); UtlString method("INVITE"); const bool bSpiralingRequest = false; AuthPlugin::AuthResult priorResult = AuthPlugin::ALLOW; // SipRouter passes this for responses CPPUNIT_ASSERT(AuthPlugin::CONTINUE == enforcer->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); UtlString recordRoute; CPPUNIT_ASSERT(testMsg.getRecordRouteField(0, &recordRoute)); ASSERT_STR_EQUAL( "<sip:example.com;lr;sipXecs-rs=enforce%2Aauth%7E%21d1e296555015a54cb746fa7ac5695cf7>", recordRoute ); }
// Test that a buggy REFER without Replaces from Exchange is modified void BadReferFromExchangeWithPort() { UtlString identity; // no authenticated identity Url requestUri("sip:[email protected]:56777"); const char* message = "REFER sip:[email protected]:56777 SIP/2.0\r\n" "Refer-To: [email protected]:56777\r\n" "Via: SIP/2.0/TCP 10.1.1.3:33855\r\n" "To: sip:someone@somewhere\r\n" "From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n" "Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n" "Cseq: 1 INVITE\r\n" "Max-Forwards: 20\r\n" "User-Agent: RTCC/2\r\n" "Contact: [email protected]\r\n" "Content-Length: 0\r\n" "\r\n"; SipMessage testMsg(message, strlen(message)); UtlSList noRemovedRoutes; UtlString myRouteName("myhost.example.com"); RouteState routeState( testMsg, noRemovedRoutes, myRouteName ); const char unmodifiedRejectReason[] = "unmodified"; UtlString rejectReason(unmodifiedRejectReason); UtlString method("REFER"); bool bSpiralingRequest = false; AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE; CPPUNIT_ASSERT(AuthPlugin::CONTINUE == xferctl->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); // check that the target has been modified to our domain UtlString modifiedReferToStr; CPPUNIT_ASSERT(testMsg.getReferToField(modifiedReferToStr)); ASSERT_STR_EQUAL("sip:[email protected]", modifiedReferToStr.data()); }
// Test that an out-of-dialog request gets a Record-Route, even if it does not // require authorization/authentication, and test that the Record-Route has no // extraneous parameters applied. void testNoPermNeededOut() { OsConfigDb configuration; configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml"); enforcer->readConfig(configuration); UtlString identity; // no authenticated identity Url requestUri("sip:911@emergency-gw"); const char* message = "INVITE sip:911@emergency-gw SIP/2.0\r\n" "Via: SIP/2.0/TCP 10.1.1.3:33855\r\n" "To: sip:911@emergency-gw\r\n" "From: Caller <sip:[email protected]>; tag=30543f3483e1cb11ecb40866edd3295b\r\n" "Call-Id: f88dfabce84b6a2787ef024a7dbe8749\r\n" "Cseq: 2 INVITE\r\n" "Max-Forwards: 20\r\n" "Contact: [email protected]\r\n" "Content-Length: 0\r\n" "\r\n"; SipMessage testMsg(message, strlen(message)); UtlSList noRemovedRoutes; UtlString routeName("example.com"); RouteState routeState( testMsg, noRemovedRoutes, routeName ); const char unmodifiedRejectReason[] = "unmodified"; UtlString rejectReason(unmodifiedRejectReason); UtlString method("INVITE"); const bool bSpiralingRequest = false; AuthPlugin::AuthResult priorResult = AuthPlugin::CONTINUE; CPPUNIT_ASSERT(AuthPlugin::ALLOW == enforcer->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); // No Record-Route header. routeState.update(&testMsg); UtlString recordRoute; CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute)); RouteState spiraledRouteState(testMsg, noRemovedRoutes, routeName); // now simulate a spiral with the same message CPPUNIT_ASSERT(AuthPlugin::ALLOW == enforcer->authorizeAndModify(identity, requestUri, spiraledRouteState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); // No Record-Route header. spiraledRouteState.update(&testMsg); CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute)); }
// Test that an ACK is not challenged and not RecordRouted void testNoPermAck() { OsConfigDb configuration; configuration.set("RULES", TEST_DATA_DIR "/enforcerules.xml"); enforcer->readConfig(configuration); UtlString identity; // no authenticated identity Url requestUri("sip:somewhere@forbidden"); const char* message = "ACK sip:somewhere@forbidden SIP/2.0\r\n" "Via: SIP/2.0/TCP 10.1.1.3:33855\r\n" "To: sip:somewhere@forbidden\r\n" "From: Caller <sip:[email protected]>; tag=99911983748\r\n" "Call-Id: b1373e736d7d359ead76fa5cd467d999\r\n" "Cseq: 2 ACK\r\n" "Max-Forwards: 20\r\n" "Contact: [email protected]\r\n" "Content-Length: 0\r\n" "\r\n"; SipMessage testMsg(message, strlen(message)); UtlSList noRemovedRoutes; UtlString routeName("example.com"); RouteState routeState( testMsg, noRemovedRoutes, routeName ); const char unmodifiedRejectReason[] = "unmodified"; UtlString rejectReason(unmodifiedRejectReason); UtlString method("ACK"); const bool bSpiralingRequest = false; AuthPlugin::AuthResult priorResult = AuthPlugin::ALLOW; CPPUNIT_ASSERT(AuthPlugin::CONTINUE == enforcer->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); routeState.update(&testMsg); UtlString recordRoute; CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute)); // now simulate a spiral with the same message CPPUNIT_ASSERT(AuthPlugin::CONTINUE == enforcer->authorizeAndModify(identity, requestUri, routeState, method, priorResult, testMsg, bSpiralingRequest, rejectReason )); ASSERT_STR_EQUAL(unmodifiedRejectReason, rejectReason.data()); routeState.update(&testMsg); CPPUNIT_ASSERT(!testMsg.getRecordRouteField(0, &recordRoute)); }