int uac_auth( struct sip_msg *msg)
{
struct authenticate_body *auth = NULL;
static struct authenticate_nc_cnonce auth_nc_cnonce;
struct uac_credential *crd;
int code, branch;
unsigned int new_cseq;
struct sip_msg *rpl;
struct cell *t;
HASHHEX response;
str *new_hdr;
str param;
char *p;
struct dlg_cell *dlg;
/* get transaction */
t = uac_tmb.t_gett();
if (t==T_UNDEFINED || t==T_NULL_CELL)
{
LM_CRIT("no current transaction found\n");
goto error;
}
/* get the selected branch */
branch = uac_tmb.t_get_picked();
if (branch<0) {
LM_CRIT("no picked branch (%d)\n",branch);
goto error;
}
rpl = t->uac[branch].reply;
code = t->uac[branch].last_received;
LM_DBG("picked reply is %p, code %d\n",rpl,code);
if (rpl==0)
{
LM_CRIT("empty reply on picked branch\n");
goto error;
}
if (rpl==FAKED_REPLY)
{
LM_ERR("cannot process a FAKED reply\n");
goto error;
}
if (code==WWW_AUTH_CODE) {
if (0 == parse_www_authenticate_header(rpl))
auth = get_www_authenticate(rpl);
} else if (code==PROXY_AUTH_CODE) {
if (0 == parse_proxy_authenticate_header(rpl))
auth = get_proxy_authenticate(rpl);
}
if (auth == NULL) {
LM_ERR("Unable to extract authentication info\n");
goto error;
}
/* can we authenticate this realm? */
/* look into existing credentials */
crd = uac_auth_api._lookup_realm( &auth->realm );
/* found? */
if (crd==0)
{
LM_DBG("no credential for realm \"%.*s\"\n",
auth->realm.len, auth->realm.s);
goto error;
}
/* do authentication */
uac_auth_api._do_uac_auth( &msg->first_line.u.request.method,
&t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response);
/* build the authorization header */
new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri,
crd, auth, &auth_nc_cnonce, response);
if (new_hdr==0)
{
LM_ERR("failed to build authorization hdr\n");
goto error;
}
/* so far, so good -> add the header and set the proper RURI */
if (apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0)
{
LM_ERR("failed to apply changes\n");
pkg_free(new_hdr->s);
new_hdr->s = NULL; new_hdr->len = 0;
goto error;
}
if ( (new_cseq = apply_cseq_op(msg,1)) < 0) {
LM_WARN("Failure to increment the CSEQ header - continue \n");
goto error;
}
/* only register the TMCB once per transaction */
if (!(msg->msg_flags & FL_USE_UAC_CSEQ ||
t->uas.request->msg_flags & FL_USE_UAC_CSEQ)) {
if (uac_tmb.register_tmcb( msg, 0, TMCB_RESPONSE_FWDED,
apply_cseq_decrement,0,0)!=1) {
LM_ERR("Failed to register TMCB response fwded - continue \n");
goto error;
}
}
if (dlg_api.get_dlg && (dlg = dlg_api.get_dlg())) {
/* dlg->legs[dlg->legs_no[DLG_LEGS_USED]-1].last_gen_cseq = new_cseq; */
dlg->flags |= DLG_FLAG_CSEQ_ENFORCE;
} else {
param.len=rr_uac_cseq_param.len+3;
param.s=pkg_malloc(param.len);
if (!param.s) {
LM_ERR("No more pkg mem \n");
goto error;
}
p = param.s;
*p++=';';
memcpy(p,rr_uac_cseq_param.s,rr_uac_cseq_param.len);
p+=rr_uac_cseq_param.len;
*p++='=';
*p++='1';
if (uac_rrb.add_rr_param( msg, ¶m)!=0) {
LM_ERR("add_RR_param failed\n");
pkg_free(param.s);
goto error;
}
pkg_free(param.s);
}
msg->msg_flags |= FL_USE_UAC_CSEQ;
t->uas.request->msg_flags |= FL_USE_UAC_CSEQ;
return 0;
error:
return -1;
}
int uac_auth( struct sip_msg *msg)
{
struct authenticate_body *auth = NULL;
static struct authenticate_nc_cnonce auth_nc_cnonce;
struct uac_credential *crd;
int code, branch;
struct sip_msg *rpl;
struct cell *t;
HASHHEX response;
str *new_hdr;
/* get transaction */
t = uac_tmb.t_gett();
if (t==T_UNDEFINED || t==T_NULL_CELL)
{
LM_CRIT("no current transaction found\n");
goto error;
}
/* get the selected branch */
branch = uac_tmb.t_get_picked();
if (branch<0) {
LM_CRIT("no picked branch (%d)\n",branch);
goto error;
}
rpl = t->uac[branch].reply;
code = t->uac[branch].last_received;
LM_DBG("picked reply is %p, code %d\n",rpl,code);
if (rpl==0)
{
LM_CRIT("empty reply on picked branch\n");
goto error;
}
if (rpl==FAKED_REPLY)
{
LM_ERR("cannot process a FAKED reply\n");
goto error;
}
if (code==WWW_AUTH_CODE) {
if (0 == parse_www_authenticate_header(rpl))
auth = get_www_authenticate(rpl);
} else if (code==PROXY_AUTH_CODE) {
if (0 == parse_proxy_authenticate_header(rpl))
auth = get_proxy_authenticate(rpl);
}
if (auth == NULL) {
LM_ERR("Unable to extract authentication info\n");
goto error;
}
/* can we authenticate this realm? */
crd = 0;
/* first look into AVP, if set */
if ( auth_realm_spec.type==PVT_AVP )
crd = get_avp_credential( msg, &auth->realm );
/* if not found, look into predefined credentials */
if (crd==0)
crd = uac_auth_api._lookup_realm( &auth->realm );
/* found? */
if (crd==0)
{
LM_DBG("no credential for realm \"%.*s\"\n",
auth->realm.len, auth->realm.s);
goto error;
}
/* do authentication */
uac_auth_api._do_uac_auth( &msg->first_line.u.request.method,
&t->uac[branch].uri, crd, auth, &auth_nc_cnonce, response);
/* build the authorization header */
new_hdr = uac_auth_api._build_authorization_hdr( code, &t->uac[branch].uri,
crd, auth, &auth_nc_cnonce, response);
if (new_hdr==0)
{
LM_ERR("failed to build authorization hdr\n");
goto error;
}
/* so far, so good -> add the header and set the proper RURI */
if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 )
{
LM_ERR("failed to apply changes\n");
goto error;
}
/* increas the Cseq nr */
return 0;
error:
return -1;
}
