int uac_auth( struct sip_msg *msg)
{
static struct authenticate_body auth;
struct uac_credential *crd;
int picked_code, picked_br, b;
struct sip_msg *rpl;
struct cell *t;
struct hdr_field *hdr;
HASHHEX response;
str *new_hdr;
/* get transaction */
t = uac_tmb.t_gett();
if (t==T_UNDEFINED || t==T_NULL_CELL)
{
LOG(LOG_CRIT,"BUG:uac:uac_auth: no current transaction found\n");
goto error;
}
/* pick the selected reply */
picked_br = -1;
picked_code = 999;
for ( b=t->first_branch; b<t->nr_of_outgoings ; b++ )
{
/* skip 'empty branches' */
if (!t->uac[b].request.buffer)
continue;
/* there is still an unfinished UAC transaction? */
if ( t->uac[b].last_received<200 )
{
LOG(L_CRIT,"BUG:uac:uac_auth: incomplet transaction in failure "
"route\n");
goto error;
}
if ( t->uac[b].last_received<picked_code )
{
picked_br = b;
picked_code = t->uac[b].last_received;
}
}
if (picked_br<0)
{
LOG(L_CRIT,"BUG:uac:uac_auth: empty transaction in failure "
"route\n");
goto error;
}
rpl = t->uac[picked_br].reply;
DBG("DEBUG:uac:uac_auth: picked reply is %p, code %d\n",rpl,picked_code);
if (rpl==0)
{
LOG(L_CRIT,"BUG:uac:uac_auth: empty reply on picked branch\n");
goto error;
}
if (rpl==FAKED_REPLY)
{
LOG(L_ERR,"ERROR:uac:uac_auth: cannot process a FAKED reply\n");
goto error;
}
hdr = get_autenticate_hdr( rpl, picked_code);
if (hdr==0)
{
LOG( L_ERR,"ERROR:uac:uac_auth: failed to extract authenticate hdr\n");
goto error;
}
DBG("DEBUG:uac:uac_auth: header found; body=<%.*s>\n",
hdr->body.len, hdr->body.s);
if (parse_authenticate_body( &hdr->body, &auth)<0)
{
LOG(L_ERR,"ERROR:uac:uac_auth: failed to parse auth hdr body\n");
goto error;
}
/* can we authenticate this realm? */
crd = lookup_realm( &auth.realm );
if (crd==0)
{
LOG(L_ERR,"ERROR:uac:uac_auth: no credential for realm \"%.*s\"\n",
auth.realm.len, auth.realm.s);
goto error;
}
/* do authentication */
do_uac_auth( msg, &t->uac[picked_br].uri, crd, &auth, response);
/* build the authorization header */
new_hdr = build_authorization_hdr( picked_code, &t->uac[picked_br].uri,
crd, &auth, response);
if (new_hdr==0)
{
LOG(L_ERR,"ERROR:uac:uac_auth: failed to build authorization hdr\n");
goto error;
}
/* so far, so good -> add the header and set the proper RURI */
if ( apply_urihdr_changes( msg, &t->uac[picked_br].uri, new_hdr)<0 )
{
LOG(L_ERR,"ERROR:uac:uac_auth: failed to apply changes\n");
goto error;
}
/* increas the Cseq nr */
return 0;
error:
return -1;
}
int uac_auth(sip_msg_t *msg)
{
static struct authenticate_body auth;
struct uac_credential *crd;
int code, branch;
struct sip_msg *rpl;
struct cell *t;
struct hdr_field *hdr;
HASHHEX response;
str *new_hdr;
sr_cfgenv_t *cenv = NULL;
/* get transaction */
t = uac_tmb.t_gett();
if (t==T_UNDEFINED || t==T_NULL_CELL)
{
LM_CRIT("no current transaction found\n");
goto error;
}
/* get the selected branch */
branch = uac_tmb.t_get_picked_branch();
if (branch<0) {
LM_CRIT("no picked branch (%d)\n",branch);
goto error;
}
rpl = t->uac[branch].reply;
code = t->uac[branch].last_received;
LM_DBG("picked reply is %p, code %d\n",rpl,code);
if (rpl==0)
{
LM_CRIT("empty reply on picked branch\n");
goto error;
}
if (rpl==FAKED_REPLY)
{
LM_ERR("cannot process a FAKED reply\n");
goto error;
}
hdr = get_autenticate_hdr( rpl, code);
if (hdr==0)
{
LM_ERR("failed to extract authenticate hdr\n");
goto error;
}
LM_DBG("header found; body=<%.*s>\n",
hdr->body.len, hdr->body.s);
if (parse_authenticate_body( &hdr->body, &auth)<0)
{
LM_ERR("failed to parse auth hdr body\n");
goto error;
}
/* can we authenticate this realm? */
crd = 0;
/* first look into AVP, if set */
if ( auth_realm_spec.type!=PVT_NONE )
crd = get_avp_credential( msg, &auth.realm );
/* if not found, look into predefined credentials */
if (crd==0)
crd = lookup_realm( &auth.realm );
/* found? */
if (crd==0)
{
LM_DBG("no credential for realm \"%.*s\"\n",
auth.realm.len, auth.realm.s);
goto error;
}
/* do authentication */
do_uac_auth( &msg->first_line.u.request.method,
&t->uac[branch].uri, crd, &auth, response);
/* build the authorization header */
new_hdr = build_authorization_hdr( code, &t->uac[branch].uri,
crd, &auth, response);
if (new_hdr==0)
{
LM_ERR("failed to build authorization hdr\n");
goto error;
}
/* so far, so good -> add the header and set the proper RURI */
if ( apply_urihdr_changes( msg, &t->uac[branch].uri, new_hdr)<0 )
{
LM_ERR("failed to apply changes\n");
goto error;
}
/* mark request in T with uac auth for increase of cseq via dialog
* - this function is executed in failure route, msg_flags will be
* reset afterwards by tm fake env */
if(t->uas.request) {
t->uas.request->msg_flags |= FL_UAC_AUTH;
cenv = sr_cfgenv_get();
if(cenv->cb_cseq_update != NULL) {
if(cenv->cb_cseq_update(msg)<0) {
goto error;
}
}
}
return 0;
error:
return -1;
}