static int digest_create_request_with_auth_from_old(const struct ast_sip_auth_vector *auths, pjsip_rx_data *challenge, pjsip_tx_data *old_request, pjsip_tx_data **new_request) { pjsip_auth_clt_sess auth_sess; pjsip_cseq_hdr *cseq; if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(), old_request->pool, 0) != PJ_SUCCESS) { ast_log(LOG_WARNING, "Failed to initialize client authentication session\n"); return -1; } if (set_outbound_authentication_credentials(&auth_sess, auths, challenge)) { ast_log(LOG_WARNING, "Failed to set authentication credentials\n"); return -1; } switch (pjsip_auth_clt_reinit_req(&auth_sess, challenge, old_request, new_request)) { case PJ_SUCCESS: /* PJSIP creates a new transaction for new_request (meaning it creates a new * branch). However, it recycles the Call-ID, from-tag, and CSeq from the * original request. Some SIP implementations will not process the new request * since the CSeq is the same as the original request. Incrementing it here * fixes the interop issue */ cseq = pjsip_msg_find_hdr((*new_request)->msg, PJSIP_H_CSEQ, NULL); ast_assert(cseq != NULL); ++cseq->cseq; return 0; case PJSIP_ENOCREDENTIAL: ast_log(LOG_WARNING, "Unable to create request with auth." "No auth credentials for any realms in challenge.\n"); break; case PJSIP_EAUTHSTALECOUNT: ast_log(LOG_WARNING, "Unable to create request with auth." "Number of stale retries exceeded\n"); break; case PJSIP_EFAILEDCREDENTIAL: ast_log(LOG_WARNING, "Authentication credentials not accepted by server\n"); break; default: ast_log(LOG_WARNING, "Unable to create request with auth. Unknown failure\n"); break; } return -1; }
static int digest_create_request_with_auth_from_old(const struct ast_sip_auth_vector *auths, pjsip_rx_data *challenge, pjsip_tx_data *old_request, pjsip_tx_data **new_request) { pjsip_auth_clt_sess auth_sess; if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(), old_request->pool, 0) != PJ_SUCCESS) { ast_log(LOG_WARNING, "Failed to initialize client authentication session\n"); return -1; } if (set_outbound_authentication_credentials(&auth_sess, auths, challenge)) { ast_log(LOG_WARNING, "Failed to set authentication credentials\n"); return -1; } switch (pjsip_auth_clt_reinit_req(&auth_sess, challenge, old_request, new_request)) { case PJ_SUCCESS: return 0; case PJSIP_ENOCREDENTIAL: ast_log(LOG_WARNING, "Unable to create request with auth." "No auth credentials for any realms in challenge.\n"); break; case PJSIP_EAUTHSTALECOUNT: ast_log(LOG_WARNING, "Unable to create request with auth." "Number of stale retries exceeded\n"); break; case PJSIP_EFAILEDCREDENTIAL: ast_log(LOG_WARNING, "Authentication credentials not accepted by server\n"); break; default: ast_log(LOG_WARNING, "Unable to create request with auth. Unknown failure\n"); break; } return -1; }
static int digest_create_request_with_auth(const struct ast_sip_auth_vector *auths, pjsip_rx_data *challenge, pjsip_tx_data *old_request, pjsip_tx_data **new_request) { pjsip_auth_clt_sess auth_sess; pjsip_cseq_hdr *cseq; pj_status_t status; struct ast_sip_endpoint *endpoint; char *id = NULL; const char *id_type; pjsip_www_authenticate_hdr *auth_hdr; struct ast_str *realms; pjsip_dialog *dlg; dlg = pjsip_rdata_get_dlg(challenge); if (dlg) { endpoint = ast_sip_dialog_get_endpoint(dlg); id = endpoint ? ast_strdupa(ast_sorcery_object_get_id(endpoint)) : NULL; ao2_cleanup(endpoint); id_type = "Endpoint"; } /* If there was no dialog, then this is probably a REGISTER so no endpoint */ if (!id) { id = ast_alloca(strlen(challenge->pkt_info.src_name) + 7 /* ':' + port + NULL */); sprintf(id, "%s:%d", challenge->pkt_info.src_name, challenge->pkt_info.src_port); id_type = "Host"; } auth_hdr = get_auth_header(challenge, NULL); if (auth_hdr == NULL) { ast_log(LOG_ERROR, "%s: '%s': Unable to find authenticate header in challenge.\n", id_type, id); return -1; } if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(), old_request->pool, 0) != PJ_SUCCESS) { ast_log(LOG_ERROR, "%s: '%s': Failed to initialize client authentication session\n", id_type, id); return -1; } if (set_outbound_authentication_credentials(&auth_sess, auths, challenge, auth_hdr)) { ast_log(LOG_WARNING, "%s: '%s': Failed to set authentication credentials\n", id_type, id); #if defined(HAVE_PJSIP_AUTH_CLT_DEINIT) /* In case it is not a noop here in the future. */ pjsip_auth_clt_deinit(&auth_sess); #endif return -1; } status = pjsip_auth_clt_reinit_req(&auth_sess, challenge, old_request, new_request); #if defined(HAVE_PJSIP_AUTH_CLT_DEINIT) /* Release any cached auths */ pjsip_auth_clt_deinit(&auth_sess); #endif switch (status) { case PJ_SUCCESS: /* PJSIP creates a new transaction for new_request (meaning it creates a new * branch). However, it recycles the Call-ID, from-tag, and CSeq from the * original request. Some SIP implementations will not process the new request * since the CSeq is the same as the original request. Incrementing it here * fixes the interop issue */ cseq = pjsip_msg_find_hdr((*new_request)->msg, PJSIP_H_CSEQ, NULL); ast_assert(cseq != NULL); ++cseq->cseq; return 0; case PJSIP_ENOCREDENTIAL: realms = ast_str_create(32); if (realms) { ast_str_append(&realms, 0, "%.*s", (int)auth_hdr->challenge.common.realm.slen, auth_hdr->challenge.common.realm.ptr); while((auth_hdr = get_auth_header(challenge, auth_hdr->next))) { ast_str_append(&realms, 0, ",%.*s", (int)auth_hdr->challenge.common.realm.slen, auth_hdr->challenge.common.realm.ptr); } } ast_log(LOG_WARNING, "%s: '%s': Unable to create request with auth. " "No auth credentials for realm(s) '%s' in challenge.\n", id_type, id, realms ? ast_str_buffer(realms) : "<unknown>"); ast_free(realms); break; case PJSIP_EAUTHSTALECOUNT: ast_log(LOG_WARNING, "%s: '%s': Unable to create request with auth. Number of stale retries exceeded.\n", id_type, id); break; case PJSIP_EFAILEDCREDENTIAL: ast_log(LOG_WARNING, "%s: '%s': Authentication credentials not accepted by server.\n", id_type, id); break; default: ast_log(LOG_WARNING, "%s: '%s': Unable to create request with auth. Unknown failure.\n", id_type, id); break; } return -1; }