Branch: refs/heads/2.4
Home: https://github.com/OpenSIPS/opensips
Commit: fced368a2d0a69adeb796b1cd62690c21b361d52
https://github.com/OpenSIPS/opensips/commit/fced368a2d0a69adeb796b1cd62690c21b361d52
Author: Liviu Chircu <li...@opensips.org>
Date: 2020-11-05 (Thu, 05 Nov 2020)
Changed paths:
M modules/b2b_entities/dlg.c
M modules/sipmsgops/sipmsgops.c
M modules/uac/auth.c
M modules/uac_registrant/registrant.c
M parser/parse_authenticate.c
M parser/parse_authenticate.h
Log Message:
-----------
SIP digest auth: Improve handling for multiple digest challenges
Before this patch, OpenSIPS would always work with the digest
credentials of the 1st WWW/Proxy-Authenticate header field.
While RFC 3261 does not define the behavior with multiple
WWW/Proxy-Authenticate headers, in ยง 22.3 it is stated that:
Note that if an authentication scheme that does not support realms is
used in the Proxy-Authorization header field, a proxy server MUST
attempt to parse all Proxy-Authorization header field values to
determine whether one of them has what the proxy server considers to
be valid credentials.
... so a proxy must _walk_ through unacceptable headers until it finds
one with "valid" credentials. In the context of the upcoming RFC 8760,
this would also mean: finding an auth header field with an MD5 digest
algorithm, which is the only one currently supported.
TL;DR: this patch improves the "uac", "uac_registrant" and
"b2b_entities" modules so they correctly process 3 WWW-Authenticate
headers with the following algorithm preference:
algorithm=SHA-512-256
algorithm=SHA-256
algorithm=MD5
... and correctly build an MD5-based response for the 3rd header field.
Issue discovered during OpenSIPIt 2020
(cherry picked from commit 27d5862fb834e2c71f2fefb89a27430e30814647)
SIP digest auth: Complete 27d5862fb8
The b2b_entities was not patched well, as some weird switch
fallthrough-on-error behavior was introduced.
(cherry picked from commit 5942d53f7aeec8eadcafd394fd1ee51ede2e5ab1)
(cherry picked from commit 3274fc2b076bc8d2395ef1b68244a43c66463106)
Commit: c25411a1f51c2fdf5c9976fe1a8a962f89207b0d
https://github.com/OpenSIPS/opensips/commit/c25411a1f51c2fdf5c9976fe1a8a962f89207b0d
Author: Liviu Chircu <li...@opensips.org>
Date: 2020-11-05 (Thu, 05 Nov 2020)
Changed paths:
M parser/digest/digest_parser.c
M trim.h
M ut.h
Log Message:
-----------
Merge pull request #2253 from sippy/master_2020
Fix a rather obscure copy-n-paste bug in the digest parser
(cherry picked from commit baddd32e2fd6cb43dd8b55f8a9f494fbd506d403)
(cherry picked from commit 74558d8957f57b73427d50dd7b7908f989537a12)
Commit: 21490752679f13208680f58b1637bd53887eb8e5
https://github.com/OpenSIPS/opensips/commit/21490752679f13208680f58b1637bd53887eb8e5
Author: Maksym Sobolyev <sobo...@sippysoft.com>
Date: 2020-11-05 (Thu, 05 Nov 2020)
Changed paths:
M parser/parse_authenticate.c
Log Message:
-----------
Use body->len as the only authoritative way to check if the provided body is
empty or not.
(cherry picked from commit b0997b1fb56d6f518a26b9fe32e45cb16b9a0284)
(cherry picked from commit bd5a1d027b238892d798e5c3fc0d0633387192fe)
Compare:
https://github.com/OpenSIPS/opensips/compare/f721cc01bebb...21490752679f
_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel
