Module: sems Branch: master Commit: a3cf171416d1dd68cc5127ba3e5c9b08b42c4efb URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=a3cf171416d1dd68cc5127ba3e5c9b08b42c4efb
Author: Stefan Sayer <[email protected]> Committer: Stefan Sayer <[email protected]> Date: Tue Jun 28 14:07:17 2011 +0200 b/f: fix evaluating 401/407 reply on nonce reuse --- core/plug-in/uac_auth/UACAuth.cpp | 25 +++++++++++++++++++------ core/plug-in/uac_auth/UACAuth.h | 2 ++ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/core/plug-in/uac_auth/UACAuth.cpp b/core/plug-in/uac_auth/UACAuth.cpp index 52827cd..52dd8ed 100644 --- a/core/plug-in/uac_auth/UACAuth.cpp +++ b/core/plug-in/uac_auth/UACAuth.cpp @@ -105,7 +105,9 @@ UACAuth::UACAuth(AmSipDialog* dlg, UACAuthCred* cred) : dlg(dlg), credential(cred), - AmSessionEventHandler() + AmSessionEventHandler(), + nonce_count(0), + nonce_reuse(false) { } @@ -139,12 +141,15 @@ bool UACAuth::onSipReply(const AmSipReply& reply, AmSipDialog::Status old_dlg_st // credential->realm.c_str(), // credential->user.c_str(), // credential->pwd.c_str()); - if (((reply.code == 401) && + if (!nonce_reuse && + (((reply.code == 401) && getHeader(ri->second.hdrs, SIP_HDR_AUTHORIZATION, true).length()) || ((reply.code == 407) && - getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length())) { + getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length()))) { DBG("Authorization failed!\n"); } else { + nonce_reuse = false; + string auth_hdr = (reply.code==407) ? getHeader(reply.hdrs, SIP_HDR_PROXY_AUTHENTICATE, true) : getHeader(reply.hdrs, SIP_HDR_WWW_AUTHENTICATE, true); @@ -157,9 +162,13 @@ bool UACAuth::onSipReply(const AmSipReply& reply, AmSipDialog::Status old_dlg_st ri->second.method, auth_uri, ri->second.body, result)) { string hdrs = ri->second.hdrs; - // TODO(?): strip headers - // ((code==401) ? stripHeader(ri->second.hdrs, "Authorization") : - // stripHeader(ri->second.hdrs, "Proxy-Authorization")); + + // strip other auth headers + if (reply.code == 401) { + removeHeader(hdrs, SIP_HDR_AUTHORIZATION); + } else { + removeHeader(hdrs, SIP_HDR_PROXY_AUTHORIZATION); + } if (hdrs == "\r\n" || hdrs == "\r" || hdrs == "\n") hdrs = result; @@ -229,6 +238,10 @@ bool UACAuth::onSendRequest(const string& method, hdrs = result; else hdrs += result; + + nonce_reuse = true; + } else { + nonce_reuse = false; } DBG("adding %d to list of sent requests.\n", cseq); diff --git a/core/plug-in/uac_auth/UACAuth.h b/core/plug-in/uac_auth/UACAuth.h index d57a46f..48271cd 100644 --- a/core/plug-in/uac_auth/UACAuth.h +++ b/core/plug-in/uac_auth/UACAuth.h @@ -113,6 +113,8 @@ class UACAuth : public AmSessionEventHandler string nonce; // last nonce received from server unsigned int nonce_count; + bool nonce_reuse; // reused nonce? + std::string find_attribute(const std::string& name, const std::string& header); bool parse_header(const std::string& auth_hdr, UACAuthDigestChallenge& challenge); _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
