Module: sems Branch: 1.4 Commit: 568466ad65e1928d4c954555396d7bbc3700fb38 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=568466ad65e1928d4c954555396d7bbc3700fb38
Author: Stefan Sayer <[email protected]> Committer: Stefan Sayer <[email protected]> Date: Tue Jun 28 14:07:17 2011 +0200 b/f: fix evaluating 401/407 reply on nonce reuse --- core/plug-in/uac_auth/UACAuth.cpp | 25 +++++++++++++++++++------ core/plug-in/uac_auth/UACAuth.h | 2 ++ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/core/plug-in/uac_auth/UACAuth.cpp b/core/plug-in/uac_auth/UACAuth.cpp index 99047dc..ec9b5a8 100644 --- a/core/plug-in/uac_auth/UACAuth.cpp +++ b/core/plug-in/uac_auth/UACAuth.cpp @@ -105,7 +105,9 @@ UACAuth::UACAuth(AmSipDialog* dlg, UACAuthCred* cred) : dlg(dlg), credential(cred), - AmSessionEventHandler() + AmSessionEventHandler(), + nonce_count(0), + nonce_reuse(false) { } @@ -139,12 +141,15 @@ bool UACAuth::onSipReply(const AmSipReply& reply, int old_dlg_status, const stri // credential->realm.c_str(), // credential->user.c_str(), // credential->pwd.c_str()); - if (((reply.code == 401) && + if (!nonce_reuse && + (((reply.code == 401) && getHeader(ri->second.hdrs, SIP_HDR_AUTHORIZATION, true).length()) || ((reply.code == 407) && - getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length())) { + getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length()))) { DBG("Authorization failed!\n"); } else { + nonce_reuse = false; + string auth_hdr = (reply.code==407) ? getHeader(reply.hdrs, SIP_HDR_PROXY_AUTHENTICATE, true) : getHeader(reply.hdrs, SIP_HDR_WWW_AUTHENTICATE, true); @@ -157,9 +162,13 @@ bool UACAuth::onSipReply(const AmSipReply& reply, int old_dlg_status, const stri ri->second.method, auth_uri, ri->second.body, result)) { string hdrs = ri->second.hdrs; - // TODO(?): strip headers - // ((code==401) ? stripHeader(ri->second.hdrs, "Authorization") : - // stripHeader(ri->second.hdrs, "Proxy-Authorization")); + + // strip other auth headers + if (reply.code == 401) { + removeHeader(hdrs, SIP_HDR_AUTHORIZATION); + } else { + removeHeader(hdrs, SIP_HDR_PROXY_AUTHORIZATION); + } if (hdrs == "\r\n" || hdrs == "\r" || hdrs == "\n") hdrs = result; @@ -225,6 +234,10 @@ bool UACAuth::onSendRequest(const string& method, hdrs = result; else hdrs += result; + + nonce_reuse = true; + } else { + nonce_reuse = false; } DBG("adding %d to list of sent requests.\n", cseq); diff --git a/core/plug-in/uac_auth/UACAuth.h b/core/plug-in/uac_auth/UACAuth.h index 4e1695c..504c3a3 100644 --- a/core/plug-in/uac_auth/UACAuth.h +++ b/core/plug-in/uac_auth/UACAuth.h @@ -111,6 +111,8 @@ class UACAuth : public AmSessionEventHandler string nonce; // last nonce received from server unsigned int nonce_count; + bool nonce_reuse; // reused nonce? + std::string find_attribute(const std::string& name, const std::string& header); bool parse_header(const std::string& auth_hdr, UACAuthDigestChallenge& challenge); _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
