Hi,
we came across an issue where a client expects an unexpired nonce to be
flaged by the stale=true flag in the Digest Authenticate header field.
I added this to the challenge function by using flag 8. The patch is
attached. I suspect that calling pre_auth again to check whether the
nonce is stale isn't the correct way to do this and am open to suggestions.
I also looked into using the pv_*_authenticate() functions but all the
database stuff is just getting crazy.
Best regards,
Martin
diff -Naur kamailio-3.1.3//modules/auth/auth_mod.c diff.kamailio-3.1.3//modules/auth/auth_mod.c
--- kamailio-3.1.3//modules/auth/auth_mod.c 2011-04-04 22:34:51.000000000 +0200
+++ diff.kamailio-3.1.3//modules/auth/auth_mod.c 2011-04-14 12:10:13.000000000 +0200
@@ -588,6 +588,8 @@
int ret;
str hf = {0, 0};
struct qp *qop = NULL;
+ struct hdr_field* h;
+ int stale;
ret = -1;
@@ -611,7 +613,15 @@
} else if(flags&1) {
qop = &auth_qauth;
}
- if (get_challenge_hf(msg, 0, &realm, NULL, NULL, qop, hftype, &hf) < 0) {
+ if (flags & 8) {
+ h = NULL;
+ pre_auth(msg, &realm, hftype, &h, NULL);
+ stale = (h != NULL) && ((auth_body_t*)h->parsed)->stale;
+ }
+ else {
+ stale = 0;
+ }
+ if (get_challenge_hf(msg, stale, &realm, NULL, NULL, qop, hftype, &hf) < 0) {
ERR("Error while creating challenge\n");
ret = -2;
goto error;
_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
