[asterisk-commits] rizzo: trunk r44933 - /trunk/channels/chan_sip.c

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Thu Oct 12 08:12:55 MST 2006


Author: rizzo
Date: Thu Oct 12 10:12:54 2006
New Revision: 44933

URL: http://svn.digium.com/view/asterisk?rev=44933&view=rev
Log:
+ move [almost] all instances of WWW-Authenticate/Proxy-Authenticate
  and friends in a function, auth_headers(), which is used to
  simplify the interface of do_{proxy|register}_auth().
 
+ use PROXY_AUTH = 407, WWW_AUTH = 401 as values for enum sip_auth_type;

No functional change, only code cleanup.


Modified:
    trunk/channels/chan_sip.c

Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?rev=44933&r1=44932&r2=44933&view=diff
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Thu Oct 12 10:12:54 2006
@@ -309,8 +309,8 @@
 	to the end point.
 */
 enum sip_auth_type {
-	PROXY_AUTH,
-	WWW_AUTH,
+	PROXY_AUTH = 407,
+	WWW_AUTH = 401,
 };
 
 /*! \brief Authentication result from check_auth* functions */
@@ -1254,7 +1254,6 @@
 static int add_sdp(struct sip_request *resp, struct sip_pvt *p);
 
 /*--- Authentication stuff */
-static int do_proxy_auth(struct sip_pvt *p, struct sip_request *req, char *header, char *respheader, int sipmethod, int init);
 static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header, int sipmethod, char *digest, int digest_len);
 static int build_reply_digest(struct sip_pvt *p, int method, char *digest, int digest_len);
 static int clear_realm_authentication(struct sip_auth *authlist);	/* Clear realm authentication list (at reload) */
@@ -1405,7 +1404,6 @@
 static int sip_reregister(void *data);
 static int __sip_do_register(struct sip_registry *r);
 static int sip_reg_timeout(void *data);
-static int do_register_auth(struct sip_pvt *p, struct sip_request *req, char *header, char *respheader);
 static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header, int sipmethod,  char *digest, int digest_len);
 static void sip_send_all_registers(void);
 
@@ -7207,6 +7205,21 @@
 	return send_request(p, &resp, reliable, seqno ? seqno : p->ocseq);
 }
 
+/*! \brief return the request and response heade for a 401 or 407 code */
+static void auth_headers(enum sip_auth_type code, char **header, char **respheader)
+{
+	if (code == WWW_AUTH) {			/* 401 */
+		*header = "WWW-Authenticate";
+		*respheader = "Authorization";
+	} else if (code == PROXY_AUTH) {	/* 407 */
+		*header = "Proxy-Authenticate";
+		*respheader = "Proxy-Authorization";
+	} else {
+		ast_verbose("-- wrong response code %d\n", code);
+		*header = *respheader = "Invalid";
+	}
+}
+
 /*! \brief Transmit SIP request, auth added */
 static int transmit_request_with_auth(struct sip_pvt *p, int sipmethod, int seqno, enum xmittype reliable, int newbranch)
 {
@@ -7218,12 +7231,10 @@
 
 		memset(digest, 0, sizeof(digest));
 		if(!build_reply_digest(p, sipmethod, digest, sizeof(digest))) {
-			if (p->options && p->options->auth_type == PROXY_AUTH)
-				add_header(&resp, "Proxy-Authorization", digest);
-			else if (p->options && p->options->auth_type == WWW_AUTH)
-				add_header(&resp, "Authorization", digest);
-			else	/* Default, to be backwards compatible (maybe being too careful, but leaving it for now) */
-				add_header(&resp, "Proxy-Authorization", digest);
+			char *dummy, *response;
+			enum sip_auth_type code = p->options ? p->options->auth_type : PROXY_AUTH; /* XXX force 407 if unknown */
+			auth_headers(code, &dummy, &response);
+			add_header(&resp, response, digest);
 		} else
 			ast_log(LOG_WARNING, "No authentication available for call %s\n", p->callid);
 	}
@@ -7721,8 +7732,7 @@
 					 char *uri, enum xmittype reliable, int ignore)
 {
 	const char *response = "407 Proxy Authentication Required";
-	const char *reqheader = "Proxy-Authorization";
-	const char *respheader = "Proxy-Authenticate";
+	char *reqheader, *respheader;
 	const char *authtoken;
 	char a1_hash[256];
 	char resp_hash[256]="";
@@ -7749,12 +7759,14 @@
 	if (ast_strlen_zero(secret) && ast_strlen_zero(md5secret))
 		return AUTH_SUCCESSFUL;
 	if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
-		/* On a REGISTER, we have to use 401 and its family of headers instead of 407 and its family
-		   of headers -- GO SIP!  Whoo hoo!  Two things that do the same thing but are used in
-		   different circumstances! What a surprise. */
+		/* On a REGISTER, we have to use 401 and its family of headers
+		 * instead of 407 and its family of headers.
+		 */
 		response = "401 Unauthorized";
-		reqheader = "Authorization";
-		respheader = "WWW-Authenticate";
+		auth_headers(WWW_AUTH, &reqheader, &respheader);
+	} else {
+		response = "407 Proxy Authentication Required";
+		auth_headers(PROXY_AUTH, &reqheader, &respheader);
 	}
 	authtoken =  get_header(req, reqheader);	
 	if (ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
@@ -10660,10 +10672,13 @@
 }
 
 /*! \brief Authenticate for outbound registration */
-static int do_register_auth(struct sip_pvt *p, struct sip_request *req, char *header, char *respheader)
-{
+static int do_register_auth(struct sip_pvt *p, struct sip_request *req, enum sip_auth_type code)
+{
+	char *header, *respheader;
 	char digest[1024];
+
 	p->authtries++;
+	auth_headers(code, &header, &respheader);
 	memset(digest,0,sizeof(digest));
 	if (reply_digest(p, req, header, SIP_REGISTER, digest, sizeof(digest))) {
 		/* There's nothing to use for authentication */
@@ -10681,14 +10696,16 @@
 }
 
 /*! \brief Add authentication on outbound SIP packet */
-static int do_proxy_auth(struct sip_pvt *p, struct sip_request *req, char *header, char *respheader, int sipmethod, int init)
-{
+static int do_proxy_auth(struct sip_pvt *p, struct sip_request *req, enum sip_auth_type code, int sipmethod, int init)
+{
+	char *header, *respheader;
 	char digest[1024];
 
 	if (!p->options && !(p->options = ast_calloc(1, sizeof(*p->options))))
 		return -2;
 
 	p->authtries++;
+	auth_headers(code, &header, &respheader);
 	if (option_debug > 1)
 		ast_log(LOG_DEBUG, "Auth attempt %d on %s\n", p->authtries, sip_methods[sipmethod].text);
 	memset(digest, 0, sizeof(digest));
@@ -11433,14 +11450,12 @@
 		/* First we ACK */
 		transmit_request(p, SIP_ACK, seqno, XMIT_UNRELIABLE, FALSE);
 		if (p->options)
-			p->options->auth_type = (resp == 401 ? WWW_AUTH : PROXY_AUTH);
+			p->options->auth_type = resp;
 
 		/* Then we AUTH */
 		ast_string_field_free(p, theirtag);	/* forget their old tag, so we don't match tags when getting response */
 		if (!ast_test_flag(req, SIP_PKT_IGNORE)) {
-			char *authenticate = (resp == 401 ? "WWW-Authenticate" : "Proxy-Authenticate");
-			char *authorization = (resp == 401 ? "Authorization" : "Proxy-Authorization");
-			if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, authenticate, authorization, SIP_INVITE, 1)) {
+			if (p->authtries == MAX_AUTHTRIES || do_proxy_auth(p, req, resp, SIP_INVITE, 1)) {
 				ast_log(LOG_NOTICE, "Failed to authenticate on INVITE to '%s'\n", get_header(&p->initreq, "From"));
 				ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
 				ast_set_flag(&p->flags[0], SIP_ALREADYGONE);	
@@ -11491,9 +11506,6 @@
   */
 static void handle_response_refer(struct sip_pvt *p, int resp, char *rest, struct sip_request *req, int seqno)
 {
-	char *auth = "Proxy-Authenticate";
-	char *auth2 = "Proxy-Authorization";
-
 	/* If no refer structure exists, then do nothing */
 	if (!p->refer) {
 		ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
@@ -11518,11 +11530,7 @@
 				ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
 			ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
 		}
-		if (resp == 401) {
-			auth = "WWW-Authenticate";
-			auth2 = "Authorization";
-		}
-		if ((p->authtries > 1) || do_proxy_auth(p, req, auth, auth2, SIP_REFER, 0)) {
+		if (p->authtries > 1 || do_proxy_auth(p, req, resp, SIP_REFER, 0)) {
 			ast_log(LOG_NOTICE, "Failed to authenticate on REFER to '%s'\n", get_header(&p->initreq, "From"));
 			p->refer->status = REFER_NOAUTH;
 			ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);
@@ -11555,7 +11563,7 @@
 
 	switch (resp) {
 	case 401:	/* Unauthorized */
-		if ((p->authtries == MAX_AUTHTRIES) || do_register_auth(p, req, "WWW-Authenticate", "Authorization")) {
+		if (p->authtries == MAX_AUTHTRIES || do_register_auth(p, req, resp)) {
 			ast_log(LOG_NOTICE, "Failed to authenticate on REGISTER to '%s@%s' (Tries %d)\n", p->registry->username, p->registry->hostname, p->authtries);
 			ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
 			}
@@ -11576,7 +11584,7 @@
 		ast_sched_del(sched, r->timeout);
 		break;
 	case 407:	/* Proxy auth */
-		if ((p->authtries == MAX_AUTHTRIES) || do_register_auth(p, req, "Proxy-Authenticate", "Proxy-Authorization")) {
+		if (p->authtries == MAX_AUTHTRIES || do_register_auth(p, req, resp)) {
 			ast_log(LOG_NOTICE, "Failed to authenticate on REGISTER to '%s' (tries '%d')\n", get_header(&p->initreq, "From"), p->authtries);
 			ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
 		}
@@ -11847,7 +11855,7 @@
 					ast_log(LOG_WARNING, "Asked to authenticate %s, to %s:%d but we have no matching peer!\n",
 							msg, ast_inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
 					ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
-				if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, "Proxy-Authenticate", "Proxy-Authorization", sipmethod, 0)) {
+				if (p->authtries == MAX_AUTHTRIES || do_proxy_auth(p, req, 407, sipmethod, 0)) {
 					ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, get_header(&p->initreq, "From"));
 					ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
 				}
@@ -12042,11 +12050,7 @@
 			else if (sipmethod == SIP_INVITE) 
 				handle_response_invite(p, resp, rest, req, seqno);
 			else if (sipmethod == SIP_BYE) {
-				char *auth, *auth2;
-
-				auth = (resp == 407 ? "Proxy-Authenticate" : "WWW-Authenticate");
-				auth2 = (resp == 407 ? "Proxy-Authorization" : "Authorization");
-				if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, auth, auth2, sipmethod, 0)) {
+				if (p->authtries == MAX_AUTHTRIES || do_proxy_auth(p, req, resp, sipmethod, 0)) {
 					ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, get_header(&p->initreq, "From"));
 					ast_set_flag(&p->flags[0], SIP_NEEDDESTROY);	
 				}



More information about the asterisk-commits mailing list