[asterisk-scf-commits] asterisk-scf/integration/pjproject.git branch "tweaked-auth" created.

Tue Aug 21 14:43:04 CDT 2012

branch "tweaked-auth" has been created
        at  97eb4385e370b90581897fbc2254bea1aadece58 (commit)

- Log -----------------------------------------------------------------
commit 97eb4385e370b90581897fbc2254bea1aadece58
Author: Joshua Colp <jcolp at digium.com>
Date:   Wed Aug 3 17:17:07 2011 -0300

    Return the value that was returned under release builds on the old code.

diff --git a/pjsip/src/pjsip/sip_auth_server.c b/pjsip/src/pjsip/sip_auth_server.c
index 7aed122..fb35c74 100644
--- a/pjsip/src/pjsip/sip_auth_server.c
+++ b/pjsip/src/pjsip/sip_auth_server.c
@@ -64,7 +64,7 @@ static pj_status_t pjsip_auth_verify( const pjsip_authorization_hdr *hdr,
 	if ((pj_strcmp(&dig->username, &cred_info->username) != 0) ||
 	    (pj_strcmp(&dig->realm, &cred_info->realm) != 0))
 	{
-	    return PJSIP_EAUTHINVALIDREALM;
+	    return PJSIP_EINVALIDOP;
 	}
 
 	/* Prepare for our digest calculation. */

commit b3f24bc0e352bcd552a4b2ccbd21b39d19fb4aec
Author: Joshua Colp <jcolp at digium.com>
Date:   Wed Aug 3 14:57:05 2011 -0300

    Remove some assertions since the comment above them is actually no longer true.

diff --git a/pjsip/src/pjsip/sip_auth_server.c b/pjsip/src/pjsip/sip_auth_server.c
index 03ed567..7aed122 100644
--- a/pjsip/src/pjsip/sip_auth_server.c
+++ b/pjsip/src/pjsip/sip_auth_server.c
@@ -60,14 +60,12 @@ static pj_status_t pjsip_auth_verify( const pjsip_authorization_hdr *hdr,
 	pj_str_t digest;
 	const pjsip_digest_credential *dig = &hdr->credential.digest;
 
-	/* Check that username and realm match. 
-	 * These checks should have been performed before entering this
-	 * function.
-	 */
-	PJ_ASSERT_RETURN(pj_strcmp(&dig->username, &cred_info->username) == 0,
-			 PJ_EINVALIDOP);
-	PJ_ASSERT_RETURN(pj_strcmp(&dig->realm, &cred_info->realm) == 0,
-			 PJ_EINVALIDOP);
+	/* Check that username and realm match.  */
+	if ((pj_strcmp(&dig->username, &cred_info->username) != 0) ||
+	    (pj_strcmp(&dig->realm, &cred_info->realm) != 0))
+	{
+	    return PJSIP_EAUTHINVALIDREALM;
+	}
 
 	/* Prepare for our digest calculation. */
 	digest.ptr = digest_buf;

commit bb4bb893c5032761e450c6973be6ea3a51f63101
Author: Joshua Colp <jcolp at digium.com>
Date:   Tue Aug 2 20:14:26 2011 -0300

    Make the lookup callback optional so that if a user populates the credentials early they do not need to implement a dummy lookup callback.

diff --git a/pjsip/src/pjsip/sip_auth_server.c b/pjsip/src/pjsip/sip_auth_server.c
index c3c8aa8..03ed567 100644
--- a/pjsip/src/pjsip/sip_auth_server.c
+++ b/pjsip/src/pjsip/sip_auth_server.c
@@ -38,7 +38,7 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_init(  pj_pool_t *pool,
 					  pjsip_auth_lookup_cred *lookup,
 					  unsigned options )
 {
-    PJ_ASSERT_RETURN(pool && auth_srv && realm && lookup, PJ_EINVAL);
+    PJ_ASSERT_RETURN(pool && auth_srv && realm, PJ_EINVAL);
 
     pj_strdup( pool, &auth_srv->realm, realm);
     auth_srv->lookup = lookup;
@@ -146,12 +146,14 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_verify( pjsip_auth_srv *auth_srv,
 	return PJSIP_EINVALIDAUTHSCHEME;
     }
 
-    /* Find the credential information for the account. */
-    status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm,
-				 &acc_name, &auth_srv->cred_info);
-    if (status != PJ_SUCCESS) {
-	*status_code = PJSIP_SC_FORBIDDEN;
-	return status;
+    if (*auth_srv->lookup) {
+	/* Find the credential information for the account. */
+	status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm,
+	    &acc_name, &auth_srv->cred_info);
+	if (status != PJ_SUCCESS) {
+	    *status_code = PJSIP_SC_FORBIDDEN;
+	    return status;
+	}
     }
 
     /* Authenticate with the specified credential. */

commit 8218d5be468edb0dfd45afc4b181225ea4aa73a0
Author: Joshua Colp <jcolp at digium.com>
Date:   Tue Aug 2 20:12:37 2011 -0300

    Store credential information with the server authentication information so it can be populated as soon as the information is not known and not just when the lookup_cred callback is called.

diff --git a/pjsip/include/pjsip/sip_auth.h b/pjsip/include/pjsip/sip_auth.h
index 57db0e7..e5737fe 100644
--- a/pjsip/include/pjsip/sip_auth.h
+++ b/pjsip/include/pjsip/sip_auth.h
@@ -274,7 +274,7 @@ typedef struct pjsip_auth_srv
     pj_str_t		     realm;	/**< Realm to serve.		    */
     pj_bool_t		     is_proxy;	/**< Will issue 407 instead of 401  */
     pjsip_auth_lookup_cred  *lookup;	/**< Lookup function.		    */
-
+    pjsip_cred_info          cred_info; /**< Credentials                    */
 } pjsip_auth_srv;
 
 
diff --git a/pjsip/src/pjsip/sip_auth_server.c b/pjsip/src/pjsip/sip_auth_server.c
index 1a557d7..c3c8aa8 100644
--- a/pjsip/src/pjsip/sip_auth_server.c
+++ b/pjsip/src/pjsip/sip_auth_server.c
@@ -107,7 +107,6 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_verify( pjsip_auth_srv *auth_srv,
     pjsip_msg *msg = rdata->msg_info.msg;
     pjsip_hdr_e htype;
     pj_str_t acc_name;
-    pjsip_cred_info cred_info;
     pj_status_t status;
 
     PJ_ASSERT_RETURN(auth_srv && rdata, PJ_EINVAL);
@@ -149,7 +148,7 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_verify( pjsip_auth_srv *auth_srv,
 
     /* Find the credential information for the account. */
     status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm,
-				 &acc_name, &cred_info);
+				 &acc_name, &auth_srv->cred_info);
     if (status != PJ_SUCCESS) {
 	*status_code = PJSIP_SC_FORBIDDEN;
 	return status;
@@ -157,7 +156,7 @@ PJ_DEF(pj_status_t) pjsip_auth_srv_verify( pjsip_auth_srv *auth_srv,
 
     /* Authenticate with the specified credential. */
     status = pjsip_auth_verify(h_auth, &msg->line.req.method.name, 
-			       &cred_info);
+			       &auth_srv->cred_info);
     if (status != PJ_SUCCESS) {
 	*status_code = PJSIP_SC_FORBIDDEN;
     }

-----------------------------------------------------------------------


-- 
asterisk-scf/integration/pjproject.git

