[Asterisk-cvs] asterisk/channels chan_sip.c,1.292.2.23,1.292.2.24

markster at lists.digium.com markster at lists.digium.com
Sun Mar 28 12:21:08 CST 2004 

Update of /usr/cvsroot/asterisk/channels
In directory mongoose.digium.com:/tmp/cvs-serv22660/channels

Modified Files:
      Tag: v1-0_stable
	chan_sip.c 
Log Message:
Backport sip authorization fixes, update BUGS with list of diffs between stable and devel


Index: chan_sip.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_sip.c,v
retrieving revision 1.292.2.23
retrieving revision 1.292.2.24
diff -u -d -r1.292.2.23 -r1.292.2.24
--- chan_sip.c	23 Mar 2004 18:09:54 -0000	1.292.2.23
+++ chan_sip.c	28 Mar 2004 17:18:59 -0000	1.292.2.24
@@ -3639,13 +3639,26 @@
 			ptr += sprintf(ptr, "%2.2x", digest[x]);
 }
 
-static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata, int randlen, char *username, char *secret, char *md5secret, char *method, char *uri, int reliable)
+static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata, int randlen, char *username, char *secret, char *md5secret, char *method, char *uri, int reliable, int ignore)
 {
 	int res = -1;
 	/* Always OK if no secret */
 	if (!strlen(secret) && !strlen(md5secret))
 		return 0;
-	if (!strlen(randdata) || !strlen(get_header(req, "Proxy-Authorization"))) {
+	if (ignore) {
+		/* This is a retransmitted invite/register/etc, don't reconstruct authentication
+		   information */
+		if (strlen(randdata)) {
+			if (!reliable) {
+				/* Resend message if this was NOT a reliable delivery.   Otherwise the
+				   retransmission should get it */
+				transmit_response_with_auth(p, "407 Proxy Authentication Required", req, randdata, reliable);
+				/* Schedule auto destroy in 15 seconds */
+				sip_scheddestroy(p, 15000);
+			}
+			res = 1;
+		}
+	} else if (!strlen(randdata) || !strlen(get_header(req, "Proxy-Authorization"))) {
 		snprintf(randdata, randlen, "%08x", rand());
 		transmit_response_with_auth(p, "407 Proxy Authentication Required", req, randdata, reliable);
 		/* Schedule auto destroy in 15 seconds */
@@ -3746,7 +3759,7 @@
     return 0;
 }
 
-static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri)
+static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore)
 {
 	int res = -1;
 	struct sip_peer *peer;
@@ -3795,7 +3808,7 @@
 			} else {
 				p->nat = peer->nat;
 				transmit_response(p, "100 Trying", req);
-				if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), peer->name, peer->secret, peer->md5secret, "REGISTER", uri, 0))) {
+				if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), peer->name, peer->secret, peer->md5secret, "REGISTER", uri, 0, ignore))) {
 					sip_cancel_destroy(p);
 					if (parse_contact(p, peer, req)) {
 						ast_log(LOG_WARNING, "Failed to parse contact info\n");
@@ -4168,7 +4181,7 @@
 	}
 	return output;
 }
-static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, char *uri, int reliable, struct sockaddr_in *sin)
+static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, char *uri, int reliable, struct sockaddr_in *sin, int ignore)
 {
 	struct sip_user *user;
 	struct sip_peer *peer;
@@ -4225,7 +4238,7 @@
 				ast_log(LOG_DEBUG, "Setting NAT on VRTP to %d\n", p->nat);
 				ast_rtp_setnat(p->vrtp, p->nat);
 			}
-			if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), user->name, user->secret, user->md5secret, cmd, uri, reliable))) {
+			if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), user->name, user->secret, user->md5secret, cmd, uri, reliable, ignore))) {
 				sip_cancel_destroy(p);
 				if (strlen(user->context))
 					strncpy(p->context, user->context, sizeof(p->context) - 1);
@@ -5304,7 +5317,7 @@
 			ast_verbose("Ignoring this request\n");
 		if (!p->lastinvite) {
 			/* Handle authentication if this is our first invite */
-			res = check_user(p, req, cmd, e, 1, sin);
+			res = check_user(p, req, cmd, e, 1, sin, ignore);
 			if (res) {
 				if (res < 0) {
 					ast_log(LOG_NOTICE, "Failed to authenticate user %s\n", get_header(req, "From"));
@@ -5530,7 +5543,7 @@
 
 		if (!p->lastinvite) {
 			/* Handle authentication if this is our first subscribe */
-			res = check_user(p, req, cmd, e, 0, sin);
+			res = check_user(p, req, cmd, e, 0, sin, ignore);
 			if (res) {
 				if (res < 0) {
 					ast_log(LOG_NOTICE, "Failed to authenticate user %s for SUBSCRIBE\n", get_header(req, "From"));
@@ -5592,7 +5605,7 @@
 			ast_verbose("Using latest request as basis request\n");
 		copy_request(&p->initreq, req);
 		check_via(p, req);
-		if ((res = register_verify(p, sin, req, e)) < 0) 
+		if ((res = register_verify(p, sin, req, e, ignore)) < 0) 
 			ast_log(LOG_NOTICE, "Registration from '%s' failed for '%s'\n", get_header(req, "To"), inet_ntoa(sin->sin_addr));
 		if (res < 1) {
 			p->needdestroy = 1;

More information about the svn-commits mailing list