[svn-commits] dvossel: branch dvossel/sip_request_transaction_matching r277871 - /team/dvos...

SVN commits to the Digium repositories svn-commits at lists.digium.com
Mon Jul 19 11:56:09 CDT 2010 

Author: dvossel
Date: Mon Jul 19 11:56:05 2010
New Revision: 277871

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=277871
Log:
Require request uri matching when Authentication header is present in a Request

Modified:
    team/dvossel/sip_request_transaction_matching/channels/chan_sip.c

Modified: team/dvossel/sip_request_transaction_matching/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/dvossel/sip_request_transaction_matching/channels/chan_sip.c?view=diff&rev=277871&r1=277870&r2=277871
==============================================================================
--- team/dvossel/sip_request_transaction_matching/channels/chan_sip.c (original)
+++ team/dvossel/sip_request_transaction_matching/channels/chan_sip.c Mon Jul 19 11:56:05 2010
@@ -7147,10 +7147,13 @@
 	const char *fromtag;
 	int seqno;
 
-	/* these only need to be set if the method is a Request */
+	/* Set if the method is a Request */
 	const char *ruri;
 	const char *viabranch;
 	const char *viasentby;
+
+	/* Set this if the Authentication header is present in the Request. */
+	int authentication_present;
 };
 
 enum match_req_res {
@@ -7160,14 +7163,17 @@
 };
 
 /*
- * \brief Match a incomming Request/Response to a dialog
+ * \brief Match a incoming Request/Response to a dialog
  *
  * \retval enum match_req_res indicating if the dialog matches the arg
  */
 static enum match_req_res match_req_to_dialog(struct sip_pvt *sip_pvt_ptr, struct match_req_args *arg)
 {
-
-	/* Match Tags and call-id to Dialog */
+	const char *init_ruri = REQ_OFFSET_TO_STR(&sip_pvt_ptr->initreq, rlPart2);
+
+	/*
+	 * Match Tags and call-id to Dialog
+	 */
 	if (!ast_strlen_zero(arg->callid) && strcmp(sip_pvt_ptr->callid, arg->callid)) {
 		/* call-id does not match. */
 		return SIP_REQ_NOT_MATCH;
@@ -7203,7 +7209,8 @@
 		}
 	}
 
-	/* Initial Transaction Matching.
+	/*
+	 * Compare incoming request against initial transaction.
 	 * 
 	 * This is a best effort attempt at distinguishing forked requests from
 	 * our initial transaction.  If all the elements are NOT in place to evaluate
@@ -7222,7 +7229,6 @@
 		ast_strlen_zero(arg->totag) &&                   /* must not have a totag */
 		(sip_pvt_ptr->init_icseq == arg->seqno) &&       /* the cseq must be the same as this dialogs initial cseq */
 		!ast_strlen_zero(sip_pvt_ptr->initviabranch)) {  /* The dialog must have started with a RFC3261 compliant branch tag */
-		const char *init_ruri = REQ_OFFSET_TO_STR(&sip_pvt_ptr->initreq, rlPart2);
 
 		/* This Request matches all the criteria required for Loop/Merge detection.
 		 * Now we must go down the patch of comparing VIA's and RURIs. */
@@ -7266,6 +7272,21 @@
 		}
 	} /* end of Request Via check */
 
+
+	/* Match Authentication Request.
+	 *
+	 * A Request with an Authentication header must come back with the
+	 * same Request URI.  Otherwise it is not a match.
+	 */
+	if ((arg->method != SIP_RESPONSE) &&      /* Must be a Request type to even begin checking this */
+		ast_strlen_zero(arg->totag) &&        /* no totag is present to match */
+		arg->authentication_present &&        /* Authentication header is present in Request */
+		sip_uri_cmp(init_ruri, arg->ruri)) {  /* Compare the Request URI of both the last Request and this new one */
+
+		/* Authentication was provided, but the Request URI did not match the last one on this dialog. */
+		return SIP_REQ_NOT_MATCH;
+	}
+
 	return SIP_REQ_MATCH;
 }
 
@@ -7339,17 +7360,28 @@
 			.callid = callid,
 		};
 		struct match_req_args args = { 0, };
-		struct ao2_iterator *iterator = ao2_t_callback(dialogs, OBJ_POINTER | OBJ_MULTIPLE, dialog_find_multiple, &tmp_dialog, "pedantic ao2_find in dialogs");
 		int found;
+		struct ao2_iterator *iterator = ao2_t_callback(dialogs,
+			OBJ_POINTER | OBJ_MULTIPLE,
+			dialog_find_multiple,
+			&tmp_dialog,
+			"pedantic ao2_find in dialogs");
 
 		args.method = req->method;
 		args.callid = NULL; /* we already matched this. */
 		args.totag = totag;
 		args.fromtag = fromtag;
 		args.seqno = seqno;
+
+		/* If this is a Request, set the Via and Authorization header arguments */
 		if (req->method != SIP_RESPONSE) {
+			const char *auth_header;
 			args.ruri = REQ_OFFSET_TO_STR(req, rlPart2);
 			get_viabranch(ast_strdupa(get_header(req, "Via")), (char **) &args.viasentby, (char **) &args.viabranch);
+			auth_header = get_header(req, "WWW-Authenticate");
+			if (!ast_strlen_zero(auth_header)) {
+				args.authentication_present = 1;
+			}
 		}
 
 		/* Iterate a list of dialogs already matched by Call-id */
@@ -7365,12 +7397,12 @@
 				/* This is likely a forked Request that somehow resulted in us receiving multiple parts of the fork.
 			 	* RFC 3261 section 8.2.2.2, Indicate that we want to merge requests by sending a 482 response. */
 				transmit_response_using_temp(callid, addr, 1, intended_method, req, "482 (Loop Detected)");
-				dialog_unref(sip_pvt_ptr, "This pvt did not match incoming SIP msg, unref pvt from find_call search.");
+				dialog_unref(sip_pvt_ptr, "pvt did not match incoming SIP msg, unref from search.");
 				ao2_iterator_destroy(iterator);
 				return NULL;
 			case SIP_REQ_NOT_MATCH:
 			default:
-				dialog_unref(sip_pvt_ptr, "This pvt did not match incoming SIP msg, unref pvt from find_call search.");
+				dialog_unref(sip_pvt_ptr, "pvt did not match incoming SIP msg, unref from search");
 			}
 		}
 		if (iterator) {

More information about the svn-commits mailing list