Preston_PLB/freeswitch
1
0
Fork 0
forked from Mirrors/freeswitch
Code Pull Requests Activity

Fri Jan 9 14:51:02 CST 2009 Pekka Pessi <first.last@nokia.com>

Browse Source 
* auth_client.c: auc_has_authorization() is happy if one scheme is supported
  
  If there was multiple challenges with different authentication schemes,
  auc_has_authorization() required that all were supported (and used) before
  authentication could proceed.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11810 d0543943-73ff-0310-b7d9-9358b9ac24b2
This commit is contained in:
Michael Jerris 2009-02-11 16:53:49 +00:00
parent 4d985dc0ef
commit 21c92ab2d8
3 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/.update
View File

@ -1 +1 @@
Wed Feb 11 10:53:10 CST 2009
Wed Feb 11 10:53:44 CST 2009

43
libs/sofia-sip/libsofia-sip-ua/iptsec/auth_client.c
View File

@ -81,6 +81,8 @@ static int ca_credentials(auth_client_t *ca,
static int ca_clear_credentials(auth_client_t *ca);
static int ca_has_authorization(auth_client_t const *ca);
/** Initialize authenticators.
*
@ -175,8 +177,10 @@ int ca_challenge(auth_client_t *ca,
ca->ca_credential_class != credential_class)
return 0;
if (!ca->ca_auc)
if (!ca->ca_auc) {
ca->ca_credential_class = credential_class;
return 1;
}
if (ca->ca_auc->auc_challenge)
stale = ca->ca_auc->auc_challenge(ca, ch);
@ -536,22 +540,43 @@ int ca_clear_credentials(auth_client_t *ca)
*/
int auc_has_authorization(auth_client_t **auc_list)
{
auth_client_t const *ca;
auth_client_t const *ca, *other;
if (auc_list == NULL)
return 0;
/* Make sure every challenge has credentials */
for (ca = *auc_list; ca; ca = ca->ca_next) {
if (!ca->ca_user || !ca->ca_pass || !ca->ca_credential_class)
return 0;
if (AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear)
return 0;
if (!ca_has_authorization(ca)) {
/*
* Check if we have another challenge with same realm but different
* scheme
*/
for (other = *auc_list; other; other = ca->ca_next) {
if (ca == other)
continue;
if (ca->ca_credential_class == other->ca_credential_class &&
su_strcmp(ca->ca_realm, other->ca_realm) == 0 &&
ca_has_authorization(other))
break;
}
if (!other)
return 0;
}
}
return 1;
}
static int
ca_has_authorization(auth_client_t const *ca)
{
return ca->ca_credential_class &&
ca->ca_auc &&
ca->ca_user && ca->ca_pass &&
!(AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear);
}
/**Authorize a request.
*
* The function auc_authorization() is used to add correct authentication
@ -603,6 +628,8 @@ int auc_authorization(auth_client_t **auc_list, msg_t *msg, msg_pub_t *pub,
if (!ca->ca_auc)
continue;
if (!ca_has_authorization(ca))
continue;
if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0)
return -1;
@ -653,6 +680,8 @@ int auc_authorization_headers(auth_client_t **auc_list,
if (!ca->ca_auc)
continue;
if (!ca_has_authorization(ca))
continue;
if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0)
return -1;

23
libs/sofia-sip/libsofia-sip-ua/iptsec/test_auth_digest.c
View File

@ -1093,6 +1093,29 @@ int test_digest_client()
auth_mod_destroy(am); deinit_as(as); aucs = NULL;
/* Test client with two challenges */
au = sip_www_authenticate_make(
NULL,
"Digest realm=\"test-realm\", "
"nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
"opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"");
au->au_next = sip_www_authenticate_make(
NULL,
"Not-Digest realm=\"test-realm\", "
"zip=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
"zap=\"5ccc069c403ebaf9f0171e9517f40e41\"");
TEST_1(auc_challenge(&aucs, home, (msg_auth_t *)au,
sip_authorization_class) >= 1);
TEST_1(auc_all_credentials(&aucs, "Digest", "\"test-realm\"",
"user", "pass"));
msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name,
(url_t *)"sip:surf3@ims3.so.noklab.net",
sip->sip_payload), 1);
TEST_1(sip->sip_authorization);
aucs = NULL;
/* Test asynchronous operation */
aucs = NULL;
TEST_1(am = auth_mod_create(root,