Commit 411e1c3e authored by Simon Morlat's avatar Simon Morlat

Fix interoperability issue with servers send auth challenge with algorithm=md5...

Fix interoperability issue with servers send auth challenge with algorithm=md5 instead of algorithm=MD5 .
The SIP ABNF grammar says it should be written MD5 (not md5), however the matching of string must be made case-insensitive. This is a general rule with ABNF grammars.
parent af9e927d
......@@ -72,18 +72,18 @@ belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_autho
}
static void belle_sip_auth_choose_method(const char *algo, const char *ask, uint8_t *out, size_t size) {
if ((algo == NULL) || (!strcmp(algo, "MD5"))) {
if ((algo == NULL) || (!strcasecmp(algo, "MD5"))) {
// By default, using MD5 when algorithm is NULL
bctbx_md5((const uint8_t *)ask, strlen(ask), out);
} else if (!strcmp(algo, "SHA-256")) {
} else if (!strcasecmp(algo, "SHA-256")) {
bctbx_sha256((const uint8_t *)ask, strlen(ask), (uint8_t)size, out);
}
}
int belle_sip_auth_define_size(const char *algo) {
if ((algo == NULL) || (!strcmp(algo, "MD5"))) {
if (algo == NULL || strcasecmp(algo, "MD5") == 0) {
return 33;
} else if (!strcmp(algo, "SHA-256")) {
} else if (strcasecmp(algo, "SHA-256") == 0) {
return 65;
} else {
return 0;
......@@ -233,7 +233,7 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
const char *algo = belle_sip_header_authorization_get_algorithm(authorization);
size_t size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo);
belle_sip_error("Algorithm [%s] is not supported ", algo);
return -1;
}
int auth_mode=0;
......@@ -245,13 +245,13 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
response[size-1]=ha2[size-1]='\0';
if (belle_sip_header_authorization_get_scheme(authorization) != NULL &&
strcmp("Digest",belle_sip_header_authorization_get_scheme(authorization))!=0) {
strcasecmp("Digest",belle_sip_header_authorization_get_scheme(authorization))!=0) {
belle_sip_error("belle_sip_fill_authorization_header, unsupported schema [%s]"
,belle_sip_header_authorization_get_scheme(authorization));
return -1;
}
if (belle_sip_header_authorization_get_qop(authorization)
&& !(auth_mode=strcmp("auth",belle_sip_header_authorization_get_qop(authorization))==0)) {
&& !(auth_mode=strcasecmp("auth",belle_sip_header_authorization_get_qop(authorization))==0)) {
belle_sip_error("belle_sip_fill_authorization_header, unsupported qop [%s], use auth or nothing instead"
,belle_sip_header_authorization_get_qop(authorization));
return -1;
......
......@@ -1113,7 +1113,7 @@ static void belle_sip_provider_update_or_create_auth_context(belle_sip_provider
for (auth_context_it = auth_context_lst = belle_sip_provider_get_auth_context_by_realm_or_call_id(p, call_id, from_uri, realm);
auth_context_it != NULL; auth_context_it = auth_context_it->next) {
auth_context = (authorization_context_t *)auth_context_it->data;
if ((strcmp(auth_context->realm, belle_sip_header_www_authenticate_get_realm(authenticate)) == 0) && ((auth_context->algorithm == NULL) || strcmp(auth_context->algorithm, belle_sip_header_www_authenticate_get_algorithm(authenticate)) == 0)) {
if ((strcmp(auth_context->realm, belle_sip_header_www_authenticate_get_realm(authenticate)) == 0) && ((auth_context->algorithm == NULL) || strcasecmp(auth_context->algorithm, belle_sip_header_www_authenticate_get_algorithm(authenticate)) == 0)) {
authorization_context_fill_from_auth(auth_context, authenticate, from_uri);
goto end; /*only one realm is supposed to be found for now*/
}
......@@ -1260,6 +1260,13 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
}
belle_sip_message("Auth info found for [%s] realm [%s]",auth_event->userid,auth_event->realm);
algo = auth_context->algorithm;
size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Cannot add authorization header for unsupported algo [%s]", algo);
continue;
}
if (belle_sip_header_call_id_equals(call_id,auth_context->callid)) {
/*Same call id so we can make sure auth_context->is_proxy is accurate*/
if (auth_context->is_proxy)
......@@ -1292,12 +1299,7 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
++auth_context->nonce_count;
belle_sip_header_authorization_set_nonce_count(authorization,auth_context->nonce_count);
}
algo = belle_sip_header_authorization_get_algorithm(authorization);
size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo);
return 0;
}
if (auth_event->ha1) {
ha1=auth_event->ha1;
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment