Commit 411e1c3e authored by Simon Morlat's avatar Simon Morlat

Fix interoperability issue with servers send auth challenge with algorithm=md5...

Fix interoperability issue with servers send auth challenge with algorithm=md5 instead of algorithm=MD5 .
The SIP ABNF grammar says it should be written MD5 (not md5), however the matching of string must be made case-insensitive. This is a general rule with ABNF grammars.
parent af9e927d
...@@ -72,18 +72,18 @@ belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_autho ...@@ -72,18 +72,18 @@ belle_sip_header_proxy_authorization_t* belle_sip_auth_helper_create_proxy_autho
} }
static void belle_sip_auth_choose_method(const char *algo, const char *ask, uint8_t *out, size_t size) { static void belle_sip_auth_choose_method(const char *algo, const char *ask, uint8_t *out, size_t size) {
if ((algo == NULL) || (!strcmp(algo, "MD5"))) { if ((algo == NULL) || (!strcasecmp(algo, "MD5"))) {
// By default, using MD5 when algorithm is NULL // By default, using MD5 when algorithm is NULL
bctbx_md5((const uint8_t *)ask, strlen(ask), out); bctbx_md5((const uint8_t *)ask, strlen(ask), out);
} else if (!strcmp(algo, "SHA-256")) { } else if (!strcasecmp(algo, "SHA-256")) {
bctbx_sha256((const uint8_t *)ask, strlen(ask), (uint8_t)size, out); bctbx_sha256((const uint8_t *)ask, strlen(ask), (uint8_t)size, out);
} }
} }
int belle_sip_auth_define_size(const char *algo) { int belle_sip_auth_define_size(const char *algo) {
if ((algo == NULL) || (!strcmp(algo, "MD5"))) { if (algo == NULL || strcasecmp(algo, "MD5") == 0) {
return 33; return 33;
} else if (!strcmp(algo, "SHA-256")) { } else if (strcasecmp(algo, "SHA-256") == 0) {
return 65; return 65;
} else { } else {
return 0; return 0;
...@@ -233,7 +233,7 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a ...@@ -233,7 +233,7 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
const char *algo = belle_sip_header_authorization_get_algorithm(authorization); const char *algo = belle_sip_header_authorization_get_algorithm(authorization);
size_t size = belle_sip_auth_define_size(algo); size_t size = belle_sip_auth_define_size(algo);
if (!size) { if (!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo); belle_sip_error("Algorithm [%s] is not supported ", algo);
return -1; return -1;
} }
int auth_mode=0; int auth_mode=0;
...@@ -245,13 +245,13 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a ...@@ -245,13 +245,13 @@ int belle_sip_auth_helper_fill_authorization(belle_sip_header_authorization_t* a
response[size-1]=ha2[size-1]='\0'; response[size-1]=ha2[size-1]='\0';
if (belle_sip_header_authorization_get_scheme(authorization) != NULL && if (belle_sip_header_authorization_get_scheme(authorization) != NULL &&
strcmp("Digest",belle_sip_header_authorization_get_scheme(authorization))!=0) { strcasecmp("Digest",belle_sip_header_authorization_get_scheme(authorization))!=0) {
belle_sip_error("belle_sip_fill_authorization_header, unsupported schema [%s]" belle_sip_error("belle_sip_fill_authorization_header, unsupported schema [%s]"
,belle_sip_header_authorization_get_scheme(authorization)); ,belle_sip_header_authorization_get_scheme(authorization));
return -1; return -1;
} }
if (belle_sip_header_authorization_get_qop(authorization) if (belle_sip_header_authorization_get_qop(authorization)
&& !(auth_mode=strcmp("auth",belle_sip_header_authorization_get_qop(authorization))==0)) { && !(auth_mode=strcasecmp("auth",belle_sip_header_authorization_get_qop(authorization))==0)) {
belle_sip_error("belle_sip_fill_authorization_header, unsupported qop [%s], use auth or nothing instead" belle_sip_error("belle_sip_fill_authorization_header, unsupported qop [%s], use auth or nothing instead"
,belle_sip_header_authorization_get_qop(authorization)); ,belle_sip_header_authorization_get_qop(authorization));
return -1; return -1;
......
...@@ -1113,7 +1113,7 @@ static void belle_sip_provider_update_or_create_auth_context(belle_sip_provider ...@@ -1113,7 +1113,7 @@ static void belle_sip_provider_update_or_create_auth_context(belle_sip_provider
for (auth_context_it = auth_context_lst = belle_sip_provider_get_auth_context_by_realm_or_call_id(p, call_id, from_uri, realm); for (auth_context_it = auth_context_lst = belle_sip_provider_get_auth_context_by_realm_or_call_id(p, call_id, from_uri, realm);
auth_context_it != NULL; auth_context_it = auth_context_it->next) { auth_context_it != NULL; auth_context_it = auth_context_it->next) {
auth_context = (authorization_context_t *)auth_context_it->data; auth_context = (authorization_context_t *)auth_context_it->data;
if ((strcmp(auth_context->realm, belle_sip_header_www_authenticate_get_realm(authenticate)) == 0) && ((auth_context->algorithm == NULL) || strcmp(auth_context->algorithm, belle_sip_header_www_authenticate_get_algorithm(authenticate)) == 0)) { if ((strcmp(auth_context->realm, belle_sip_header_www_authenticate_get_realm(authenticate)) == 0) && ((auth_context->algorithm == NULL) || strcasecmp(auth_context->algorithm, belle_sip_header_www_authenticate_get_algorithm(authenticate)) == 0)) {
authorization_context_fill_from_auth(auth_context, authenticate, from_uri); authorization_context_fill_from_auth(auth_context, authenticate, from_uri);
goto end; /*only one realm is supposed to be found for now*/ goto end; /*only one realm is supposed to be found for now*/
} }
...@@ -1260,6 +1260,13 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ ...@@ -1260,6 +1260,13 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
} }
belle_sip_message("Auth info found for [%s] realm [%s]",auth_event->userid,auth_event->realm); belle_sip_message("Auth info found for [%s] realm [%s]",auth_event->userid,auth_event->realm);
algo = auth_context->algorithm;
size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Cannot add authorization header for unsupported algo [%s]", algo);
continue;
}
if (belle_sip_header_call_id_equals(call_id,auth_context->callid)) { if (belle_sip_header_call_id_equals(call_id,auth_context->callid)) {
/*Same call id so we can make sure auth_context->is_proxy is accurate*/ /*Same call id so we can make sure auth_context->is_proxy is accurate*/
if (auth_context->is_proxy) if (auth_context->is_proxy)
...@@ -1292,12 +1299,7 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ ...@@ -1292,12 +1299,7 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
++auth_context->nonce_count; ++auth_context->nonce_count;
belle_sip_header_authorization_set_nonce_count(authorization,auth_context->nonce_count); belle_sip_header_authorization_set_nonce_count(authorization,auth_context->nonce_count);
} }
algo = belle_sip_header_authorization_get_algorithm(authorization);
size = belle_sip_auth_define_size(algo);
if (!size) {
belle_sip_error("Algorithm [%s] is not correct ", algo);
return 0;
}
if (auth_event->ha1) { if (auth_event->ha1) {
ha1=auth_event->ha1; ha1=auth_event->ha1;
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment