Commit 1f12df55 authored by Pekka Pessi's avatar Pekka Pessi

Added auth_digest_credentials().

Use opaque to match Authorization header.

darcs-hash:20050908181023-65a35-a268c7a3412a2b1d936bf5b18e83dc5b7b886b54.gz
parent 07059a43
......@@ -574,11 +574,12 @@ int test_digest_client()
AUTHTAG_METHOD("Digest"),
AUTHTAG_REALM("ims3.so.noklab.net"),
AUTHTAG_DB(testpasswd),
AUTHTAG_OPAQUE("+GNywA=="),
TAG_END()));
init_as(as);
auth_mod_check_client(am, as, sip->sip_authorization, ach);
TEST(as->as_status, 400);
TEST(as->as_status, 401);
TEST_1(au = sip_authorization_make(home,
"Digest username=\"user1\", "
......@@ -622,7 +623,7 @@ int test_digest_client()
TEST(msg_params_remove((msg_param_t *)au->au_params, "opaque"), 1);
reinit_as(as);
auth_mod_check_client(am, as, au, ach);
TEST(as->as_status, 400);
TEST(as->as_status, 401); /* We use opaque to match authorization */
msg_params_add(home, (msg_param_t **) &au->au_params, opaque);
TEST(msg_params_remove((msg_param_t *)au->au_params, "uri"), 1);
......
......@@ -595,7 +595,7 @@ void auth_method_digest(auth_mod_t *am,
as->as_allow = auth_allow_check(am, as) == 0;
if (as->as_realm)
au = auth_mod_credentials(au, "Digest", as->as_realm);
au = auth_digest_credentials(au, as->as_realm, am->am_opaque);
else
au = NULL;
......@@ -1204,6 +1204,83 @@ msg_auth_t *auth_mod_credentials(msg_auth_t *auth,
return NULL;
}
/** Find a Digest credential header with matching realm and opaque. */
msg_auth_t *auth_digest_credentials(msg_auth_t *auth,
char const *realm,
char const *opaque)
{
char const *arealm, *aopaque;
for (;auth; auth = auth->au_next) {
if (strcasecmp(auth->au_scheme, "Digest"))
continue;
if (realm) {
int cmp = 1;
arealm = msg_params_find(auth->au_params, "realm=");
if (!arealm)
continue;
if (arealm[0] == '"') {
/* Compare quoted arealm with unquoted realm */
int i, j;
for (i = 1, j = 0, cmp = 1; arealm[i] != 0; i++, j++) {
if (arealm[i] == '"' && realm[j] == 0) {
cmp = 0;
break;
}
if (arealm[i] == '\\' && arealm[i + 1] != '\0')
i++;
if (arealm[i] != realm[j])
break;
}
} else {
cmp = strcmp(arealm, realm);
}
if (cmp)
continue;
}
if (opaque) {
int cmp = 1;
aopaque = msg_params_find(auth->au_params, "opaque=");
if (!aopaque)
continue;
if (aopaque[0] == '"') {
/* Compare quoted aopaque with unquoted opaque */
int i, j;
for (i = 1, j = 0, cmp = 1; aopaque[i] != 0; i++, j++) {
if (aopaque[i] == '"' && opaque[j] == 0) {
cmp = 0;
break;
}
if (aopaque[i] == '\\' && aopaque[i + 1] != '\0')
i++;
if (aopaque[i] != opaque[j])
break;
}
} else {
cmp = strcmp(aopaque, opaque);
}
if (cmp)
continue;
}
return auth;
}
return NULL;
}
/** Generate nonce parameter.
*
* @param am pointer to authentication module object
......
......@@ -201,6 +201,10 @@ void auth_challenge_basic(auth_mod_t *am,
auth_challenger_t const *ach);
/** Digest scheme */
msg_auth_t *auth_digest_credentials(msg_auth_t *auth,
char const *realm,
char const *opaque);
void auth_method_digest(auth_mod_t *am,
auth_status_t *as,
msg_auth_t *au,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment