Commit c2fb6d2d authored by Pekka Pessi's avatar Pekka Pessi

auth_client.c: auc_has_authorization() is happy if one scheme is supported

If there was multiple challenges with different authentication schemes,
auc_has_authorization() required that all were supported (and used) before
authentication could proceed.

darcs-hash:20090109205102-db55f-a800189f89d48b5e1af7e92fecdb75ffe46b5951.gz
parent 071d1916
......@@ -81,6 +81,8 @@ static int ca_credentials(auth_client_t *ca,
static int ca_clear_credentials(auth_client_t *ca);
static int ca_has_authorization(auth_client_t const *ca);
/** Initialize authenticators.
*
......@@ -175,8 +177,10 @@ int ca_challenge(auth_client_t *ca,
ca->ca_credential_class != credential_class)
return 0;
if (!ca->ca_auc)
if (!ca->ca_auc) {
ca->ca_credential_class = credential_class;
return 1;
}
if (ca->ca_auc->auc_challenge)
stale = ca->ca_auc->auc_challenge(ca, ch);
......@@ -536,22 +540,43 @@ int ca_clear_credentials(auth_client_t *ca)
*/
int auc_has_authorization(auth_client_t **auc_list)
{
auth_client_t const *ca;
auth_client_t const *ca, *other;
if (auc_list == NULL)
return 0;
/* Make sure every challenge has credentials */
for (ca = *auc_list; ca; ca = ca->ca_next) {
if (!ca->ca_user || !ca->ca_pass || !ca->ca_credential_class)
return 0;
if (AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear)
return 0;
if (!ca_has_authorization(ca)) {
/*
* Check if we have another challenge with same realm but different
* scheme
*/
for (other = *auc_list; other; other = ca->ca_next) {
if (ca == other)
continue;
if (ca->ca_credential_class == other->ca_credential_class &&
su_strcmp(ca->ca_realm, other->ca_realm) == 0 &&
ca_has_authorization(other))
break;
}
if (!other)
return 0;
}
}
return 1;
}
static int
ca_has_authorization(auth_client_t const *ca)
{
return ca->ca_credential_class &&
ca->ca_auc &&
ca->ca_user && ca->ca_pass &&
!(AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear);
}
/**Authorize a request.
*
* The function auc_authorization() is used to add correct authentication
......@@ -603,6 +628,8 @@ int auc_authorization(auth_client_t **auc_list, msg_t *msg, msg_pub_t *pub,
if (!ca->ca_auc)
continue;
if (!ca_has_authorization(ca))
continue;
if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0)
return -1;
......@@ -653,6 +680,8 @@ int auc_authorization_headers(auth_client_t **auc_list,
if (!ca->ca_auc)
continue;
if (!ca_has_authorization(ca))
continue;
if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0)
return -1;
......
......@@ -1093,6 +1093,29 @@ int test_digest_client()
auth_mod_destroy(am); deinit_as(as); aucs = NULL;
/* Test client with two challenges */
au = sip_www_authenticate_make(
NULL,
"Digest realm=\"test-realm\", "
"nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
"opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"");
au->au_next = sip_www_authenticate_make(
NULL,
"Not-Digest realm=\"test-realm\", "
"zip=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", "
"zap=\"5ccc069c403ebaf9f0171e9517f40e41\"");
TEST_1(auc_challenge(&aucs, home, (msg_auth_t *)au,
sip_authorization_class) >= 1);
TEST_1(auc_all_credentials(&aucs, "Digest", "\"test-realm\"",
"user", "pass"));
msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization);
TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name,
(url_t *)"sip:surf3@ims3.so.noklab.net",
sip->sip_payload), 1);
TEST_1(sip->sip_authorization);
aucs = NULL;
/* Test asynchronous operation */
aucs = NULL;
TEST_1(am = auth_mod_create(root,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment