[Freeswitch-svn] [commit] r7448 - freeswitch/trunk/src/mod/endpoints/mod_sofia

Thu Jan 31 17:40:48 EST 2008

Author: anthm
Date: Thu Jan 31 17:40:48 2008
New Revision: 7448

Modified:
   freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c

Log:
mupdate

Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c
==============================================================================

--- freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c	(original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/sofia_reg.c	Thu Jan 31 17:40:48 2008
@@ -783,7 +783,7 @@
 	char bigdigest[2 * SU_MD5_DIGEST_SIZE + 1];
 	char *username, *realm, *nonce, *uri, *qop, *cnonce, *nc, *response, *input = NULL, *input2 = NULL;
 	auth_res_t ret = AUTH_FORBIDDEN;
-	int cnt = 0, first = 0;
+	int first = 0;
 	const char *passwd = NULL;
 	const char *a1_hash = NULL;
 	char *sql;
@@ -812,28 +812,20 @@
 
 					if (!strcasecmp(var, "username")) {
 						username = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "realm")) {
 						realm = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "nonce")) {
 						nonce = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "uri")) {
 						uri = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "qop")) {
 						qop = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "cnonce")) {
 						cnonce = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "response")) {
 						response = strdup(val);
-						cnt++;
 					} else if (!strcasecmp(var, "nc")) {
 						nc = strdup(val);
-						cnt++;
 					}
 				}
 
@@ -842,7 +834,7 @@
 		}
 	}
 
-	if (cnt != 8) {
+	if (!(username && realm && nonce && uri && response)) {
 		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Authorization header!\n");
 		ret = AUTH_STALE;
 		goto end;
@@ -878,10 +870,17 @@
 	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_realm", realm);
 	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_nonce", nonce);
 	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_uri", uri);
-	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_qop", qop);
-	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_cnonce", cnonce);
+    if (qop) {
+        switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_qop", qop);
+    }
+    if (cnonce) {
+        switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_cnonce", cnonce);
+    }
+    if (nc) {
+        switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_nc", nc);
+    }
 	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_response", response);
-	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_nc", nc);
+
 	switch_event_add_header_string(params, SWITCH_STACK_BOTTOM, "sip_auth_method", (sip && sip->sip_request) ? sip->sip_request->rq_method_name : NULL);
 
 	
@@ -964,29 +963,36 @@
 		su_md5_deinit(&ctx);
 	}
 
-	if ((input2 = switch_mprintf("%q:%q:%q:%q:%q:%q", a1_hash, nonce, nc, cnonce, qop, uridigest))) {
-		memset(&ctx, 0, sizeof(ctx));
-		su_md5_init(&ctx);
-		su_md5_strupdate(&ctx, input2);
-		su_md5_hexdigest(&ctx, bigdigest);
-		su_md5_deinit(&ctx);
-
-		if (!strcasecmp(bigdigest, response)) {
-			ret = AUTH_OK;
-		} else {
-			if ((profile->ndlb & PFLAG_NDLB_BROKEN_AUTH_HASH) && strcasecmp(regstr, "REGISTER") && strcasecmp(regstr, "INVITE")) {
-				/* some clients send an ACK with the method 'INVITE' in the hash which will break auth so we will
-				   try again with INVITE so we don't get people complaining to us when someone else's client has a bug......
-				 */
-				switch_safe_free(input);
-				switch_safe_free(input2);
-				regstr = "INVITE";
-				goto for_the_sake_of_interop;
-			}
-
-			ret = AUTH_FORBIDDEN;
-		}
-	}
+    if (nc && cnonce && qop) {
+        input2 = switch_mprintf("%q:%q:%q:%q:%q:%q", a1_hash, nonce, nc, cnonce, qop, uridigest);
+    } else {
+        input2 = switch_mprintf("%q:%q:%q", a1_hash, nonce, uridigest);
+    }
+
+    switch_assert(input2);
+
+    memset(&ctx, 0, sizeof(ctx));
+    su_md5_init(&ctx);
+    su_md5_strupdate(&ctx, input2);
+    su_md5_hexdigest(&ctx, bigdigest);
+    su_md5_deinit(&ctx);
+
+    if (!strcasecmp(bigdigest, response)) {
+        ret = AUTH_OK;
+    } else {
+        if ((profile->ndlb & PFLAG_NDLB_BROKEN_AUTH_HASH) && strcasecmp(regstr, "REGISTER") && strcasecmp(regstr, "INVITE")) {
+            /* some clients send an ACK with the method 'INVITE' in the hash which will break auth so we will
+               try again with INVITE so we don't get people complaining to us when someone else's client has a bug......
+            */
+            switch_safe_free(input);
+            switch_safe_free(input2);
+            regstr = "INVITE";
+            goto for_the_sake_of_interop;
+        }
+
+        ret = AUTH_FORBIDDEN;
+    }
+        
 
  skip_auth:
 

