Browse code

b/f: fix evaluating 401/407 reply on nonce reuse

Stefan Sayer authored on 28/06/2011 12:07:17
Showing 2 changed files
... ...
@@ -105,7 +105,9 @@ UACAuth::UACAuth(AmSipDialog* dlg,
105 105
 		 UACAuthCred* cred)
106 106
   : dlg(dlg),
107 107
     credential(cred),
108
-    AmSessionEventHandler()
108
+    AmSessionEventHandler(),
109
+    nonce_count(0),
110
+    nonce_reuse(false)
109 111
 { 	  
110 112
 }
111 113
 
... ...
@@ -139,12 +141,15 @@ bool UACAuth::onSipReply(const AmSipReply& reply, AmSipDialog::Status old_dlg_st
139 141
 	// 				credential->realm.c_str(),
140 142
 	// 				credential->user.c_str(),
141 143
 	// 				credential->pwd.c_str());
142
-	if (((reply.code == 401) && 
144
+	if (!nonce_reuse &&
145
+	    (((reply.code == 401) &&
143 146
 	     getHeader(ri->second.hdrs, SIP_HDR_AUTHORIZATION, true).length()) ||
144 147
 	    ((reply.code == 407) && 
145
-	     getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length())) {
148
+	     getHeader(ri->second.hdrs, SIP_HDR_PROXY_AUTHORIZATION, true).length()))) {
146 149
 	  DBG("Authorization failed!\n");
147 150
 	} else {
151
+	  nonce_reuse = false;
152
+
148 153
 	  string auth_hdr = (reply.code==407) ? 
149 154
 	    getHeader(reply.hdrs, SIP_HDR_PROXY_AUTHENTICATE, true) : 
150 155
 	    getHeader(reply.hdrs, SIP_HDR_WWW_AUTHENTICATE, true);
... ...
@@ -157,9 +162,13 @@ bool UACAuth::onSipReply(const AmSipReply& reply, AmSipDialog::Status old_dlg_st
157 162
 		      ri->second.method,
158 163
 		      auth_uri, ri->second.body, result)) {
159 164
 	    string hdrs = ri->second.hdrs;
160
-	    // TODO(?): strip headers 
161
-	    // ((code==401) ? stripHeader(ri->second.hdrs, "Authorization")  :
162
-	    //	 		    stripHeader(ri->second.hdrs, "Proxy-Authorization"));
165
+
166
+	    // strip other auth headers
167
+	    if (reply.code == 401) {
168
+	      removeHeader(hdrs, SIP_HDR_AUTHORIZATION);
169
+	    } else {
170
+	      removeHeader(hdrs, SIP_HDR_PROXY_AUTHORIZATION);
171
+	    }
163 172
 
164 173
 	    if (hdrs == "\r\n" || hdrs == "\r" || hdrs == "\n")
165 174
 	      hdrs = result;
... ...
@@ -229,6 +238,10 @@ bool UACAuth::onSendRequest(const string& method,
229 238
       hdrs = result;
230 239
     else
231 240
       hdrs += result;
241
+
242
+    nonce_reuse = true;
243
+  } else {
244
+    nonce_reuse = false;
232 245
   }
233 246
 
234 247
   DBG("adding %d to list of sent requests.\n", cseq);
... ...
@@ -113,6 +113,8 @@ class UACAuth : public AmSessionEventHandler
113 113
   string nonce; // last nonce received from server
114 114
   unsigned int nonce_count;
115 115
 
116
+  bool nonce_reuse; // reused nonce?
117
+
116 118
   std::string find_attribute(const std::string& name, const std::string& header);
117 119
   bool parse_header(const std::string& auth_hdr, UACAuthDigestChallenge& challenge);
118 120