1 From bdbeb7c4b2b11efc2e59f5dee7aa4360a2bc9fff Mon Sep 17 00:00:00 2001
2 From: sauwming <ming@teluu.com>
3 Date: Thu, 22 Apr 2021 14:03:28 +0800
4 Subject: [PATCH 90/90] Skip unsupported digest algorithm (#2408)
6 Co-authored-by: Nanang Izzuddin <nanang@teluu.com>
8 pjsip/src/pjsip/sip_auth_client.c | 32 +++++--
9 tests/pjsua/scripts-sipp/uas-auth-two-algo.py | 7 ++
10 .../pjsua/scripts-sipp/uas-auth-two-algo.xml | 83 +++++++++++++++++++
11 3 files changed, 117 insertions(+), 5 deletions(-)
12 create mode 100644 tests/pjsua/scripts-sipp/uas-auth-two-algo.py
13 create mode 100644 tests/pjsua/scripts-sipp/uas-auth-two-algo.xml
15 --- a/pjsip/src/pjsip/sip_auth_client.c
16 +++ b/pjsip/src/pjsip/sip_auth_client.c
17 @@ -1042,7 +1042,7 @@ static pj_status_t process_auth( pj_pool
21 - /* See if we have sent authorization header for this realm */
22 + /* See if we have sent authorization header for this realm (and scheme) */
23 hdr = tdata->msg->hdr.next;
24 while (hdr != &tdata->msg->hdr) {
25 if ((hchal->type == PJSIP_H_WWW_AUTHENTICATE &&
26 @@ -1052,7 +1052,8 @@ static pj_status_t process_auth( pj_pool
28 sent_auth = (pjsip_authorization_hdr*) hdr;
29 if (pj_stricmp(&hchal->challenge.common.realm,
30 - &sent_auth->credential.common.realm )==0)
31 + &sent_auth->credential.common.realm)==0 &&
32 + pj_stricmp(&hchal->scheme, &sent_auth->scheme)==0)
34 /* If this authorization has empty response, remove it. */
35 if (pj_stricmp(&sent_auth->scheme, &pjsip_DIGEST_STR)==0 &&
36 @@ -1062,6 +1063,14 @@ static pj_status_t process_auth( pj_pool
38 pj_list_erase(sent_auth);
41 + if (pj_stricmp(&sent_auth->scheme, &pjsip_DIGEST_STR)==0 &&
42 + pj_stricmp(&sent_auth->credential.digest.algorithm,
43 + &hchal->challenge.digest.algorithm)!=0)
45 + /* Same 'digest' scheme but different algo */
49 /* Found previous authorization attempt */
51 @@ -1155,9 +1164,10 @@ PJ_DEF(pj_status_t) pjsip_auth_clt_reini
56 + unsigned chal_cnt, auth_cnt;
59 + pj_status_t last_auth_err;
61 PJ_ASSERT_RETURN(sess && rdata && old_request && new_request,
63 @@ -1178,6 +1188,8 @@ PJ_DEF(pj_status_t) pjsip_auth_clt_reini
65 hdr = rdata->msg_info.msg->hdr.next;
68 + last_auth_err = PJSIP_EAUTHNOAUTH;
69 while (hdr != &rdata->msg_info.msg->hdr) {
70 pjsip_cached_auth *cached_auth;
71 const pjsip_www_authenticate_hdr *hchal;
72 @@ -1222,8 +1234,13 @@ PJ_DEF(pj_status_t) pjsip_auth_clt_reini
74 status = process_auth(tdata->pool, hchal, tdata->msg->line.req.uri,
75 tdata, sess, cached_auth, &hauth);
76 - if (status != PJ_SUCCESS)
78 + if (status != PJ_SUCCESS) {
79 + last_auth_err = status;
81 + /* Process next header. */
86 if (pj_pool_get_used_size(cached_auth->pool) >
87 PJSIP_AUTH_CACHED_POOL_MAX_SIZE)
88 @@ -1236,12 +1253,17 @@ PJ_DEF(pj_status_t) pjsip_auth_clt_reini
90 /* Process next header. */
95 /* Check if challenge is present */
97 return PJSIP_EAUTHNOCHAL;
99 + /* Check if any authorization header has been created */
101 + return last_auth_err;
103 /* Remove branch param in Via header. */
104 via = (pjsip_via_hdr*) pjsip_msg_find_hdr(tdata->msg, PJSIP_H_VIA, NULL);
105 via->branch_param.slen = 0;
107 +++ b/tests/pjsua/scripts-sipp/uas-auth-two-algo.py
111 +import inc_const as const
113 +PJSUA = ["--null-audio --max-calls=1 --id=sip:a@localhost --username=a --realm=* --registrar=$SIPP_URI"]
115 +PJSUA_EXPECTS = [[0, "registration success", ""]]
117 +++ b/tests/pjsua/scripts-sipp/uas-auth-two-algo.xml
119 +<?xml version="1.0" encoding="ISO-8859-1" ?>
120 +<!DOCTYPE scenario SYSTEM "sipp.dtd">
122 +<scenario name="Basic UAS responder">
123 + <recv request="REGISTER" crlf="true">
129 + [last_Via:];received=1.1.1.1;rport=1111
131 + [last_To:];tag=[call_number]
140 + SIP/2.0 401 Unauthorized
141 + [last_Via:];received=1.1.1.1;rport=1111
143 + [last_To:];tag=[call_number]
146 + WWW-Authenticate: Digest realm="sip.linphone.org", nonce="PARV4gAAAADgw3asAADW8zsi5BEAAAAA", opaque="+GNywA==", algorithm=SHA-256, qop="auth"
147 + WWW-Authenticate: Digest realm="sip.linphone.org", nonce="PARV4gAAAADgw3asAADW8zsi5BEAAAAA", opaque="+GNywA==", algorithm=MD5, qop="auth"
148 + WWW-Authenticate: Digest realm="sip.linphone.org", nonce="PARV4gAAAADgw3asAADW8zsi5BEAAAAA", opaque="+GNywA==", algorithm=MD2, qop="auth"
153 + <recv request="REGISTER" crlf="true">
157 + header="Authorization:"
158 + assign_to="have_auth" />
162 + <nop next="resp_okay" test="have_auth" />
166 + SIP/2.0 403 no auth
167 + [last_Via:];received=1.1.1.1;rport=1111
169 + [last_To:];tag=[call_number]
177 + <label id="resp_okay" />
182 + [last_Via:];received=1.1.1.1;rport=1111
184 + [last_To:];tag=[call_number]
194 + <!-- definition of the response time repartition table (unit is ms) -->
195 + <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/>
197 + <!-- definition of the call length repartition table (unit is ms) -->
198 + <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/>