diff --git a/libs/sofia-sip/.update b/libs/sofia-sip/.update index b26fdc2ec5..b413eb3474 100644 --- a/libs/sofia-sip/.update +++ b/libs/sofia-sip/.update @@ -1 +1 @@ -Wed Feb 11 10:53:10 CST 2009 +Wed Feb 11 10:53:44 CST 2009 diff --git a/libs/sofia-sip/libsofia-sip-ua/iptsec/auth_client.c b/libs/sofia-sip/libsofia-sip-ua/iptsec/auth_client.c index d536ce02c9..0850f7bd79 100644 --- a/libs/sofia-sip/libsofia-sip-ua/iptsec/auth_client.c +++ b/libs/sofia-sip/libsofia-sip-ua/iptsec/auth_client.c @@ -81,6 +81,8 @@ static int ca_credentials(auth_client_t *ca, static int ca_clear_credentials(auth_client_t *ca); +static int ca_has_authorization(auth_client_t const *ca); + /** Initialize authenticators. * @@ -175,8 +177,10 @@ int ca_challenge(auth_client_t *ca, ca->ca_credential_class != credential_class) return 0; - if (!ca->ca_auc) + if (!ca->ca_auc) { + ca->ca_credential_class = credential_class; return 1; + } if (ca->ca_auc->auc_challenge) stale = ca->ca_auc->auc_challenge(ca, ch); @@ -536,22 +540,43 @@ int ca_clear_credentials(auth_client_t *ca) */ int auc_has_authorization(auth_client_t **auc_list) { - auth_client_t const *ca; + auth_client_t const *ca, *other; if (auc_list == NULL) return 0; - /* Make sure every challenge has credentials */ for (ca = *auc_list; ca; ca = ca->ca_next) { - if (!ca->ca_user || !ca->ca_pass || !ca->ca_credential_class) - return 0; - if (AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear) - return 0; + if (!ca_has_authorization(ca)) { + /* + * Check if we have another challenge with same realm but different + * scheme + */ + for (other = *auc_list; other; other = ca->ca_next) { + if (ca == other) + continue; + if (ca->ca_credential_class == other->ca_credential_class && + su_strcmp(ca->ca_realm, other->ca_realm) == 0 && + ca_has_authorization(other)) + break; + } + + if (!other) + return 0; + } } return 1; } +static int +ca_has_authorization(auth_client_t const *ca) +{ + return ca->ca_credential_class && + ca->ca_auc && + ca->ca_user && ca->ca_pass && + !(AUTH_CLIENT_IS_EXTENDED(ca) && ca->ca_clear); +} + /**Authorize a request. * * The function auc_authorization() is used to add correct authentication @@ -603,6 +628,8 @@ int auc_authorization(auth_client_t **auc_list, msg_t *msg, msg_pub_t *pub, if (!ca->ca_auc) continue; + if (!ca_has_authorization(ca)) + continue; if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0) return -1; @@ -653,6 +680,8 @@ int auc_authorization_headers(auth_client_t **auc_list, if (!ca->ca_auc) continue; + if (!ca_has_authorization(ca)) + continue; if (ca->ca_auc->auc_authorize(ca, home, method, url, body, &h) < 0) return -1; diff --git a/libs/sofia-sip/libsofia-sip-ua/iptsec/test_auth_digest.c b/libs/sofia-sip/libsofia-sip-ua/iptsec/test_auth_digest.c index 89bcd64c73..9b6f114e5e 100644 --- a/libs/sofia-sip/libsofia-sip-ua/iptsec/test_auth_digest.c +++ b/libs/sofia-sip/libsofia-sip-ua/iptsec/test_auth_digest.c @@ -1093,6 +1093,29 @@ int test_digest_client() auth_mod_destroy(am); deinit_as(as); aucs = NULL; + /* Test client with two challenges */ + au = sip_www_authenticate_make( + NULL, + "Digest realm=\"test-realm\", " + "nonce=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", " + "opaque=\"5ccc069c403ebaf9f0171e9517f40e41\""); + au->au_next = sip_www_authenticate_make( + NULL, + "Not-Digest realm=\"test-realm\", " + "zip=\"dcd98b7102dd2f0e8b11d0f600bfb0c093\", " + "zap=\"5ccc069c403ebaf9f0171e9517f40e41\""); + + TEST_1(auc_challenge(&aucs, home, (msg_auth_t *)au, + sip_authorization_class) >= 1); + TEST_1(auc_all_credentials(&aucs, "Digest", "\"test-realm\"", + "user", "pass")); + msg_header_remove(m2, (void *)sip, (void *)sip->sip_authorization); + TEST(auc_authorization(&aucs, m2, (msg_pub_t*)sip, rq->rq_method_name, + (url_t *)"sip:surf3@ims3.so.noklab.net", + sip->sip_payload), 1); + TEST_1(sip->sip_authorization); + aucs = NULL; + /* Test asynchronous operation */ aucs = NULL; TEST_1(am = auth_mod_create(root,