|
|
06ffbc5 |
From 5ce7165bfb2869300258193fdabbdf442435362b Mon Sep 17 00:00:00 2001
|
|
|
06ffbc5 |
From: Peter Lemenkov <lemenkov@gmail.com>
|
|
|
06ffbc5 |
Date: Mon, 6 Dec 2010 15:56:54 +0300
|
|
|
aaa6bfa |
Subject: [PATCH 1/3] Check for stale nonce in pre_auth
|
|
|
06ffbc5 |
|
|
|
06ffbc5 |
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
|
|
|
06ffbc5 |
---
|
|
|
06ffbc5 |
modules/auth/api.c | 35 ++++++++++++++++++-----------------
|
|
|
06ffbc5 |
1 files changed, 18 insertions(+), 17 deletions(-)
|
|
|
06ffbc5 |
|
|
|
06ffbc5 |
diff --git a/modules/auth/api.c b/modules/auth/api.c
|
|
|
06ffbc5 |
index f076e85..ea54f20 100644
|
|
|
06ffbc5 |
--- a/modules/auth/api.c
|
|
|
06ffbc5 |
+++ b/modules/auth/api.c
|
|
|
06ffbc5 |
@@ -215,6 +215,12 @@ auth_result_t pre_auth(struct sip_msg* _m, str* _realm, hdr_types_t _hftype,
|
|
|
06ffbc5 |
return ERROR;
|
|
|
06ffbc5 |
}
|
|
|
06ffbc5 |
|
|
|
06ffbc5 |
+ if (is_nonce_stale(&c->digest.nonce)) {
|
|
|
06ffbc5 |
+ LM_DBG("stale nonce value received\n");
|
|
|
06ffbc5 |
+ c->stale = 1;
|
|
|
06ffbc5 |
+ return STALE_NONCE;
|
|
|
06ffbc5 |
+ }
|
|
|
06ffbc5 |
+
|
|
|
06ffbc5 |
if (check_nonce(&c->digest.nonce, &secret) != 0) {
|
|
|
06ffbc5 |
LM_DBG("invalid nonce value received\n");
|
|
|
06ffbc5 |
c->stale = 1;
|
|
|
06ffbc5 |
@@ -240,27 +246,22 @@ auth_result_t post_auth(struct sip_msg* _m, struct hdr_field* _h)
|
|
|
06ffbc5 |
(_m->REQ_METHOD == METHOD_CANCEL))
|
|
|
06ffbc5 |
return AUTHORIZED;
|
|
|
06ffbc5 |
|
|
|
06ffbc5 |
- if (is_nonce_stale(&c->digest.nonce)) {
|
|
|
06ffbc5 |
- LM_DBG("response is OK, but nonce is stale\n");
|
|
|
06ffbc5 |
+ if(!disable_nonce_check) {
|
|
|
06ffbc5 |
+ /* Verify if it is the first time this nonce is received */
|
|
|
06ffbc5 |
+ index= get_nonce_index(&c->digest.nonce);
|
|
|
06ffbc5 |
+ if(index== -1) {
|
|
|
06ffbc5 |
+ LM_ERR("failed to extract nonce index\n");
|
|
|
06ffbc5 |
+ return ERROR;
|
|
|
06ffbc5 |
+ }
|
|
|
06ffbc5 |
+ LM_DBG("nonce index= %d\n", index);
|
|
|
06ffbc5 |
+
|
|
|
06ffbc5 |
+ if(!is_nonce_index_valid(index)) {
|
|
|
06ffbc5 |
+ LM_DBG("nonce index not valid\n");
|
|
|
06ffbc5 |
c->stale = 1;
|
|
|
06ffbc5 |
return STALE_NONCE;
|
|
|
06ffbc5 |
- } else {
|
|
|
06ffbc5 |
- if(!disable_nonce_check) {
|
|
|
06ffbc5 |
- /* Verify if it is the first time this nonce is received */
|
|
|
06ffbc5 |
- index= get_nonce_index(&c->digest.nonce);
|
|
|
06ffbc5 |
- if(index== -1) {
|
|
|
06ffbc5 |
- LM_ERR("failed to extract nonce index\n");
|
|
|
06ffbc5 |
- return ERROR;
|
|
|
06ffbc5 |
- }
|
|
|
06ffbc5 |
- LM_DBG("nonce index= %d\n", index);
|
|
|
06ffbc5 |
-
|
|
|
06ffbc5 |
- if(!is_nonce_index_valid(index)) {
|
|
|
06ffbc5 |
- LM_DBG("nonce index not valid\n");
|
|
|
06ffbc5 |
- c->stale = 1;
|
|
|
06ffbc5 |
- return STALE_NONCE;
|
|
|
06ffbc5 |
- }
|
|
|
06ffbc5 |
}
|
|
|
06ffbc5 |
}
|
|
|
06ffbc5 |
+
|
|
|
06ffbc5 |
return AUTHORIZED;
|
|
|
06ffbc5 |
|
|
|
06ffbc5 |
}
|
|
|
06ffbc5 |
--
|
|
|
06ffbc5 |
1.7.6
|
|
|
06ffbc5 |
|