Branch: refs/heads/3.0 Home: https://github.com/OpenSIPS/opensips Commit: 3274fc2b076bc8d2395ef1b68244a43c66463106 https://github.com/OpenSIPS/opensips/commit/3274fc2b076bc8d2395ef1b68244a43c66463106 Author: Liviu Chircu <li...@opensips.org> Date: 2020-11-05 (Thu, 05 Nov 2020)
Changed paths: M modules/b2b_entities/dlg.c M modules/sipmsgops/sipmsgops.c M modules/uac/auth.c M modules/uac_registrant/registrant.c M parser/parse_authenticate.c M parser/parse_authenticate.h Log Message: ----------- SIP digest auth: Improve handling for multiple digest challenges Before this patch, OpenSIPS would always work with the digest credentials of the 1st WWW/Proxy-Authenticate header field. While RFC 3261 does not define the behavior with multiple WWW/Proxy-Authenticate headers, in ยง 22.3 it is stated that: Note that if an authentication scheme that does not support realms is used in the Proxy-Authorization header field, a proxy server MUST attempt to parse all Proxy-Authorization header field values to determine whether one of them has what the proxy server considers to be valid credentials. ... so a proxy must _walk_ through unacceptable headers until it finds one with "valid" credentials. In the context of the upcoming RFC 8760, this would also mean: finding an auth header field with an MD5 digest algorithm, which is the only one currently supported. TL;DR: this patch improves the "uac", "uac_registrant" and "b2b_entities" modules so they correctly process 3 WWW-Authenticate headers with the following algorithm preference: algorithm=SHA-512-256 algorithm=SHA-256 algorithm=MD5 ... and correctly build an MD5-based response for the 3rd header field. Issue discovered during OpenSIPIt 2020 (cherry picked from commit 27d5862fb834e2c71f2fefb89a27430e30814647) SIP digest auth: Complete 27d5862fb8 The b2b_entities was not patched well, as some weird switch fallthrough-on-error behavior was introduced. (cherry picked from commit 5942d53f7aeec8eadcafd394fd1ee51ede2e5ab1) Commit: 278fd474090c19d4118e3311b31f1dde2016aa2b https://github.com/OpenSIPS/opensips/commit/278fd474090c19d4118e3311b31f1dde2016aa2b Author: Liviu Chircu <li...@opensips.org> Date: 2020-11-05 (Thu, 05 Nov 2020) Changed paths: M parser/digest/digest_parser.c M trim.h M ut.h Log Message: ----------- Merge pull request #2253 from sippy/master_2020 Fix a rather obscure copy-n-paste bug in the digest parser (cherry picked from commit baddd32e2fd6cb43dd8b55f8a9f494fbd506d403) (cherry picked from commit 74558d8957f57b73427d50dd7b7908f989537a12) Commit: 5292252cd7712e8d3e3f52b03889bc01f75d5f2a https://github.com/OpenSIPS/opensips/commit/5292252cd7712e8d3e3f52b03889bc01f75d5f2a Author: Maksym Sobolyev <sobo...@sippysoft.com> Date: 2020-11-05 (Thu, 05 Nov 2020) Changed paths: M parser/parse_authenticate.c Log Message: ----------- Use body->len as the only authoritative way to check if the provided body is empty or not. (cherry picked from commit b0997b1fb56d6f518a26b9fe32e45cb16b9a0284) (cherry picked from commit bd5a1d027b238892d798e5c3fc0d0633387192fe) Compare: https://github.com/OpenSIPS/opensips/compare/d81fb6c0d5af...5292252cd771 _______________________________________________ Devel mailing list Devel@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel