- add new SIP.Realm auth mode (upstream r8146)

2025-10-23 07:42:01 +00:00 · 2014-04-09 15:17:09 +02:00
parent 735faa60ef
commit 0ce13ce1b8
4 changed files with 76 additions and 2 deletions
--- a/Control/L3MobilityManagement.cpp
+++ b/Control/L3MobilityManagement.cpp
@@ -15,6 +15,7 @@
 #define LOG_GROUP LogGroup::Control		// Can set Log.Level.Control for debugging

 #include <set>
+#include <algorithm> // for std::remove
 #include "L3TranEntry.h"
 #include <GSMLogicalChannel.h>
 #include "ControlCommon.h"
@@ -681,6 +682,9 @@ MachineStatus LUAuthentication::machineRunState(int state, const GSM::L3Message*
 			uint64_t lRAND;
 			string rand = ludata()->mRegistrationResult.mRand;	// mRAND;
 			rand = rand.substr(0,rand.find('.'));
+			if (gConfig.getStr("SIP.Realm").length() > 0) {
+				rand.erase(std::remove(rand.begin(), rand.end(), '-'), rand.end());
+			}
 			if (rand.size() != 32) {
 				LOG(ALERT) << "Invalid RAND challenge returned by Registrar (RAND length=" <<rand.size() <<")";
 				// (pat) LUFinish may still permit services depending on failOpen().
--- a/SIP/SIPBase.cpp
+++ b/SIP/SIPBase.cpp
@@ -466,7 +466,19 @@ SipMessage *SipBase::makeRegisterMsg(DialogType wMethod, const L3LogicalChannel*
 	// The examples in 24.1 show a From-tag but no To-tag.
 	// The To-tag includes the optional <>, and Paul at null team incorrectly thought the <> were required,
 	// so we will include them as that appears to be common practice.
-	string myUriString = makeUri(username,dsPeer()->mipName,0);	// The port, if any, is already in mipName.
+
+	string myUriString;
+	string authUri;
+	string authUsername;
+	string realm = gConfig.getStr("SIP.Realm");
+	if (realm.length() > 0) {
+		authUri = string("sip:") + realm;
+		authUsername = string("IMSI") + msid.mImsi;
+		myUriString = makeUri(username,realm,0);
+	} else {
+		myUriString = makeUri(username,dsPeer()->mipName,0);	// The port, if any, is already in mipName.
+	}
+
 	//string fromUriString = makeUriWithTag(username,dsPeer()->mipName,make_tag());	// The port, if any, is already in mipName.
 	SipPreposition toHeader("",myUriString,"");
 	SipPreposition fromHeader("",myUriString,make_tag());
@@ -479,7 +491,13 @@ SipMessage *SipBase::makeRegisterMsg(DialogType wMethod, const L3LogicalChannel*
 	if (wMethod == SIPDTRegister ) {
 		expires = 60*gConfig.getNum("SIP.RegistrationPeriod");
 		if (SRES && strlen(SRES)) {
-			msg->msmAuthorizationValue = format("Digest, nonce=%s, uri=%s, response=%s",RAND.c_str(),msid.mImsi.c_str(),SRES);
+			if (realm.length() > 0) {
+				string response = makeResponse(authUsername, realm, SRES, registerStr, authUri, RAND);
+				msg->msmAuthorizationValue = format("Digest realm=\"%s\", username=\"%s\", nonce=\"%s\", uri=\"%s\", response=\"%s\", algorithm=MD5, qop=\"auth\" ",
+					realm.c_str(), authUsername.c_str(), RAND.c_str(), authUri.c_str(), response.c_str());
+			} else {
+				msg->msmAuthorizationValue = format("Digest, nonce=%s, uri=%s, response=%s",RAND.c_str(),msid.mImsi.c_str(),SRES);
+			}
 		}
 	} else if (wMethod == SIPDTUnregister ) {
 		expires = 0;
--- a/SIP/SIPUtility.cpp
+++ b/SIP/SIPUtility.cpp
@@ -30,10 +30,12 @@
 #include <GSMConfig.h>
 #include <GSML3CommonElements.h>

+//#include "md5.h"


 namespace SIP {
 using namespace std;
+//using namespace MD5;

 // Unused, but here it is if you want it:
 // Pair is goofed up, so just make our own.  It is trivial:
@@ -328,6 +330,51 @@ std::ostream& operator<<(std::ostream& os, const SipTimer&t)
 	return os;
 }

+string makeMD5(string input)
+{
+	// (mike) disabled for now until licensing on md5 code can be clarified
+	//char buffer[2 * MD5_DIGEST_SIZE + 1];
+	//md5_ctx ctx;
+	//MD5_Init(&ctx);   
+	//MD5_Update(&ctx, reinterpret_cast<const unsigned char *> (input.c_str()), input.size());
+	//MD5_hexdigest(&ctx,buffer);
+	//string str = buffer;
+	//
+	//return str;
+
+	// alternative to including md5 code in the project, kind of funky but it works for now
+	ostringstream os;
+	os << "echo -n \"" << input << "\" | md5sum | cut -d \" \" -f1";
+	FILE *f = popen(os.str().c_str(), "r");
+	if (f == NULL) {
+		LOG(CRIT) << "error: popen failed";
+		return false;
+	}
+	char digest[33];
+	char *buffer = fgets(digest, 33, f);
+	if (buffer != NULL && strlen(buffer) == 33) buffer[32] = 0;
+	if (buffer == NULL || strlen(buffer) != 32) {
+		LOG(CRIT) << "error: popen result failed";
+	}
+	int st = pclose(f);
+	if (st == -1) {
+		LOG(CRIT) << "error: pclose failed";
+	}
+	string str = buffer;
+
+	return str;
+}
+
+
+string makeResponse(string username, string realm, string password, string method, string uri, string nonce)
+{
+   static const string separatorStr(":");
+   string str1 = makeMD5( username + separatorStr + realm + separatorStr + password);
+   string str2 = makeMD5( method + separatorStr + uri);
+   string str3 = makeMD5( str1 + separatorStr + nonce + separatorStr + str2);
+   return str3;
+}
+
 };	// namespace SIP

 // vim: ts=4 sw=4
--- a/SIP/SIPUtility.h
+++ b/SIP/SIPUtility.h
@@ -185,6 +185,11 @@ extern string make_tag();
 extern string make_branch(const char *name=NULL);
 extern string globallyUniqueId(const char *start);
 extern string dequote(const string);
+
+extern string makeMD5(string input);
+extern string makeResponse(string username, string realm, string password, string method, string uri, string nonce);
+
+
 };
 #endif
 // vim: ts=4 sw=4