serverauthmanager.cxx

这是国外的resip协议栈

   } 
   else 
   {
      // Handles digestAccepted == false, DigestNotAccepted and any other
      // case that is not recognised by the foregoing logic

      InfoLog (<< "Invalid password provided for " << userAuth->getUser() << " in " << userAuth->getRealm());
      InfoLog (<< "  a1 hash of password from db was " << userAuth->getA1() );

      SharedPtr<SipMessage> response(new SipMessage);
      Helper::makeResponse(*response, *requestWithAuth, 403, "Invalid password provided");
      mDum.send(response);
      onAuthFailure(BadCredentials, *requestWithAuth);
      delete requestWithAuth;
      return 0;
   }
}

            
bool
ServerAuthManager::useAuthInt() const
{
   return false;
}


bool
ServerAuthManager::proxyAuthenticationMode() const
{
   return true;
}


bool
ServerAuthManager::rejectBadNonces() const
{
   return true;
}


ServerAuthManager::AsyncBool
ServerAuthManager::requiresChallenge(const SipMessage& msg)
{
   return True;  
}


bool
ServerAuthManager::authorizedForThisIdentity(const resip::Data &user, 
                                               const resip::Data &realm, 
                                                resip::Uri &fromUri)
{
   // !rwm! good enough for now.  TODO eventually consult a database to see what
   // combinations of user/realm combos are authorized for an identity
   return ((fromUri.user() == user) && (fromUri.host() == realm));
}


const Data& 
ServerAuthManager::getChallengeRealm(const SipMessage& msg)
{
   return msg.header(h_RequestLine).uri().host();
}


bool
ServerAuthManager::isMyRealm(const Data& realm)
{
   return mDum.isMyDomain(realm);
}


// return true if request has been consumed 
ServerAuthManager::Result
ServerAuthManager::handle(SipMessage* sipMsg)
{
   //InfoLog( << "trying to do auth" );
   if (sipMsg->isRequest() && 
       sipMsg->header(h_RequestLine).method() != ACK && 
       sipMsg->header(h_RequestLine).method() != CANCEL)  // Do not challenge ACKs or CANCELs
   {
      ParserContainer<Auth>* auths;
      if (proxyAuthenticationMode())
      {
         if(!sipMsg->exists(h_ProxyAuthorizations))
         {
            return issueChallengeIfRequired(sipMsg);
         }
         auths = &sipMsg->header(h_ProxyAuthorizations);
      }
      else
      {
         if(!sipMsg->exists(h_Authorizations))
         {
            return issueChallengeIfRequired(sipMsg);
         }
         auths = &sipMsg->header(h_Authorizations);
      }
 
      try
      {
         for(Auths::iterator it = auths->begin(); it != auths->end(); it++)
         {
            if (isMyRealm(it->param(p_realm)))
            {
               InfoLog (<< "Requesting credential for " 
                        << it->param(p_username) << " @ " << it->param(p_realm));
               
               requestCredential(it->param(p_username),
                                 it->param(p_realm), 
                                 *sipMsg,
                                  *it,
                                 sipMsg->getTransactionId());
               mMessages[sipMsg->getTransactionId()] = sipMsg;
               return RequestedCredentials;
            }
         }

         InfoLog (<< "Didn't find matching realm ");
         return issueChallengeIfRequired(sipMsg);
      }
      catch(BaseException& e)
      {
         InfoLog (<< "Invalid auth header provided " << e);
         SharedPtr<SipMessage> response(new SipMessage);
         Helper::makeResponse(*response, *sipMsg, 400, "Invalid auth header");
         mDum.send(response);
         onAuthFailure(InvalidRequest, *sipMsg);
         return Rejected;
      }
   }
   return Skipped;
}

ServerAuthManager::Result
ServerAuthManager::issueChallengeIfRequired(SipMessage *sipMsg) 
{
   // Is challenge required for this message
   AsyncBool required = requiresChallenge(*sipMsg);
   switch(required) 
   {
     case False:
        return Skipped;
     case Async:
        mMessages[sipMsg->getTransactionId()] = sipMsg;
        return RequestedInfo;
     case True:
     default:
        issueChallenge(sipMsg);
        return Challenged;
   }
}

void
ServerAuthManager::issueChallenge(SipMessage *sipMsg) 
{
  //assume TransactionUser has matched/repaired a realm
  SharedPtr<SipMessage> challenge(Helper::makeChallenge(*sipMsg,
                                                        getChallengeRealm(*sipMsg), 
                                                        useAuthInt(), 
                                                        false /*stale*/,
                                                        proxyAuthenticationMode()));

  InfoLog (<< "Sending challenge to " << sipMsg->brief());
  mDum.send(challenge);
}

void 
ServerAuthManager::onAuthSuccess(const SipMessage& msg) 
{
   // sub class may want to create a log entry
}

void 
ServerAuthManager::onAuthFailure(AuthFailureReason reason, const SipMessage& msg) 
{
   // sub class may want to create a log entry
}


/* ====================================================================
 * The Vovida Software License, Version 1.0 
 * 
 * Copyright (c) 2000 Vovida Networks, Inc.  All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 * 
 * 3. The names "VOCAL", "Vovida Open Communication Application Library",
 *    and "Vovida Open Communication Application Library (VOCAL)" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact vocal@vovida.org.
 *
 * 4. Products derived from this software may not be called "VOCAL", nor
 *    may "VOCAL" appear in their name, without prior written
 *    permission of Vovida Networks, Inc.
 * 
 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND
 * NON-INFRINGEMENT ARE DISCLAIMED.  IN NO EVENT SHALL VOVIDA
 * NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES
 * IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
 * DAMAGE.
 * 
 * ====================================================================
 * 
 * This software consists of voluntary contributions made by Vovida
 * Networks, Inc. and many individuals on behalf of Vovida Networks,
 * Inc.  For more information on Vovida Networks, Inc., please see
 * <http://www.vovida.org/>.
 *
 */