hwelte
/
mbuni
1
0
Fork 0
Code Releases Activity

*** empty log message ***

This commit is contained in:
bagyenda 2007-04-11 13:03:01 +00:00
parent b1df15b16d
commit 27547cb49b
2 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mbuni/ChangeLog
View File

@ -1,5 +1,5 @@
2007-04-10 P. A. Bagyenda <bagyenda@dsmagic.com>
* Added Digest/MD5 HTTP authentication support (out-going)
* Added outgoing Digest/MD5 HTTP authentication support (thanks to Gert Horne <gert@bluetin.co.za> for funding)
2007-04-10 P. A. Bagyenda <bagyenda@dsmagic.com>
* MM7/SOAP XMLNS string now configurable via setting per-MMC (or per-VASP) interface version
2007-04-02 Vincent Chavanis <vincent@telemaque.fr>

27
mbuni/mmlib/mms_util.c
View File

@ -1290,9 +1290,9 @@ static int fetch_url_with_auth(HTTPCaller *c, int method, Octstr *url, List *req
char *nonce_count = "00000001";
Octstr *A1 = NULL, *A2 = NULL, *rd = NULL;
List *qop = NULL, *l = NULL;
int i, status = HTTP_UNAUTHORIZED;
int i, status = HTTP_UNAUTHORIZED, has_auth = 0, has_auth_int = 0;
HTTPURLParse *h = parse_url(url);
unsigned char mdbuf[HASHLEN*2], *xs;
unsigned char mdbuf[1+HASHLEN*4], *xs;
char *m_qop = NULL;
time_t t = time(NULL);
@ -1322,7 +1322,9 @@ static int fetch_url_with_auth(HTTPCaller *c, int method, Octstr *url, List *req
Octstr *x = gwlist_get(l, 0);
octstr_insert(x, octstr_imm("_none; "), 0); /* make it easier to parse. */
octstr_destroy(xauth_value);
xauth_value = x;
xauth_value = octstr_duplicate(x);
gwlist_destroy(l, (gwlist_item_destructor_t *)octstr_destroy);
} else
warning(0, "Mal-formed Digest header (%s) while fetching (%s)!",
octstr_get_cstr(xauth_value), url ? octstr_get_cstr(url) : "");
@ -1334,8 +1336,17 @@ static int fetch_url_with_auth(HTTPCaller *c, int method, Octstr *url, List *req
algo = get_stripped_param_value(xauth_value, octstr_imm("algorithm"));
if ((x = get_stripped_param_value(xauth_value, octstr_imm("qop"))) != NULL) {
int i;
qop = octstr_split(x, octstr_imm(","));
octstr_destroy(x);
for (i = 0; i<gwlist_len(qop); i++) { /* find qop options. */
Octstr *s = gwlist_get(qop, i);
if (!s) continue;
if (octstr_str_case_compare(s, "auth") == 0)
has_auth = 1;
else if (octstr_str_case_compare(s, "auth-int") == 0)
has_auth_int = 1;
}
}
/* from here on, libssl is required. */
@ -1343,7 +1354,7 @@ static int fetch_url_with_auth(HTTPCaller *c, int method, Octstr *url, List *req
if (qop ||
(algo != NULL && octstr_str_case_compare(algo, "MD5-sess") == 0)) {
unsigned char *x = MD5((void *)&t, sizeof t, (void *)mdbuf);
cnonce = octstr_create_from_data((void *)x, HASHLEN);
cnonce = octstr_create_from_data((void *)x, 4);
octstr_binary_to_hex(cnonce,0);
}
@ -1368,14 +1379,10 @@ static int fetch_url_with_auth(HTTPCaller *c, int method, Octstr *url, List *req
x = octstr_format("%s:%S",
http_method2name(method),
h->path);
if (qop != NULL && /* if qop, and qop=auth-int */
gwlist_search(qop, "auth-int",
(gwlist_item_matches_t *)octstr_str_case_compare) != NULL &&
gwlist_search(qop, "auth",
(gwlist_item_matches_t *)octstr_str_case_compare) == NULL) {
if (qop != NULL && has_auth_int && !has_auth) { /* if qop, and qop=auth-int */
Octstr *y;
m_qop = "auth-int";
xs = MD5((void *)octstr_get_cstr(body), octstr_len(body), (void *)mdbuf);
y = octstr_create_from_data((char *)xs, HASHLEN);
octstr_binary_to_hex(y,0);