From 86ba23e486fdeb6d99ba3ef3b86285cc191eb6d4 Mon Sep 17 00:00:00 2001 From: Jehan Monnier Date: Sun, 28 Apr 2013 15:05:57 +0200 Subject: [PATCH] fix ha1 issue and store ha1 instead of passwd --- coreapi/authentication.c | 13 +++++++++---- coreapi/bellesip_sal/sal_impl.c | 4 ++++ coreapi/callbacks.c | 1 + include/sal/sal.h | 1 + tester/liblinphone_tester.c | 2 ++ tester/register_tester.c | 16 ++++++++++++++++ 6 files changed, 33 insertions(+), 4 deletions(-) diff --git a/coreapi/authentication.c b/coreapi/authentication.c index 8ab1c21ff..1d0eaf15c 100644 --- a/coreapi/authentication.c +++ b/coreapi/authentication.c @@ -161,18 +161,22 @@ void linphone_auth_info_write_config(LpConfig *config, LinphoneAuthInfo *obj, in if (obj==NULL || lp_config_get_int(config, "sip", "store_auth_info", 1) == 0){ return; - } + } + if (!obj->ha1 && obj->realm && obj->passwd && (obj->username||obj->userid)) { + /*compute ha1 to avoid storing clear text password*/ + obj->ha1=ms_malloc(33); + sal_auth_compute_ha1(obj->userid?obj->userid:obj->username,obj->realm,obj->passwd,obj->ha1); + } if (obj->username!=NULL){ lp_config_set_string(config,key,"username",obj->username); } if (obj->userid!=NULL){ lp_config_set_string(config,key,"userid",obj->userid); } - if (obj->passwd!=NULL){ - lp_config_set_string(config,key,"passwd",obj->passwd); - } if (obj->ha1!=NULL){ lp_config_set_string(config,key,"ha1",obj->ha1); + } else if (obj->passwd!=NULL){ /*only write passwd if no ha1*/ + lp_config_set_string(config,key,"passwd",obj->passwd); } if (obj->realm!=NULL){ lp_config_set_string(config,key,"realm",obj->realm); @@ -308,6 +312,7 @@ void linphone_core_add_auth_info(LinphoneCore *lc, const LinphoneAuthInfo *info) sai.userid=ai->userid; sai.realm=ai->realm; sai.password=ai->passwd; + sai.ha1=ai->ha1; sal_op_authenticate(op,&sai); ai->usecount++; } diff --git a/coreapi/bellesip_sal/sal_impl.c b/coreapi/bellesip_sal/sal_impl.c index c868854b6..b0bf517ac 100644 --- a/coreapi/bellesip_sal/sal_impl.c +++ b/coreapi/bellesip_sal/sal_impl.c @@ -685,3 +685,7 @@ void sal_expire_old_registration_contacts(Sal *ctx, bool_t enabled){ void sal_use_dates(Sal *ctx, bool_t enabled){ ctx->use_dates=enabled; } + +int sal_auth_compute_ha1(const char* userid,const char* realm,const char* password, char ha1[33]) { + return belle_sip_auth_helper_compute_ha1(userid, realm, password, ha1); +} diff --git a/coreapi/callbacks.c b/coreapi/callbacks.c index b64500e0c..10014ecae 100644 --- a/coreapi/callbacks.c +++ b/coreapi/callbacks.c @@ -896,6 +896,7 @@ static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) { if (ai) { sai->userid=ai->userid?ai->userid:ai->username; sai->password=ai->passwd; + sai->ha1=ai->ha1; ai->usecount++; ai->last_use_time=ms_time(NULL); return TRUE; diff --git a/include/sal/sal.h b/include/sal/sal.h index f66413b8f..4bf2f415d 100644 --- a/include/sal/sal.h +++ b/include/sal/sal.h @@ -374,6 +374,7 @@ typedef struct SalCallbacks{ SalAuthInfo* sal_auth_info_new(); SalAuthInfo* sal_auth_info_clone(const SalAuthInfo* auth_info); void sal_auth_info_delete(const SalAuthInfo* auth_info); +LINPHONE_PUBLIC int sal_auth_compute_ha1(const char* userid,const char* realm,const char* password, char ha1[33]); void sal_set_callbacks(Sal *ctx, const SalCallbacks *cbs); int sal_listen_port(Sal *ctx, const char *addr, int port, SalTransport tr, int is_secure); diff --git a/tester/liblinphone_tester.c b/tester/liblinphone_tester.c index 6f7840a03..726296f09 100644 --- a/tester/liblinphone_tester.c +++ b/tester/liblinphone_tester.c @@ -92,6 +92,8 @@ LinphoneCore* create_lc_with_auth(unsigned int with_auth) { linphone_core_set_user_data(lc,&global_stat); /* until we have good certificates on our test server... */ linphone_core_verify_server_certificates(lc,FALSE); + /*to allow testing with 127.0.0.1*/ + linphone_core_set_network_reachable(lc,TRUE); return lc; } diff --git a/tester/register_tester.c b/tester/register_tester.c index 3522617bb..b58ee4e7b 100644 --- a/tester/register_tester.c +++ b/tester/register_tester.c @@ -199,6 +199,21 @@ static void simple_authenticated_register(){ CU_ASSERT_EQUAL(counters->number_of_auth_info_requested,0); } +static void ha1_authenticated_register(){ + stats* counters; + LinphoneCore* lc = create_lc(); + char ha1[33]; + LinphoneAuthInfo *info; + char route[256]; + sal_auth_compute_ha1(test_username,auth_domain,test_password,ha1); + info=linphone_auth_info_new(test_username,NULL,NULL,ha1,auth_domain); /*create authentication structure from identity*/ + sprintf(route,"sip:%s",test_route); + linphone_core_add_auth_info(lc,info); /*add authentication info to LinphoneCore*/ + counters = (stats*)linphone_core_get_user_data(lc); + register_with_refresh(lc,FALSE,auth_domain,route); + CU_ASSERT_EQUAL(counters->number_of_auth_info_requested,0); +} + static void authenticated_register_with_no_initial_credentials(){ LinphoneCoreVTable v_table; LinphoneCore* lc; @@ -345,6 +360,7 @@ test_t register_tests[] = { { "TCP register compatibility mode", simple_tcp_register_compatibility_mode }, { "TLS register", simple_tls_register }, { "Simple authenticated register", simple_authenticated_register }, + { "Ha1 authenticated register", ha1_authenticated_register }, { "Digest auth without initial credentials", authenticated_register_with_no_initial_credentials }, { "Authenticated register with late credentials", authenticated_register_with_late_credentials }, { "Register with refresh", simple_register_with_refresh },