From 0185232f83d492ced19d57057da6360d034efc22 Mon Sep 17 00:00:00 2001
From: pier11 <pier11@operamail.com>
Date: Sat, 27 Feb 2010 20:27:07 +0000
Subject: [PATCH] auth: version 3 implemented I don't have ability to test in
 the moment - please do. If not working yet, uncomment sipe.c:520 which will
 revert behaviour to the previous.

---
 src/core/sipe-sign.c | 28 ++++++++++++++++++++--------
 src/core/sipe-sign.h |  4 +++-
 src/core/sipe.c      | 22 +++++++++++++++-------
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/src/core/sipe-sign.c b/src/core/sipe-sign.c
index c7c8977e..267570b5 100644
--- a/src/core/sipe-sign.c
+++ b/src/core/sipe-sign.c
@@ -137,7 +137,8 @@ sipmsg_breakdown_free(struct sipmsg_breakdown * msg)
 }
 
 gchar *
-sipmsg_breakdown_get_string(struct sipmsg_breakdown * msgbd)
+sipmsg_breakdown_get_string(int version,
+			    struct sipmsg_breakdown * msgbd)
 {
 	gchar *response_str;
 	gchar *msg;
@@ -147,13 +148,24 @@ sipmsg_breakdown_get_string(struct sipmsg_breakdown * msgbd)
 	}
 
 	response_str = msgbd->msg->response != 0 ? g_strdup_printf("<%d>", msgbd->msg->response) : empty_string;
-	msg = g_strdup_printf(
-		"<%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s>" // 1 - 11
-		"<%s>%s", // 12 - 13
-		msgbd->protocol, msgbd->rand, msgbd->num, msgbd->realm, msgbd->target_name, msgbd->call_id, msgbd->cseq,
-		msgbd->msg->method, msgbd->from_url, msgbd->from_tag, msgbd->to_tag,
-		msgbd->expires ? msgbd->expires : empty_string, response_str
-	);
+	if (version < 3) {
+		msg = g_strdup_printf(
+			"<%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s>" // 1 - 11
+			"<%s>%s", // 12 - 13
+			msgbd->protocol, msgbd->rand, msgbd->num, msgbd->realm, msgbd->target_name, msgbd->call_id, msgbd->cseq,
+			msgbd->msg->method, msgbd->from_url, msgbd->from_tag, msgbd->to_tag,
+			msgbd->expires ? msgbd->expires : empty_string, response_str
+		);
+	} else {
+		msg = g_strdup_printf(
+			"<%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s><%s>" // 1 - 14
+			"<%s>%s", // 15 - 16
+			msgbd->protocol, msgbd->rand, msgbd->num, msgbd->realm, msgbd->target_name, msgbd->call_id, msgbd->cseq,
+			msgbd->msg->method, msgbd->from_url, msgbd->from_tag, msgbd->to_url, msgbd->to_tag,
+			msgbd->p_assertet_identity_sip_uri, msgbd->p_assertet_identity_tel_uri,
+			msgbd->expires ? msgbd->expires : empty_string, response_str
+		);
+	}
 
 	if (response_str != empty_string) {
 		g_free(response_str);
diff --git a/src/core/sipe-sign.h b/src/core/sipe-sign.h
index a57ff6be..5d728ebd 100644
--- a/src/core/sipe-sign.h
+++ b/src/core/sipe-sign.h
@@ -49,7 +49,9 @@ struct sipmsg_breakdown {
 };
 
 void sipmsg_breakdown_parse(struct sipmsg_breakdown * msg, gchar * realm, gchar * target);
-gchar* sipmsg_breakdown_get_string(struct sipmsg_breakdown * msgbd);
+gchar*
+sipmsg_breakdown_get_string(int version,
+			    struct sipmsg_breakdown * msgbd);
 void sipmsg_breakdown_free(struct sipmsg_breakdown * msg);
 
 #endif /* _PIDGIN_SIPE_SIGN_H */
diff --git a/src/core/sipe.c b/src/core/sipe.c
index ce531905..85ea9fca 100644
--- a/src/core/sipe.c
+++ b/src/core/sipe.c
@@ -366,7 +366,8 @@ static gchar *auth_header(struct sipe_account_data *sip, struct sip_auth *auth,
 
 	if (auth->type == AUTH_TYPE_NTLM || auth->type == AUTH_TYPE_KERBEROS) { /* NTLM or Kerberos */
 		gchar *auth_protocol = (auth->type == AUTH_TYPE_NTLM ? "NTLM" : "Kerberos");
-
+		gchar *version_str;
+		
 		// If we have a signature for the message, include that
 		if (msg->signature) {
 			return g_strdup_printf("%s qop=\"auth\", opaque=\"%s\", realm=\"%s\", targetname=\"%s\", crand=\"%s\", cnum=\"%s\", response=\"%s\"", auth_protocol, auth->opaque, auth->realm, auth->target, msg->rand, msg->num, msg->signature);
@@ -393,16 +394,21 @@ static gchar *auth_header(struct sipe_account_data *sip, struct sip_auth *auth,
 			}
 
 			opaque = (auth->type == AUTH_TYPE_NTLM ? g_strdup_printf(", opaque=\"%s\"", auth->opaque) : g_strdup(""));
-			//, version=3
+			/* version 3 as for version 4 we don't sign the first request yet */
+			version_str = auth->version > 2 ? g_strdup_printf(", version=\"%d\"", 3 /*auth->version*/) : g_strdup("");
 			//, crand="1d7d4ecf", cnum="1", response="4321ABCDEF"   -- for version 4	
-			ret = g_strdup_printf("%s qop=\"auth\"%s, realm=\"%s\", targetname=\"%s\", gssapi-data=\"%s\"", auth_protocol, opaque, auth->realm, auth->target, gssapi_data);
+			ret = g_strdup_printf("%s qop=\"auth\"%s, realm=\"%s\", targetname=\"%s\", gssapi-data=\"%s\"%s", auth_protocol, opaque, auth->realm, auth->target, gssapi_data, version_str);
 			g_free(opaque);
 			g_free(gssapi_data);
+			g_free(version_str);
 			return ret;
 		}
 
-		//, version=3
-		return g_strdup_printf("%s qop=\"auth\", realm=\"%s\", targetname=\"%s\", gssapi-data=\"\"", auth_protocol, auth->realm, auth->target);
+		/* version 3 as for version 4 we don't sign the first request yet */
+		version_str = auth->version > 2 ? g_strdup_printf(", version=\"%d\"", 3 /*auth->version*/) : g_strdup("");
+		ret = g_strdup_printf("%s qop=\"auth\", realm=\"%s\", targetname=\"%s\", gssapi-data=\"\"%s", auth_protocol, auth->realm, auth->target, version_str);
+		g_free(version_str);
+		return ret;
 
 	} else { /* Digest */
 
@@ -510,6 +516,8 @@ static void fill_auth(const gchar *hdr, struct sip_auth *auth)
 			auth->version = atoi(tmp);
 			g_free(tmp);
 		}
+		// uncomment to revert to previous functionality if version 3+ does not work.
+		// auth->version = 2;
 	}
 	g_strfreev(parts);
 
@@ -779,7 +787,7 @@ static void sign_outgoing_message (struct sipmsg * msg, struct sipe_account_data
 		msgbd.rand = g_strdup_printf("%08x", g_random_int());
 		sip->registrar.ntlm_num++;
 		msgbd.num = g_strdup_printf("%d", sip->registrar.ntlm_num);
-		signature_input_str = sipmsg_breakdown_get_string(&msgbd);
+		signature_input_str = sipmsg_breakdown_get_string(sip->registrar.version, &msgbd);
 		if (signature_input_str != NULL) {
 			char *signature_hex = sip_sec_make_signature(sip->registrar.gssapi_context, signature_input_str);
 			msg->signature = signature_hex;
@@ -7911,7 +7919,7 @@ static void process_input(struct sipe_account_data *sip, struct sip_connection *
 			gchar *rspauth;
 			msgbd.msg = msg;
 			sipmsg_breakdown_parse(&msgbd, sip->registrar.realm, sip->registrar.target);
-			signature_input_str = sipmsg_breakdown_get_string(&msgbd);
+			signature_input_str = sipmsg_breakdown_get_string(sip->registrar.version, &msgbd);
 
 			rspauth = sipmsg_find_part_of_header(sipmsg_find_header(msg, "Authentication-Info"), "rspauth=\"", "\"", NULL);
 
-- 
2.11.4.GIT