diff --git a/sprout/icscfproxy.cpp b/sprout/icscfproxy.cpp index 73178d709..ff3d05583 100644 --- a/sprout/icscfproxy.cpp +++ b/sprout/icscfproxy.cpp @@ -167,7 +167,8 @@ pj_status_t ICSCFProxy::UASTsx::init(pjsip_rx_data* rdata, _impi = _impu.substr(4); } - // Get the visted network identification if present. + // Get the visted network identification if present. If not, homestead will + // default it. pjsip_generic_string_hdr* vn_hdr = (pjsip_generic_string_hdr*)pjsip_msg_find_hdr_by_name(msg, &STR_P_V_N_I, diff --git a/sprout/main.cpp b/sprout/main.cpp index c93b443ff..1e4b196e0 100644 --- a/sprout/main.cpp +++ b/sprout/main.cpp @@ -435,7 +435,7 @@ static pj_status_t init_options(int argc, char *argv[], struct options *options) case OPT_ADDITIONAL_HOME_DOMAINS: options->additional_home_domains = std::string(pj_optarg); - fprintf(stdout, "Additonal home domains set to %s\n", pj_optarg); + fprintf(stdout, "Additional home domains set to %s\n", pj_optarg); break; case 'c': diff --git a/sprout/pjutils.cpp b/sprout/pjutils.cpp index 1ac337c95..2185298bb 100644 --- a/sprout/pjutils.cpp +++ b/sprout/pjutils.cpp @@ -317,8 +317,8 @@ std::string PJUtils::default_private_id_from_uri(const pjsip_uri* uri) return id; } -/// Extract the domain from a SIP URI. If none is present, return the default -/// home domain. +/// Extract the domain from a SIP URI, or if its another type of URI, return +/// the default home domain. pj_str_t PJUtils::domain_from_uri(const std::string& uri_str, pj_pool_t* pool) { pjsip_uri* uri = PJUtils::uri_from_string(uri_str, pool); diff --git a/sprout/ut/authentication_test.cpp b/sprout/ut/authentication_test.cpp index 427182e0f..f1ed03eef 100644 --- a/sprout/ut/authentication_test.cpp +++ b/sprout/ut/authentication_test.cpp @@ -585,6 +585,58 @@ TEST_F(AuthenticationTest, DigestAuthFailStale) } +TEST_F(AuthenticationTest, DigestAuthFailWrongRealm) +{ + // Test a failed SIP Digest authentication flow where the response contains the wrong realm. + pjsip_tx_data* tdata; + + // Set up the HSS response for the AV query using a default private user identity. + _hss_connection->set_result("/impi/6505550001%40homedomain/av?impu=sip%3A6505550001%40homedomain", + "{\"digest\":{\"realm\":\"homedomain\",\"qop\":\"auth\",\"ha1\":\"12345678123456781234567812345678\"}}"); + + // Send in a REGISTER request with no authentication header. This triggers + // Digest authentication. + AuthenticationMessage msg1("REGISTER"); + msg1._auth_hdr = false; + inject_msg(msg1.get()); + + // Expect a 401 Not Authorized response. + ASSERT_EQ(1, txdata_count()); + tdata = current_txdata(); + RespMatcher(401).matches(tdata->msg); + + // Extract the nonce, nc, cnonce and qop fields from the WWW-Authenticate header. + std::string auth = get_headers(tdata->msg, "WWW-Authenticate"); + std::map auth_params; + parse_www_authenticate(auth, auth_params); + EXPECT_NE("", auth_params["nonce"]); + EXPECT_EQ("auth", auth_params["qop"]); + EXPECT_EQ("MD5", auth_params["algorithm"]); + free_txdata(); + + // Send a new REGISTER request with an authentication header including the + // response but the wrong realm. + AuthenticationMessage msg2("REGISTER"); + msg2._algorithm = "MD5"; + msg2._key = "12345678123456781234567812345678"; + msg2._nonce = auth_params["nonce"]; + msg2._opaque = auth_params["opaque"]; + msg2._nc = "00000001"; + msg2._cnonce = "8765432187654321"; + msg2._qop = "auth"; + msg2._auth_realm = "otherdomain"; + inject_msg(msg2.get()); + + // Check 401 Unauthorized response. + ASSERT_EQ(1, txdata_count()); + tdata = current_txdata(); + RespMatcher(401).matches(tdata->msg); + free_txdata(); + + _hss_connection->delete_result("/impi/6505550001%40homedomain/av?impu=sip%3A6505550001%40homedomain"); +} + + TEST_F(AuthenticationTest, AKAAuthSuccess) { // Test a successful AKA authentication flow.