MT#55831 Authentication from SEMS with no credentials

There are cases when calls coming to a subscriber of C5 CE, is being challenged by this subscriber, the use case for that could be if for e.g. we have a PBX/SBC connected to NGCP via subscriber's object. Current implementation of SEMS works so, that in case parameters; 'enable_auth' and 'enable_aleg_auth' are set to value 'yes', SEMS tries to pass the digest for the calling party. This leads to the empty 'username' and wrong 'response' parameters of the Proxy-Authorization header, eventually the Authorization process is failed. This is to be changed, so in case 'u=', 'p=' and 'd=' have not been previously sent by the Proxy (in 'P-App-Param:'), or rather they are empty, authentication should be transparent, hence be processed by the calling side, with no interfer from SEMS into that. (real ticket number: TT#128701) Change-Id: I989dbe3ed9d5a1d2ec73cb0ad081254c9b9eca32
4 years ago · 10f7927093
parent f9d0927245
commit 10f7927093
1 changed files with 3 additions and 1 deletions
--- a/core/plug-in/uac_auth/UACAuth.cpp
+++ b/core/plug-in/uac_auth/UACAuth.cpp
@ -173,7 +173,9 @@ bool UACAuth::onSipReply(const AmSipRequest& req, const AmSipReply& reply,
 	// 				credential->realm.c_str(),
 	// 				credential->user.c_str(),
 	// 				credential->pwd.c_str());
-	if (!nonce_reuse &&
+	if ((credential->user.empty() || credential->pwd.empty()) && reply.code==407) {
+	  DBG("No credentials to pass the challenge from behalf of B2B, sending 407 transparently\n");
+	} else if (!nonce_reuse &&
 	    (((reply.code == 401) &&
 	     getHeader(ri->second.hdrs, SIP_HDR_AUTHORIZATION, true).length()) ||
 	    ((reply.code == 407) &&