From 10f7927093fbf0635df1f32cdadd62d200659cb2 Mon Sep 17 00:00:00 2001 From: Donat Zenichev Date: Thu, 29 Dec 2022 10:14:29 +0100 Subject: [PATCH] MT#55831 Authentication from SEMS with no credentials There are cases when calls coming to a subscriber of C5 CE, is being challenged by this subscriber, the use case for that could be if for e.g. we have a PBX/SBC connected to NGCP via subscriber's object. Current implementation of SEMS works so, that in case parameters; 'enable_auth' and 'enable_aleg_auth' are set to value 'yes', SEMS tries to pass the digest for the calling party. This leads to the empty 'username' and wrong 'response' parameters of the Proxy-Authorization header, eventually the Authorization process is failed. This is to be changed, so in case 'u=', 'p=' and 'd=' have not been previously sent by the Proxy (in 'P-App-Param:'), or rather they are empty, authentication should be transparent, hence be processed by the calling side, with no interfer from SEMS into that. (real ticket number: TT#128701) Change-Id: I989dbe3ed9d5a1d2ec73cb0ad081254c9b9eca32 --- core/plug-in/uac_auth/UACAuth.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/core/plug-in/uac_auth/UACAuth.cpp b/core/plug-in/uac_auth/UACAuth.cpp index c3225065..6ad9bef1 100644 --- a/core/plug-in/uac_auth/UACAuth.cpp +++ b/core/plug-in/uac_auth/UACAuth.cpp @@ -173,7 +173,9 @@ bool UACAuth::onSipReply(const AmSipRequest& req, const AmSipReply& reply, // credential->realm.c_str(), // credential->user.c_str(), // credential->pwd.c_str()); - if (!nonce_reuse && + if ((credential->user.empty() || credential->pwd.empty()) && reply.code==407) { + DBG("No credentials to pass the challenge from behalf of B2B, sending 407 transparently\n"); + } else if (!nonce_reuse && (((reply.code == 401) && getHeader(ri->second.hdrs, SIP_HDR_AUTHORIZATION, true).length()) || ((reply.code == 407) &&