Mercurial > hg > freeDiameter
diff extensions/app_sip/multimediaauth.c @ 360:1740bee6c821
Initial App_SIP import
author | Alexandre Westfahl <awestfahl@freediameter.net> |
---|---|
date | Fri, 02 Jul 2010 12:00:58 +0900 |
parents | |
children | da11085cf6d9 |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/extensions/app_sip/multimediaauth.c Fri Jul 02 12:00:58 2010 +0900 @@ -0,0 +1,747 @@ +#include "diamsip.h" + + +int diamsip_MAR_cb( struct msg ** msg, struct avp * avp, struct session * sess, enum disp_action * act) +{ + struct msg *ans, *qry; + struct avp *a2, *authdataitem; + struct msg_hdr * header = NULL; + struct avp_hdr * avphdr=NULL, *avpheader=NULL, *avpheader_auth=NULL,*digestheader=NULL; + union avp_value val; + int found_cnonce=0; + struct avp * tempavp=NULL,*sipAuthentication=NULL,*sipAuthenticate=NULL; + char * result; + char password[51]; + int idx=0, idx2=0, number_of_auth_items=0,i=0;; + //Flags and variables for Database + int sipurinotstored=0, authenticationpending=0, querylen=0, usernamelen=0; + char *query=NULL,*username=NULL; + + //The nonce we will store and retrieve in session + struct ds_nonce *storednonce=NULL; + + + TRACE_ENTRY("%p %p %p %p", msg, avp, sess, act); + + if (msg == NULL) + return EINVAL; + + + /* Create answer header */ + qry = *msg; + CHECK_FCT( fd_msg_new_answer_from_req ( fd_g_config->cnf_dict, msg, 0 ) ); + ans = *msg; + + + + /* Add the appropriate command code & Auth-Application-Id */ + { + + CHECK_FCT( fd_msg_hdr ( *msg, &header ) ); + header->msg_flags = CMD_FLAG_PROXIABLE; + header->msg_code = 286; + header->msg_appl = 6; + + + /* Add the Auth-Application-Id */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.Auth_Application_Id, 0, &avp ) ); + val.i32 = header->msg_appl; + CHECK_FCT( fd_msg_avp_setvalue ( avp, &val ) ); + CHECK_FCT( fd_msg_avp_add ( ans, MSG_BRW_LAST_CHILD, avp) ); + } + } + + + /* Add the Auth-Session-State AVP */ + { + + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.Auth_Session_State, &avp) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr ) ); + + CHECK_FCT( fd_msg_avp_new ( sip_dict.Auth_Session_State, 0, &avp ) ); + CHECK_FCT( fd_msg_avp_setvalue( avp, avphdr->avp_value ) ); + CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, avp ) ); + } + + + + /* Check if method is REGISTER then User-Name must be present */ + { + + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.SIP_Method, &avp) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avpheader )); + + + char *method=NULL; + + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.User_Name, &avp) ); + if(avp!=NULL) + { + + int not_found=1; + MYSQL_RES *res=NULL; + MYSQL_ROW row; + + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr ) ); + + //We allocate the double size of username because at worst it can be all quotes + username=malloc(avphdr->avp_value->os.len*2+1); + //We purify username not to have forbidden characters + usernamelen=mysql_real_escape_string(conn, username, avphdr->avp_value->os.data, avphdr->avp_value->os.len); + + + if((strncmp(avpheader->avp_value->os.data,"REGISTER",avpheader->avp_value->os.len)==0)) + { + not_found=1; + + //We copy username in query + querylen=SQL_GETPASSWORD_LEN + usernamelen; + query = malloc(querylen+2); + snprintf(query, querylen+1, SQL_GETPASSWORD, username); + + + + //We make the query + request_mysql(query); + res=mysql_use_result(conn); + if(res==NULL) + { + //We couldn't make the request + result="DIAMETER_UNABLE_TO_COMPLY"; + goto out; + } + + + + while ((row = mysql_fetch_row(res)) != NULL) + { + if(row[0]!="") + { + strcpy(password,row[0]); + not_found=0; + break; + } + } + mysql_free_result(res); + free(query); + + if(not_found) + { + TRACE_DEBUG(FULL,"The user %s doesn't exist!",username); + result="DIAMETER_ERROR_USER_UNKNOWN"; + free(username); + goto out; + } + + + + //Now that we know the user exist, we get the list of AOR owned by this user + querylen=SQL_GETSIPAOR_LEN + usernamelen; + query = malloc(querylen+2); + snprintf(query, querylen+1, SQL_GETSIPAOR, username); + + //We make the query + request_mysql(query); + res=mysql_use_result(conn); + if(res==NULL) + { + //We couldn't make the request + result="DIAMETER_UNABLE_TO_COMPLY"; + goto out; + } + + //We retrieve the SIP-AOR from AVP to check if the user can us it + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.SIP_AOR, &avp) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr ) ); + + not_found=1; + while ((row = mysql_fetch_row(res)) != NULL) + { + if(strncmp(avphdr->avp_value->os.data,row[0],avphdr->avp_value->os.len)==0) + { + not_found=0; + break; + } + } + mysql_free_result(res); + free(query); + + if(not_found) + { + TRACE_DEBUG(FULL,"The user %s can't use this SIP-AOR!",username); + result="DIAMETER_ERROR_IDENTITIES_DONT_MATCH"; + free(username); + goto out; + } + + } + + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.SIP_Server_URI, &avp) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr )); + + if(avphdr!=NULL) + { + char *sipuri=NULL; + int sipurilen=0; + + //We allocate the double size of SIP-URI because at worst it can be all quotes + sipuri=malloc(avphdr->avp_value->os.len*2+1); + //We purify SIP-URI not to have forbidden characters + sipurilen=mysql_real_escape_string(conn, sipuri, avphdr->avp_value->os.data, avphdr->avp_value->os.len); + + + //We get the SIP-URI assignated to the user + querylen=SQL_GETSIPURI_LEN + usernamelen; + query = malloc(querylen+2); + snprintf(query, querylen+1, SQL_GETSIPURI, username); + + //We make the query + request_mysql(query); + res=mysql_use_result(conn); + if(res==NULL) + { + //We couldn't make the request + result="DIAMETER_UNABLE_TO_COMPLY"; + goto out; + } + not_found=1; + while ((row = mysql_fetch_row(res)) != NULL) + { + if(strncmp(avphdr->avp_value->os.data,row[0],avphdr->avp_value->os.len)==0) + { + not_found=0; + break; + } + } + mysql_free_result(res); + free(query); + + if(not_found) + { + //We update the SIP_URI for the user and we flag "authentication in progress" + querylen=SQL_SETSIPURI_LEN + usernamelen + sipurilen; + query = malloc(querylen+2); + snprintf(query, querylen+1, SQL_SETSIPURI, sipuri, username); + + //We make the query + request_mysql(query); + + free(query); + authenticationpending=1; + } + free(sipuri); + + } + else + sipurinotstored=1; + + } + else + { + result="DIAMETER_USER_NAME_REQUIRED"; + goto out; + } + + + free(method); + + } + + + //TODO: remove loop for authdataitem because RFC say only one (wait for answer from Garcia) + // How many Auth Data Items? + CHECK_FCT( fd_msg_search_avp ( qry, sip_dict.SIP_Number_Auth_Items, &avp) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avpheader ) ); + + + if(avp!=NULL) + { + CHECK_FCT(fd_msg_search_avp ( qry, sip_dict.SIP_Auth_Data_Item, &avp)); + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr ) ); + + if(avp!=NULL) + { + //First is Authentication Scheme + CHECK_FCT(fd_msg_browse ( avp, MSG_BRW_FIRST_CHILD, &avp, NULL) ); + CHECK_FCT( fd_msg_avp_hdr( avp, &avphdr ) ); + + //Digest-Authentication? + if(avphdr->avp_value->i32==0) + { + + for(idx=0;idx<avpheader->avp_value->i32;idx++) + { + //We look for SIP Auth items + CHECK_FCT(fd_msg_browse ( avp, MSG_BRW_WALK, &avp, NULL) ); + + if(avp!=NULL) + { + + CHECK_FCT( fd_msg_avp_hdr( avp,&avphdr )); + + if(avphdr->avp_code==380) //We only create Auth-Data-Item to answer Auth-Data-Item + { + /* Add the Auth-Data-Item AVP */ + CHECK_FCT( fd_msg_avp_new ( sip_dict.SIP_Auth_Data_Item, 0, &authdataitem ) ); + + /* Add the Authentication Scheme AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.SIP_Authentication_Scheme, 0, &a2 ) ); + val.i32=0; //We only know Digest Authentication + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( authdataitem, MSG_BRW_LAST_CHILD, a2 ) ); + } + + //We need to know if there is a Cnonce attribute (only in the second MAR request) + + //CHECK_FCT(fd_msg_browse ( avp, MSG_BRW_WALK, &avp, NULL) ); + + + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_CNonce, &a2 )); + + if(a2!=NULL) + found_cnonce=1; + else + found_cnonce=0; + + if(!found_cnonce) + { + /* + We are in the case of first access request so we need to challenge the user. + */ + TRACE_DEBUG(FULL,"First Authorization in progress..."); + + /* Create a new session */ //this create a new session Id !!! + //CHECK_FCT_DO( fd_sess_new( &sess, fd_g_config->cnf_diamid, "diamsip", 7), goto out ); + + + /* Create the SIP-Authenticate AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.SIP_Authenticate, 0, &sipAuthenticate ) ); + } + + /* Add the Digest QOP AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_QOP, 0, &a2 ) ); + val.os.data="auth"; + val.os.len=strlen(val.os.data); + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthenticate, MSG_BRW_LAST_CHILD, a2 ) ); + } + /* Add the Digest Nonce AVP */ + { + uint8_t buffer[NONCE_SIZE]; + char nonce[NONCE_SIZE * 2 + 1]; + + + gcry_create_nonce ((uint8_t *)buffer, sizeof(buffer)); + + for(i=0;i<NONCE_SIZE;i++) + sprintf(&nonce[2 * i], "%2.2hhx", buffer[i]); + + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_Nonce, 0, &a2 ) ); + + + //We store the nonce (storednonce structure) inside the session + storednonce=malloc(sizeof(struct ds_nonce)); + memset(storednonce,0,sizeof(struct ds_nonce)); + CHECK_MALLOC(storednonce->nonce=malloc(NONCE_SIZE*2+1)); + memcpy(storednonce->nonce,(char *)nonce,NONCE_SIZE*2+1); + CHECK_FCT( fd_sess_state_store ( ds_sess_hdl, sess, &storednonce )); + + val.os.data=nonce; + val.os.len=NONCE_SIZE * 2; + + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthenticate, MSG_BRW_LAST_CHILD, a2 ) ); + } + /* Add the Digest Algorithm AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_Algorithm, 0, &a2 ) ); + val.os.data="MD5"; + val.os.len=strlen(val.os.data); + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthenticate, MSG_BRW_LAST_CHILD, a2 ) ); + + } + /* Add the Digest Realm AVP */ + { + tempavp=avp; + + avpheader_auth=walk_digest(tempavp, 104); + if(avpheader_auth!=NULL) + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_Realm, 0, &a2 ) ); + CHECK_FCT( fd_msg_avp_setvalue( a2, avpheader_auth->avp_value ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthenticate, MSG_BRW_LAST_CHILD, a2 ) ); + + } + } + + + //We add SIP Authenticate to Auth Data Item + CHECK_FCT( fd_msg_avp_add( authdataitem, MSG_BRW_LAST_CHILD, sipAuthenticate ) ); + //We add Auth Data Item to Answer + CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, authdataitem ) ); + + number_of_auth_items++; + if(sipurinotstored) + result="DIAMETER_SUCCESS_AUTH_SENT_SERVER_NOT_STORED"; + else + result="DIAMETER_MULTI_ROUND_AUTH"; + found_cnonce=0; + } + else + { + /* + We are in the case of access request after challenge so we need to check credentials. + */ + TRACE_DEBUG(FULL,"Authentication after challenge"); + + /* Search the session, retrieve its data */ + { + //int new=0; + + //TRACE_DEBUG(FULL,"new: *%d*",new); + //ASSERT( new == 0 ); + CHECK_FCT( fd_sess_state_retrieve( ds_sess_hdl, sess, &storednonce )); + if(storednonce ==NULL) + { + result="DIAMETER_UNABLE_TO_COMPLY"; + + if(username!=NULL) + free(username); + goto out; + } + } + + /* Create the SIP-Authentication-Info AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.SIP_Authentication_Info, 0, &sipAuthentication ) ); + } + + + + /* Add the Digest response Auth AVP */ + { + //uint8_t bufferresp[DIGEST_LEN]; + //char response[DIGEST_LEN*2+1]; + int i=0; + + //We extract all the data we need + tempavp=avp; + + char * digest_username=NULL, *digest_uri=NULL, *digest_response=NULL, *digest_realm=NULL, *digest_nonce=NULL, *digest_method=NULL, *digest_qop=NULL, *digest_algorithm=NULL, *digest_cnonce=NULL, *digest_noncecount=NULL; + + + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Nonce, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + + digest_nonce = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_nonce, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_nonce[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_nonce); + TRACE_DEBUG(FULL,"Stored Nonce:*%s*",storednonce->nonce); + + if(strcmp(digest_nonce,storednonce->nonce)!=0) + { + free(digest_nonce); + free(storednonce->nonce); + free(storednonce); + result="DIAMETER_UNABLE_TO_COMPLY"; + + if(username!=NULL) + free(username); + goto out; + } + + } + + } + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Response, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_response = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_response, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_response[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_response); + } + + } + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Realm, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_realm = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_realm, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_realm[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_realm); + } + } + + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Method, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_method = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_method, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_method[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_method); + } + } + else + digest_method=""; + + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_URI, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_uri = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_uri, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_uri[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_uri); + } + } + + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_QOP, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_qop = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_qop, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_qop[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_qop); + } + } + else + digest_qop=NULL; + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Algorithm, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_algorithm = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_algorithm, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_algorithm[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_algorithm); + } + } + else + digest_algorithm=NULL; + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_CNonce, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_cnonce = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_cnonce, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_cnonce[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_cnonce); + } + } + else + digest_cnonce=""; + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Nonce_Count, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_noncecount = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_noncecount, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_noncecount[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_noncecount); + } + } + else + digest_noncecount=""; + CHECK_FCT(fd_avp_search_avp (avp, sip_dict.Digest_Username, &a2 )); + if(a2!=NULL) + { + CHECK_FCT( fd_msg_avp_hdr( a2, &digestheader ) ); + if(digestheader!=NULL) + { + digest_username = malloc(digestheader->avp_value->os.len + 1); + memcpy(digest_username, digestheader->avp_value->os.data, + digestheader->avp_value->os.len); + digest_username[digestheader->avp_value->os.len]='\0'; + TRACE_DEBUG(FULL,"Element:*%s*",digest_username); + } + } + //TODO: replace by authentication function + + HASHHEX HA1; + HASHHEX HA2 = ""; + HASHHEX response, responseauth; + + + DigestCalcHA1(digest_algorithm, digest_username, digest_realm, password, digest_nonce,digest_cnonce, HA1); + + DigestCalcResponse(HA1, digest_nonce, digest_noncecount, digest_cnonce, digest_qop,digest_method, digest_uri, HA2, response); + + + // We check that the Digest-Response is the same (UA, Diameter) + if(strcmp(response,digest_response)!=0) + { + TRACE_DEBUG(FULL,"Response calculated by Diameter server:%s",response); + TRACE_DEBUG(FULL,"Response calculated by UA:%s",digest_response); + TRACE_DEBUG(INFO,"Digest-Response does not match!"); + result="DIAMETER_UNABLE_TO_COMPLY"; + free(digest_algorithm); + free(digest_cnonce); + free(digest_nonce); + free(digest_noncecount); + free(digest_method); + free(digest_username); + free(digest_uri); + free(digest_qop); + free(digest_response); + free(digest_realm); + free(storednonce->nonce); + free(storednonce); + if(username!=NULL) + free(username); + goto out; + + } + //We calculate Digest_Response_Auth + DigestCalcResponseAuth(HA1, digest_nonce, digest_noncecount, digest_cnonce, digest_qop,digest_method, digest_uri, HA2, responseauth); + + + if(strcmp(digest_qop,"auth-int")==0) + { + //Digest-HA1 MUST be used instead of Digest-Response-Auth if Digest-Qop is 'auth-int'. + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_HA1, 0, &a2 ) ); + val.os.data=HA1; + val.os.len=HASHHEXLEN+1; + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthentication, MSG_BRW_LAST_CHILD, a2 ) ); + } + else + { + //Digest-Response-Auth MUST be used instead of Digest-HA1 if Digest-Qop is 'auth'. + CHECK_FCT( fd_msg_avp_new ( sip_dict.Digest_Response_Auth, 0, &a2 ) ); + val.os.data=responseauth; + val.os.len=DIGEST_LEN*2; + CHECK_FCT( fd_msg_avp_setvalue( a2, &val ) ); + CHECK_FCT( fd_msg_avp_add( sipAuthentication, MSG_BRW_LAST_CHILD, a2 ) ); + } + free(digest_algorithm); + free(digest_cnonce); + free(digest_nonce); + free(digest_noncecount); + free(digest_method); + free(digest_username); + free(digest_uri); + free(digest_qop); + free(digest_response); + free(digest_realm); + free(storednonce->nonce); + free(storednonce); + + number_of_auth_items++; + } + + + //We add SIP Authentication-Info to Auth Data Item + CHECK_FCT( fd_msg_avp_add( authdataitem, MSG_BRW_LAST_CHILD, sipAuthentication ) ); + //We add Auth Data Item to Answer + CHECK_FCT( fd_msg_avp_add( ans, MSG_BRW_LAST_CHILD, authdataitem ) ); + + + if(username!=NULL && authenticationpending) + { + //We clear the flag "authentication pending" + querylen=SQL_CLEARFLAG_LEN + usernamelen; + query = malloc(querylen+2); + snprintf(query, querylen+1, SQL_CLEARFLAG, username); + + //We make the query + request_mysql(query); + + free(query); + } + + if(sipurinotstored) + result="DIAMETER_SUCCESS_SERVER_NAME_NOT_STORED"; + else + result="DIAMETER_SUCCESS"; + found_cnonce=0; + } + } + } + else + TRACE_DEBUG(INFO,"No auth data items!"); + } + /*Add SIP_Number_Auth_Items AVP */ + { + CHECK_FCT( fd_msg_avp_new ( sip_dict.SIP_Number_Auth_Items, 0, &avp ) ); + val.i32 = number_of_auth_items; + CHECK_FCT( fd_msg_avp_setvalue ( avp, &val ) ); + CHECK_FCT( fd_msg_avp_add ( ans, MSG_BRW_LAST_CHILD, avp) ); + } + + + } + else + { + TRACE_DEBUG(INFO,"We only support DIGEST for now, unable to comply"); + result="DIAMETER_ERROR_AUTH_SCHEME_NOT_SUPPORTED"; + if(username!=NULL) + free(username); + goto out; + } + } + } + else + { + //TODO: remove this because Number_Auth_Items is not compulsory + TRACE_DEBUG(FULL,"Number-Auth-Items is not included."); + result="DIAMETER_UNABLE_TO_COMPLY"; + if(username!=NULL) + free(username); + goto out; + } + + if(username!=NULL) + free(username); + + +out: + /* Set the Origin-Host, Origin-Realm, Result-Code AVPs */ + CHECK_FCT( fd_msg_rescode_set( ans, result, NULL, NULL, 1 ) ); + + + /* Send the answer */ + CHECK_FCT( fd_msg_send( msg, NULL, NULL ) ); + + + return 0; +}