[sr-dev] git:master:cd3b7766: secsipid: iterate through all Identity headers

Thu Nov 3 10:21:23 CET 2022

Module: kamailio
Branch: master
Commit: cd3b776649e652b5d27b2718c22f08736b1e9e84
URL: https://github.com/kamailio/kamailio/commit/cd3b776649e652b5d27b2718c22f08736b1e9e84

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2022-11-03T10:20:10+01:00

secsipid: iterate through all Identity headers

---

Modified: src/modules/secsipid/secsipid_mod.c

---

Diff:  https://github.com/kamailio/kamailio/commit/cd3b776649e652b5d27b2718c22f08736b1e9e84.diff
Patch: https://github.com/kamailio/kamailio/commit/cd3b776649e652b5d27b2718c22f08736b1e9e84.patch

---

diff --git a/src/modules/secsipid/secsipid_mod.c b/src/modules/secsipid/secsipid_mod.c
index 43c1ab4cb42..96f01487a3a 100644
--- a/src/modules/secsipid/secsipid_mod.c
+++ b/src/modules/secsipid/secsipid_mod.c
@@ -221,24 +221,10 @@ static void mod_destroy(void)
  */
 static int ki_secsipid_check_identity(sip_msg_t *msg, str *keypath)
 {
-	int ret = 1;
+	int ret = -1;
 	str ibody = STR_NULL;
 	hdr_field_t *hf;
 
-	for (hf=msg->headers; hf; hf=hf->next) {
-		if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN
-				&& strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY,
-					SECSIPID_HDR_IDENTITY_LEN)==0)
-			break;
-	}
-
-	if(hf == NULL) {
-		LM_DBG("no identity header\n");
-		return -1;
-	}
-
-	ibody = hf->body;
-
 	if(secsipid_cache_dir.len > 0) {
 		_secsipid_papi.SecSIPIDSetFileCacheOptions(secsipid_cache_dir.s,
 				secsipid_cache_expire);
@@ -250,12 +236,19 @@ static int ki_secsipid_check_identity(sip_msg_t *msg, str *keypath)
 		}
 		secsipid_libopt_list_used = 1;
 	}
-	ret = _secsipid_papi.SecSIPIDCheckFull(ibody.s, ibody.len, secsipid_expire,
-			keypath->s, secsipid_timeout);
 
-	if(ret==0) {
-		LM_DBG("identity check: ok\n");
-		return 1;
+	for (hf=msg->headers; hf; hf=hf->next) {
+		if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN
+				&& strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY,
+					SECSIPID_HDR_IDENTITY_LEN)==0) {
+			ibody = hf->body;
+			ret = _secsipid_papi.SecSIPIDCheckFull(ibody.s, ibody.len, secsipid_expire,
+					keypath->s, secsipid_timeout);
+			if(ret==0) {
+				LM_DBG("identity check: ok\n");
+				return 1;
+			}
+		}
 	}
 
 	LM_DBG("identity check: failed\n");
@@ -282,22 +275,10 @@ static int w_secsipid_check_identity(sip_msg_t *msg, char *pkeypath, char *str2)
  */
 static int ki_secsipid_check_identity_pubkey(sip_msg_t *msg, str *keyval)
 {
-	int ret = 1;
+	int ret = -1;
 	str ibody = STR_NULL;
 	hdr_field_t *hf;
 
-	for (hf=msg->headers; hf; hf=hf->next) {
-		if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN
-				&& strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY,
-					SECSIPID_HDR_IDENTITY_LEN)==0)
-			break;
-	}
-
-	if(hf == NULL) {
-		LM_DBG("no identity header\n");
-		return -1;
-	}
-
 	if(secsipid_libopt_list_used==0) {
 		str_list_t *sit;
 		for(sit=secsipid_libopt_list; sit!=NULL; sit=sit->next) {
@@ -306,14 +287,18 @@ static int ki_secsipid_check_identity_pubkey(sip_msg_t *msg, str *keyval)
 		secsipid_libopt_list_used = 1;
 	}
 
-	ibody = hf->body;
-
-	ret = _secsipid_papi.SecSIPIDCheckFullPubKey(ibody.s, ibody.len,
-			secsipid_expire, keyval->s, keyval->len);
-
-	if(ret==0) {
-		LM_DBG("identity check: ok\n");
-		return 1;
+	for (hf=msg->headers; hf; hf=hf->next) {
+		if (hf->name.len==SECSIPID_HDR_IDENTITY_LEN
+				&& strncasecmp(hf->name.s, SECSIPID_HDR_IDENTITY,
+					SECSIPID_HDR_IDENTITY_LEN)==0) {
+			ibody = hf->body;
+			ret = _secsipid_papi.SecSIPIDCheckFullPubKey(ibody.s, ibody.len,
+					secsipid_expire, keyval->s, keyval->len);
+			if(ret==0) {
+				LM_DBG("identity check: ok\n");
+				return 1;
+			}
+		}
 	}
 
 	LM_DBG("identity check: failed\n");


