modules/auth: fixed sending of [www|proxy]_challenge reply

- By default, [www|proxy]_challenge functions now send reply statefully
  if transaction exists and statelessly otherwise.
- Added force_stateless_reply module param that can be used to change
  the default behavior.
- Credits to Andrei Pelinescu-Onciul.

modules/auth/README

@@ -36,6 +36,7 @@ Daniel-Constantin Mierla
         1.3.10. secret (string)
         1.3.11. nonce_expire (integer)
         1.3.12. nonce_auth_max_drift (integer)
+        1.3.13. force_stateless_reply (boolean)
 
    1.4. Functions
 
@@ -450,6 +451,18 @@ modparam("auth", "nonce_expire", 600)   # Set nonce_expire to 600s
 modparam("auth", "nonce_auth_max_drift", 1)   # set max drift to 1 s
 ...
 
+1.3.13. force_stateless_reply (boolean)
+
+   If set to 1, www_challenge() and proxy_challenge() functions send reply
+   statelessly no matter if transaction exists or not. If set to 0
+   (default), reply is sent statefully if transaction exists and
+   stelelessly otherwise.
+
+   Example 13. force_stateless_reply example
+...
+modparam("auth", "force_stateless_reply", 1)
+...
+
 1.4. Functions
 
 1.4.1. consume_credentials()
@@ -462,7 +475,7 @@ modparam("auth", "nonce_auth_max_drift", 1)   # set max drift to 1 s
    little bit shorter. The function must be called after www_authorize,
    proxy_authorize, www_authenticate or proxy_authenticate.
 
-   Example 13. consume_credentials example
+   Example 14. consume_credentials example
 ...
 if (www_authenticate("realm", "subscriber)) {
     consume_credentials();
@@ -476,7 +489,8 @@ if (www_authenticate("realm", "subscriber)) {
    field into a response generated from the request the server is
    processing and send the reply. Upon reception of such a reply the user
    agent should compute credentials and retry the request. For more
-   information regarding digest authentication see RFC2617.
+   information regarding digest authentication see RFC2617. See module
+   parameter force_stateless_reply regarding sending of the reply.
 
    Meaning of the parameters is as follows:
      * realm - Realm is a opaque string that the user agent should present
@@ -496,7 +510,7 @@ if (www_authenticate("realm", "subscriber)) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 14. www_challenge usage
+   Example 15. www_challenge usage
 ...
 if (!www_authenticate("$td", "subscriber")) {
         www_challenge("$td", "1");
@@ -510,14 +524,15 @@ if (!www_authenticate("$td", "subscriber")) {
    the header field into a response generated from the request the server
    is processing and send the reply. Upon reception of such a reply the
    user agent should compute credentials and retry the request. For more
-   information regarding digest authentication see RFC2617.
+   information regarding digest authentication see RFC2617. See module
+   parameter force_stateless_reply regarding sending of the reply.
 
    Meaning of the parameters the same as for function www_challenge(realm,
    flags)
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 15. proxy_challenge usage
+   Example 16. proxy_challenge usage
 ...
 if (!proxy_authenticate("$fd", "subscriber)) {
         proxy_challenge("$fd", "1");
@@ -562,7 +577,7 @@ if (!proxy_authenticate("$fd", "subscriber)) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 16. pv_www_authenticate usage
+   Example 17. pv_www_authenticate usage
 ...
 if (!pv_www_authenticate("$td", "123abc", "0")) {
         www_challenge("$td", "1");
@@ -584,7 +599,7 @@ if (!pv_www_authenticate("$td", "123abc", "0")) {
 
    This function can be used from REQUEST_ROUTE.
 
-   Example 17. pv_proxy_authenticate usage
+   Example 18. pv_proxy_authenticate usage
 ...
 $avp(password)="xyz";
 if (!pv_proxy_authenticate("$fd", "$avp(password)", "0")) {

modules/auth/auth_mod.c

@@ -97,6 +97,7 @@ char* sec_param    = 0;     /* If the parameter was not used, the secret phrase
 int   nonce_expire = 300;   /* Nonce lifetime */
 /*int   auth_extra_checks = 0;  -- in nonce.c */
 int   protect_contacts = 0; /* Do not include contacts in nonce by default */
+int force_stateless_reply = 0; /* Always send reply statelessly */
 
 str secret1;
 str secret2;
@@ -171,7 +172,7 @@ static param_export_t params[] = {
 	{"one_time_nonce"  ,       PARAM_INT,    &otn_enabled           },
 	{"otn_in_flight_no",       PARAM_INT,    &otn_in_flight_no      },
 	{"otn_in_flight_order",    PARAM_INT,    &otn_in_flight_k       },
-	{"nid_pool_no",            PARAM_INT,    &nid_pool_no            },
+    {"force_stateless_reply",  PARAM_INT,    &force_stateless_reply },
     {0, 0, 0}
 };
 
@@ -558,6 +559,8 @@ static int fixup_pv_auth(void **param, int param_no)
 static int auth_send_reply(struct sip_msg *msg, int code, char *reason,
 					char *hdr, int hdr_len)
 {
+        str reason_str;
+
 	/* Add new headers if there are any */
 	if ((hdr!=NULL) && (hdr_len>0)) {
 		if (add_lump_rpl(msg, hdr, hdr_len, LUMP_RPL_HDR)==0) {
@@ -566,7 +569,12 @@ static int auth_send_reply(struct sip_msg *msg, int code, char *reason,
 		}
 	}
 
-	return slb.zreply(msg, code, reason);
+	reason_str.s = reason;
+	reason_str.len = strlen(reason);
+
+	return force_stateless_reply ?
+	    slb.sreply(msg, code, &reason_str) :
+	    slb.freply(msg, code, &reason_str);
 }
 
 /**

modules/auth/doc/functions.xml

@@ -42,7 +42,8 @@ if (www_authenticate("realm", "subscriber)) {
 		server is processing and send the reply. Upon reception of such a
 		reply the user agent should compute credentials and retry the
 		request. For more information regarding digest authentication
-		see RFC2617.
+		see RFC2617.  See module parameter force_stateless_reply
+		regarding sending of the reply.
 		</para>
 		<para>Meaning of the parameters is as follows:</para>
 		<itemizedlist>
@@ -109,7 +110,8 @@ if (!www_authenticate("$td", "subscriber")) {
 		put the header field into a response generated from the request the
 		server is processing and send the reply. Upon reception of such a
 		reply the user agent should compute credentials and retry the request.
-		For more information regarding digest authentication see RFC2617.
+		For more information regarding digest authentication see RFC2617.    See module parameter force_stateless_reply
+		regarding sending of the reply.
 		</para>
 		<para>Meaning of the parameters the same as for function
 		www_challenge(realm, flags)</para>

modules/auth/doc/params.xml

@@ -572,4 +572,23 @@ modparam("auth", "nonce_auth_max_drift", 1)   # set max drift to 1 s
 	    </programlisting>
 	</example>
     </section>
+
+	<section id="force_stateless_reply">
+	<title><varname>force_stateless_reply</varname> (boolean)</title>
+	<para>
+		If set to 1, <function>www_challenge()</function> and
+		<function>proxy_challenge()</function>
+		functions send reply statelessly no matter if transaction
+                exists or not.  If set to 0 (default), reply is sent statefully
+		if transaction exists and stelelessly otherwise.
+	</para>
+	<example>
+	    <title>force_stateless_reply example</title>
+	    <programlisting>
+...
+modparam("auth", "force_stateless_reply", 1)
+...
+	    </programlisting>
+	</example>
+	</section>
 </section>