[asterisk-commits] twilson: branch 1.6.2 r300298 - in /branches/1.6.2: ./ channels/chan_sip.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jan 4 17:37:34 UTC 2011
Author: twilson
Date: Tue Jan 4 11:37:26 2011
New Revision: 300298
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=300298
Log:
Merged revisions 300216 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r300216 | twilson | 2011-01-04 11:11:48 -0600 (Tue, 04 Jan 2011) | 15 lines
Don't authenticate SUBSCRIBE re-transmissions
This only skips authentication on retransmissions that are already
authenticated. A similar method is already used for INVITES. This
is the kind of thing we end up having to do when we don't have a
transaction layer...
(closes issue #18075)
Reported by: mdu113
Patches:
diff.txt uploaded by twilson (license 396)
Tested by: twilson, mdu113
Review: https://reviewboard.asterisk.org/r/1005/
........
Modified:
branches/1.6.2/ (props changed)
branches/1.6.2/channels/chan_sip.c
Propchange: branches/1.6.2/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Modified: branches/1.6.2/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/channels/chan_sip.c?view=diff&rev=300298&r1=300297&r2=300298
==============================================================================
--- branches/1.6.2/channels/chan_sip.c (original)
+++ branches/1.6.2/channels/chan_sip.c Tue Jan 4 11:37:26 2011
@@ -21445,7 +21445,7 @@
int firststate = AST_EXTENSION_REMOVED;
struct sip_peer *authpeer = NULL;
const char *eventheader = get_header(req, "Event"); /* Get Event package name */
- int resubscribe = (p->subscribed != NONE);
+ int resubscribe = (p->subscribed != NONE) && !req->ignore;
char *temp, *event;
if (p->initreq.headers) {
@@ -21461,7 +21461,7 @@
if (resubscribe)
ast_debug(1, "Got a re-subscribe on existing subscription %s\n", p->callid);
else
- ast_debug(1, "Got a new subscription %s (possibly with auth)\n", p->callid);
+ ast_debug(1, "Got a new subscription %s (possibly with auth) or retransmission\n", p->callid);
}
}
@@ -21515,19 +21515,25 @@
} else
event = (char *) eventheader; /* XXX is this legal ? */
- /* Handle authentication */
- res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, sin, &authpeer);
- /* if an authentication response was sent, we are done here */
- if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */
- return 0;
- if (res < 0) {
- if (res == AUTH_FAKE_AUTH) {
- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
- transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
- } else {
- ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
- transmit_response_reliable(p, "403 Forbidden", req);
- }
+ /* Handle authentication if we're new and not a retransmission. We can't just
+ * use if !req->ignore, because then we'll end up sending
+ * a 200 OK if someone retransmits without sending auth */
+ if (p->subscribed == NONE || resubscribe) {
+ res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, sin, &authpeer);
+
+ /* if an authentication response was sent, we are done here */
+ if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */
+ return 0;
+ if (res < 0) {
+ if (res == AUTH_FAKE_AUTH) {
+ ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+ transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
+ } else {
+ ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
+ transmit_response_reliable(p, "403 Forbidden", req);
+ }
+ }
+
pvt_set_needdestroy(p, "authentication failed");
return 0;
}
More information about the asterisk-commits
mailing list