[asterisk-commits] twilson: trunk r300302 - in /trunk: ./ channels/chan_sip.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jan 4 18:06:52 UTC 2011 

Author: twilson
Date: Tue Jan  4 12:06:46 2011
New Revision: 300302

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=300302
Log:
Merged revisions 300301 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.8

................
  r300301 | twilson | 2011-01-04 11:54:41 -0600 (Tue, 04 Jan 2011) | 29 lines
  
  Merged revisions 300298 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.6.2
  
  ................
    r300298 | twilson | 2011-01-04 11:37:26 -0600 (Tue, 04 Jan 2011) | 22 lines
    
    Merged revisions 300216 via svnmerge from 
    https://origsvn.digium.com/svn/asterisk/branches/1.4
    
    ........
      r300216 | twilson | 2011-01-04 11:11:48 -0600 (Tue, 04 Jan 2011) | 15 lines
      
      Don't authenticate SUBSCRIBE re-transmissions
      
      This only skips authentication on retransmissions that are already
      authenticated. A similar method is already used for INVITES. This
      is the kind of thing we end up having to do when we don't have a
      transaction layer...
      
      (closes issue #18075)
      Reported by: mdu113
      Patches: 
            diff.txt uploaded by twilson (license 396)
      Tested by: twilson, mdu113
      
      Review: https://reviewboard.asterisk.org/r/1005/
    ........
  ................
................

Modified:
    trunk/   (props changed)
    trunk/channels/chan_sip.c

Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.

Modified: trunk/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/trunk/channels/chan_sip.c?view=diff&rev=300302&r1=300301&r2=300302
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Tue Jan  4 12:06:46 2011
@@ -23306,7 +23306,7 @@
 	int firststate = AST_EXTENSION_REMOVED;
 	struct sip_peer *authpeer = NULL;
 	const char *eventheader = get_header(req, "Event");	/* Get Event package name */
-	int resubscribe = (p->subscribed != NONE);
+	int resubscribe = (p->subscribed != NONE) && !req->ignore;
 	char *temp, *event;
 
 	if (p->initreq.headers) {	
@@ -23322,7 +23322,7 @@
 			if (resubscribe)
 				ast_debug(1, "Got a re-subscribe on existing subscription %s\n", p->callid);
 			else
-				ast_debug(1, "Got a new subscription %s (possibly with auth)\n", p->callid);
+				ast_debug(1, "Got a new subscription %s (possibly with auth) or retransmission\n", p->callid);
 		}
 	}
 
@@ -23377,19 +23377,25 @@
 	} else
 		event = (char *) eventheader;		/* XXX is this legal ? */
 
-	/* Handle authentication */
-	res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer);
-	/* if an authentication response was sent, we are done here */
-	if (res == AUTH_CHALLENGE_SENT)	/* authpeer = NULL here */
-		return 0;
-	if (res < 0) {
-		if (res == AUTH_FAKE_AUTH) {
-			ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
-			transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
-		} else {
-			ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
-			transmit_response_reliable(p, "403 Forbidden", req);
-		}
+	/* Handle authentication if we're new and not a retransmission. We can't just
+	 * use if !req->ignore, because then we'll end up sending
+	 * a 200 OK if someone retransmits without sending auth */
+	if (p->subscribed == NONE || resubscribe) {
+		res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer);
+
+		/* if an authentication response was sent, we are done here */
+		if (res == AUTH_CHALLENGE_SENT)	/* authpeer = NULL here */
+			return 0;
+		if (res < 0) {
+			if (res == AUTH_FAKE_AUTH) {
+				ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+				transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
+			} else {
+				ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
+				transmit_response_reliable(p, "403 Forbidden", req);
+			}
+		}
+
 		pvt_set_needdestroy(p, "authentication failed");
 		return 0;
 	}

More information about the asterisk-commits mailing list