[asterisk-dev] [Code Review] 2554: Pimp my SIP: alwaysauthreject

wdoekes reviewboard at asterisk.org
Tue Jun 4 02:55:08 CDT 2013 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2554/#review8779
-----------------------------------------------------------



team/group/pimp_my_sip/res/res_sip/sip_distributor.c
<https://reviewboard.asterisk.org/r/2554/#comment17268>

    Aren't we doing the inverse of "rejecting" always. It sounds more like "alwaysauthchallenge" if we keep replying with a 401 instead of a 403.
    
    That would make the name confusing for all users except those used to the chan_astsip settings: always_pretend_bad_password=yes is perhaps a better name. Or, if we turn it around: disclose_account_rejection=no (default)


And, like Olle already asked: do we need this option at all? We could hardcode it and add the option later if it turns out to be needed.

- wdoekes


On June 3, 2013, 11:10 p.m., Kevin Harwell wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2554/
> -----------------------------------------------------------
> 
> (Updated June 3, 2013, 11:10 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-21433
>     https://issues.asterisk.org/jira/browse/ASTERISK-21433
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Adds support for 'alwaysauthreject' to the new SIP channel driver.  When the 'alwaysauthreject' option is set to 'yes' (default) and no matching endpoint is found for the incoming request, after challenging, Asterisk will respond with a 401 Unauthorized regardless of the reason it rejects the request.
> 
> These changes also include a new global 'security' configuration section in res_sip.conf that now includes the 'alwaysauthreject' and ACL options.
> 
> 
> Diffs
> -----
> 
>   team/group/pimp_my_sip/include/asterisk/res_sip.h 390389 
>   team/group/pimp_my_sip/res/res_sip.c 390389 
>   team/group/pimp_my_sip/res/res_sip.exports.in 390389 
>   team/group/pimp_my_sip/res/res_sip/config_auth.c 390389 
>   team/group/pimp_my_sip/res/res_sip/config_security.c PRE-CREATION 
>   team/group/pimp_my_sip/res/res_sip/sip_configuration.c 390389 
>   team/group/pimp_my_sip/res/res_sip/sip_distributor.c 390389 
>   team/group/pimp_my_sip/res/res_sip_acl.c 390389 
>   team/group/pimp_my_sip/res/res_sip_authenticator_digest.c 390389 
>   team/group/pimp_my_sip/res/res_sip_outbound_authenticator_digest.c 390389 
> 
> Diff: https://reviewboard.asterisk.org/r/2554/diff/
> 
> 
> Testing
> -------
> 
> Attempted to connect to an unknown endpoint in Asterisk and observed that it responded appropriately and with a correct 401 when 'alwaysauthreject' was enabled.
> 
> 
> Thanks,
> 
> Kevin Harwell
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130604/468c0ee5/attachment.htm>

More information about the asterisk-dev mailing list