[asterisk-dev] [Code Review] 2554: Pimp my SIP: alwaysauthreject

Joshua Colp reviewboard at asterisk.org
Tue Jun 4 09:15:38 CDT 2013 


> On June 4, 2013, 7:55 a.m., wdoekes wrote:
> > team/group/pimp_my_sip/res/res_sip/sip_distributor.c, lines 209-217
> > <https://reviewboard.asterisk.org/r/2554/diff/6/?file=39035#file39035line209>
> >
> >     Aren't we doing the inverse of "rejecting" always. It sounds more like "alwaysauthchallenge" if we keep replying with a 401 instead of a 403.
> >     
> >     That would make the name confusing for all users except those used to the chan_astsip settings: always_pretend_bad_password=yes is perhaps a better name. Or, if we turn it around: disclose_account_rejection=no (default)

The code as written sends a 401 and then a 403 if the option is enabled, just like a normal rejection.


On June 4, 2013, 7:55 a.m., Kevin Harwell wrote:
> > And, like Olle already asked: do we need this option at all? We could hardcode it and add the option later if it turns out to be needed.

I'm fine with this. I'd just leave a comment in the code so we have a record of where making it always on came from.


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2554/#review8779
-----------------------------------------------------------


On June 3, 2013, 11:10 p.m., Kevin Harwell wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2554/
> -----------------------------------------------------------
> 
> (Updated June 3, 2013, 11:10 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-21433
>     https://issues.asterisk.org/jira/browse/ASTERISK-21433
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Adds support for 'alwaysauthreject' to the new SIP channel driver.  When the 'alwaysauthreject' option is set to 'yes' (default) and no matching endpoint is found for the incoming request, after challenging, Asterisk will respond with a 401 Unauthorized regardless of the reason it rejects the request.
> 
> These changes also include a new global 'security' configuration section in res_sip.conf that now includes the 'alwaysauthreject' and ACL options.
> 
> 
> Diffs
> -----
> 
>   team/group/pimp_my_sip/include/asterisk/res_sip.h 390389 
>   team/group/pimp_my_sip/res/res_sip.c 390389 
>   team/group/pimp_my_sip/res/res_sip.exports.in 390389 
>   team/group/pimp_my_sip/res/res_sip/config_auth.c 390389 
>   team/group/pimp_my_sip/res/res_sip/config_security.c PRE-CREATION 
>   team/group/pimp_my_sip/res/res_sip/sip_configuration.c 390389 
>   team/group/pimp_my_sip/res/res_sip/sip_distributor.c 390389 
>   team/group/pimp_my_sip/res/res_sip_acl.c 390389 
>   team/group/pimp_my_sip/res/res_sip_authenticator_digest.c 390389 
>   team/group/pimp_my_sip/res/res_sip_outbound_authenticator_digest.c 390389 
> 
> Diff: https://reviewboard.asterisk.org/r/2554/diff/
> 
> 
> Testing
> -------
> 
> Attempted to connect to an unknown endpoint in Asterisk and observed that it responded appropriately and with a correct 401 when 'alwaysauthreject' was enabled.
> 
> 
> Thanks,
> 
> Kevin Harwell
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130604/493f5bac/attachment.htm>

More information about the asterisk-dev mailing list