[asterisk-dev] [Code Review] 2554: Pimp my SIP: alwaysauthreject
Joshua Colp
jcolp at digium.com
Fri Jun 7 08:03:45 CDT 2013
Olle E. Johansson wrote:
>
> 401/403 ==> 401/407 - right? Asterisk is an end point and should
> never send a proxy authenticate, so please don't copy that part of
> the code.
407 is Proxy Authentication Required, it never sends that.
> I asked if there are any use cases for getting a 404 above. I don't
> think so.
>
> The new channel driver should not have an option to turn it on in my
> opinion - which is why I think the code in the code review should not
> be committed.
The code within the normal tree right now does *NOT* do 401/403. Kevin's
code changes it so it does, but per the discussion he has made it so the
functionality can not be disabled. The behavior (SIP flow) of failed
authentication and not found are exactly the same in it.
> Now, I would like to see a document that is readable that describes
> the object matching in chan_pjsip. Start with a request coming in and
> how that is matched with the object model and configuration file.
How the matching is done is pluggable and extensible, right down to the
order itself. What we've written so far are two modules: one that uses
the From header to match and one that can do source IP address (or even
ranges). If someone was doing authentication at the edge using a proxy
but wanted to pass the authenticated user along in a custom header in a
trusted environment, they could do that.
> Let's make a solid foundation this time and not the mish-mash we've
> built during more than 10 years of chan_sip hacking ;-)
I think by making it pluggable, extensible, and configurable this is
possible. If we need to change the behavior of the existing stuff we
easily can, and it can be tested alongside the old.
Cheers,
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-dev
mailing list