[asterisk-dev] [Code Review] 4273: res_pjsip_outbound_registration: Prevent infinite authentication loops
Mark Michelson
reviewboard at asterisk.org
Tue Dec 16 16:22:54 CST 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4273/
-----------------------------------------------------------
Review request for Asterisk Developers.
Repository: Asterisk
Description
-------
Consider a situation where Asterisk is configured to register with a remote server, and the configuration specifies bad authentication credentials. If the remote server always responds to Asterisk's registration attempts with 401 responses (each with a new nonce), then Asterisk will continue to immediately send new registrations. Though this loop can be broken by correcting the authentication credentials used for the outbound registrations, it is a nuissance to be continuously throwing registrations out and never stopping.
With this change, the registration state is altered to take into account if we have already attempted authentication. If we have, and we receive another 401/407 response, we will not re-attempt authentication. Instead, we will fall through and treat the response as a registration failure. From there, the usual logic regarding registration failures takes place.
Diffs
-----
/branches/13/res/res_pjsip_outbound_registration.c 429672
Diff: https://reviewboard.asterisk.org/r/4273/diff/
Testing
-------
I used a SIPp scenario to emulate a registration server that always responds to REGISTER requests with a 401 response. Without this patch, Asterisk would continuously send new REGISTER requests when met with a 401 response. With this patch, Asterisk sends its initial REGISTER, then retries with authentication once, and then does not re-attempt with authentication any longer. With auth_rejection_permananent enabled, Asterisk completely stops attempting to register. With auth_rejection_permanent disabled, then Asterisk waits the retry_interval before re-attempting to REGISTER, and the cycle repeats.
I have also created a test on /r/4274 that ensures that this fix works as expected.
Thanks,
Mark Michelson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141216/e0a75b6f/attachment.html>
More information about the asterisk-dev
mailing list