[asterisk-dev] [Code Review] 4273: res_pjsip_outbound_registration: Prevent infinite authentication loops

Mark Michelson reviewboard at asterisk.org
Thu Dec 18 09:34:19 CST 2014


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4273/
-----------------------------------------------------------

(Updated Dec. 18, 2014, 9:34 a.m.)


Status
------

This change has been marked as submitted.


Review request for Asterisk Developers.


Changes
-------

Committed in revision 429761


Repository: Asterisk


Description
-------

Consider a situation where Asterisk is configured to register with a remote server, and the configuration specifies bad authentication credentials. If the remote server always responds to Asterisk's registration attempts with 401 responses (each with a new nonce), then Asterisk will continue to immediately send new registrations. Though this loop can be broken by correcting the authentication credentials used for the outbound registrations, it is a nuissance to be continuously throwing registrations out and never stopping.

With this change, the registration state is altered to take into account if we have already attempted authentication. If we have, and we receive another 401/407 response, we will not re-attempt authentication. Instead, we will fall through and treat the response as a registration failure. From there, the usual logic regarding registration failures takes place.


Diffs
-----

  /branches/13/res/res_pjsip_outbound_registration.c 429672 

Diff: https://reviewboard.asterisk.org/r/4273/diff/


Testing
-------

I used a SIPp scenario to emulate a registration server that always responds to REGISTER requests with a 401 response. Without this patch, Asterisk would continuously send new REGISTER requests when met with a 401 response. With this patch, Asterisk sends its initial REGISTER, then retries with authentication once, and then does not re-attempt with authentication any longer. With auth_rejection_permananent enabled, Asterisk completely stops attempting to register. With auth_rejection_permanent disabled, then Asterisk waits the retry_interval before re-attempting to REGISTER, and the cycle repeats.

I have also created a test on /r/4274 that ensures that this fix works as expected.


Thanks,

Mark Michelson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141218/44af4c66/attachment.html>


More information about the asterisk-dev mailing list