[asterisk-dev] [Code Review] 2431: Add outbound authentication for outbound registrations

Mark Michelson reviewboard at asterisk.org
Tue Apr 16 17:11:04 CDT 2013



> On April 9, 2013, 1:29 p.m., Joshua Colp wrote:
> > /team/group/pimp_my_sip/res/res_sip_outbound_registration.c, lines 278-280
> > <https://reviewboard.asterisk.org/r/2431/diff/1/?file=35610#file35610line278>
> >
> >     As recent and past discussions have brought up - this should probably be made configurable with a sane default.

I have added an option "auth_rejection_permanent" to determine if auth rejection is to be accepted as a permanent failure or not. This resulting section is now a lot nicer than it previously was.


> On April 9, 2013, 1:29 p.m., Joshua Colp wrote:
> > /team/group/pimp_my_sip/res/res_sip_outbound_registration.c, lines 554-557
> > <https://reviewboard.asterisk.org/r/2431/diff/1/?file=35610#file35610line554>
> >
> >     There's a memory leak here. It's possible for the state to be reused (for example - if a reload occurs with only minimal changes). This will then overwrite the old sip_outbound_auths.

This is now fixed. I also have ensured that if auth details change, we do not try to reuse the registration state.


- Mark


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2431/#review8210
-----------------------------------------------------------


On April 8, 2013, 9:22 p.m., Mark Michelson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2431/
> -----------------------------------------------------------
> 
> (Updated April 8, 2013, 9:22 p.m.)
> 
> 
> Review request for Asterisk Developers and Joshua Colp.
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Outbound registration and outbound auth were completed in parallel, but now the two have intersected. This adds outbound authentication support to the outbound registration module. It works by having the registration configuration point to an authentication section in order to determine credentials, exactly like an endpoint does.
> 
> One problem I encountered was that outbound authentication code relied on being given an endpoint in order to look up auth credentials. In actuality, there is no need for this since the only piece of information it was using from the endpoint was the names of the auth sections to find in sorcery. I have changed the outbound authenticator API to no longer take an endpoint and instead take an array of auth sorcery IDs and the number of IDs in the array.
> 
> The actual changes to res_sip_outbound_registration are not that much. It just reads the configuration and then uses it if a 401 or 407 response arrives for a registration.
> 
> There is a some duplication of code between sip_configuration.c and res_sip_outbound_registration.c since both read a list of authentication IDs from configuration. For now, I'm more interested in the approach taken in this review. If this is approved, I'll remove the duplicated auth parsing code from res_sip_outbound_registration.c and put it in a place accessible by all.
> 
> 
> Diffs
> -----
> 
>   /team/group/pimp_my_sip/res/res_sip_outbound_registration.c 384967 
>   /team/group/pimp_my_sip/res/res_sip_outbound_authenticator_digest.c 384967 
>   /team/group/pimp_my_sip/res/res_sip/sip_outbound_auth.c 384967 
>   /team/group/pimp_my_sip/res/res_sip.exports.in 384967 
>   /team/group/pimp_my_sip/res/res_sip.c 384967 
>   /team/group/pimp_my_sip/include/asterisk/res_sip.h 384967 
> 
> Diff: https://reviewboard.asterisk.org/r/2431/diff/
> 
> 
> Testing
> -------
> 
> Tested with outbound authentication configured and not configured. With no outbound authentication configured, a 401/407 results in a failed registration. I do not treat this as a temporal failure, but as a permanent one. With outbound authentication configured, a 401/407 results in an auth request being sent properly.
> 
> 
> Thanks,
> 
> Mark Michelson
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130416/29eefab1/attachment.htm>


More information about the asterisk-dev mailing list