From 0e39aced3c39f64ba6cd6905dfc2f34d488c9a56 Mon Sep 17 00:00:00 2001
From: "Kevin P. Fleming" <kpfleming@digium.com>
Date: Tue, 4 Sep 2007 16:40:39 +0000
Subject: [PATCH] there is no point in sending 401 Unauthorized to a UAS that
 sent us a properly-formatted Authentication header with the expected username
 and nonce but an incorrect response (which indicates the shared secret does
 not match)... instead, let's send 403 Forbidden so that the UAS doesn't retry
 with the same authentication credentials repeatedly

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@81442 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_sip.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index e882fb54ad..b31d456c13 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -8328,11 +8328,11 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request *
 	}
 
 	/* Ok, we have a bad username/secret pair */
-	/* Challenge again, and again, and again */
-	transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
-	sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+	/* Tell the UAS not to re-send this authentication data, because
+	   it will continue to fail
+	*/
 
-	return AUTH_CHALLENGE_SENT;
+	return AUTH_SECRET_FAILED;
 }
 
 /*! \brief Change onhold state of a peer using a pvt structure */