Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Prevent potential infinite outbound authentication loops in registration.

Browse Source 
Prior to this patch, Asterisk would always respond to 401 responses to
registration attempts by trying to provide a registration with authentication
credentials. Even if subsequent attempts were rejected with 401 responses,
Asterisk would continue this behavior. If authentication credentials were
incorrect, this could continue forever.

With this patch, we keep track of whether we have attempted authentication
on an outbound registration attempt. If we already have, we don not try
again until the next attempt. This prevents the infinite loop scenario.

Review: https://reviewboard.asterisk.org/r/4273
........

Merged revisions 429761 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@429762 65c4cc65-6c06-0410-ace0-fbb531ad65f3
changes/42/42/1
Mark Michelson 11 years ago
parent 2b1f2b5c1f
commit 2f3e5b494a
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File

9
res/res_pjsip_outbound_registration.c
Unescape View File

@ -272,6 +272,8 @@ struct sip_outbound_registration_client_state {
struct ast_sip_auth_vector outbound_auths; struct ast_sip_auth_vector outbound_auths;
/*! \brief Registration should be destroyed after completion of transaction */ /*! \brief Registration should be destroyed after completion of transaction */
unsigned int destroy:1; unsigned int destroy:1;
/*! \brief Non-zero if we have attempted sending a REGISTER with authentication */
unsigned int auth_attempted:1;
}; };
/*! \brief Outbound registration state information (persists for lifetime that registration should exist) */ /*! \brief Outbound registration state information (persists for lifetime that registration should exist) */
@ -627,12 +629,15 @@ static int handle_registration_response(void *data)
ast_copy_pj_str(server_uri, &info.server_uri, sizeof(server_uri)); ast_copy_pj_str(server_uri, &info.server_uri, sizeof(server_uri));
ast_copy_pj_str(client_uri, &info.client_uri, sizeof(client_uri)); ast_copy_pj_str(client_uri, &info.client_uri, sizeof(client_uri));
if (response->code == 401 || response->code == 407) { if (!response->client_state->auth_attempted &&
(response->code == 401 || response->code == 407)) {
pjsip_tx_data *tdata; pjsip_tx_data *tdata;
if (!ast_sip_create_request_with_auth(&response->client_state->outbound_auths, if (!ast_sip_create_request_with_auth(&response->client_state->outbound_auths,
response->rdata, response->tsx, &tdata)) { response->rdata, response->tsx, &tdata)) {
ao2_ref(response->client_state, +1); ao2_ref(response->client_state, +1);
response->client_state->auth_attempted = 1;
if (pjsip_regc_send(response->client_state->client, tdata) != PJ_SUCCESS) { if (pjsip_regc_send(response->client_state->client, tdata) != PJ_SUCCESS) {
response->client_state->auth_attempted = 0;
ao2_cleanup(response->client_state); ao2_cleanup(response->client_state);
} }
return 0; return 0;
@ -640,6 +645,8 @@ static int handle_registration_response(void *data)
/* Otherwise, fall through so the failure is processed appropriately */ /* Otherwise, fall through so the failure is processed appropriately */
} }
response->client_state->auth_attempted = 0;
if (PJSIP_IS_STATUS_IN_CLASS(response->code, 200)) { if (PJSIP_IS_STATUS_IN_CLASS(response->code, 200)) {
/* Check if this is in regards to registering or unregistering */ /* Check if this is in regards to registering or unregistering */
if (response->expiration) { if (response->expiration) {

Write Preview
Loading…
Cancel
Save