On 10/07/2010 04:13 AM, Andrei Pelinescu-Onciul wrote:
On Oct 07, 2010 at 04:04, Alex Balashovabalashov@evaristesys.com wrote:
On 10/07/2010 04:01 AM, Alex Balashov wrote:
I did. But I also tried setting all auth_checks_register flags to 0 as part of my testing and had the same crash.
I was incorrect to say this. I just tried setting flags to 0 again and now there is no crash.
Could you try the latest git (with the flags set as before)? Should be fixed.
It is fixed; it does not crash. But it still thinks it's an invalid user, and there is no database activity to check if it is so. As you said below, that is another problem.
The reason we haven't seen it before is that in the setups that did have the flags set, probably somebody did parse the complete from before (e.g. a t_newtran(), sanity module a.s.o.).
Well, I have both in my configuration. For sanity, I have these checks:
modparam("sanity", "default_checks", 103) # 1 & 2 & 4 & 32 & 64
Here is a quick bitmask reference from the docs:
# SIP version in Request URI : 1 # Request URI scheme : 2 # Presence of RFC-mandated headers : 4 # CSeq method consistency : 32 # CSeq value consistency : 64 # Content length actual vs. declared : 128 # Expires value : 256 # Supported extensions : 512
And I do create a new transaction, as instructed by the new 'auth' documentation which says that to use nonce_count or one_time_nonce it is necessary that the transaction surrounding the digest authentication be stateful. I updated all my code to it today. It looks like this:
if(!t_newtran()) { # It must be a retransmission or similar.
xlog("L_ERR", "[REGISTER-HANDLER:$ci] !> " "Failed to create new transaction\n");
drop; }
if(!www_authorize("$td", "subscriber")) {
# Log the cause of the authorisation failure.
...
I have also replaced all sl_send_reply() with send_reply() so that SL can make the determination of whether to send the reply statefully based on whether a transaction exists.
However, www_authorize() still returns -1 (invalid user). The problem is not entirely solved. :/
But that's another problem :-)
Andrei