8 Apr
2009
8 Apr
'09
7:48 a.m.
Ooh, so there's my bug :) I am currently using an older 1.4 and my
code looks like this:
typedef enum auth_result {
AUTH_ERROR = -5, /* Error occurred, a reply has not been sent out */
NO_CREDENTIALS, /* Credentials missing */
STALE_NONCE, /* Stale nonce */
INVALID_PASSWORD, /* Invalid password */
USER_UNKNOWN, /* User non existant */
ERROR, /* Error occurred, a reply has been sent out -> */
/* return 0 to the openser core */
AUTHORIZED, /* Authorized. If returned by pre_auth, */
/* no digest authorization necessary */
DO_AUTHORIZATION, /* Can only be returned by pre_auth. */
NONCE_REUSED /* Returned if nonce is used more than once */
/* Means to continue doing authorization */
} auth_result_t;
So for me in 1.4 I should make an additional checkup in cfg for return
code 3, until I am ready to upgrade to 1.5. Right?
Thanks again, especially for the quick answers.
2009/4/8 Henning Westerholt <henning.westerholt(a)1und1.de>de>:
On Wednesday 08 April 2009, catalina oancea wrote:
From whant I understand, nonce shouldn't be
used twice at all, so if
www_authenticate return code is 3 (NONCE_REUSED), the REGISTER or any
other authenticated package should be rejected. But the usual examples
of kamailio.cfg show that the message is rejected only if
www_authenticate reply is < 0. So how exactly is the safe way to use
it?
Hi catalina,
why do you think that the return value of NONCE_REUSED is 3? According to the
code its -6:
typedef enum auth_result {
NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */
[..]
So checking for < 0 should be fine for this case too.
Cheers,
Henning