[Kamailio-Devel] [ openser-Bugs-2433896 ] [www|proxy]_authorize returns true on failure

SourceForge.net noreply at sourceforge.net
Tue Dec 16 19:08:16 CET 2008


Bugs item #2433896, was opened at 2008-12-16 19:03
Message generated for change (Comment added) made by miconda
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2433896&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: ver 1.4.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alex Hermann (axlh)
Assigned to: Nobody/Anonymous (nobody)
Summary: [www|proxy]_authorize returns true on failure

Initial Comment:
I have a situation where proxy_authorize from the 'auth_db' module does multiple things wrong:

(The nonce is initially send to the UAC from another proxy. Both proxies have the same 'secret', nonce_reuse=0).

proxy_authorize _correctly_ recognizes that the nonce returned nonce is _correct_. But then it incorrectly finds that the nonce is reused (it isn't). Then it returns a positive value as failure (NONCE_REUSED=3). Finally, even though the return value is positive, the avp's from the 'load_credentials' aren't set.


I recognize the following bugs:

1) NONCE_REUSED is an error condition and should have a negative value.

2) An externally created nonce should not be dismissed as being reused on the first usage. It should be remembered on the first usage, and rejected in subsequent requests.

3) The avp's for 'load_credentials' should be set for every positive return value.


Log extract (1 integer value specified in load_credentials):

DBG:db_mysql:db_mysql_str2val: converting STRING [aa5f5fe3124ba4ca19eaba17bf66f11c]
DBG:db_mysql:db_mysql_str2val: converting INT [2]
DBG:auth_db:get_ha1: HA1 string calculated: c8ec3843bc8978b3ff3d04578a010a81
DBG:auth:check_response: our result = '306913eb15dbfe670eeab9cd1a981a12'
DBG:auth:check_response: authorization is OK
DBG:auth:post_auth: nonce index= 765
DBG:auth:is_nonce_index_valid: index out of range
DBG:auth:post_auth: nonce index not valid
DBG:core:db_free_columns: freeing 2 columns
DBG:core:db_free_columns: freeing RES_NAMES[0] at 0x818e7c8
DBG:core:db_free_columns: freeing RES_NAMES[1] at 0x818e7d8
DBG:core:db_free_columns: freeing result names at 0x818e7a8
DBG:core:db_free_columns: freeing result types at 0x818e7b8
DBG:core:db_free_rows: freeing 1 rows
DBG:core:db_free_row: freeing row values at 0x818e7f8
DBG:core:db_free_rows: freeing rows at 0x818e7e8
DBG:core:db_free_result: freeing result set at 0x818e780
xlog: [865 INVITE] Authorized. Return value: 3





----------------------------------------------------------------------

>Comment By: Daniel-Constantin Mierla (miconda)
Date: 2008-12-16 20:08

Message:
can you paste the 401/407 and the message with the credentials?

I tested the reuse_nonce=1 with latest 1.4 and all seems to be ok. 

I haven't agreed the nonce checking system, but the developers at that
time just made big noise and then run away.

NONCE_REUSED being positive it is a bug.

----------------------------------------------------------------------

Comment By: Alex Hermann (axlh)
Date: 2008-12-16 19:46

Message:
Before, I'm at rev 5271 on the 1.4 branch.

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-12-16 19:32

Message:
Hi Alex,

did you get this before or after the change to auth from today (rev
5367)?

Henning

----------------------------------------------------------------------

Comment By: Alex Hermann (axlh)
Date: 2008-12-16 19:29

Message:
It's stille getting messier. A subsequent proxy_challenge doesn't include a
'stale' parameter, so the UAC gives up.

----------------------------------------------------------------------

Comment By: Alex Hermann (axlh)
Date: 2008-12-16 19:16

Message:
If I set nonce_reuse=1, the nonce isn't even recognised, although an ngrep
proves it is there.

log extract:
DBG:auth:pre_auth: invalid nonce value received
xlog: [458 INVITE] <87.249.114.96:5060> Authorized. Return value: -3


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2433896&group_id=139143



More information about the Devel mailing list