[OpenSER-Devel] SF.net SVN: openser: [4178] trunk/modules/auth/api.c
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed May 14 11:48:22 CEST 2008
One more addition here:
this patch includes another bug fix in building the reply error when
auth failed - there was a mixing between reply code (500) and reply
reason status (Bad request).
Regards,
bogdan
Bogdan-Andrei Iancu wrote:
> Revision: 4178
> http://openser.svn.sourceforge.net/openser/?rev=4178&view=rev
> Author: bogdan_iancu
> Date: 2008-05-14 02:38:27 -0700 (Wed, 14 May 2008)
>
> Log Message:
> -----------
> - fixed bug in appending the stale parameter in the challenge request if the nonces is not recognize as local - this can happen after a restart, when openser uses a new schema to generate nonces.
>
> This bug was revealed when using UACs that tries to reuse the nonce.The result was that after restarting openser, the UACs were dropping the registration attempts.
>
> Scenario:
> 1) start openser -> it will set SCHEMA1 for generating nonces
> 2) UAC registers with authentication and receives during challenge the nonce NONCE1 (based on SCHEMA1)
> 3) OpenSER restarts and sets a new SCHEMA2 for generating nonces
> 4) UAC tries to re-register using the previous nonce it received - NONCE1.
> 5) OpenSER rejects the auth as received NONCE1 does not follow current SCHEMA2.
> 6) OpenSER sends a new challenge to the UAC, but so far, the stale parameter was not added to indicate that the nonce is invalid
> 7) UAC simply drops any registration attempts as it thinks that the password it has is wrong -> it authentication was rejected and no stale indication was received.
>
> The fix was to make openser to add the stale parameter in the challenge and to indicate to UAC a nonce issue if the nonce is not recognized. The script auth functions were already reporting (as return code) NONCE_STALE indication in this case, but the challenge was not properly computed.
>
> Modified Paths:
> --------------
> trunk/modules/auth/api.c
>
>
> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
>
> _______________________________________________
> Devel mailing list
> Devel at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/devel
>
>
More information about the Devel
mailing list