[OpenSER-Devel] SF.net SVN: openser: [4181] branches/1.2/modules/auth/api.c

Bogdan-Andrei Iancu bogdan at voice-system.ro
Wed May 14 12:07:13 CEST 2008 

Revision: 4181
          http://openser.svn.sourceforge.net/openser/?rev=4181&view=rev
Author:   bogdan_iancu
Date:     2008-05-14 03:07:11 -0700 (Wed, 14 May 2008)

Log Message:
-----------
backport from trunk (rev 4178):

- fixed bug in appending the stale parameter in the challenge request if the nonces is not recognize as local - this can happen after a restart, when openser uses a new schema to generate nonces.

This bug was revealed when using UACs that tries to reuse the nonce.The result was that after restarting openser, the UACs were dropping the registration attempts.

Scenario:
1) start openser -> it will set SCHEMA1 for generating nonces
2) UAC registers with authentication and receives during challenge the nonce NONCE1 (based on SCHEMA1)
3) OpenSER restarts and sets a new SCHEMA2 for generating nonces
4) UAC tries to re-register using the previous nonce it received - NONCE1.
5) OpenSER rejects the auth as received NONCE1 does not follow current SCHEMA2.
6) OpenSER sends a new challenge to the UAC, but so far, the stale parameter was not added to indicate that the nonce is invalid
7) UAC simply drops any registration attempts as it thinks that the password it has is wrong -> it authentication was rejected and no stale indication was received.

The fix was to make openser to add the stale parameter in the challenge and to indicate to UAC a nonce issue if the nonce is not recognized. The script auth functions were already reporting (as return code) NONCE_STALE indication in this case, but the challenge was not properly computed.

- fixed bug in building the reply error when auth failed - there was a mixing between reply code (500) and reply reason status (Bad request).

Revision Links:
--------------
    http://openser.svn.sourceforge.net/openser/?rev=4178&view=rev

Modified Paths:
--------------
    branches/1.2/modules/auth/api.c


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the Devel mailing list