[sr-dev] Bug in www_authorize/challenge functions

Alex Balashov abalashov at evaristesys.com
Thu Oct 7 10:16:53 CEST 2010 

On 10/07/2010 04:13 AM, Andrei Pelinescu-Onciul wrote:
> On Oct 07, 2010 at 04:04, Alex Balashov<abalashov at evaristesys.com>  wrote:
>> On 10/07/2010 04:01 AM, Alex Balashov wrote:
>>
>>> I did. But I also tried setting all auth_checks_register flags to 0 as
>>> part of my testing and had the same crash.
>>
>> I was incorrect to say this.  I just tried setting flags to 0 again
>> and now there is no crash.
>
> Could you try the latest git (with the flags set as before)? Should be
> fixed.

It is fixed;  it does not crash.  But it still thinks it's an invalid 
user, and there is no database activity to check if it is so.  As you 
said below, that is another problem.

> The reason we haven't seen it before is that in the setups that did have
> the flags set, probably somebody did parse the complete from before
> (e.g. a t_newtran(), sanity module a.s.o.).

Well, I have both in my configuration.  For sanity, I have these checks:

modparam("sanity", "default_checks", 103) 	# 1 & 2 & 4 & 32 & 64

Here is a quick bitmask reference from the docs:

#   SIP version in Request URI         : 1
#   Request URI scheme                 : 2
#   Presence of RFC-mandated headers   : 4
#   CSeq method consistency            : 32
#   CSeq value consistency             : 64
#   Content length actual vs. declared : 128
#   Expires value                      : 256
#   Supported extensions               : 512

And I do create a new transaction, as instructed by the new 'auth' 
documentation which says that to use nonce_count or one_time_nonce it 
is necessary that the transaction surrounding the digest 
authentication be stateful.  I updated all my code to it today.  It 
looks like this:

         if(!t_newtran()) {
                 # It must be a retransmission or similar.

                 xlog("L_ERR", "[REGISTER-HANDLER:$ci] !> "
                               "Failed to create new transaction\n");

                 drop;
         }

         if(!www_authorize("$td", "subscriber")) {

                 # Log the cause of the authorisation failure.

		...

I have also replaced all sl_send_reply() with send_reply() so that SL 
can make the determination of whether to send the reply statefully 
based on whether a transaction exists.

>
>>
>> However, www_authorize() still returns -1 (invalid user).  The
>> problem is not entirely solved.  :/
>
> But that's another problem :-)
>
> Andrei


-- 
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/

More information about the sr-dev mailing list