there is no point in sending 401 Unauthorized to a UAS that sent us a properly-formatted Authentication header with the expected username and nonce but an incorrect response (which indicates the shared secret does not match)... instead, let's send 403 Forbidden so that the UAS doesn't retry with the same authentication credentials repeatedly

git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@81442 f38db490-d61c-443f-a65b-d21fe96a405b
author: kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-09-04 16:40:39 +0000
committer: kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> 2007-09-04 16:40:39 +0000
commit: 086afa7995fe6e5bde33cbca294673549825ef7b (patch)
tree: 102eee2086471632134f2725d18759b209eead6d /channels
parent: 6ea84616b767f99dd45f53807f19646ac54a1c69 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index e882fb54a..b31d456c1 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -8328,11 +8328,11 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request *
 	}
 
 	/* Ok, we have a bad username/secret pair */
-	/* Challenge again, and again, and again */
-	transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
-	sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+	/* Tell the UAS not to re-send this authentication data, because
+	   it will continue to fail
+	*/
 
-	return AUTH_CHALLENGE_SENT;
+	return AUTH_SECRET_FAILED;
 }
 
 /*! \brief Change onhold state of a peer using a pvt structure */
author	kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-09-04 16:40:39 +0000
committer	kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b>	2007-09-04 16:40:39 +0000
commit	086afa7995fe6e5bde33cbca294673549825ef7b (patch)
tree	102eee2086471632134f2725d18759b209eead6d /channels
parent	6ea84616b767f99dd45f53807f19646ac54a1c69 (diff)