diff options
author | twilson <twilson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2011-01-04 18:06:46 +0000 |
---|---|---|
committer | twilson <twilson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2011-01-04 18:06:46 +0000 |
commit | d1e0c0c566621d40b679180c247241c273a6375f (patch) | |
tree | d3fb5d45fac65d380615a7bef042ae06016ddac8 /channels | |
parent | 73c3c06a74dc0f36cbab367d7e70f596474a6815 (diff) |
Merged revisions 300301 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
................
r300301 | twilson | 2011-01-04 11:54:41 -0600 (Tue, 04 Jan 2011) | 29 lines
Merged revisions 300298 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
................
r300298 | twilson | 2011-01-04 11:37:26 -0600 (Tue, 04 Jan 2011) | 22 lines
Merged revisions 300216 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r300216 | twilson | 2011-01-04 11:11:48 -0600 (Tue, 04 Jan 2011) | 15 lines
Don't authenticate SUBSCRIBE re-transmissions
This only skips authentication on retransmissions that are already
authenticated. A similar method is already used for INVITES. This
is the kind of thing we end up having to do when we don't have a
transaction layer...
(closes issue #18075)
Reported by: mdu113
Patches:
diff.txt uploaded by twilson (license 396)
Tested by: twilson, mdu113
Review: https://reviewboard.asterisk.org/r/1005/
........
................
................
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@300302 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_sip.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 304c2e65e..5a30d7f25 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -23306,7 +23306,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, int firststate = AST_EXTENSION_REMOVED; struct sip_peer *authpeer = NULL; const char *eventheader = get_header(req, "Event"); /* Get Event package name */ - int resubscribe = (p->subscribed != NONE); + int resubscribe = (p->subscribed != NONE) && !req->ignore; char *temp, *event; if (p->initreq.headers) { @@ -23322,7 +23322,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, if (resubscribe) ast_debug(1, "Got a re-subscribe on existing subscription %s\n", p->callid); else - ast_debug(1, "Got a new subscription %s (possibly with auth)\n", p->callid); + ast_debug(1, "Got a new subscription %s (possibly with auth) or retransmission\n", p->callid); } } @@ -23377,19 +23377,25 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, } else event = (char *) eventheader; /* XXX is this legal ? */ - /* Handle authentication */ - res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer); - /* if an authentication response was sent, we are done here */ - if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */ - return 0; - if (res < 0) { - if (res == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); - transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE); - } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From")); - transmit_response_reliable(p, "403 Forbidden", req); + /* Handle authentication if we're new and not a retransmission. We can't just + * use if !req->ignore, because then we'll end up sending + * a 200 OK if someone retransmits without sending auth */ + if (p->subscribed == NONE || resubscribe) { + res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer); + + /* if an authentication response was sent, we are done here */ + if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */ + return 0; + if (res < 0) { + if (res == AUTH_FAKE_AUTH) { + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE); + } else { + ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From")); + transmit_response_reliable(p, "403 Forbidden", req); + } } + pvt_set_needdestroy(p, "authentication failed"); return 0; } |