From e44ab3816cae3e85d27e969366a12881af42fa46 Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Tue, 17 Nov 2015 14:53:57 -0600 Subject: res_pjsip_outbound_registration.c: Fix 423 response handling. Receiving a 423 Interval Too Brief response after authentication for an outbound registration attempt results in assuming that the registrar has rejected the registration permanently. If there are no configured retries for fatal responses then the outbound registration is stopped for that endpoint. For registrations, PJSIP/PJPROJECT intercepts the handling of 423 responses and does not include any authentication in the updated registration request. When the updated request is challenged then the Asterisk code assumes that we were challenged again because the peer rejected the authentication we sent earlier. * Made registration challenges keep track of the CSeq number to determine if the received challenge response was for the request we thought we sent. If the response's CSeq number differs from the CSeq number we last sent with authentication then authenticate again because it is a challenge to a different request. Change-Id: I81b4bd36d1be095bab606e34b8b44e6302971b09 --- res/res_pjsip_outbound_registration.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'res/res_pjsip_outbound_registration.c') diff --git a/res/res_pjsip_outbound_registration.c b/res/res_pjsip_outbound_registration.c index 04ff1df60..84476db90 100644 --- a/res/res_pjsip_outbound_registration.c +++ b/res/res_pjsip_outbound_registration.c @@ -335,6 +335,8 @@ struct sip_outbound_registration_client_state { unsigned int auth_rejection_permanent; /*! \brief Determines whether SIP Path support should be advertised */ unsigned int support_path; + /*! CSeq number of last sent auth request. */ + unsigned int auth_cseq; /*! \brief Serializer for stuff and things */ struct ast_taskprocessor *serializer; /*! \brief Configured authentication credentials */ @@ -758,15 +760,27 @@ static int handle_registration_response(void *data) ast_debug(1, "Processing REGISTER response %d from server '%s' for client '%s'\n", response->code, server_uri, client_uri); - if (!response->client_state->auth_attempted && - (response->code == 401 || response->code == 407)) { + if ((response->code == 401 || response->code == 407) + && (!response->client_state->auth_attempted + || response->rdata->msg_info.cseq->cseq != response->client_state->auth_cseq)) { + int res; + pjsip_cseq_hdr *cseq_hdr; pjsip_tx_data *tdata; + if (!ast_sip_create_request_with_auth_from_old(&response->client_state->outbound_auths, response->rdata, response->old_request, &tdata)) { response->client_state->auth_attempted = 1; ast_debug(1, "Sending authenticated REGISTER to server '%s' from client '%s'\n", server_uri, client_uri); - if (registration_client_send(response->client_state, tdata) == PJ_SUCCESS) { + pjsip_tx_data_add_ref(tdata); + res = registration_client_send(response->client_state, tdata); + + /* Save the cseq that actually got sent. */ + cseq_hdr = (pjsip_cseq_hdr *) pjsip_msg_find_hdr(tdata->msg, PJSIP_H_CSEQ, + NULL); + response->client_state->auth_cseq = cseq_hdr->cseq; + pjsip_tx_data_dec_ref(tdata); + if (res == PJ_SUCCESS) { ao2_ref(response, -1); return 0; } -- cgit v1.2.3