Revision: 4178
http://openser.svn.sourceforge.net/openser/?rev=4178&view=rev
Author: bogdan_iancu
Date: 2008-05-14 02:38:27 -0700 (Wed, 14 May 2008)
Log Message:
-----------
- fixed bug in appending the stale parameter in the challenge request if the
nonces is not recognize as local - this can happen after a restart, when
openser uses a new schema to generate nonces.
This bug was revealed when using UACs that tries to reuse the nonce.The result
was that after restarting openser, the UACs were dropping the registration
attempts.
Scenario:
1) start openser -> it will set SCHEMA1 for generating nonces
2) UAC registers with authentication and receives during challenge the nonce
NONCE1 (based on SCHEMA1)
3) OpenSER restarts and sets a new SCHEMA2 for generating nonces
4) UAC tries to re-register using the previous nonce it received - NONCE1.
5) OpenSER rejects the auth as received NONCE1 does not follow current SCHEMA2.
6) OpenSER sends a new challenge to the UAC, but so far, the stale parameter
was not added to indicate that the nonce is invalid
7) UAC simply drops any registration attempts as it thinks that the password it
has is wrong -> it authentication was rejected and no stale indication was
received.
The fix was to make openser to add the stale parameter in the challenge and to
indicate to UAC a nonce issue if the nonce is not recognized. The script auth
functions were already reporting (as return code) NONCE_STALE indication in
this case, but the challenge was not properly computed.
Modified Paths:
--------------
trunk/modules/auth/api.c
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
Devel mailing list
Devel@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/devel
