One more addition here: this patch includes another bug fix in building the reply error when auth failed - there was a mixing between reply code (500) and reply reason status (Bad request).
Regards, bogdan Bogdan-Andrei Iancu wrote: > Revision: 4178 > http://openser.svn.sourceforge.net/openser/?rev=4178&view=rev > Author: bogdan_iancu > Date: 2008-05-14 02:38:27 -0700 (Wed, 14 May 2008) > > Log Message: > ----------- > - fixed bug in appending the stale parameter in the challenge request if the > nonces is not recognize as local - this can happen after a restart, when > openser uses a new schema to generate nonces. > > This bug was revealed when using UACs that tries to reuse the nonce.The > result was that after restarting openser, the UACs were dropping the > registration attempts. > > Scenario: > 1) start openser -> it will set SCHEMA1 for generating nonces > 2) UAC registers with authentication and receives during challenge the nonce > NONCE1 (based on SCHEMA1) > 3) OpenSER restarts and sets a new SCHEMA2 for generating nonces > 4) UAC tries to re-register using the previous nonce it received - NONCE1. > 5) OpenSER rejects the auth as received NONCE1 does not follow current > SCHEMA2. > 6) OpenSER sends a new challenge to the UAC, but so far, the stale parameter > was not added to indicate that the nonce is invalid > 7) UAC simply drops any registration attempts as it thinks that the password > it has is wrong -> it authentication was rejected and no stale indication was > received. > > The fix was to make openser to add the stale parameter in the challenge and > to indicate to UAC a nonce issue if the nonce is not recognized. The script > auth functions were already reporting (as return code) NONCE_STALE indication > in this case, but the challenge was not properly computed. > > Modified Paths: > -------------- > trunk/modules/auth/api.c > > > This was sent by the SourceForge.net collaborative development platform, the > world's largest Open Source development site. > > _______________________________________________ > Devel mailing list > Devel@lists.openser.org > http://lists.openser.org/cgi-bin/mailman/listinfo/devel > > _______________________________________________ Devel mailing list Devel@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/devel
