Changeset 871

Timestamp:

Dec 29, 2006 12:13:10 AM (18 years ago)

Author:

bennylp

Message:

Fixed ticket #25: Authentication loops forever when server keeps rejecting request with stale=true

Location:

pjproject/trunk/pjsip

Files:

• include/pjsip/sip_auth.h (modified) (1 diff)
• include/pjsip/sip_config.h (modified) (1 diff)
• include/pjsip/sip_errno.h (modified) (1 diff)
• src/pjsip/sip_auth_client.c (modified) (4 diffs)
• src/pjsip/sip_errno.c (modified) (1 diff)

pjproject/trunk/pjsip/include/pjsip/sip_auth.h

@@ -114 +114 @@
     pj_bool_t                    is_proxy;  /**< Server type (401/407)      */
     pjsip_auth_qop_type          qop_value; /**< qop required by server.    */
+    unsigned                     stale_cnt; /**< Number of stale retry.     */
 #if PJSIP_AUTH_QOP_SUPPORT
     pj_uint32_t                  nc;        /**< Nonce count.               */

pjproject/trunk/pjsip/include/pjsip/sip_config.h

@@ -410 +410 @@
 
 /**
+ * Maximum number of stale retries when server keeps rejecting our request
+ * with stale=true.
+ */
+#ifndef PJSIP_MAX_STALE_COUNT
+#   define PJSIP_MAX_STALE_COUNT            3
+#endif
+
+
+/**
  * @}
  */

pjproject/trunk/pjsip/include/pjsip/sip_errno.h

@@ -362 +362 @@
  */
 #define PJSIP_EAUTHINVALIDDIGEST (PJSIP_ERRNO_START_PJSIP+110)  /* 171110 */
+/**
+ * @hideinitializer
+ * Maximum number of stale retries exceeded. This happens when server 
+ * keeps rejecting our authorization request with stale=true.
+ */
+#define PJSIP_EAUTHSTALECOUNT   (PJSIP_ERRNO_START_PJSIP + 111) /* 171111 */
 
 

pjproject/trunk/pjsip/src/pjsip/sip_auth_client.c

@@ -44 +44 @@
 #endif
 
+
 /* Transform digest to string.
  * output must be at least PJSIP_MD5STRLEN+1 bytes.
@@ -600 +601 @@
     auth = sess->cached_auth.next;
     while (auth != &sess->cached_auth) {
+        /* Reset stale counter */
+        auth->stale_cnt = 0;
+
         if (auth->qop_value == PJSIP_AUTH_QOP_NONE) {
 #           if defined(PJSIP_AUTH_HEADER_CACHING) && \
@@ -708 +712 @@
              * the same credential.
              */
-            PJ_LOG(4, (THIS_FILE, "Authorization failed for %.*s@%.*s",
+            PJ_LOG(4, (THIS_FILE, "Authorization failed for %.*s@%.*s: "
+                       "server rejected with stale=false",
                        sent_auth->credential.digest.username.slen,
                        sent_auth->credential.digest.username.ptr,
@@ -714 +719 @@
                        sent_auth->credential.digest.realm.ptr));
             return PJSIP_EFAILEDCREDENTIAL;
+        }
+
+        cached_auth->stale_cnt++;
+        if (cached_auth->stale_cnt >= PJSIP_MAX_STALE_COUNT) {
+            /* Our credential is rejected. No point in trying to re-supply
+             * the same credential.
+             */
+            PJ_LOG(4, (THIS_FILE, "Authorization failed for %.*s@%.*s: "
+                       "maximum number of stale retries exceeded",
+                       sent_auth->credential.digest.username.slen,
+                       sent_auth->credential.digest.username.ptr,
+                       sent_auth->credential.digest.realm.slen,
+                       sent_auth->credential.digest.realm.ptr));
+            return PJSIP_EAUTHSTALECOUNT;
         }
 

pjproject/trunk/pjsip/src/pjsip/sip_errno.c

@@ -100 +100 @@
     PJ_BUILD_ERR( PJSIP_EAUTHINVALIDREALM, "Invalid authorization realm"),
     PJ_BUILD_ERR( PJSIP_EAUTHINVALIDDIGEST,"Invalid authorization digest" ),
+    PJ_BUILD_ERR( PJSIP_EAUTHSTALECOUNT,   "Maximum number of stale retries exceeded"),
 
     /* UA/dialog layer. */