Summary: | ASTERISK-04053: [patch] Authentication support for SIP NOTIFY requests | ||
Reporter: | Charles Duffy (cduffy) | Labels: | |
Date Opened: | 2005-05-03 19:58:37 | Date Closed: | 2011-06-07 14:05:23 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Interoperability |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) chan_sip.c.patch ( 1) chan_sip.c.patch+copyvarlist | |
Description: | Authentication requests sent in response to SIP NOTIFY requests (ie. as sent via the "sip notify" subcommand in CVS HEAD) presently are ignored. That is: The server sends a NOTIFY, the phone sends back a 401, the server takes no further action. Ideally, of course, the server should respond to the 401 with a resend of the NOTIFY that contains a response for the challenge included in the 401. ****** ADDITIONAL INFORMATION ****** The attached patch (disclaimer pending -- employer agreed in principal to blanket authorization for contributions to OSS projects; need to actually come up with verbiage for such and get it through legal, which should be quick -- we're small) WORKSFORME. | ||
Comments: | By: Kevin P. Fleming (kpfleming) 2005-05-03 20:24:52 I like the idea, but I'm not thrilled about increasing the size of 'struct sip_pvt' by 256 bytes for every user everywhere... even the ones that don't use 'sip notify'. It would be much more efficient to just store a pointer to a copy of the ast_variable list from the config file in sip_pvt... a new field 'struct ast_variable *notify_headers' would be appropriate. If it's non-NULL, there are NOTIFY headers to be added to the outgoing request. However, these will definitely need to be _copies_ of the ones from the config file, and the function that destroys the sip_pvt will have to free them as well. By: Charles Duffy (cduffy) 2005-05-03 21:31:20 Updated version of the patch, implementing kpfleming's suggestion. By: Charles Duffy (cduffy) 2005-05-03 23:31:21 Actually uploaded the updated patch this time. Oops. By: Olle Johansson (oej) 2005-05-04 01:48:24 We need to implement *one* solution for authentication of any challenged transmission, not one for every method... There's another bug report on a similar matter, ASTERISK-3912 By: Olle Johansson (oej) 2005-06-04 07:13:04 cduffy: Are you looking into creating a more generic solution? By: Charles Duffy (cduffy) 2005-06-05 20:05:52 No. Real Life stepped in, and I no longer have time to work on Asterisk. By: Olle Johansson (oej) 2005-06-06 04:52:04 Ok, thanks for answering. I'll keep this open for a while, waiting for someone to catch this issue... :-) By: Olle Johansson (oej) 2005-06-25 07:09:48 Ok, got information that Vonage is authenticating BYE as well, so we *really* need a generic solution. By: Michael Jerris (mikej) 2005-07-12 19:42:16 oej, are you taking this one on? By: Olle Johansson (oej) 2005-07-18 06:42:50 Mikej: Just returned, will look into this in a while. By: Mark Spencer (markster) 2005-08-07 21:01:35 Suspending this one pending disclaimer. |