[OpenSIPS-Devel] [ opensips-Bugs-3490219 ] incorrect "nonce already used" on re-registration

SourceForge.net noreply at sourceforge.net
Tue Feb 21 21:01:46 CET 2012 

Bugs item #3490219, was opened at 2012-02-21 12:01
Message generated for change (Tracker Item Submitted) made by lucifuge
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3490219&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Daryl G. Jurbala (lucifuge)
Assigned to: Nobody/Anonymous (nobody)
Summary: incorrect "nonce already used" on re-registration

Initial Comment:
This has been tested and can be duplicated in 1.6.3 as well as 1.7.1.

When using the following block to process REGISTERs and add a path tp usrloc:

----
        if (!www_authorize("", "accounts")) {
                www_challenge("", "0");
                return;
        };

        if ( src_ip == myself ) {
                consume_credentials();
                if (!save("location","p1v")) {
                        sl_reply_error();
                };
                return;
        };

        if (!add_path_received()) {
                xlog("L_ERR", "Couldn't add path.");
                sl_send_reply("503", "Internal path error");
        };
        forward();

----

registrations are successful on the first and subsequent attemps until approximately 30 seconds or 2 to 4 immediate registration/unregistration/registration attempts from the same account.  This can be duplicated from multiple source IPs/UACs or a single source IP/UAC.

On failure, the account can no longer register until OpenSIPS is restarted.  Debugging points to:

Feb 21 19:15:40 [2889] DBG:auth:check_response: authorization is OK
Feb 21 19:15:40 [2889] DBG:auth:post_auth: nonce index= 62
Feb 21 19:15:40 [2889] DBG:auth:is_nonce_index_valid: nonce already used

Successful registration attempts appear as:

Feb 21 19:17:44 [2918] DBG:auth:check_response: authorization is OK
Feb 21 19:17:44 [2918] DBG:auth:post_auth: nonce index= 0

Using a register block that simplt authorizes and save the contact with no path addition or forward back to itself resolves this issue entirely, as does disabling nonce checks with modparam("auth", "disable_nonce_check", 1).

While failing, packet traces show that the client is sending a REGISTER, OpenSIPSs 401's and gives it a unique nonce, the client responds appropriately to the nonce, OpenSIPS sends it a 401 and a new and unique nonce, and the loop continues.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3490219&group_id=232389

More information about the Devel mailing list