[OpenSIPS-Devel] [ opensips-Bugs-3490219 ] incorrect "nonce already used" on re-registration
SourceForge.net
noreply at sourceforge.net
Tue Feb 21 21:01:46 CET 2012
Bugs item #3490219, was opened at 2012-02-21 12:01
Message generated for change (Tracker Item Submitted) made by lucifuge
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3490219&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Daryl G. Jurbala (lucifuge)
Assigned to: Nobody/Anonymous (nobody)
Summary: incorrect "nonce already used" on re-registration
Initial Comment:
This has been tested and can be duplicated in 1.6.3 as well as 1.7.1.
When using the following block to process REGISTERs and add a path tp usrloc:
----
if (!www_authorize("", "accounts")) {
www_challenge("", "0");
return;
};
if ( src_ip == myself ) {
consume_credentials();
if (!save("location","p1v")) {
sl_reply_error();
};
return;
};
if (!add_path_received()) {
xlog("L_ERR", "Couldn't add path.");
sl_send_reply("503", "Internal path error");
};
forward();
----
registrations are successful on the first and subsequent attemps until approximately 30 seconds or 2 to 4 immediate registration/unregistration/registration attempts from the same account. This can be duplicated from multiple source IPs/UACs or a single source IP/UAC.
On failure, the account can no longer register until OpenSIPS is restarted. Debugging points to:
Feb 21 19:15:40 [2889] DBG:auth:check_response: authorization is OK
Feb 21 19:15:40 [2889] DBG:auth:post_auth: nonce index= 62
Feb 21 19:15:40 [2889] DBG:auth:is_nonce_index_valid: nonce already used
Successful registration attempts appear as:
Feb 21 19:17:44 [2918] DBG:auth:check_response: authorization is OK
Feb 21 19:17:44 [2918] DBG:auth:post_auth: nonce index= 0
Using a register block that simplt authorizes and save the contact with no path addition or forward back to itself resolves this issue entirely, as does disabling nonce checks with modparam("auth", "disable_nonce_check", 1).
While failing, packet traces show that the client is sending a REGISTER, OpenSIPSs 401's and gives it a unique nonce, the client responds appropriately to the nonce, OpenSIPS sends it a 401 and a new and unique nonce, and the loop continues.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3490219&group_id=232389
More information about the Devel
mailing list