Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[mod_sofia] fix missing auth challenge in 401 response #6

Merged
merged 1 commit into from
Dec 3, 2024

Conversation

greenbea
Copy link

Description

This commit fixes issues signalwire#1779 and signalwire#2640

The bug was caused by the incoming subscribe handler calling directly sofia_reg_parse_auth with an exptime of 0, causing the nonce to get deleted from the db after hitting the nonce_ttl time. That by itself was wrong since the exptime should have been exptime + nonce-ttl, but the main problem was that the handler returned a 401 without an auth challenge.

The fix was simple: instead of calling directly sofia_reg_parse_auth from the subscribe handler, it passes the authentication handling to the sofia_reg_handle_register the same way sofia_handle_sip_i_invite handler does.

Bugs I noticed on the way:

  • Freeswitch in sofia_handle_sip_i_invite sets an exptime that is being used to calculate the nonce_ttl nonce_tll + exptime and takes exptime from the expires header or from the contact header if exists or to a default value of 300.
    1. freeswitch doesn't adhere to the sip-force-expires* settings (and to force-subscription-expires after this commit) when setting the exptime.
    2. INVITES doesn't have an expire header so nonce_ttl will always be nonce_ttl + 300
  • freeswitch fires sofia::register_attempt and sofia::register_failure events on invites
  • a lot of handling done in sofia_reg_handle_register_token is meant for registration and is being called for invites as well

@markjcrane markjcrane merged commit 25b2b7b into fusionpbx:master Dec 3, 2024
@markjcrane markjcrane changed the title [mod_sofia] fix missing auth challange in 401 response [mod_sofia] fix missing auth challenge in 401 response Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants