[Serdev] CVS:commitlog: sip_router/modules/auth Makefile auth_mod.c challenge.c nid.c nid.h nonce.c nonce.h ot_nonce.c ot_nonce.h

Thu, 10 Jul 2008 10:10:15 -0700 

andrei      2008/07/10 19:10:09 CEST

  SER CVS Repository

  Modified files:
    modules/auth         Makefile auth_mod.c challenge.c nid.c 
                         nid.h nonce.c nonce.h 
  Added files:
    modules/auth         ot_nonce.c ot_nonce.h 
  Log:
   - one-time-nonce support -- if enabled a nonce will be accepted only once =>
  each new request will be challenged. It offers strong protection against
  replay attacks, but on the other hand it would undo any benefits form UA side
  credentials caching (=> extra messages, extra round trips, more processing at
  the proxy). It can work together with qop and nonce-count tracking: if
  nonce-count tracking is enabled (set auth modparam nonce_count to 1), it will
  take precedence for UAs supporting qop. In general auth_extra_checks should be
  preferred to one-time-nonce support (one-time-nonce should be used only in
  "paranoid" mode).
  The one-time-nonce support should be used only in statefull mode (to allow tm
  to catch the retransmissions prior to the authentication), or else it would
   challenge the retransmissions.
  The code is mostly shared with the nonce-count support (lock-free, optimized
  for multiple cpus), the big difference being that in this case only 1 bit of
  state is saved per nonce-id ("expected"/"unexpected") and so less memory is
  used (for the default 1 million in-flight nonces only 128Kb are needed).
  
  Revision  Changes    Path
  1.5       +4 -3      sip_router/modules/auth/Makefile
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/Makefile.diff?r1=1.4&r2=1.5
  1.71      +31 -6     sip_router/modules/auth/auth_mod.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/auth_mod.c.diff?r1=1.70&r2=1.71
  1.37      +20 -9     sip_router/modules/auth/challenge.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/challenge.c.diff?r1=1.36&r2=1.37
  1.3       +3 -3      sip_router/modules/auth/nid.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/nid.c.diff?r1=1.2&r2=1.3
  1.3       +12 -3     sip_router/modules/auth/nid.h
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/nid.h.diff?r1=1.2&r2=1.3
  1.20      +40 -14    sip_router/modules/auth/nonce.c
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/nonce.c.diff?r1=1.19&r2=1.20
  1.14      +17 -17    sip_router/modules/auth/nonce.h
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/nonce.h.diff?r1=1.13&r2=1.14
  1.1       +239 -0    sip_router/modules/auth/ot_nonce.c (new)
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/ot_nonce.c?rev=1.1&content-type=text/plain
  1.1       +84 -0     sip_router/modules/auth/ot_nonce.h (new)
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/auth/ot_nonce.h?rev=1.1&content-type=text/plain
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev

Reply via email to