Hello,
 
Try these inclusions pls for a simple straight forward Digest Auth...
 
modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
 
# main routing logic
route{
if(!proxy_authorize("yourdomain.com" /* realm */,
                "subscriber" /* table name */ ))
{
proxy_challenge("yourdomain.com", "0");
break;
}
sl_send_reply("200", "ok");
 
karthikeyan.k

 

 
 
 
 
 
 
 
 
 
 
 

From: serusers-bounces@lists.iptel.org on behalf of Magnus Sörman (AL/EAB)
Sent: Thu 12/30/2004 3:45 PM
To: 'serusers@lists.iptel.org'
Subject: [Serusers] Digest Authentication

Hi,

I need some help with digest authentication.
When I uncomment those lines in ser.cfg, the register msg stops to work. In the trace, see below, you can see the nonce being sent in the re-register msg, but the server still responds with 401 Unauthorized. I've tried with both 0 and 1 in the www_challenge.

Without the digest authentication the register works fine.

Thanks in advance,
  //Magnus

ser.cfg (ser 0.8.12 running on a Fedora box. Used for test purpose only):
====================================================
# ----------- global configuration parameters ------------------------

#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no        # (cmd line: -E)

/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/

check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"

sip_warning=no

alias="sip_server_ip"

# ------------------ module loading ----------------------------------

# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"

loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"

loadmodule "/usr/lib/ser/modules/pa.so"

# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params --

#modparam("usrloc", "db_mode",   0)

# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)

# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")

# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)


# -------------------------  request routing logic -------------------

# main routing logic

route{

        # initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if ( msg:len > max_len ) {
                sl_send_reply("513", "Message too big");
                break;
        };

        # we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        record_route();
        # loose-route processing
        if (loose_route()) {
                t_relay();
                break;
        };

        # if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)

        if (uri == myself ) {

                if (method=="SUBSCRIBE") {
                        if(t_newtran()){
                                handle_subscription("registrar");
                                break;
                        };
                };
               
                if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
                        if (!www_authorize("sip_server_ip", "subscriber")) {
                                www_challenge("sip_server_ip", "1");
                                break;
                        };
                        save("location");
                        break;
                };

                # native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        sl_send_reply("404", "Not Found");
                        break;
                };
        };
        # forward to current uri now; use stateful forwarding; that
        # works reliably even if we forward from TCP to UDP
        if (!t_relay()) {
                sl_reply_error();
        };

}

Register trace:
==========
REGISTER sip:sip_server_ip SIP/2.0
Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C
From: Magnus <sip:magnus@sip_server_ip>;tag=470300110
To: Magnus <sip:magnus@sip_server_ip>
Contact: "Magnus" <sip:magnus@local_pc_ip:5060>
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6590 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1103m
Content-Length: 0

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C
From: Magnus <sip:magnus@sip_server_ip>;tag=470300110
To: Magnus <sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0d0e
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6590 REGISTER
WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0

REGISTER sip:sip_server_ip SIP/2.0
Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK1813C486770C442BB51E58686A61921F
From: Magnus <sip:magnus@sip_server_ip>;tag=470300110
To: Magnus <sip:magnus@sip_server_ip>
Contact: "Magnus" <sip:magnus@local_pc_ip:5060>
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6591 REGISTER
Expires: 1800
Authorization: Digest username="magnus",realm="sip_server_ip",nonce="41d1321431d402c1af9617eb73deccbce7e532d5",response="27ea80aed1b9f5086b396c8f86bcec60",uri="sip:sip_server_ip",qop=auth,cnonce="9F5BBA98D6724D909C6560E8A045A300",nc=00000006
Max-Forwards: 70
User-Agent: X-Lite release 1103m
Content-Length: 0

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK1813C486770C442BB51E58686A61921F
From: Magnus <sip:magnus@sip_server_ip>;tag=470300110
To: Magnus <sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.9cf2
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6591 REGISTER
WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0

_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers



Confidentiality Notice

The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.