El 01/07/14 14:44, Alex Villacís Lasso escribió:
El 26/06/14 18:39, Alex Villacís Lasso escribió:
I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls work correctly.
With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the communication eventually times out.
I have built and installed the python-sipsimple-clients package. With this, I can see that the receiving party attempts to make a MSRP connection to my Kamailio, and the authentication challenge triggers the following message:
SIP session failed: media stream failed: 'opaque'
It seems that msrplib (used by Blink and the test programs) wants a digest authentication with an "opaque" parameter. Currently the failing dialog goes like this:
MSRP fa4a1c4d39cbf3fd AUTH To-Path: msrp://pbx.elastix.com:5060;tcp From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp -------fa4a1c4d39cbf3fd$
MSRP fa4a1c4d39cbf3fd 401 Unauthorized To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp From-Path: msrp://pbx.elastix.com:5060;tcp WWW-Authenticate: Digest realm="pbx.elastix.com", nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth" -------fa4a1c4d39cbf3fd$
which is, in turn, produced by this code segment in kamailio.cfg:
$var(msrprealm) = $(hdr(To-Path){msrpuri.host}); xlog("L_ALERT","============ msrprealm: [$var(msrprealm)]\n"); if (!www_authenticate("$var(msrprealm)", "subscriber", "$msrp(method)")) {if(auth_get_www_authenticate("$var(msrprealm)", "1", "$var(wauth)")) { msrp_reply("401", "Unauthorized", "$var(wauth)"); } else { msrp_reply("500", "Server Error"); } exit; }
So, how do I make the authentication issue an adequate "opaque" parameter? I do not want to resort to appending a static value opaque="something" if a more elegant solution can be found. From http://en.wikipedia.org/wiki/Digest_access_authentication , I deduce that I need the server to issue an "opaque" parameter like the following:
WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Apparently, there is no authentication procedure implemented in Kamailio 4.1.4 that is RFC compliant with MSRP.
According to http://tools.ietf.org/html/rfc4976#section-9.1 , MSRP AUTH request must be authenticated. Simply accepting any AUTH request without actually checking the credentials is not RFC-compliant. However, the authentication specified in rfc4976 differs from ordinary Digest-Authentication - the required URI for the Digest authentication is taken from the To-Path: header in the MSRP request, and is apparently not sent in the Authorization header (at least as implemented by the python-msrplib library). Additionally, none of the Kamailio methods for authentication appear capable of sending an "opaque" parameter that is apparently requested by python-msrplib. It seems that new methods msrp_authenticate() and msrp_challenge() are required.