Hi,
I need some help with digest authentication. When I uncomment those lines in ser.cfg, the register msg stops to work. In the trace, see below, you can see the nonce being sent in the re-register msg, but the server still responds with 401 Unauthorized. I've tried with both 0 and 1 in the www_challenge.
Without the digest authentication the register works fine.
Thanks in advance, //Magnus
ser.cfg (ser 0.8.12 running on a Fedora box. Used for test purpose only): ==================================================== # ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd) #fork=yes #log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode debug=7 fork=no log_stderror=yes */
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"
sip_warning=no
alias="sip_server_ip"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so" loadmodule "/usr/lib/ser/modules/tm.so" loadmodule "/usr/lib/ser/modules/rr.so" loadmodule "/usr/lib/ser/modules/maxfwd.so" loadmodule "/usr/lib/ser/modules/usrloc.so" loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/pa.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/lib/ser/modules/auth.so" loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", yes) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "password")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it)
if (uri == myself ) {
if (method=="SUBSCRIBE") { if(t_newtran()){ handle_subscription("registrar"); break; }; }; if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication if (!www_authorize("sip_server_ip", "subscriber")) { www_challenge("sip_server_ip", "1"); break; }; save("location"); break; };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };
}
Register trace: ========== REGISTER sip:sip_server_ip SIP/2.0 Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C From: Magnus sip:magnus@sip_server_ip;tag=470300110 To: Magnus sip:magnus@sip_server_ip Contact: "Magnus" sip:magnus@local_pc_ip:5060 Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip CSeq: 6590 REGISTER Expires: 1800 Max-Forwards: 70 User-Agent: X-Lite release 1103m Content-Length: 0
SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C From: Magnus sip:magnus@sip_server_ip;tag=470300110 To: Magnus sip:magnus@sip_server_ip;tag=b27e1a1d33761e85846fc98f5f3a7e58.0d0e Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip CSeq: 6590 REGISTER WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth" Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0
REGISTER sip:sip_server_ip SIP/2.0 Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK1813C486770C442BB51E58686A61921F From: Magnus sip:magnus@sip_server_ip;tag=470300110 To: Magnus sip:magnus@sip_server_ip Contact: "Magnus" sip:magnus@local_pc_ip:5060 Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip CSeq: 6591 REGISTER Expires: 1800 Authorization: Digest username="magnus",realm="sip_server_ip",nonce="41d1321431d402c1af9617eb73deccbce7e532d5",response="27ea80aed1b9f5086b396c8f86bcec60",uri="sip:sip_server_ip",qop=auth,cnonce="9F5BBA98D6724D909C6560E8A045A300",nc=00000006 Max-Forwards: 70 User-Agent: X-Lite release 1103m Content-Length: 0
SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK1813C486770C442BB51E58686A61921F From: Magnus sip:magnus@sip_server_ip;tag=470300110 To: Magnus sip:magnus@sip_server_ip;tag=b27e1a1d33761e85846fc98f5f3a7e58.9cf2 Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip CSeq: 6591 REGISTER WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth" Server: Sip EXpress router (0.8.12 (i386/linux)) Content-Length: 0