does www_challenge(realm, flags) know to send its challenge reply statefully or statelessly depending on if t_newtran() has been called or not?
-- juha
On Oct 07, 2010 at 15:28, Juha Heinanen jh@tutpro.com wrote:
does www_challenge(realm, flags) know to send its challenge reply statefully or statelessly depending on if t_newtran() has been called or not?
No, you need to send it by hand. At least with ser auth_db, I would: if (!www_authenticate(....)){ ... if ($digest_challenge != "") append_to_reply("%$digest_challenge"); sl_reply("401", "Unauthorized"); }
Andrei P.S.: changing www_challenge() would be trivial, but requires testing. Only auth_send_reply() would need to be changed to use slb.send_reply() and probably a module param. added to select between forced stateless replies (lower processing) or auto replies.
Andrei Pelinescu-Onciul writes:
No, you need to send it by hand. At least with ser auth_db, I would: if (!www_authenticate(....)){ ... if ($digest_challenge != "") append_to_reply("%$digest_challenge"); sl_reply("401", "Unauthorized"); }
can't do, because i don't want to call www_authenticate() at all, if there is no Authorization header in the request. i just want to call www_challenge() in such case.
P.S.: changing www_challenge() would be trivial, but requires testing. Only auth_send_reply() would need to be changed to use slb.send_reply() and probably a module param. added to select between forced stateless replies (lower processing) or auto replies.
i consider this a bug that should be fixed. please post the diff and i'll test it.
-- juha
Andrei Pelinescu-Onciul writes:
P.S.: changing www_challenge() would be trivial, but requires testing. Only auth_send_reply() would need to be changed to use slb.send_reply() and probably a module param. added to select between forced stateless replies (lower processing) or auto replies.
i changed return in auth_send_reply() to this:
return slb.send_reply(msg, code, reason);
but got compile error:
make modules=modules/auth modules CC (cc) [M auth.so] auth_mod.o auth_mod.c: In function ‘auth_send_reply’: auth_mod.c:569: error: ‘sl_api_t’ has no member named ‘send_reply’ make[1]: *** [auth_mod.o] Error 1
-- juha
On Oct 07, 2010 at 16:22, Juha Heinanen jh@tutpro.com wrote:
Andrei Pelinescu-Onciul writes:
P.S.: changing www_challenge() would be trivial, but requires testing. Only auth_send_reply() would need to be changed to use slb.send_reply() and probably a module param. added to select between forced stateless replies (lower processing) or auto replies.
i changed return in auth_send_reply() to this:
return slb.send_reply(msg, code, reason);
but got compile error:
make modules=modules/auth modules CC (cc) [M auth.so] auth_mod.o auth_mod.c: In function ???auth_send_reply???: auth_mod.c:569: error: ???sl_api_t??? has no member named ???send_reply??? make[1]: *** [auth_mod.o] Error 1
Sorry, it's slb.freply(), but you also need to send reason as str (in auth_send_reply reason is char, but slb.freply() expects a str* reason).
Andrei
Andrei Pelinescu-Onciul writes:
Sorry, it's slb.freply(), but you also need to send reason as str (in auth_send_reply reason is char, but slb.freply() expects a str* reason).
thanks. i made the changes to auth_send_reply() and after that proxy_challenge()/www_challenge() worked ok both when t_newtran() was called earlier or not. also the warnings about unreleased transactions disappeared.
changed function is below? is it ok to commit it to master and 3.1?
-- juha
static int auth_send_reply(struct sip_msg *msg, int code, char *reason, char *hdr, int hdr_len) { str reason_str;
/* Add new headers if there are any */ if ((hdr!=NULL) && (hdr_len>0)) { if (add_lump_rpl(msg, hdr, hdr_len, LUMP_RPL_HDR)==0) { LM_ERR("failed to append hdr to reply\n"); return -1; } }
reason_str.s = reason; reason_str.len = strlen(reason);
return slb.freply(msg, code, &reason_str); }
On Oct 07, 2010 at 16:36, Juha Heinanen jh@tutpro.com wrote:
Andrei Pelinescu-Onciul writes:
Sorry, it's slb.freply(), but you also need to send reason as str (in auth_send_reply reason is char, but slb.freply() expects a str* reason).
thanks. i made the changes to auth_send_reply() and after that proxy_challenge()/www_challenge() worked ok both when t_newtran() was called earlier or not. also the warnings about unreleased transactions disappeared.
changed function is below? is it ok to commit it to master and 3.1?
-- juha
static int auth_send_reply(struct sip_msg *msg, int code, char *reason, char *hdr, int hdr_len) { str reason_str;
/* Add new headers if there are any */ if ((hdr!=NULL) && (hdr_len>0)) { if (add_lump_rpl(msg, hdr, hdr_len, LUMP_RPL_HDR)==0) { LM_ERR("failed to append hdr to reply\n"); return -1; } }
reason_str.s = reason; reason_str.len = strlen(reason);
return slb.freply(msg, code, &reason_str); }
I would add a new modparam: force_stateless_reply, default 0 and then
return force_stateless_reply ? slb.sreply(msg, code, &reason_str) : lb.freply(msg, code, &reason_str);
This way if I'm paranoid about performance and I want stateless reply, I can avoid a transaction lookup.
Andrei
-
Andrei Pelinescu-Onciul -
Juha Heinanen