[Devel] Re: qop support and CSeq increasing in UAC Module

Andreas Heise aheise at gmx.de
Wed Jan 10 23:03:37 CET 2007 

Hi Bogdan,

yes with the "fix" suggested by Thomas works with some proxies....

I hope that real qop support and CSeq feature will be define as todo for
the next roadmap instead of nice to have, because uac_auth is really needed
often.

greetings from Berlin,
Andreas


Bogdan-Andrei Iancu schrieb:
> Hi Andreas,
>
> yes, that is true - is a bit of complicated to calculate the response 
> when qop is on. Have you tried the approach suggested by Thomas? to 
> completely ignore the qop from challenge and to send the response as 
> if no qop was received......
>
> regards,
> bogdan
>
> Andreas Heise wrote:
>
>>
>> I've make some tests to deeper understand qop, for this I've modify 
>> the auth_hdr.c to
>> ignore the qop and add a static qop=auth to the outgoing 
>> authorization header, but this
>> way wasn't successful.
>> After review of RFC 2617 I found that in case of qop cnonce and 
>> nonce-count (nc) MUST
>> send by the client so it's not so easy as expected.
>>
>> Andreas
>>
>>
>> Andreas Heise schrieb:
>>
>>>
>>> Hi Bogdan,
>>>
>>> I think for the qop it could solved very quickly  if only  the auth 
>>> method will be implemented first,
>>> because the Digest for auth should be the same as without qop 
>>> (unspecified) see page 14
>>> in the following example....
>>>
>>>   
>>> http://www.softarmor.com/wgdb/docs/draft-smith-sip-auth-examples-00.txt
>>>
>>> so it should work as follow....
>>>
>>> if qop is detected, parse qop value if "auth" is allowed, if yes 
>>> send Authenticated Request as without qop,
>>> but add qop="auth" or qop=auth ?!  ........if *only* auth-int is 
>>> allowed goto error as before ;-(
>>>
>>> This should make a lot of users happy......
>>>
>>> Am I right? Is it possible for somebody to do this soon ;-)
>>>
>>> regards,
>>> Andreas
>>>
>>> Bogdan-Andrei Iancu
>>> Thu, 04 Jan 2007 08:14:51 -0800
>>>
>>> Hi Klaus, Hi Stefano,
>>>
>>>
>>> fixes to these limitations are scheduled to be done, but I'm afraid 
>>> they will not be ready for the next release - more time consuming 
>>> things are on the roll and I personally prefer to finish them before 
>>> attacking something new...
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Klaus Darilion wrote:
>>>
>>>
>>>    Stefano Capitanio wrote:
>>>
>>>            Hi,
>>>
>>>                  i would like to ask if the two known limitations of 
>>> UAC Module
>>>        (authentication does not support qop; CSeq not increased during
>>>        authentication) will be resolved in future releases and if
>>>        anyone has developed a patch or is working on it.
>>>        I wonder if the dialog module can be used to keep track of 
>>> the CSeq
>>>    difference between the SIPclient-->openser and
>>>    openser--->upstreamSIPcomponent and modify all messages on the fly?
>>>    Or another idea - would i be possible to store the Cseq difference
>>>    in the record route parameter of uac module too?
>>>
>>>    regards
>>>    klaus
>>>
>>>    _______________________________________________
>>> Devel mailing list
>>> Devel at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>>
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
>

More information about the Devel mailing list