[Serusers] sipsak authentication problem

Nils Ohlmeier nils at iptel.org
Tue Feb 3 16:48:07 CET 2004 

Thanks for reporting. Fixed in CVS.

Greetings
  Nils

Am Tuesday 03 February 2004 16:12 schrieb Klaus Darilion:
> I think I found a bug in sipsak - the following command creates an
> invalid contact:
>
> ./sipsak -U -C sip:darilion at obelix.ict.tuwien.ac.at -x 300 -s
> sip:klaus.darilion at nic.at43.at -a mypasss
>
> As you see in the packet dump below (the REGISTER sent by sipsak to the
> proxy), sipsak inserts at the end of the sip-uri in the contact header
> one Byte with the value 0x19 (=31 decimal). If I change the contact to a
> contact with different length everything works fine but if the length
> stays constant , the Byte will be inserted. Example:
>
> -C sip:darilion at obelix.ict.tuwien.ac.at:5060
> works
>
> -C sip:darilio at nobelix.ict.tuwien.ac.at
> works not
>
> -C sip:darilio at obelix.ict.tuwien.ac.at
> works
>
> Frame 116 (608 bytes on wire, 608 bytes captured)
> Linux cooked capture
> Internet Protocol, Src Addr: 128.131.80.136 (128.131.80.136), Dst Addr:
> 193.171.3.17 (193.171.3.17)
> User Datagram Protocol, Src Port: 32857 (32857), Dst Port: 5060 (5060)
> Session Initiation Protocol
>      Request line: REGISTER sip:nic.at43.at SIP/2.0
>      Message Header
>          Authorization: Digest username="klaus.darilion",
> uri="sip:nic.at43.at", algorithm=MD5, realm="nic.at43.at",
> nonce="401fb954b5bed472c5c96acd639c7307d1d4f46b",
> response="e25f7a2823c6657a0930cbaf8c43fab0"
>          Via: SIP/2.0/UDP obelix.ict.tuwien.ac.at:32857;rport
>          From: <sip:klaus.darilion at nic.at43.at>
>          To: <sip:klaus.darilion at nic.at43.at>
>          Call-ID: 140068637 at obelix.ict.tuwien.ac.at
>          CSeq: 1 REGISTER
>          Contact: <sip:darilion at obelix.ict.tuwien.ac.at\031>
>          Expires: 300
>          Content-Length: 0
>          Max-Forwards: 70
>          User-Agent: sipsak 0.8.8_pre
>
>
> regards,
> klaus
>
> Nils Ohlmeier wrote:
> > On Tuesday 03 February 2004 15:11, Klaus Darilion wrote:
> >>I tried it again with the windows version without NAT (public IP).
> >>windows version failed, linux version succeeded.
> >
> > hmm ok, so authentication doesnt seem to work under windows. i'll
> > investigate this later.
> >
> >>I also tried the new register feature from CVS. But there is one problem
> >>- the sip-uri behind the "-c" switch will be ignored and sipsak uses its
> >>current contact (the host and port sipsak is listening and the user from
> >>the -s switch).
> >
> > it works for me (i allready use for account forwarding). can you please
> > send me output (and maybe network dumps) for the problem privately?
> >
> > thanks
> >   Nils
> >
> >>regards,
> >>klaus
> >>
> >>Klaus Darilion wrote:
> >>>I also tested it with a public IP and it didn't work. I will try it
> >>>again later today.
> >>>
> >>>klaus
> >>>
> >>>Nils Ohlmeier wrote:
> >>>>On Tuesday 03 February 2004 03:12, Klaus Darilion wrote:
> >>>>>Very strange - I tried the cvs version, and the 0.8.7 on a linux PC
> >>>>>with public IP with the same command line and both worked fine. Maybe
> >>>>>it is a
> >>>>
> >>>>But you made the test from behind NAT or? Because the IP and port in
> >>>>the received and rport parameters of the Via header differ from the
> >>>>origianl value in the Via header.
> >>>>
> >>>>>problem of the windows version? -n give the same result.
> >>>>
> >>>>To be honest, i do not test the windows version :-)
> >>>>I just compile it for the convenience of the lazy winwods users ;-) So
> >>>>i cant deny that maybe the authentication doesnt work under windows.
> >>>>Allthough i cant imagine why it shouldnt. I have to test that in the
> >>>>future.
> >>>>
> >>>>Greetings
> >>>>  Nils
> >>>>
> >>>>>regards,
> >>>>>klaus
> >>>>>
> >>>>>Nils Ohlmeier wrote:
> >>>>>>Hi Klaus,
> >>>>>>
> >>>>>>what you tried with a file is allready possible with the latested
> >>>>>>sipsak
> >>>>>>from CVS. It can use a given Contact for REGISTER.
> >>>>>>But i have no real clue why you receive 401 twice. I'm pretty sure
> >>>>>>that the digest auth part of sipsak works fine. Can you try to run
> >>>>>>sipsak with
> >>>>>>-n to use IPs instead of hostnames in Via? Maybe this is related to
> >>>>>>the "NAT"-detection at iptel.
> >>>>>>
> >>>>>>Greetings
> >>>>>> Nils
> >>>>>>
> >>>>>>On Monday 02 February 2004 22:36, Klaus Darilion wrote:
> >>>>>>>Hi!
> >>>>>>>
> >>>>>>>I tried sipsak to manually insert a contact (sorry for abusing
> >>>>>>>iptel), but the proxy always responds with 401. I can't find the
> >>>>>>>problem, except
> >>>>>>>that the CSeq is in both requests the same - can this be the
> >>>>>>>problem? Is
> >>>>>>>it possible to let CSeq be increased by sipsak?
> >>>>>>>
> >>>>>>>thanks,
> >>>>>>>klaus
> >>>>>>>
> >>>>>>>
> >>>>>>>Here is the sipsak trace:
> >>>>>>>
> >>>>>>>C:\Software\VoIP\SIP\Tools>sipsak-0.8.7.exe -f
> >>>>>>>register-klaus.darilion-iptel.txt -s sip:klaus3000 at iptel.org -a
> >>>>>>>mypass -vv New message with Via-Line:
> >>>>>>>REGISTER sip:iptel.org SIP/2.0
> >>>>>>>Via: SIP/2.0/UDP MIRNIXDIRNIX.ict.tuwien.ac.at:3021;rport
> >>>>>>>From: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>To: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>Contact: "Klaus Darilion iptel"
> >>>>>>><sip:darilion at obelix.ict.tuwien.ac.at:5060> Call-ID:
> >>>>>>>88836654752435A07DEC84E6A14121A91171B8996F6FC at iptel.org CSeq: 233
> >>>>>>>REGISTER
> >>>>>>>Expires: 86400
> >>>>>>>Max-Forwards: 70
> >>>>>>>Content-Length: 0
> >>>>>>>
> >>>>>>>
> >>>>>>>** request **
> >>>>>>>REGISTER sip:iptel.org SIP/2.0
> >>>>>>>Via: SIP/2.0/UDP MIRNIXDIRNIX.ict.tuwien.ac.at:3021;rport
> >>>>>>>From: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>To: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>Contact: "Klaus Darilion iptel"
> >>>>>>><sip:darilion at obelix.ict.tuwien.ac.at:5060> Call-ID:
> >>>>>>>88836654752435A07DEC84E6A14121A91171B8996F6FC at iptel.org CSeq: 233
> >>>>>>>REGISTER
> >>>>>>>Expires: 86400
> >>>>>>>Max-Forwards: 70
> >>>>>>>Content-Length: 0
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>message received:
> >>>>>>>authorizing
> >>>>>>>** request **
> >>>>>>>REGISTER sip:iptel.org SIP/2.0
> >>>>>>>Authorization: Digest username="klaus3000", uri="sip:iptel.org",
> >>>>>>>algorithm=MD5, realm="iptel.org",
> >>>>>>>nonce="401ebfc379f39fde2aaa9d064db4aba38415c51a",
> >>>>>>>response="d203e1d5ab318a427375ae6998600af5"
> >>>>>>>Via: SIP/2.0/UDP MIRNIXDIRNIX.ict.tuwien.ac.at:3021;rport
> >>>>>>>From: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>To: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>Contact: "Klaus Darilion iptel"
> >>>>>>><sip:darilion at obelix.ict.tuwien.ac.at:5060> Call-ID:
> >>>>>>>88836654752435A07DEC84E6A14121A91171B8996F6FC at iptel.org CSeq: 233
> >>>>>>>REGISTER
> >>>>>>>Expires: 86400
> >>>>>>>Max-Forwards: 70
> >>>>>>>Content-Length: 0
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>message received:
> >>>>>>>
> >>>>>>>request:
> >>>>>>>REGISTER sip:iptel.org SIP/2.0
> >>>>>>>Authorization: Digest username="klaus3000", uri="sip:iptel.org",
> >>>>>>>algorithm=MD5, realm="iptel.org",
> >>>>>>>nonce="401ebfc379f39fde2aaa9d064db4aba38415c51a",
> >>>>>>>response="d203e1d5ab318a427375ae6998600af5"
> >>>>>>>Via: SIP/2.0/UDP MIRNIXDIRNIX.ict.tuwien.ac.at:3021;rport
> >>>>>>>From: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>To: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>Contact: "Klaus Darilion iptel"
> >>>>>>><sip:darilion at obelix.ict.tuwien.ac.at:5060> Call-ID:
> >>>>>>>88836654752435A07DEC84E6A14121A91171B8996F6FC at iptel.org CSeq: 233
> >>>>>>>REGISTER
> >>>>>>>Expires: 86400
> >>>>>>>Max-Forwards: 70
> >>>>>>>Content-Length: 0
> >>>>>>>
> >>>>>>>
> >>>>>>>response:
> >>>>>>>SIP/2.0 401 Unauthorized
> >>>>>>>Via: SIP/2.0/UDP
> >>>>>>>MIRNIXDIRNIX.ict.tuwien.ac.at:3021;rport=62621;received=62.178.216.2
> >>>>>>>0 3 From: Klaus Darilion iptel <sip:klaus3000 at iptel.org>
> >>>>>>>To: Klaus Darilion iptel
> >>>>>>><sip:klaus3000 at iptel.org>;tag=794fe65c16edfdf45da4fc39a5d2867c.1558
> >>>>>>>Call-ID: 88836654752435A07DEC84E6A14121A91171B8996F6FC at iptel.org
> >>>>>>>CSeq: 233 REGISTER
> >>>>>>>P-Behind-NAT: Yes
> >>>>>>>WWW-Authenticate: Digest realm="iptel.org",
> >>>>>>>nonce="401ebfc379f39fde2aaa9d064db4aba38415c51a"
> >>>>>>>Server: Sip EXpress router (0.8.12-tcp_nonb-tls (i386/linux))
> >>>>>>>Content-Length: 0
> >>>>>>>Warning: 392 195.37.77.101:5060 "Noisy feedback tells:  pid=26858
> >>>>>>>req_src_ip=62.178.216.203 req_src_port=62621 in_uri=sip:iptel.org
> >>>>>>>out_uri=sip:iptel.org via_cnt==1"
> >>>>>>>
> >>>>>>>
> >>>>>>>error: authorization failed
> >>>>>>>      request already contains (Proxy-) Authorization, but received
> >>>>>>>401, see above
> >>>>>>>
> >>>>>>>C:\Software\VoIP\SIP\Tools>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>_______________________________________________
> >>>>>>>Serusers mailing list
> >>>>>>>serusers at lists.iptel.org
> >>>>>>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>
> >>>_______________________________________________
> >>>Serusers mailing list
> >>>serusers at lists.iptel.org
> >>>http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list