[Serusers] UAC module (backport to 0.9.0)

Daniel-Constantin Mierla daniel at voice-system.ro
Sun May 22 10:51:42 CEST 2005


Hello,

the issue with CSeq is known and it is stated in the documentation (see 
the note there):

http://www.voice-system.ro/docs/uac/ar01s04.html#uac_auth

Daniel


On 05/16/05 22:05, Michael Ulitskiy wrote:

>Hello,
>
>I succeeded to make UAC module calculate credentials and
>resend message with the following simple patch on t_reply.c
>of tm module:
>
>--- t_reply.c.bak       2005-05-13 14:57:25.000000000 -0400
>+++ t_reply.c   2005-05-13 15:16:45.000000000 -0400
>@@ -761,6 +761,10 @@
>                   a callback; save branch count to be able to determine
>                   later if new branches were initiated */
>                branch_cnt=Trans->nr_of_outgoings;
>+               /* also append the current reply to the transaction to
>+                 * make it available in failure routes - a kind of "fake"
>+                 * save of the final reply per branch */
>+                Trans->uac[branch].reply = reply;
>
>                /* run ON_FAILURE handlers ( route and callbacks) */
>                if ( has_tran_tmcbs( Trans, TMCB_ON_FAILURE_RO|TMCB_ON_FAILURE)
>@@ -769,6 +773,11 @@
>                                picked_branch==branch?reply:Trans->uac[picked_branch].reply,
>                                picked_code);
>                }
>+
>+               /* now reset it; after the failure logic, the reply may
>+                * not be stored any more and we don't want to keep into
>+                * transaction some broken reference */
>+               Trans->uac[branch].reply = 0;
>
>                /* look if the callback perhaps replied transaction; it also
>                   covers the case in which a transaction is replied localy
>
>It's actually taken from cvs-head.
>Now ser.cfg written below works as expected with just one
>important issue. Authentication doesn't work anyway because
>ser doesn't increase CSeq number when resending message
>(INVITE) with credentials. I'm trying to authenticate
>to asterisk and in case of asterisk it immediately replies 
>"503 Service Unavailable" if it receives INVITE with the same CSeq.
>I thought it could be asterisk-specific problem, but RFC3261 in
>section "8.1.3.5 Processing 4xx Responses" says:
>"new request constitutes a new transaction and SHOULD have the same 
>value of the Call-ID, To, and From of the previous request, but the CSeq 
>should contain a new sequence number that is one higher than the previous."
>So I guess this is not an asterisk-specific. 
>It is my understanding that in order for this to work ser must increment 
>CSeq when authenticating to UAS, but decrement CSeq in all subsequent 
>in-dialog messages that will be sent to call originator including BYEs. 
>This, in turn, requires for ser to be call-statefull which is not the case. 
>Conclusion: uac authentication in ser is not possible.
>Please correct me if I'm wrong (I honestly want to be wrong on this matter:))
>Thank you,
>
>Michael
>
>On Sunday 15 May 2005 12:36 am, you wrote:
>  
>
>>Michael Ulitskiy wrote:
>>
>>    
>>
>>>Hello,
>>>
>>>Has anyone succeeded in getting UAC authentication to work?
>>>I'm doing the following:
>>>
>>>route {
>>>       resetflag(1);
>>>       t_on_failure("1");
>>>       route(1);
>>>}
>>>
>>>route[1]
>>>{
>>>       if (uri=~"[@:](192\.168\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.)") {
>>>           sl_send_reply("479", "We don't forward to private IP addresses");
>>>           break;
>>>       };
>>>       if (!t_relay()) {
>>>               sl_reply_error();
>>>       };
>>>}
>>>
>>>failure_route[1] {
>>>       # authentication reply received?
>>>       if ( t_check_status("401|407") ) {
>>>               if (!isflagset(1) && uac_auth()) {
>>>                       setflag(1);
>>>                       t_on_failure("1");
>>>                       append_branch();
>>>                       route(1);
>>>               } else {
>>>                       t_reply("500","Error occurred");
>>>               }
>>>               break;
>>>       }
>>>
>>>}
>>>
>>>When uac_auth() is called I get the following in the:
>>>0(28973) DEBUG:uac:uac_auth: picked reply is (nil), code 407
>>>0(28973) BUG:uac:uac_auth: empty reply on picked branch
>>>
>>>Any suggestions or ideas?
>>>Thank  you,
>>>
>>>Michael
>>>
>>> 
>>>
>>>      
>>>
>>I am also getting same thing with different msg ..
>>BUG:uac:uac_auth: empty reply on picked branch
>>
>>Anybody know how to overcome this?
>>
>>Mohammad
>>
>>
>>    
>>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>  
>




More information about the sr-users mailing list