[OpenSER-Users] Cannot authenticate SUBSCRIBE

Eric PTAK eric.ptak.fr at gmail.com
Fri Apr 25 15:48:37 CEST 2008 

Hi list !

I'm building an agent and currently working on Digest authentication using
auth and auth_db modules.
I'm trying to authenticate all requests for compliance test purpose.
It works fine with REGISTER but I can't authenticate for others methods like
SUBSCRIBE, the module is looping authentication.

This is a part of my config file :

        if (uri==myself) {
                if (!www_authorize("", "subscriber")) {
                        www_challenge("", "0");
                        exit;
                };
                // others things
        };

And this is the requests / responses :


REGISTER sip:sip.awl.test SIP/2.0
Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150
CSeq: 1 REGISTER
From: <sip:0000 at sip.awl.test>;tag=9c0477b2
To: <sip:0000 at sip.awl.test>
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bKb71ee89041bd9f3631cf46a8fc76b46c
Max-Forwards: 70
Contact: <sip:0000 at 10.24.238.150:23456
;transport=tcp>;expires=3600,<sip:0000 at 10.24.238.150:23456
;transport=udp>;expires=3600
Content-Length: 0

SIP/2.0 401 Unauthorized
Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150
CSeq: 1 REGISTER
From: <sip:0000 at sip.awl.test>;tag=9c0477b2
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bKb71ee89041bd9f3631cf46a8fc76b46c
WWW-Authenticate: Digest realm="sip.awl.test",
nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
Server: OpenSER (1.3.1-notls (i386/linux))
Content-Length: 0

REGISTER sip:sip.awl.test SIP/2.0
Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150
CSeq: 2 REGISTER
From: <sip:0000 at sip.awl.test>;tag=9c0477b2
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
Max-Forwards: 70
Contact: <sip:0000 at 10.24.238.150:23456
;transport=tcp>;expires=3600,<sip:0000 at 10.24.238.150:23456
;transport=udp>;expires=3600
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bK4bff3e93bf1dc502db28c4d414e60b4f
Authorization: Digest
response="efb87138e6340d7a80a1f13ef26821da",username="0000",realm="sip.awl.test",nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35",uri="sip:sip.awl.test",algorithm=MD5
Content-Length: 0

SIP/2.0 200 OK
Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150
CSeq: 2 REGISTER
From: <sip:0000 at sip.awl.test>;tag=9c0477b2
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bK4bff3e93bf1dc502db28c4d414e60b4f
Contact: <sip:0000 at 10.24.238.150:23456;transport=udp>;expires=3600,
<sip:0000 at 10.24.238.150:23456;transport=tcp>;expires=3600
Server: OpenSER (1.3.1-notls (i386/linux))
Content-Length: 0

SUBSCRIBE sip:0000 at sip.awl.test SIP/2.0
Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150
CSeq: 1 SUBSCRIBE
From: <sip:0000 at sip.awl.test>;tag=3b68764f
To: <sip:0000 at sip.awl.test>
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bKae0ab5a2b4dd462eb139276b814b413c
Max-Forwards: 70
Contact: <sip:0000 at 10.24.238.150:23456>
Expires: 3600
Event: presence.winfo
Content-Length: 0

SIP/2.0 401 Unauthorized
Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150
CSeq: 1 SUBSCRIBE
From: <sip:0000 at sip.awl.test>;tag=3b68764f
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bKae0ab5a2b4dd462eb139276b814b413c
WWW-Authenticate: Digest realm="sip.awl.test",
nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
Server: OpenSER (1.3.1-notls (i386/linux))
Content-Length: 0

SUBSCRIBE sip:0000 at sip.awl.test SIP/2.0
Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150
CSeq: 2 SUBSCRIBE
From: <sip:0000 at sip.awl.test>;tag=3b68764f
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
Max-Forwards: 70
Contact: <sip:0000 at 10.24.238.150:23456>
Expires: 3600
Event: presence.winfo
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bK0afcac1c88fce00c3bfca270ed379ee4
Authorization: Digest
response="efb87138e6340d7a80a1f13ef26821da",username="0000",realm="sip.awl.test",nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35",uri="sip:sip.awl.test",algorithm=MD5
Content-Length: 0

SIP/2.0 401 Unauthorized
Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150
CSeq: 2 SUBSCRIBE
From: <sip:0000 at sip.awl.test>;tag=3b68764f
To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
Via: SIP/2.0/UDP 10.24.238.150:23456
;branch=z9hG4bK0afcac1c88fce00c3bfca270ed379ee4
WWW-Authenticate: Digest realm="sip.awl.test",
nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
Server: OpenSER (1.3.1-notls (i386/linux))
Content-Length: 0





As you can see, auth module always use
nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35" in its responses, for both
register and subscribe.

thanks for your help,

Eric.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080425/a94aa7e7/attachment.htm>

More information about the sr-users mailing list