[OpenSER-Users] Cannot authenticate SUBSCRIBE

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Apr 25 19:14:03 CEST 2008


Hi Eric,

You should try to use proxy_auth() and proxy_challenge() for the 
SUBSCRIBE....

Regards,
Bogdan

Eric PTAK wrote:
> Hi list !
>  
> I'm building an agent and currently working on Digest authentication 
> using auth and auth_db modules.
> I'm trying to authenticate all requests for compliance test purpose.
> It works fine with REGISTER but I can't authenticate for others 
> methods like SUBSCRIBE, the module is looping authentication.
>  
> This is a part of my config file :
>  
>         if (uri==myself) {
>                 if (!www_authorize("", "subscriber")) {
>                         www_challenge("", "0");
>                         exit;
>                 };
>                 // others things
>         };
>  
> And this is the requests / responses :
>  
>
> REGISTER sip:sip.awl.test SIP/2.0
> Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150 
> <mailto:0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150>
> CSeq: 1 REGISTER
> From: <sip:0000 at sip.awl.test>;tag=9c0477b2
> To: <sip:0000 at sip.awl.test>
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bKb71ee89041bd9f3631cf46a8fc76b46c
> Max-Forwards: 70
> Contact: 
> <sip:0000 at 10.24.238.150:23456;transport=tcp>;expires=3600,<sip:0000 at 10.24.238.150:23456;transport=udp>;expires=3600
> Content-Length: 0
>
> SIP/2.0 401 Unauthorized
> Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150 
> <mailto:0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150>
> CSeq: 1 REGISTER
> From: <sip:0000 at sip.awl.test>;tag=9c0477b2
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bKb71ee89041bd9f3631cf46a8fc76b46c
> WWW-Authenticate: Digest realm="sip.awl.test", 
> nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
> Server: OpenSER (1.3.1-notls (i386/linux))
> Content-Length: 0
>
> REGISTER sip:sip.awl.test SIP/2.0
> Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150 
> <mailto:0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150>
> CSeq: 2 REGISTER
> From: <sip:0000 at sip.awl.test>;tag=9c0477b2
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
> Max-Forwards: 70
> Contact: 
> <sip:0000 at 10.24.238.150:23456;transport=tcp>;expires=3600,<sip:0000 at 10.24.238.150:23456;transport=udp>;expires=3600
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bK4bff3e93bf1dc502db28c4d414e60b4f
> Authorization: Digest 
> response="efb87138e6340d7a80a1f13ef26821da",username="0000",realm="sip.awl.test",nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35",uri="sip:sip.awl.test",algorithm=MD5
> Content-Length: 0
>
> SIP/2.0 200 OK
> Call-ID: 0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150 
> <mailto:0f13c7c272f62943f2f6345c07249fcd at 10.24.238.150>
> CSeq: 2 REGISTER
> From: <sip:0000 at sip.awl.test>;tag=9c0477b2
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.8696
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bK4bff3e93bf1dc502db28c4d414e60b4f
> Contact: <sip:0000 at 10.24.238.150:23456;transport=udp>;expires=3600, 
> <sip:0000 at 10.24.238.150:23456;transport=tcp>;expires=3600
> Server: OpenSER (1.3.1-notls (i386/linux))
> Content-Length: 0
>
> SUBSCRIBE sip:0000 at sip.awl.test SIP/2.0
> Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150 
> <mailto:d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150>
> CSeq: 1 SUBSCRIBE
> From: <sip:0000 at sip.awl.test>;tag=3b68764f
> To: <sip:0000 at sip.awl.test>
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bKae0ab5a2b4dd462eb139276b814b413c
> Max-Forwards: 70
> Contact: <sip:0000 at 10.24.238.150:23456 
> <http://sip:0000@10.24.238.150:23456>>
> Expires: 3600
> Event: presence.winfo
> Content-Length: 0
>
> SIP/2.0 401 Unauthorized
> Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150 
> <mailto:d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150>
> CSeq: 1 SUBSCRIBE
> From: <sip:0000 at sip.awl.test>;tag=3b68764f
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bKae0ab5a2b4dd462eb139276b814b413c
> WWW-Authenticate: Digest realm="sip.awl.test", 
> nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
> Server: OpenSER (1.3.1-notls (i386/linux))
> Content-Length: 0
>
> SUBSCRIBE sip:0000 at sip.awl.test SIP/2.0
> Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150 
> <mailto:d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150>
> CSeq: 2 SUBSCRIBE
> From: <sip:0000 at sip.awl.test>;tag=3b68764f
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
> Max-Forwards: 70
> Contact: <sip:0000 at 10.24.238.150:23456 
> <http://sip:0000@10.24.238.150:23456>>
> Expires: 3600
> Event: presence.winfo
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bK0afcac1c88fce00c3bfca270ed379ee4
> Authorization: Digest 
> response="efb87138e6340d7a80a1f13ef26821da",username="0000",realm="sip.awl.test",nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35",uri="sip:sip.awl.test",algorithm=MD5
> Content-Length: 0
>
> SIP/2.0 401 Unauthorized
> Call-ID: d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150 
> <mailto:d27f913809ccfa308b497ce92c3d01ef at 10.24.238.150>
> CSeq: 2 SUBSCRIBE
> From: <sip:0000 at sip.awl.test>;tag=3b68764f
> To: <sip:0000 at sip.awl.test>;tag=329cfeaa6ded039da25ff8cbb8668bd2.78ff
> Via: SIP/2.0/UDP 
> 10.24.238.150:23456;branch=z9hG4bK0afcac1c88fce00c3bfca270ed379ee4
> WWW-Authenticate: Digest realm="sip.awl.test", 
> nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35"
> Server: OpenSER (1.3.1-notls (i386/linux))
> Content-Length: 0
>
>  
>
>  
>
> As you can see, auth module always use 
> nonce="4811de4caf098eb6f25ea5db9a788578a2d4be35" in its responses, for 
> both register and subscribe.
>
> thanks for your help,
>
> Eric.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>   





More information about the sr-users mailing list