[OpenSER-Users] Doesn't "proxy_authorize()" allow credentials if "From" == "Anonymous" <sip:anonymous at anonymous.invalid> ?

Klaus Darilion klaus.mailinglists at pernau.at
Thu Jun 5 17:45:56 CEST 2008 

Hi!

Do you have the domain hardcoded in the authenticate function? If not 
openser tries to detect it from the from header (anonymous.invalid) and 
thus may not find the authorization header.

regards
klaus

Iñaki Baz Castillo schrieb:
> Hi, when I do a call with hiddn callerid from my Twinkle it sends an INVITE 
> with:
> 
> -----------
>   INVITE sip:1414 at my_domain.net SIP/2.0
>   From: "Anonymous" <sip:anonymous at anonymous.invalid>;tag=emirn
>   Privacy: id
>   P-Preferred-Identity: "IBC" <sip:ibc at my_domain.net>
> -----------
> 
> and of course my Openser asks Twinkle for authentication:
> 
> -----------
>   SIP/2.0 407 Proxy Authentication Required
>   Proxy-Authenticate: Digest realm="my_domain.net", 
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
> -----------
> 
> and I see the $rc code of "proxy-authentication()" is -4  (no credentials).
> 
> So my Twinkle sends a correct INVITE (CSeq + 1 and "Proxy-Authorization" 
> header):
> 
> -----------
>   INVITE sip:1414 at my_domain.net SIP/2.0
>   From: "Anonymous" <sip:anonymous at anonymous.invalid>;tag=emirn
>   Privacy: id
>   P-Preferred-Identity: "IBC" <sip:ibc at my_domain.net>
>   Proxy-Authorization: Digest username="ibc", realm="mt_domain.net",     
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e",  
>       uri="sip:1414 at my_domain.net",   
>       response="061d82967778669a01e53d168f2da93b",
>       algorithm=MD5, cnonce="9n7ln49l46", qop=auth, nc=00000001
> -----------
> 
> But "proxy-authentication()" replies again with -4  (no credentials).
> -----------
>   SIP/2.0 407 Proxy Authentication Required
>   Proxy-Authenticate: Digest realm="my_domain.net", 
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
> -----------
> 
> 
> Why? Obviously the INVITE **does include** Proxy-Authorization.
> Maybe RC3261 says that a server must not challenge for authentication a user 
> with From "Anonymous" <sip:anonymous at anonymous.invalid> ?
> 
> Of course authentication works properly when not hidding callerid.
> 
> Thanks for any explanation.
> 
> 
>

More information about the sr-users mailing list