[SR-Users] Kamailio - Nonce validity between Register and Invite

patrice.bodeven at orange.com patrice.bodeven at orange.com
Fri Aug 31 16:09:27 CEST 2012


Hello 

The return code is 2. 

The problem seems due to "nonce.c" 
if (!memcmp(&b_nonce.n.md5_1[0], &b_nonce2.n.md5_1[0], 16)) {
xxx
}

So I put 

	DBG("auth:pre_auth:api.c:nonce.c Invalid nonce (nonce %s)\n", &b_nonce.n.md5_1[0]);
	DBG("auth:pre_auth:api.c:nonce.c Invalid nonce (nonce2 %s)\n", &b_nonce2.n.md5_1[0]);
	return 2;
}

The result into log is : 

Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: registrar [lookup.c:229]: '+33296053686' found in usrloc
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth_db [authorize.c:271]: realm value [openims-kamailio-1.mycluster]
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [nonce.c:473]: auth:pre_auth:api.c:nonce.c Invalid nonce (nonce ö§£Â\ÆX`#035~MT~\ÞUl~X~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010)
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [nonce.c:474]: auth:pre_auth:api.c:nonce.c Invalid nonce (nonce2 rÍ7B½¿| {Ó9R~R¬FSÖ~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010PA#027#030P@¸ö§£Â\ÆX`#035~MT~\ÞUl~X~Sb~@»êü#025nÿ| ¹»©Zo#032#YåP~@Ãô#010)
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:147]: auth:pre_auth: Invalid nonce value received
Aug 31 13:58:25 openims-kamailio-1 /usr/sbin/kamailio[7824]: DEBUG: auth [api.c:148]: auth:pre_auth: Invalid nonce value received (ret 2)

Cordialement/ Best regards 
Patrice B

-----Message d'origine-----
De : Daniel-Constantin Mierla [mailto:miconda at gmail.com] 
Envoyé : vendredi 31 août 2012 10:35
À : SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing List
Cc : BODEVEN Patrice RD-CORE
Objet : Re: [SR-Users] Kamailio - Nonce validity between Register and Invite

Hello,

On 8/30/12 10:43 AM, patrice.bodeven at orange.com wrote:
> Hello,
>
> Sorry, but i am blocked on the nonce reuse between the Register and the INVITE even with the info provided in debug mode.
>   
> My understanding is Nonce should be valid between SIP methods until the nonce is valid in the time.
> But I don't know how the Nonce is stored and how Kamailio is looking for the nonce into the memory !
>
> I did a test on Register => nonce reuse is ok.
> I did a test on INVITE => nonce reuse of Register or on previous INVITE doesn't work !
>
> But based on the site indicated below and the SIPP (generate the INVITE with the Nonce of Register), the result is
> auth_db [authorize.c:271]: realm value [openims-kamailio-1.mycluster]
> auth [api.c:95]: auth: digest-algo: MD5 parsed value: 1
> auth [api.c:147]: auth:pre_auth: Invalid nonce value received
>
> But there is no explanation why the nonce is invalid.
can you apply the following patch:

http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=blobdiff;f=modules/auth/api.c;h=c79de5c9dd6cd3e176c05d836c7b0a4275f8a3d2;hp=2ee39a7a6cbcce741365dac97ae8a3db8c196b0c;hb=494b383edde7a2d193c220f3117506e4cc95932f;hpb=e4ecf49add0e62330e1db071106806e35e9b078a

It practically adds the return code in the log message, that should give 
better leads to why the nonce is considered invalid, allowing to track 
back quicker in the source code.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, France Telecom - Orange is not liable for messages that have been modified, changed or falsified.
Thank you.




More information about the sr-users mailing list