[SR-Users] during registration nonce expired, after backwards time shift
Daniel-Constantin Mierla
miconda at gmail.com
Sat Aug 22 12:33:52 CEST 2015
I looked at the code and the system time is used (not the the internal
value). Therefore, after detecting and invalid nonce, if you do
challenge again, a nonce with the right time should be generated and
used for authentication.
Look at sip trace to see if nonce is regenerated and run with debug=3 to
get more log message that would help to investigate better.
Cheers,
Daniel
On 20/08/15 10:05, Daniel-Constantin Mierla wrote:
> Hello,
>
> probably the module is using the time computed internally as start time
> plus elapsed seconds (counted internally). We can introduce an option to
> use the system time, which may add a bit of delay, but really
> insignificant. I will look into it these days.
>
> Cheers,
> Daniel
>
>
> On 18/08/15 22:44, Vasiliy Ganchev wrote:
>> Hi list!
>> (sorry for sending first mail to wrong sub forum)
>> Have a following issue:
>> Server with Kamailio restart with wrong time (why - this is separate part of
>> my investigations), timeshift e.g. for 2 hours in feature.
>> After ntp daemon adjust correct time (move time backwards), Kamailio do not
>> accept REGISTERs, pv_www_authenticate answer with code -4 (nonce expired)
>>
>> I've reade the description of:
>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_expire
>> and
>> http://kamailio.org/docs/modules/4.2.x/modules/auth.html#auth.p.nonce_auth_max_drift
>>
>> This descriptions mention situation with backwards timeshift from future.
>> As I understand, Kamailio do not authorise the registration, whose nonces
>> where generated in future (before ntp shifted the time). But in my tests,
>> Kamailio do not accept even REGISTER from UA, sent after time shift (with
>> new nonces, that as I expected has to use correct time for nonce generation,
>> and be authorised with no problem).
>>
>> Only Kamailio process restart help to cope with the issue.
>>
>> It looks like for nonce generating Kamailio use old time (in feature, that
>> was before timeshift).
>>
>> I wander, does the Kamailio behave in described case - as is expected? If I
>> am wrong in some of my assumptions, please point out.
>>
>> version: kamailio 4.2.5
>>
>> Thank in advance!
>> Cheers!
>>
>>
>>
>>
>> --
>> View this message in context: http://sip-router.1086192.n5.nabble.com/during-registration-nonce-expired-after-backwards-time-shift-tp140536.html
>> Sent from the Users mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com
More information about the sr-users
mailing list