Lukas Oberhuber wrote:
-----Original Message-----
From: Vadim Lebedev [mailto:[EMAIL PROTECTED]
Lukas Oberhuber wrote:
Here is a patch that fixes the below mentioned subscription issues.
The problem was the multiple Authorization headers. Subscriptions now
work properly with Asterisk 1.4 (and I think is much closer to the SIP
spec). *This issue is also present in the new version of libosip on
trunk*.
Patch attached to bug report.
http://dev.openwengo.com/trac/openwengo/trac.cgi/ticket/1265
-Lukas
Hello, lucas,
I'm affraid that this patch is not completley correct,
It should only remove old authorizations for the SAME realm as the new
one....
You see, in general case the packet can transit multiple hense the need
for the multiple auth header.
One more thing, it could be nice to have a function in osip_authorization.c:
void osip_filter_auth_list(osip_list **authlist, osip_authorization_t
*auth) doing the filtering job....
[LO] Vadim, is this a straight strcmp against the realm (well, probably
strncmp since the realm is not case sensitive)?
you mean strcasecmp (stricmp for msvc), but you should check for the
case where one or both of realms is between quotes...
Also, the rfc 3261 talked about proxy headers which certainly accepted
multiple authorization headers, but it didn't appear to on the ones here. In
any case it would fix the problem I was seeing in either case.
yes, proxy auth headres should be filtered too...
[LO] Yes, I realized that I had duplicated some code in my patch. I'll look
to fix it with what you mentioned here unless anyone has any objections.
Great,
Thanks
Vadim
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of
*Lukas Oberhuber
*Sent:* 06 January 2007 14:45
*To:* [email protected]
*Subject:* [Wengophone-devel] SIP Subscribe/Notify Problem
Hello,
I'm running into some issues using a SIP SUBSCRIBE and wondered if
anyone here knows the answer.
Exosip/osip is (in branch wengophone2.0 at least) is returning
multiple authentication headers in the sip response to an
authentication challenge. This behaviour does not appear to be
correct, and it is causing problems when connecting to Asterisk 1.4.
Can anyone tell me if I am right or wrong?
The problems referred to above: server complains about old nonces and
then stops notifying presence changes.
The evidence about the incorrect behaviour:
From the SIP RFC 3261, section 22.2 (http://www.ietf.org/rfc/rfc3261.txt)
Once credentials have been located, any UA that wishes to
authenticate itself with a UAS or registrar -- usually, but not
necessarily, after receiving a 401 (Unauthorized) response -- MAY do
so by including an Authorization header field with the request. The
Authorization field value consists of credentials containing the
authentication information of the UA for the realm of the resource
being requested as well as parameters required in support of
authentication and replay protection.
An example of the Authorization header field is:
Authorization: Digest username="bob",
realm="biloxi.com",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
uri="sip:[EMAIL PROTECTED]",
qop=auth,
nc=00000001,
cnonce="0a4f113b",
response="6629fae49393a05397450978507c4ef1",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
When a UAC resubmits a request with its credentials after receiving a
401 (Unauthorized) or 407 (Proxy Authentication Required) response,
it MUST increment the CSeq header field value as it would normally
when sending an updated request.
The challenge response from Wengophone:
| INFO1 | <wifo\eXosip\src\jcallback.c: 274> Message sent:
SUBSCRIBE sip:[EMAIL PROTECTED] SIP/2.0
Via: SIP/2.0/UDP
192.168.1.69:5060;rport;branch=z9hG4bK4259280421;xxx-nat-type=sym
Route: <sip:sipalive.com:5060;lr>
From: lukas <sip:[EMAIL PROTECTED]>;tag=2544574891
To: <sip:[EMAIL PROTECTED]>
Call-ID: [EMAIL PROTECTED]
CSeq: 23 SUBSCRIBE
Contact: <sip:[EMAIL PROTECTED]:5060>
Authorization: Digest username="lukas", realm="asterisk", nonce="49ebc1bc",
uri="sip:[EMAIL PROTECTED]", response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
algorithm=MD5
Authorization: Digest username="lukas", realm="asterisk", nonce="5cfd830b",
uri="sip:[EMAIL PROTECTED]", response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
algorithm=MD5
Authorization: Digest username="lukas", realm="asterisk", nonce="26a381bb",
uri="sip:[EMAIL PROTECTED]", response="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
algorithm=MD5
Max-Forwards: 70
Event: presence
User-Agent: wengo/v1/wengophoneng/wengo/rev0/branches/wengophone-2.0/
Expires: 600
Allow: INVITE, ACK, CANCEL, BYE, OPTIONS, REFER, SUBSCRIBE, NOTIFY, MESSAGE
Accept: application/pidf+xml
Content-Length: 0
------------------------------------------------------------------------
_______________________________________________
Wengophone-devel mailing list
[email protected]
http://dev.openwengo.com/mailman/listinfo/wengophone-devel
_______________________________________________
Wengophone-devel mailing list
[email protected]
http://dev.openwengo.com/mailman/listinfo/wengophone-devel
