[Serusers] Proxy-Authentication response changing?

Jan Janak jan at iptel.org
Sat Oct 16 00:22:16 CEST 2004 

The response changes because there is the method is one of the input
parameters.

What is wierd is that you get the error messages below, the
authentication of ACK and CANCEL requests would always succeed because
it is hardcoded in ser.

Also there is probably an error in your script, because functions like
check_username and other should not be executed when an ACK arrives --
forwarding of ACKs and other mid-dialog requests is record-routing
driven.
 
 Jan.

On 08-10 17:51, Greg Fausak wrote:
> The UA (Sipura SPA-2000) is changing it's response on the ACK...
> 
> sip scenario :  http://www.addaline.com/traces/t4_index.html
> Raw trace: http://www.addaline.com/traces/t4.w
> 
> I note that the caller's initial (challenged) INVITE produces:
> Proxy-Authorization: Digest  
> username="580009",realm="worldipphone.net",nonce="4166db96623abffd65eab0 
> fcdd4e8e40ed31f6cd",uri="sip: 
> 580011 at worldipphone.net",algorithm=MD5,response="57bf811fd90aa1d5f34e3b0 
> 2e62740de"
> 
> inside the SIP packets.  I trace all of them, and they remain  
> identical, until
> frame #70.  Frame 70 (the ACK) sends:
> Proxy-Authorization: Digest  
> username="580009",realm="worldipphone.net",nonce="4166db96623abffd65eab0 
> fcdd4e8e40ed31f6cd",uri="sip: 
> 580011 at worldipphone.net",algorithm=MD5,response="eef5a947b282f173c5e7057 
> 29f017faf"
> 
> My proxy is picking up the new response, and reporting:
> Oct  8 13:20:29 red ser[1192]: ACC: transaction answered:  
> method=INVITE, i-uri=sip:580011 at worldipphone.net,  
> o-uri=sip:~wCYW7mQU9Hrodvm6PwcJODzkQ9n9vBx_U at 198.212.169.240:5060,  
> call_id=058240b057fefa358d78e2705d09baff,  
> from=<sip:580009 at worldipphone.net>;tag=b5fe1311, code=200, uid=580009,  
> fromtag=b5fe1311, uid=580009, fromuri=sip:580009 at worldipphone.net,  
> fromuser=580009, fromdomain=worldipphone.net,  
> to=<sip:580011 at worldipphone.net>;tag=e203a620, totag=e203a620,  
> touri=sip:580011 at worldipphone.net, touser=580011, code=200,  
> userpart=580011, domain=worldipphone.net
> Oct  8 13:20:29 red ser[1215]: check_username(): No authorized  
> credentials found (error in scripts)
> Oct  8 13:20:29 red ser[1215]: check_username(): Call  
> {www,proxy}_authorize before calling check_* function !Oct  8 13:20:29  
> red ser[1215]: worldipphone.net-403: time_t=1097259629 ^LINE=135  
> ^FILE=/usr/local/lib/ser/include/sergatewayob.pre  
> ^call_id=058240b057fefa358d78e2705d09baff ^cseq=189334723  
> ^contact=<null> ^from=sip:580009 at worldipphone.net ^fromtag=b5fe1311  
> ^to=sip:580011 at worldipphone.net ^totag=e203a620 ^method=ACK  
> ^ruri=580011 at 198.212.169.15;lr;ftag=b5fe1311  
> ^messageid=10075^remark=authentication mismatch
> Oct  8 13:20:29 red ser[1215]: Warning: sl_send_reply: I won't send a  
> reply for ACK!!
> 
> and it won't reply with an authorization  error to an ACK packet...so  
> the ball is dropped there.
> 
> This is pretty weird.  Why would the response change?
> 
> ---greg
> 
> Greg Fausak
> www.AddaBrand.com
> (US) 469-546-1265

> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list