<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>[Serusers] Digest Authentication</TITLE>
<META content="MSHTML 6.00.2800.1479" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2>Hi,</FONT></SPAN></DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff size=2>Thanks
for the reply! I did however just get 407 instead of 401.</FONT></SPAN></DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2>But...I found the fault! :-)</FONT></SPAN></DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff size=2>In for
example the client program X-Lite you specify 'Domain/Realm' in the menu (i.e.
one field), were I've specified the SIP servers IP address. </FONT></SPAN><SPAN
class=033172915-03012005><FONT face=Arial color=#0000ff size=2>But when the user
was created (with serctl) the SIP_DOMAIN variable was set to something else. So
when I deleted the user, sat the variable to the servers IP address
and recreated the user, the auth register msg went
thru.</FONT></SPAN></DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff
size=2>Regards,</FONT></SPAN></DIV>
<DIV><SPAN class=033172915-03012005><FONT face=Arial color=#0000ff size=2>
//Magnus</FONT></SPAN></DIV>
<BLOCKQUOTE>
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
innovation.interops@wipro.com
[mailto:innovation.interops@wipro.com]<BR><B>Sent:</B> den 3 januari 2005
08:16<BR><B>To:</B> Magnus Sörman (AL/EAB);
serusers@lists.iptel.org<BR><B>Subject:</B> RE: [Serusers] Digest
Authentication<BR><BR></FONT></DIV>
<DIV id=idOWAReplyText74530 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Hello,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Try these inclusions pls
for a simple straight forward Digest Auth...</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr>modparam("auth_db",
"db_url","sql://ser:heslo@localhost/ser")</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr># main routing logic</DIV>
<DIV dir=ltr>route{</DIV>
<DIV dir=ltr>if(!proxy_authorize("<STRONG>yourdomain</STRONG>.com" /* realm
*/,<BR>
"subscriber" /* table name */
))<BR>{<BR>proxy_challenge("<STRONG>yourdomain</STRONG>.com",
"0");<BR>break;<BR>}</DIV>
<DIV dir=ltr>sl_send_reply("200", "ok");</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>karthikeyan.k<BR><BR></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2><BR></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> serusers-bounces@lists.iptel.org on behalf of
Magnus Sörman (AL/EAB)<BR><B>Sent:</B> Thu 12/30/2004 3:45 PM<BR><B>To:</B>
'serusers@lists.iptel.org'<BR><B>Subject:</B> [Serusers] Digest
Authentication<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hi,<BR><BR>I need some help with digest
authentication.<BR>When I uncomment those lines in ser.cfg, the register msg
stops to work. In the trace, see below, you can see the nonce being sent in
the re-register msg, but the server still responds with 401 Unauthorized. I've
tried with both 0 and 1 in the www_challenge.<BR><BR>Without the digest
authentication the register works fine.<BR><BR>Thanks in advance,<BR>
//Magnus<BR><BR>ser.cfg (ser 0.8.12 running on a Fedora box. Used for test
purpose only):<BR>====================================================<BR>#
----------- global configuration parameters
------------------------<BR><BR>#debug=3
# debug level (cmd line:
-dddddddddd)<BR>#fork=yes<BR>#log_stderror=no
# (cmd line: -E)<BR><BR>/* Uncomment these lines to enter debugging
mode<BR>debug=7<BR>fork=no<BR>log_stderror=yes<BR>*/<BR><BR>check_via=no
# (cmd. line:
-v)<BR>dns=no #
(cmd. line: -r)<BR>rev_dns=no # (cmd. line:
-R)<BR>#port=5060<BR>#children=4<BR>fifo="/tmp/ser_fifo"<BR><BR>sip_warning=no<BR><BR>alias="sip_server_ip"<BR><BR>#
------------------ module loading ----------------------------------<BR><BR>#
Uncomment this if you want to use SQL database<BR>loadmodule
"/usr/lib/ser/modules/mysql.so"<BR><BR>loadmodule
"/usr/lib/ser/modules/sl.so"<BR>loadmodule
"/usr/lib/ser/modules/tm.so"<BR>loadmodule
"/usr/lib/ser/modules/rr.so"<BR>loadmodule
"/usr/lib/ser/modules/maxfwd.so"<BR>loadmodule
"/usr/lib/ser/modules/usrloc.so"<BR>loadmodule
"/usr/lib/ser/modules/registrar.so"<BR><BR>loadmodule
"/usr/lib/ser/modules/pa.so"<BR><BR># Uncomment this if you want digest
authentication<BR># mysql.so must be loaded !<BR>loadmodule
"/usr/lib/ser/modules/auth.so"<BR>loadmodule
"/usr/lib/ser/modules/auth_db.so"<BR><BR># ----------------- setting
module-specific parameters ---------------<BR><BR># -- usrloc params
--<BR><BR>#modparam("usrloc", "db_mode", 0)<BR><BR># Uncomment
this if you want to use SQL database<BR># for persistent storage and comment
the previous line<BR>modparam("usrloc", "db_mode", 2)<BR><BR># -- auth params
--<BR># Uncomment if you are using auth module<BR>#<BR>modparam("auth_db",
"calculate_ha1", yes)<BR>#<BR># If you set "calculate_ha1" parameter to yes
(which true in this config),<BR># uncomment also the following
parameter)<BR>#<BR>modparam("auth_db", "password_column", "password")<BR><BR>#
-- rr params --<BR># add value to ;lr param to make some broken UAs
happy<BR>modparam("rr", "enable_full_lr", 1)<BR><BR><BR>#
------------------------- request routing logic
-------------------<BR><BR># main routing
logic<BR><BR>route{<BR><BR> #
initial sanity checks -- messages
with<BR> # max_forwards==0, or
excessively long requests<BR> if
(!mf_process_maxfwd_header("10"))
{<BR>
sl_send_reply("483","Too Many
Hops");<BR>
break;<BR>
};<BR> if ( msg:len > max_len )
{<BR>
sl_send_reply("513", "Message too
big");<BR>
break;<BR>
};<BR><BR> # we record-route all
messages -- to make sure that<BR> #
subsequent messages will go through our proxy;
that's<BR> # particularly good if
upstream and downstream entities<BR>
# use different transport
protocol<BR>
record_route();<BR> # loose-route
processing<BR> if (loose_route())
{<BR>
t_relay();<BR>
break;<BR>
};<BR><BR> # if the request is for
other domain use UsrLoc<BR> # (in
case, it does not work, use the following
command<BR> # with proper names and
addresses in it)<BR><BR> if (uri ==
myself ) {<BR><BR>
if (method=="SUBSCRIBE")
{<BR>
if(t_newtran()){<BR>
handle_subscription("registrar");<BR>
break;<BR>
};<BR>
};<BR>
<BR>
if (method=="REGISTER") {<BR><BR>#
Uncomment this if you want to use digest
authentication<BR>
if (!www_authorize("sip_server_ip",
"subscriber")) {<BR>
www_challenge("sip_server_ip",
"1");<BR>
break;<BR>
};<BR>
save("location");<BR>
break;<BR>
};<BR><BR>
# native SIP destinations are
handled using our USRLOC DB<BR>
if (!lookup("location"))
{<BR>
sl_send_reply("404", "Not
Found");<BR>
break;<BR>
};<BR>
};<BR> # forward to current uri now;
use stateful forwarding; that<BR> #
works reliably even if we forward from TCP to
UDP<BR> if (!t_relay())
{<BR>
sl_reply_error();<BR>
};<BR><BR>}<BR><BR>Register trace:<BR>==========<BR>REGISTER sip:sip_server_ip
SIP/2.0<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip><BR>Contact: "Magnus"
<sip:magnus@local_pc_ip:5060><BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6590
REGISTER<BR>Expires: 1800<BR>Max-Forwards: 70<BR>User-Agent: X-Lite release
1103m<BR>Content-Length: 0<BR><BR>SIP/2.0 401 Unauthorized<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport=5060;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.0d0e<BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6590
REGISTER<BR>WWW-Authenticate: Digest realm="sip_server_ip",
nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"<BR>Server: Sip
EXpress router (0.8.12 (i386/linux))<BR>Content-Length: 0<BR><BR>REGISTER
sip:sip_server_ip SIP/2.0<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport;branch=z9hG4bK1813C486770C442BB51E58686A61921F<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip><BR>Contact: "Magnus"
<sip:magnus@local_pc_ip:5060><BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6591
REGISTER<BR>Expires: 1800<BR>Authorization: Digest
username="magnus",realm="sip_server_ip",nonce="41d1321431d402c1af9617eb73deccbce7e532d5",response="27ea80aed1b9f5086b396c8f86bcec60",uri="sip:sip_server_ip",qop=auth,cnonce="9F5BBA98D6724D909C6560E8A045A300",nc=00000006<BR>Max-Forwards:
70<BR>User-Agent: X-Lite release 1103m<BR>Content-Length: 0<BR><BR>SIP/2.0 401
Unauthorized<BR>Via: SIP/2.0/UDP
local_pc_ip:5060;rport=5060;branch=z9hG4bK1813C486770C442BB51E58686A61921F<BR>From:
Magnus <sip:magnus@sip_server_ip>;tag=470300110<BR>To: Magnus
<sip:magnus@sip_server_ip>;tag=b27e1a1d33761e85846fc98f5f3a7e58.9cf2<BR>Call-ID:
EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip<BR>CSeq: 6591
REGISTER<BR>WWW-Authenticate: Digest realm="sip_server_ip",
nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"<BR>Server: Sip
EXpress router (0.8.12 (i386/linux))<BR>Content-Length:
0<BR><BR>_______________________________________________<BR>Serusers mailing
list<BR>serusers@lists.iptel.org<BR><A
href="http://lists.iptel.org/mailman/listinfo/serusers">http://mail.iptel.org/mailman/listinfo/serusers</A><BR></FONT></P></DIV>
<TABLE>
<TBODY>
<TR>
<TD bgColor=#ffffff><FONT color=#000000><BR><BR>Confidentiality Notice
<BR><BR>The information contained in this electronic message and any
attachments to this message are intended<BR>for the exclusive use of the
addressee(s) and may contain confidential or privileged information.
If<BR>you are not the intended recipient, please notify the sender at
Wipro or Mailadmin@wipro.com immediately<BR>and destroy all copies of
this message and any
attachments.<BR></FONT></TD></TR></TBODY></TABLE></BLOCKQUOTE></BODY></HTML>