sr-dev January 2010

sr-dev@lists.kamailio.org

28 participants
289 discussions

git:master: uac(k): added remote registration capability
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: 679a7c11678ff4858a408a598e7ccc1ab64c590b URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=679a7c1… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 21:48:20 2010 +0100 uac(k): added remote registration capability - uac module can register contacts to a remote server - can auth REGISTER challenges - uses db table uacreg to load credentials at startup - no reload for now (have to restart to get the db updates) - rpc function uac.reg_dump to dump in-memory table --- modules_k/uac/Makefile | 1 + modules_k/uac/README | 292 ++++++++----- modules_k/uac/doc/uac.xml | 8 +- modules_k/uac/doc/uac_admin.xml | 57 +++- modules_k/uac/uac.c | 91 ++++- modules_k/uac/uac_reg.c | 926 +++++++++++++++++++++++++++++++++++++++ modules_k/uac/uac_reg.h | 55 +++ 7 files changed, 1321 insertions(+), 109 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=679…

1 0

git:master: uac(k): use header types for detection
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: de3980f8ad8d774ef3b4c587e0bddcf4832d080b URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=de3980f… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 21:21:59 2010 +0100 uac(k): use header types for detection --- modules_k/uac/auth.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules_k/uac/auth.c b/modules_k/uac/auth.c index 69cbe96..2a2f7ec 100644 --- a/modules_k/uac/auth.c +++ b/modules_k/uac/auth.c @@ -231,9 +231,9 @@ struct hdr_field *get_autenticate_hdr(struct sip_msg *rpl, int rpl_code) } for( hdr=rpl->headers ; hdr ; hdr=hdr->next ) { - if ( hdr->type!=HDR_OTHER_T ) - continue; - if (cmp_hdrname_str(&hdr->name, &hdr_name)==0) + if ( rpl_code==WWW_AUTH_CODE && hdr->type==HDR_WWW_AUTHENTICATE_T ) + return hdr; + if ( rpl_code==PROXY_AUTH_CODE && hdr->type==HDR_PROXY_AUTHENTICATE_T ) return hdr; }

1 0

git:master: uac(k): renamed static var to avoid conflicts
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: 1b7941a6e30ee7624ff0e32ee57882a0a45c8126 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1b7941a… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 21:21:08 2010 +0100 uac(k): renamed static var to avoid conflicts --- modules_k/uac/auth_hdr.c | 20 ++++++++++---------- 1 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules_k/uac/auth_hdr.c b/modules_k/uac/auth_hdr.c index 269f0bb..350fea4 100644 --- a/modules_k/uac/auth_hdr.c +++ b/modules_k/uac/auth_hdr.c @@ -314,7 +314,7 @@ str* build_authorization_hdr(int code, str *uri, struct uac_credential *crd, struct authenticate_body *auth, char *response) { - static str hdr; + static str _uac_auth_hdr; char *p; int len; int response_len; @@ -337,14 +337,14 @@ str* build_authorization_hdr(int code, str *uri, NC_FIELD_LEN + auth->nc->len + FIELD_SEPARATOR_UQ_LEN + CNONCE_FIELD_LEN + auth->cnonce->len + FIELD_SEPARATOR_LEN; - hdr.s = (char*)pkg_malloc( len + 1); - if (hdr.s==0) + _uac_auth_hdr.s = (char*)pkg_malloc( len + 1); + if (_uac_auth_hdr.s==0) { LM_ERR("no more pkg mem\n"); goto error; } - p = hdr.s; + p = _uac_auth_hdr.s; /* header start */ if (code==401) { @@ -395,20 +395,20 @@ str* build_authorization_hdr(int code, str *uri, add_string( p, FIELD_SEPARATOR_S ALGORITHM_FIELD_S CRLF, FIELD_SEPARATOR_LEN+ALGORITHM_FIELD_LEN+CRLF_LEN); - hdr.len = p - hdr.s; + _uac_auth_hdr.len = p - _uac_auth_hdr.s; - if (hdr.len!=len) + if (_uac_auth_hdr.len!=len) { LM_CRIT("BUG: bad buffer computation " - "(%d<>%d)\n",len,hdr.len); - pkg_free( hdr.s ); + "(%d<>%d)\n",len,_uac_auth_hdr.len); + pkg_free( _uac_auth_hdr.s ); goto error; } LM_DBG("hdr is <%.*s>\n", - hdr.len,hdr.s); + _uac_auth_hdr.len,_uac_auth_hdr.s); - return &hdr; + return &_uac_auth_hdr; error: return 0; }

1 0

git:master: uac(k): proper test for send failure
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: 1479cd808ea8e5025bfa8400a257e3f89db4ab68 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1479cd8… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 21:20:02 2010 +0100 uac(k): proper test for send failure --- modules_k/uac/uac_send.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules_k/uac/uac_send.c b/modules_k/uac/uac_send.c index 9a1f2b9..b77317d 100644 --- a/modules_k/uac/uac_send.c +++ b/modules_k/uac/uac_send.c @@ -398,7 +398,7 @@ int uac_req_send(struct sip_msg *msg, char *s1, char *s2) (_uac_req.s_ouri.len<=0)?NULL:&_uac_req.s_ouri /* outbound uri */ ); - if(ret!=0) + if(ret<0) return -1; return 1; }

1 0

git:master: uac(k): exported functions for auth
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: 7ea6f7c5bcbc2b2b9339e968b4c3b02f81a58298 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=7ea6f7c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 19:49:21 2010 +0100 uac(k): exported functions for auth - added prototypes and structures to .h --- modules_k/uac/auth.c | 15 ++++++++------- modules_k/uac/auth.h | 29 +++++++++++++++++++++++++++++ modules_k/uac/auth_alg.h | 8 -------- modules_k/uac/auth_hdr.h | 17 ----------------- 4 files changed, 37 insertions(+), 32 deletions(-) diff --git a/modules_k/uac/auth.c b/modules_k/uac/auth.c index ba0e3fc..69cbe96 100644 --- a/modules_k/uac/auth.c +++ b/modules_k/uac/auth.c @@ -201,8 +201,7 @@ void destroy_credentials(void) } -static inline struct hdr_field *get_autenticate_hdr(struct sip_msg *rpl, - int rpl_code) +struct hdr_field *get_autenticate_hdr(struct sip_msg *rpl, int rpl_code) { struct hdr_field *hdr; str hdr_name; @@ -288,8 +287,9 @@ static inline struct uac_credential *get_avp_credential(struct sip_msg *msg, } -static inline void do_uac_auth(struct sip_msg *req, str *uri, - struct uac_credential *crd, struct authenticate_body *auth, +void do_uac_auth(str *method, str *uri, + struct uac_credential *crd, + struct authenticate_body *auth, HASHHEX response) { HASHHEX ha1; @@ -303,7 +303,7 @@ static inline void do_uac_auth(struct sip_msg *req, str *uri, /* do authentication */ uac_calc_HA1( crd, auth, &cnonce, ha1); - uac_calc_HA2( &req->first_line.u.request.method, uri, + uac_calc_HA2( method, uri, auth, 0/*hentity*/, ha2 ); uac_calc_response( ha1, ha2, auth, &nc, &cnonce, response); @@ -312,7 +312,7 @@ static inline void do_uac_auth(struct sip_msg *req, str *uri, } else { /* do authentication */ uac_calc_HA1( crd, auth, 0/*cnonce*/, ha1); - uac_calc_HA2( &req->first_line.u.request.method, uri, + uac_calc_HA2( method, uri, auth, 0/*hentity*/, ha2 ); uac_calc_response( ha1, ha2, auth, 0/*nc*/, 0/*cnonce*/, response); @@ -444,7 +444,8 @@ int uac_auth( struct sip_msg *msg) } /* do authentication */ - do_uac_auth( msg, &t->uac[branch].uri, crd, &auth, response); + do_uac_auth( &msg->first_line.u.request.method, + &t->uac[branch].uri, crd, &auth, response); /* build the authorization header */ new_hdr = build_authorization_hdr( code, &t->uac[branch].uri, diff --git a/modules_k/uac/auth.h b/modules_k/uac/auth.h index 0d24c8d..672abae 100644 --- a/modules_k/uac/auth.h +++ b/modules_k/uac/auth.h @@ -38,6 +38,28 @@ struct uac_credential { struct uac_credential *next; }; +struct authenticate_body { + int flags; + str realm; + str domain; + str nonce; + str opaque; + str qop; + str *nc; + str *cnonce; +}; + +#define AUTHENTICATE_MD5 (1<<0) +#define AUTHENTICATE_MD5SESS (1<<1) +#define AUTHENTICATE_STALE (1<<2) +#define QOP_AUTH (1<<3) +#define QOP_AUTH_INT (1<<4) + +#define HASHLEN 16 +typedef char HASH[HASHLEN]; + +#define HASHHEXLEN 32 +typedef char HASHHEX[HASHHEXLEN+1]; int has_credentials(void); @@ -45,6 +67,13 @@ int add_credential( unsigned int type, void *val); void destroy_credentials(void); +struct hdr_field *get_autenticate_hdr(struct sip_msg *rpl, int rpl_code); + int uac_auth( struct sip_msg *msg); +void do_uac_auth(str *method, str *uri, + struct uac_credential *crd, + struct authenticate_body *auth, + HASHHEX response); + #endif diff --git a/modules_k/uac/auth_alg.h b/modules_k/uac/auth_alg.h index 99269df..d88c654 100644 --- a/modules_k/uac/auth_alg.h +++ b/modules_k/uac/auth_alg.h @@ -31,17 +31,9 @@ #include "../../str.h" -#include "auth_hdr.h" #include "auth.h" -#define HASHLEN 16 -typedef char HASH[HASHLEN]; - - -#define HASHHEXLEN 32 -typedef char HASHHEX[HASHHEXLEN+1]; - void uac_calc_HA1( struct uac_credential *crd, struct authenticate_body *auth, str* cnonce, diff --git a/modules_k/uac/auth_hdr.h b/modules_k/uac/auth_hdr.h index 73e5c52..8ead2b8 100644 --- a/modules_k/uac/auth_hdr.h +++ b/modules_k/uac/auth_hdr.h @@ -33,23 +33,6 @@ #include "auth.h" -struct authenticate_body { - int flags; - str realm; - str domain; - str nonce; - str opaque; - str qop; - str *nc; - str *cnonce; -}; - -#define AUTHENTICATE_MD5 (1<<0) -#define AUTHENTICATE_MD5SESS (1<<1) -#define AUTHENTICATE_STALE (1<<2) -#define QOP_AUTH (1<<3) -#define QOP_AUTH_INT (1<<4) - int parse_authenticate_body( str *body, struct authenticate_body *auth); str* build_authorization_hdr(int code, str *uri,

1 0

git:master: uac(k): set type for tm callback
by Daniel-Constantin Mierla 24 Jan '10

24 Jan '10

Module: sip-router Branch: master Commit: 3476f0ca4d1431eeee2244383b568a10409367bf URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=3476f0c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Jan 24 19:43:09 2010 +0100 uac(k): set type for tm callback - requires to be TMCB_LOCAL_COMPLETED --- modules_k/uac/uac_send.c | 12 ++++++++---- 1 files changed, 8 insertions(+), 4 deletions(-) diff --git a/modules_k/uac/uac_send.c b/modules_k/uac/uac_send.c index 6e26b4d..9a1f2b9 100644 --- a/modules_k/uac/uac_send.c +++ b/modules_k/uac/uac_send.c @@ -383,10 +383,14 @@ int uac_req_send(struct sip_msg *msg, char *s1, char *s2) uac_r.method = &_uac_req.s_method; uac_r.headers = (_uac_req.s_hdrs.len <= 0) ? NULL : &_uac_req.s_hdrs; uac_r.body = (_uac_req.s_body.len <= 0) ? NULL : &_uac_req.s_body; - uac_r.cb = (_uac_req.onreply > 0) ? uac_send_tm_callback : NULL; - /* Callback function */ - uac_r.cbp = (_uac_req.onreply > 0) ? (void*)(long)_uac_req.onreply : 0; - /* Callback parameter */ + if(_uac_req.onreply > 0) + { + uac_r.cb_flags = TMCB_LOCAL_COMPLETED; + /* Callback function */ + uac_r.cb = uac_send_tm_callback; + /* Callback parameter */ + uac_r.cbp = (void*)(long)_uac_req.onreply; + } ret = tmb.t_request(&uac_r, /* UAC Req */ &_uac_req.s_ruri, /* Request-URI */ (_uac_req.s_turi.len<=0)?&_uac_req.s_ruri:&_uac_req.s_turi, /* To */

1 0

[Fwd: Re: AW: AW: AW: AW: [SR-Users] TLS problems]
by Klaus Darilion 22 Jan '10

22 Jan '10

(forgotten to cc the list) Andreas Rehbein schrieb: > Hi Klaus, > > until now (OpenSER 1.3.x without client verification) it was not necessary > to import certs into snom. > To force the snom to send Messages via tls, you need to insert something > like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but I'm > sure you already knew) Looks like SNOMs TLS implementation is a piece of crap. If the server uses a TLS certificate with depth 1 (CA->server-cert), then the SNOM phone accepts the certificate and handshake succeeds. If the certificate has depth 2 (CA->subCA->server-cert), then the SNOM phone raises an error during handshake. And strangely, the "trusted certificates" are not used at all for validation. Thus, SNOM uses the TLS connection solely for encryption, not for server authentication. regards klaus > > regards > Andreas > > > -----Ursprüngliche Nachricht----- > Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] > Gesendet: Freitag, 22. Januar 2010 13:17 > An: Andreas Rehbein > Cc: sr-users(a)lists.sip-router.org > Betreff: Re: AW: AW: AW: [SR-Users] TLS problems > > > > Andreas Rehbein schrieb: >> Hello Klaus, >> >> Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5 >> OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > > Hi Andreas! > > I fail to configure SNOM to accept the certificate. I imported the CA > cert as trusted certificates, but TLS handshake is not successful. Is > there something else I need to take care of? > > I'm quite sure my certificates are OK as it works with eyebeam and QjSimple. > > regards > Klaus >

1 0

git:master: modules_k/ratelimit Using ser' s cfg framework for modifying module parameters at runtime( reply_code and reply_reason).
by Marius Zbihlei 22 Jan '10

22 Jan '10

Module: sip-router Branch: master Commit: 81ee9cdfdd2d276f9b90490deb799b74ffff2038 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=81ee9cd… Author: Marius Zbihlei <marius.zbihlei(a)1and1.ro> Committer: Marius Zbihlei <marius.zbihlei(a)1and1.ro> Date: Fri Jan 22 12:23:33 2010 +0200 modules_k/ratelimit Using ser's cfg framework for modifying module parameters at runtime(reply_code and reply_reason). The patch allow reply_code and reply_reason to be modified using sercmd (modules/ctl/ctl.so and modules/cfg_rpc/cfg_rpc.so must be loaded).Check module documentation for example. Also it is interesting if we can modify at runtime other parameters of the module, like queue and pipe --- modules_k/ratelimit/README | 52 ++++++++++++++++---------- modules_k/ratelimit/config.c | 52 +++++++++++++++++++++++++++ modules_k/ratelimit/config.h | 41 +++++++++++++++++++++ modules_k/ratelimit/doc/ratelimit_admin.xml | 24 ++++++++++++- modules_k/ratelimit/ratelimit.c | 35 +++++++++++++----- 5 files changed, 173 insertions(+), 31 deletions(-) Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=81e…

1 0

Doesn't SIREMIS create the MD5 hash by itself?
by Iñaki Baz Castillo 21 Jan '10

21 Jan '10

Hi, trying to create a new subscriber I've realized that I must insert the ha1 (ha1b doesn't appear) by hand... doesn't SIREMIS implement the generation of the MD5 values by inserting the text plain password? Regards. -- Iñaki Baz Castillo <ibc(a)aliax.net>

3 3

[tracker] Task closed: ldapsearch with empty filter
by sip-router 21 Jan '10

21 Jan '10

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY. The following task is now closed: FS#23 - ldapsearch with empty filter User who did this - Henning Westerholt (henningw) Reason for closing: Fixed More information can be found at the following URL: http://sip-router.org/tracker/index.php?do=details&task_id=23 You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

1 0

← Newer
1
...
6
7
8
9
10
11
12
...
29
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev January 2010