RE: [Serusers] Digest Authentication

3 Jan 2005


      Hello,
Try these inclusions pls for a simple straight forward Digest Auth...
modparam("auth_db", "db_url","sql://ser:heslo@localhost/ser")
# main routing logic
route{
if(!proxy_authorize("yourdomain.com" /* realm */,
                "subscriber" /* table name */ ))
{
proxy_challenge("yourdomain.com", "0");
break;
}
sl_send_reply("200", "ok");
karthikeyan.k
________________________________
From: serusers-bounces@lists.iptel.org on behalf of Magnus Sörman (AL/EAB)
Sent: Thu 12/30/2004 3:45 PM
To: 'serusers@lists.iptel.org'
Subject: [Serusers] Digest Authentication
Hi,
I need some help with digest authentication.
When I uncomment those lines in ser.cfg, the register msg stops to work. In the trace, see below, you can see the nonce being sent in the re-register msg, but the server still responds with 401 Unauthorized. I've tried with both 0 and 1 in the www_challenge.
Without the digest authentication the register works fine.
Thanks in advance,
  //Magnus
ser.cfg (ser 0.8.12 running on a Fedora box. Used for test purpose only):
====================================================
# ----------- global configuration parameters ------------------------
#debug=3         # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no        # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no    # (cmd. line: -v)
dns=no           # (cmd. line: -r)
rev_dns=no      # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
sip_warning=no
alias="sip_server_ip"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
loadmodule "/usr/lib/ser/modules/pa.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode",   0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# -------------------------  request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
        # max_forwards==0, or excessively long requests
        if (!mf_process_maxfwd_header("10")) {
                sl_send_reply("483","Too Many Hops");
                break;
        };
        if ( msg:len > max_len ) {
                sl_send_reply("513", "Message too big");
                break;
        };
# we record-route all messages -- to make sure that
        # subsequent messages will go through our proxy; that's
        # particularly good if upstream and downstream entities
        # use different transport protocol
        record_route();
        # loose-route processing
        if (loose_route()) {
                t_relay();
                break;
        };
# if the request is for other domain use UsrLoc
        # (in case, it does not work, use the following command
        # with proper names and addresses in it)
if (uri == myself ) {
if (method=="SUBSCRIBE") {
                        if(t_newtran()){
                                handle_subscription("registrar");
                                break;
                        };
                };
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
                        if (!www_authorize("sip_server_ip", "subscriber")) {
                                www_challenge("sip_server_ip", "1");
                                break;
                        };
                        save("location");
                        break;
                };
# native SIP destinations are handled using our USRLOC DB
                if (!lookup("location")) {
                        sl_send_reply("404", "Not Found");
                        break;
                };
        };
        # forward to current uri now; use stateful forwarding; that
        # works reliably even if we forward from TCP to UDP
        if (!t_relay()) {
                sl_reply_error();
        };
}
Register trace:
==========
REGISTER sip:sip_server_ip SIP/2.0
Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C
From: Magnus sip:magnus@sip_server_ip;tag=470300110
To: Magnus sip:magnus@sip_server_ip
Contact: "Magnus" sip:magnus@local_pc_ip:5060
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6590 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1103m
Content-Length: 0
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK4268DFDFE5EE410C8DB113A6223C800C
From: Magnus sip:magnus@sip_server_ip;tag=470300110
To: Magnus sip:magnus@sip_server_ip;tag=b27e1a1d33761e85846fc98f5f3a7e58.0d0e
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6590 REGISTER
WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
REGISTER sip:sip_server_ip SIP/2.0
Via: SIP/2.0/UDP local_pc_ip:5060;rport;branch=z9hG4bK1813C486770C442BB51E58686A61921F
From: Magnus sip:magnus@sip_server_ip;tag=470300110
To: Magnus sip:magnus@sip_server_ip
Contact: "Magnus" sip:magnus@local_pc_ip:5060
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6591 REGISTER
Expires: 1800
Authorization: Digest username="magnus",realm="sip_server_ip",nonce="41d1321431d402c1af9617eb73deccbce7e532d5",response="27ea80aed1b9f5086b396c8f86bcec60",uri="sip:sip_server_ip",qop=auth,cnonce="9F5BBA98D6724D909C6560E8A045A300",nc=00000006
Max-Forwards: 70
User-Agent: X-Lite release 1103m
Content-Length: 0
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP local_pc_ip:5060;rport=5060;branch=z9hG4bK1813C486770C442BB51E58686A61921F
From: Magnus sip:magnus@sip_server_ip;tag=470300110
To: Magnus sip:magnus@sip_server_ip;tag=b27e1a1d33761e85846fc98f5f3a7e58.9cf2
Call-ID: EB7272E371C24F6C8F24DB47A53EE7CB@sip_server_ip
CSeq: 6591 REGISTER
WWW-Authenticate: Digest realm="sip_server_ip", nonce="41d1321431d402c1af9617eb73deccbce7e532d5", qop="auth"
Server: Sip EXpress router (0.8.12 (i386/linux))
Content-Length: 0
_______________________________________________
Serusers mailing list
serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Confidentiality Notice
The information contained in this electronic message and any attachments to this message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged information. If
you are not the intended recipient, please notify the sender at Wipro or Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

RE: [Serusers] Digest Authentication