El 26/06/14 18:39, Alex Villacís Lasso escribió:
I am having trouble making all of the supposed
features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached.
Specifically, what I am having trouble is with presence (the way Blink wants to implement
it), and MSRP. Ordinary voice calls
work correctly.
With MSRP, I have copied the example from the
msrp.so documentation, but I have replaced the authentication shown with a static
password, with an actual query using auth_db.so, the very same query used to authenticate
other SIP packets. Through the
packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent
from user A to Kamailio, which has a special check to NOT send this invite to Asterisk,
but rather route it itself, and it gets "correctly" routed to user B. Then user
B attempts to start a MSRP session with Kamailio (not user A) without authentication
credentials, Kamailio challenges user B for the credentials, and... that's it. User B
makes no attempt to repeat the MSRP session with the required credentials, and the
communication eventually times out.
I have built and installed the
python-sipsimple-clients package. With this, I can see that the receiving party attempts
to make a MSRP connection to my Kamailio, and the authentication challenge triggers the
following message:
SIP session failed: media stream failed: 'opaque'
It seems that msrplib (used by Blink and the test programs) wants a digest authentication
with an "opaque" parameter. Currently the failing dialog goes like this:
MSRP fa4a1c4d39cbf3fd AUTH
To-Path: msrp://pbx.elastix.com:5060;tcp
From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
-------fa4a1c4d39cbf3fd$
MSRP fa4a1c4d39cbf3fd 401 Unauthorized
To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
From-Path: msrp://pbx.elastix.com:5060;tcp
WWW-Authenticate: Digest realm="pbx.elastix.com",
nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth"
-------fa4a1c4d39cbf3fd$
which is, in turn, produced by this code segment in kamailio.cfg:
$var(msrprealm) = $(hdr(To-Path){msrpuri.host});
xlog("L_ALERT","============ msrprealm:
[$var(msrprealm)]\n");
if (!www_authenticate("$var(msrprealm)",
"subscriber", "$msrp(method)")) {
if(auth_get_www_authenticate("$var(msrprealm)", "1",
"$var(wauth)")) {
msrp_reply("401", "Unauthorized",
"$var(wauth)");
} else {
msrp_reply("500", "Server Error");
}
exit;
}
So, how do I make the authentication issue an adequate "opaque" parameter? I do
not want to resort to appending a static value opaque="something" if a more
elegant solution can be found. From
http://en.wikipedia.org/wiki/Digest_access_authentication , I
deduce that I need the server to issue an "opaque" parameter like the
following:
WWW-Authenticate: Digest realm="testrealm(a)host.com".com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Apparently, there is no authentication procedure implemented in Kamailio 4.1.4 that is RFC
compliant with MSRP.
According to
, MSRP AUTH request must be
authenticated. Simply accepting any AUTH request without actually checking the credentials
is not RFC-compliant. However, the authentication specified in rfc4976
differs from ordinary Digest-Authentication - the required URI for the Digest
authentication is taken from the To-Path: header in the MSRP request, and is apparently
not sent in the Authorization header (at least as implemented by the python-msrplib
library). Additionally, none of the Kamailio methods for authentication appear capable of
sending an "opaque" parameter that is apparently requested by python-msrplib. It
seems that new methods msrp_authenticate() and msrp_challenge() are required.