Ooh, so there's my bug :) I am currently using an older 1.4 and my code looks like this:
typedef enum auth_result { AUTH_ERROR = -5, /* Error occurred, a reply has not been sent out */ NO_CREDENTIALS, /* Credentials missing */ STALE_NONCE, /* Stale nonce */ INVALID_PASSWORD, /* Invalid password */ USER_UNKNOWN, /* User non existant */ ERROR, /* Error occurred, a reply has been sent out -> */ /* return 0 to the openser core */ AUTHORIZED, /* Authorized. If returned by pre_auth, */ /* no digest authorization necessary */ DO_AUTHORIZATION, /* Can only be returned by pre_auth. */ NONCE_REUSED /* Returned if nonce is used more than once */ /* Means to continue doing authorization */ } auth_result_t;
So for me in 1.4 I should make an additional checkup in cfg for return code 3, until I am ready to upgrade to 1.5. Right?
Thanks again, especially for the quick answers.
2009/4/8 Henning Westerholt henning.westerholt@1und1.de:
On Wednesday 08 April 2009, catalina oancea wrote:
From whant I understand, nonce shouldn't be used twice at all, so if www_authenticate return code is 3 (NONCE_REUSED), the REGISTER or any other authenticated package should be rejected. But the usual examples of kamailio.cfg show that the message is rejected only if www_authenticate reply is < 0. So how exactly is the safe way to use it?
Hi catalina,
why do you think that the return value of NONCE_REUSED is 3? According to the code its -6:
typedef enum auth_result { NONCE_REUSED = -6, /*!< Returned if nonce is used more than once */ [..]
So checking for < 0 should be fine for this case too.
Cheers,
Henning