[Serusers] 0.10.99 - ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm'
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+-------+--------+ | uid | did | username | flags | scheme | +------------------------------+--------------------------+----------+-------+--------+ | tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 61 | sip | +------------------------------+--------------------------+----------+-------+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+ | did | domain | flags | +--------------------------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 | +--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+--------------------------+-------+ | did | name | type | value | flags | +--------------------------+--------------+------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | 32 | | sipproxy.hellboy.touk.pl | digest_realm | 2 | sipproxy.hellboy.touk.pl | 32 | +--------------------------+--------------+------+--------------------------+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | auth_username | did | realm | password | flags | ha1 | ha1b | uid | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 33 | df4a49c51b082f68b792d7e2177c6ed8 | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | | admin | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | 32 | | | 0 | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+
Thanku for any help Bests Tomasz
Did you find out? I cannot really see anything that could cause this. g-)
tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+-------+--------+ | uid | did | username | flags | scheme | +------------------------------+--------------------------+----------+-------+--------+ | tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 61 | sip | +------------------------------+--------------------------+----------+-------+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+ | did | domain | flags | +--------------------------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 | +--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+--------------------------+-------+ | did | name | type | value | flags | +--------------------------+--------------+------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | 32 | | sipproxy.hellboy.touk.pl | digest_realm | 2 | sipproxy.hellboy.touk.pl | 32 | +--------------------------+--------------+------+--------------------------+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | auth_username | did | realm | password | flags | ha1 | ha1b | uid | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 33 | df4a49c51b082f68b792d7e2177c6ed8 | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | | admin | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | 32 | | | 0 | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+
Thanku for any help Bests Tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Do you have the last CVS version?? There were some missing things in the auth (for radius) but I think they were already fixed and they did not affect sql auth...
The only difference I have from my tests and your logs seems to be the flags of the digest_realm attribute, I've got 33 instead of 32...can you check in attr_types table the flags of the digest_realm attribute??? I am not sure (probably even wrong...) but I thing flags 32 are used for serweb stuff and probably ser does not find the digest_realm attribute (which should be 33 flagged) for the realm in the from domain....
Just change it and see if it works...
I also would like to know if my 32 flag<->serweb is right...can anyone shed some light on this??
Hope it helps, Samuel.
2007/1/10, Greger V. Teigre greger@teigre.com:
Did you find out? I cannot really see anything that could cause this. g-)
tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+-------+--------+ | uid | did | username | flags | scheme | +------------------------------+--------------------------+----------+-------+--------+ | tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 61 | sip | +------------------------------+--------------------------+----------+-------+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+ | did | domain | flags | +--------------------------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 | +--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+--------------------------+-------+ | did | name | type | value | flags | +--------------------------+--------------+------+--------------------------+-------+ | sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | 32 | | sipproxy.hellboy.touk.pl | digest_realm | 2 | sipproxy.hellboy.touk.pl | 32 | +--------------------------+--------------+------+--------------------------+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | auth_username | did | realm | password | flags | ha1 | ha1b | uid | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+ | tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | 33 | df4a49c51b082f68b792d7e2177c6ed8 | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | | admin | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | 32 | | | 0 | +---------------+--------------------------+--------------------------+----------+-------+----------------------------------+----------------------------------+------------------------------+
Thanku for any help Bests Tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
To me the problem is very obvious ;-) :
You have defined a domain called "sipproxy.hellboy.touk.pl". But in the REGISTER requests the To header contains "scscf.ims.touk.pl". So SER is not able to identify the target domain, and thus can not load the domain attributes. So their is no domain AVP digest_realm when www_authenticate is called. What I dont get is why you do not receive the 403 from the check before. Could you do me a favor and change your config like this: if (method=="REGISTER") { dump_attrs(); if (!$t.did) { And send me the log output after another try. That would be a big help.
Thanks Nils
On Tuesday 09 January 2007 12:03, tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+----- --+--------+
| uid | did | username | | flags | scheme |
+------------------------------+--------------------------+----------+----- --+--------+
| tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 61 | sip |
+------------------------------+--------------------------+----------+----- --+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+
| did | domain | flags |
+--------------------------+--------------------------+-------+
| sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 |
+--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+------------------------- -+-------+
| did | name | type | value | | flags |
+--------------------------+--------------+------+------------------------- -+-------+
| sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | | 32 | sipproxy.hellboy.touk.pl | digest_realm | 2 | | sipproxy.hellboy.touk.pl | 32 |
+--------------------------+--------------+------+------------------------- -+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| auth_username | did | realm | | password | flags | ha1 | ha1b | | uid |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 33 | df4a49c51b082f68b792d7e2177c6ed8 | | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | admin | | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | | 32 | | | | 0 |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
Thanku for any help Bests Tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Sorry my copy/paste mistake (wrong window) the actually sent message is printed below: [I used the latest cvs version from yesterday:)] I also tried to change the flag in ofthe digest_realm atrribute like the Samuel said but it didn't help.
SEND >> 127.0.0.1:5060
REGISTER sip:sipproxy.hellboy.touk.pl SIP/2.0
Via: SIP/2.0/UDP 192.168.1.10:7000;rport;branch=z9hG4bK0E4F7962011FAB0614802558EC3111BF
From: tzl sip:tzl@sipproxy.hellboy.touk.pl;tag=356809508
To: tzl sip:tzl@sipproxy.hellboy.touk.pl
Contact: "tzl" sip:tzl@192.168.1.10:7000
Call-ID: 7BD87155EB1AD7E9F60729227BA31D18@sipproxy.hellboy.touk.pl
CSeq: 43133 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
below is the dump_attrs()output: 4(3626) INFO: avp.c:540: class=GLOBAL 4(3626) AVP["lang"]="en" 4(3626) INFO: avp.c:550: track=FROM class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:560: track=TO class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:570: track=FROM class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:580: track=TO class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:590: track=FROM class=URI 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:600: track=TO class=URI 4(3626) INFO: No AVP present 4(3626) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm'
Tomasz
To me the problem is very obvious ;-) :
You have defined a domain called "sipproxy.hellboy.touk.pl". But in the REGISTER requests the To header contains "scscf.ims.touk.pl". So SER is not able to identify the target domain, and thus can not load the domain attributes. So their is no domain AVP digest_realm when www_authenticate is called. What I dont get is why you do not receive the 403 from the check before. Could you do me a favor and change your config like this: if (method=="REGISTER") { dump_attrs(); if (!$t.did) { And send me the log output after another try. That would be a big help.
Thanks Nils
On Tuesday 09 January 2007 12:03, tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+----- --+--------+
| uid | did | username | | flags | scheme |
+------------------------------+--------------------------+----------+----- --+--------+
| tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 61 | sip |
+------------------------------+--------------------------+----------+----- --+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+
| did | domain | flags |
+--------------------------+--------------------------+-------+
| sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 |
+--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+------------------------- -+-------+
| did | name | type | value | | flags |
+--------------------------+--------------+------+------------------------- -+-------+
| sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | | 32 | sipproxy.hellboy.touk.pl | digest_realm | 2 | | sipproxy.hellboy.touk.pl | 32 |
+--------------------------+--------------+------+------------------------- -+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| auth_username | did | realm | | password | flags | ha1 | ha1b | | uid |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 33 | df4a49c51b082f68b792d7e2177c6ed8 | | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | admin | | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | | 32 | | | | 0 |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
Thanku for any help Bests Tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Dipl. Inform. Nils Ohlmeier Quality Assurance Manager
iptelorg GmbH Am Borsigturm 11 13507 Berlin Germany
nils.ohlmeier@iptelorg.com www.iptelorg.com
T +49-30-325132 22 T +49-700-IPTELORG F +49-30-6908 8248
Do you have
modparam("domain", "load_domain_attrs", 1)
in your config file?
Michal
On Wed, 2007-01-10 at 13:46 +0100, =?UTF-8?Q? tzieleniewski ?= wrote:
Sorry my copy/paste mistake (wrong window) the actually sent message is printed below: [I used the latest cvs version from yesterday:)] I also tried to change the flag in ofthe digest_realm atrribute like the Samuel said but it didn't help.
SEND >> 127.0.0.1:5060
REGISTER sip:sipproxy.hellboy.touk.pl SIP/2.0
Via: SIP/2.0/UDP 192.168.1.10:7000;rport;branch=z9hG4bK0E4F7962011FAB0614802558EC3111BF
From: tzl sip:tzl@sipproxy.hellboy.touk.pl;tag=356809508
To: tzl sip:tzl@sipproxy.hellboy.touk.pl
Contact: "tzl" sip:tzl@192.168.1.10:7000
Call-ID: 7BD87155EB1AD7E9F60729227BA31D18@sipproxy.hellboy.touk.pl
CSeq: 43133 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
below is the dump_attrs()output: 4(3626) INFO: avp.c:540: class=GLOBAL 4(3626) AVP["lang"]="en" 4(3626) INFO: avp.c:550: track=FROM class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:560: track=TO class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:570: track=FROM class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:580: track=TO class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:590: track=FROM class=URI 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:600: track=TO class=URI 4(3626) INFO: No AVP present 4(3626) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm'
Tomasz
To me the problem is very obvious ;-) :
You have defined a domain called "sipproxy.hellboy.touk.pl". But in the REGISTER requests the To header contains "scscf.ims.touk.pl". So SER is not able to identify the target domain, and thus can not load the domain attributes. So their is no domain AVP digest_realm when www_authenticate is called. What I dont get is why you do not receive the 403 from the check before. Could you do me a favor and change your config like this: if (method=="REGISTER") { dump_attrs(); if (!$t.did) { And send me the log output after another try. That would be a big help.
Thanks Nils
On Tuesday 09 January 2007 12:03, tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+----- --+--------+
| uid | did | username | | flags | scheme |
+------------------------------+--------------------------+----------+----- --+--------+
| tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 61 | sip |
+------------------------------+--------------------------+----------+----- --+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+
| did | domain | flags |
+--------------------------+--------------------------+-------+
| sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 |
+--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+------------------------- -+-------+
| did | name | type | value | | flags |
+--------------------------+--------------+------+------------------------- -+-------+
| sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | | 32 | sipproxy.hellboy.touk.pl | digest_realm | 2 | | sipproxy.hellboy.touk.pl | 32 |
+--------------------------+--------------+------+------------------------- -+-------+
mysql> select * from credentials; +---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| auth_username | did | realm | | password | flags | ha1 | ha1b | | uid |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
| tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 33 | df4a49c51b082f68b792d7e2177c6ed8 | | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | admin | | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | | 32 | | | | 0 |
+---------------+--------------------------+--------------------------+---- ------+-------+----------------------------------+-------------------------- --------+------------------------------+
Thanku for any help Bests Tomasz
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Dipl. Inform. Nils Ohlmeier Quality Assurance Manager
iptelorg GmbH Am Borsigturm 11 13507 Berlin Germany
nils.ohlmeier@iptelorg.com www.iptelorg.com
T +49-30-325132 22 T +49-700-IPTELORG F +49-30-6908 8248
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
After looking at this I'm almost sure it is the 32 vs. 33 flag thing. I guess you changed the flag by hand in the DB, right? In this case you would have to restart SER or use ser_ctl to reload the domains, because the domain attributes are cached in memory.
Nils
On Wednesday 10 January 2007 13:46, tzieleniewski wrote:
Sorry my copy/paste mistake (wrong window) the actually sent message is printed below: [I used the latest cvs version from yesterday:)] I also tried to change the flag in ofthe digest_realm atrribute like the Samuel said but it didn't help.
SEND >> 127.0.0.1:5060
REGISTER sip:sipproxy.hellboy.touk.pl SIP/2.0
Via: SIP/2.0/UDP 192.168.1.10:7000;rport;branch=z9hG4bK0E4F7962011FAB0614802558EC3111BF
From: tzl sip:tzl@sipproxy.hellboy.touk.pl;tag=356809508
To: tzl sip:tzl@sipproxy.hellboy.touk.pl
Contact: "tzl" sip:tzl@192.168.1.10:7000
Call-ID: 7BD87155EB1AD7E9F60729227BA31D18@sipproxy.hellboy.touk.pl
CSeq: 43133 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
below is the dump_attrs()output: 4(3626) INFO: avp.c:540: class=GLOBAL 4(3626) AVP["lang"]="en" 4(3626) INFO: avp.c:550: track=FROM class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:560: track=TO class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:570: track=FROM class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:580: track=TO class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:590: track=FROM class=URI 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:600: track=TO class=URI 4(3626) INFO: No AVP present 4(3626) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm'
Tomasz
To me the problem is very obvious ;-) :
You have defined a domain called "sipproxy.hellboy.touk.pl". But in the REGISTER requests the To header contains "scscf.ims.touk.pl". So SER is not able to identify the target domain, and thus can not load the domain attributes. So their is no domain AVP digest_realm when www_authenticate is called. What I dont get is why you do not receive the 403 from the check before. Could you do me a favor and change your config like this: if (method=="REGISTER") { dump_attrs(); if (!$t.did) { And send me the log output after another try. That would be a big help.
Thanks Nils
On Tuesday 09 January 2007 12:03, tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+- ---- --+--------+
| uid | did | username | | flags | scheme |
+------------------------------+--------------------------+----------+- ---- --+--------+
| tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 61 | sip |
+------------------------------+--------------------------+----------+- ---- --+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+
| did | domain | flags |
+--------------------------+--------------------------+-------+
| sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 |
+--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+--------------------- ---- -+-------+
| did | name | type | value | | | flags |
+--------------------------+--------------+------+--------------------- ---- -+-------+
| sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | | | 32 | sipproxy.hellboy.touk.pl | digest_realm | 2 | | | sipproxy.hellboy.touk.pl | 32 |
+--------------------------+--------------+------+--------------------- ---- -+-------+
mysql> select * from credentials;
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
| auth_username | did | realm | | password | flags | ha1 | ha1b | | | uid |
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
| tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | | tzl | | | 33 | df4a49c51b082f68b792d7e2177c6ed8 | | | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | | admin | | | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | | | | | 32 | | | | | 0 |
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
Normally you would use an init.d script, I believe there should be an example in the source tree. g-)
TZieleniewski wrote:
That's right!! I didn't do it. Now after I restarted SER it works:) BTW is there now any tool like previously serctl which can start/restart and stop ser.
Bests Tomasz
Nils Ohlmeier napisał(a):
After looking at this I'm almost sure it is the 32 vs. 33 flag thing. I guess you changed the flag by hand in the DB, right? In this case you would have to restart SER or use ser_ctl to reload the domains, because the domain attributes are cached in memory.
Nils
On Wednesday 10 January 2007 13:46, tzieleniewski wrote:
Sorry my copy/paste mistake (wrong window) the actually sent message is printed below: [I used the latest cvs version from yesterday:)] I also tried to change the flag in ofthe digest_realm atrribute like the Samuel said but it didn't help.
SEND >> 127.0.0.1:5060
REGISTER sip:sipproxy.hellboy.touk.pl SIP/2.0
Via: SIP/2.0/UDP 192.168.1.10:7000;rport;branch=z9hG4bK0E4F7962011FAB0614802558EC3111BF
From: tzl sip:tzl@sipproxy.hellboy.touk.pl;tag=356809508
To: tzl sip:tzl@sipproxy.hellboy.touk.pl
Contact: "tzl" sip:tzl@192.168.1.10:7000
Call-ID: 7BD87155EB1AD7E9F60729227BA31D18@sipproxy.hellboy.touk.pl
CSeq: 43133 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
below is the dump_attrs()output: 4(3626) INFO: avp.c:540: class=GLOBAL 4(3626) AVP["lang"]="en" 4(3626) INFO: avp.c:550: track=FROM class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:560: track=TO class=DOMAIN 4(3626) AVP["did"]="sipproxy.hellboy.touk.pl" 4(3626) INFO: avp.c:570: track=FROM class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:580: track=TO class=USER 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:590: track=FROM class=URI 4(3626) INFO: No AVP present 4(3626) INFO: avp.c:600: track=TO class=URI 4(3626) INFO: No AVP present 4(3626) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm'
Tomasz
To me the problem is very obvious ;-) :
You have defined a domain called "sipproxy.hellboy.touk.pl". But in the REGISTER requests the To header contains "scscf.ims.touk.pl". So SER is not able to identify the target domain, and thus can not load the domain attributes. So their is no domain AVP digest_realm when www_authenticate is called. What I dont get is why you do not receive the 403 from the check before. Could you do me a favor and change your config like this: if (method=="REGISTER") { dump_attrs(); if (!$t.did) { And send me the log output after another try. That would be a big help.
Thanks Nils
On Tuesday 09 January 2007 12:03, tzieleniewski wrote:
HI All!
I have encountered the following error and don't know waht to do with it:) ERROR: authorize.c:359: Cannot obtain digest realm from parameter '$fd.digest_realm' the situation takes places when the following sip massage arives at ser: # U 2007/01/09 11:43:02.274949 127.0.0.1:7000 -> 127.0.0.1:5060 REGISTER sip:scscf.ims.touk.pl SIP/2.0. Via: SIP/2.0/UDP 127.0.0.1:7000;rport;branch=z9hG4bK2575034C94BE793615C5BEE814464E5B. From: tzl sip:tzl@scscf.ims.touk.pl;tag=1829574745. To: tzl sip:tzl@scscf.ims.touk.pl. Contact: "tzl" sip:tzl@127.0.0.1:7000. Call-ID: 3E67EAEFDC8BFC73844E4D0F849DF676@scscf.ims.touk.pl. CSeq: 38402 REGISTER. Expires: 1800. Max-Forwards: 70. User-Agent: X-Lite release 1105d. Content-Length: 0. .
My Register logic looks like this: route[REGISTER] { if (method=="REGISTER") { if (!$t.did) { sl_send_reply("403", "Register forwarding forbidden"); drop; } if (!www_authenticate("$fd.digest_realm", "credentials")) { if ($? == -2) { sl_send_reply("500", "Internal Server Error"); } else if ($? == -3) { sl_send_reply("400", "Bad Request"); } else { if ($digest_challenge) { append_to_reply("%$digest_challenge"); } sl_send_reply("401", "Unauthorized"); } drop; }; }
and here are my database contensts: mysql> select * from uri; +------------------------------+--------------------------+----------+- ---- --+--------+
| uid | did | username | | flags | scheme |
+------------------------------+--------------------------+----------+- ---- --+--------+
| tzl@sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | tzl | | 61 | sip |
+------------------------------+--------------------------+----------+- ---- --+--------+
mysql> select * from domain; +--------------------------+--------------------------+-------+
| did | domain | flags |
+--------------------------+--------------------------+-------+
| sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | 37 |
+--------------------------+--------------------------+-------+
mysql> select * from domain_attrs; +--------------------------+--------------+------+--------------------- ---- -+-------+
| did | name | type | value | | | flags |
+--------------------------+--------------+------+--------------------- ---- -+-------+
| sipproxy.hellboy.touk.pl | sw_admin | 2 | 0 | | | 32 | sipproxy.hellboy.touk.pl | digest_realm | 2 | | | sipproxy.hellboy.touk.pl | 32 |
+--------------------------+--------------+------+--------------------- ---- -+-------+
mysql> select * from credentials;
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
| auth_username | did | realm | | password | flags | ha1 | ha1b | | | uid |
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
| tzl | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | | tzl | | | 33 | df4a49c51b082f68b792d7e2177c6ed8 | | | 8ba18e21048f2f587ad3386b54b99e5e | tzl@sipproxy.hellboy.touk.pl | | admin | | | sipproxy.hellboy.touk.pl | sipproxy.hellboy.touk.pl | heslo | | | | | 32 | | | | | 0 |
+---------------+--------------------------+--------------------------+
------+-------+----------------------------------+--------------------- ----- --------+------------------------------+
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
"tzieleniewski" -
Greger V. Teigre -
Michal Matyska -
Nils Ohlmeier -
samuel -
TZieleniewski