Hello EveryOne,
In the openser auth-diameter module,the first phase of digest AUTHETICATION of SIP is completly happening.But In the second phase when OPENSER sends the request to diameter client with authorization header,DISC server cant authorize the USER.Because the response of OPENSER and DISC SERVER are different. As per the code, In the DISC Server code, sipauth module is there which contains db.c file. In this file upto calc_response function call comes ,which calculate the response .This response and OPENSER response are different.
Is that any configuration File Problem ? I have attached config file here.
What was the reason for it? How can I solve this response problem?
Thanks To Evrybody Regards, Dilip
# # $Id: openser.cfg,v 1.6.2.1 2006/07/17 15:51:03 klaus_darilion Exp $ # # simple quick-start config script #
# ----------- global configuration parameters ------------------------
debug=9 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes # (cmd line: -E)
#/* Uncomment these lines to enter debugging mode #fork=no #log_stderror=yes #*/
#check_via=no # (cmd. line: -v) #dns=no # (cmd. line: -r) #rev_dns=no # (cmd. line: -R) port=5060 children=4 listen=192.168.1.1 #fifo="/tmp/openser_fifo"
# # uncomment the following lines for TLS support #disable_tls = 0 #listen = tls:your_IP:5061 #tls_verify_server = 1 #tls_verify_client = 1 #tls_require_client_certificate = 0 #tls_method = TLSv1 #tls_certificate = "/usr/local/etc/openser/tls/user/user-cert.pem" #tls_private_key = "/usr/local/etc/openser/tls/user/user-privkey.pem" #tls_ca_list = "/usr/local/etc/openser/tls/user/user-calist.pem"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/local/lib64/openser/modules/mysql.so" #loadmodule "/usr/local/lib64/openser/modules/acc.so"
loadmodule "/usr/local/lib64/openser/modules/sl.so" loadmodule "/usr/local/lib64/openser/modules/tm.so" loadmodule "/usr/local/lib64/openser/modules/rr.so" loadmodule "/usr/local/lib64/openser/modules/maxfwd.so" loadmodule "/usr/local/lib64/openser/modules/usrloc.so" loadmodule "/usr/local/lib64/openser/modules/registrar.so" loadmodule "/usr/local/lib64/openser/modules/textops.so"
# Uncomment this if you want digest authentication # mysql.so must be loaded ! loadmodule "/usr/local/lib64/openser/modules/auth.so" loadmodule "/usr/local/lib64/openser/modules/auth_db.so"
loadmodule "/usr/local/lib64/openser/modules/auth_diameter.so" ##Dilip loadmodule "/usr/local/lib64/openser/modules/domain.so" ##Dilip
############################################################ #modparam("dispatcher", "list_file", "/usr/local/etc/openser/dispatcher.list") #modparam("acc", "log_flag", 1) #modparam("acc", "log_missed_flag", 1) #modparam("acc", "service_type", 15)
############################################################# # ----------------- setting module-specific parameters ---------------
# -- usrloc params -- modparam("usrloc|auth_db","db_url","mysql://openser:openserrw@localhost/openser") #Dilip
#modparam("usrloc", "db_mode", 0) # Uncomment this if you want to use SQL database # for persistent storage and comment the previous line modparam("usrloc", "db_mode", 2)
# -- auth params -- # Uncomment if you are using auth module # modparam("auth_db", "calculate_ha1", 1) # # If you set "calculate_ha1" parameter to yes (which true in this config), # uncomment also the following parameter) # modparam("auth_db", "password_column", "passwd_h")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
############################################################################################################ # Add By Dilip modparam("auth_diameter", "use_domain", 1) modparam("auth_diameter", "diameter_client_host", "linux173") modparam("auth_diameter", "diameter_client_port", 3000) ############################################################################################################
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); exit; };
if (msg:len >= 2048 ) { sl_send_reply("513", "Message too big"); exit; };
# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol if (!method=="REGISTER") record_route();
# subsequent messages withing a dialog should take the # path determined by record-routing if (loose_route()) { # mark routing logic in request append_hf("P-hint: rr-enforced\r\n"); route(1); };
if (!uri==myself) { # mark routing logic in request append_hf("P-hint: outbound\r\n"); # if you have some interdomain connections via TLS #if(uri=~"@tls_domain1.net") { # t_relay("tls:domain1.net"); # exit; #} else if(uri=~"@tls_domain2.net") { # t_relay("tls:domain2.net"); # exit; #} route(1); }; #Add By Dilip if (method=="INVITE") { if (!diameter_www_authorize("linux173")) { www_challenge("", "0"); exit; }; };
# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication # if (!www_authorize("192.168.1.173", "subscriber")) { # www_challenge("192.168.1.173", "0"); # exit; # }; # Add by Dilip if(!diameter_www_authorize("linux173")) #if(!diameter_www_authorize("")) { #/* user is not authorized */ www_challenge("linux173", "1"); exit; }; save("location"); exit; };
lookup("aliases"); if (!uri==myself) { append_hf("P-hint: outbound alias\r\n"); route(1); };
# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); exit; }; append_hf("P-hint: usrloc applied\r\n"); };
route(1); }
route[1] { # send it out now; use stateful forwarding as it works reliably # even for UDP2TCP if (!t_relay()) { sl_reply_error(); }; exit; }
-
Dilip