Ive find the problem!!!!
This is inside sip_auth_client.c code
/* TODO note:
* Cloning the full authentication client is quite a big task.
* We do only the necessary bits here, i.e. cloning the credentials.
* The drawback of this basic approach is, a forked dialog will have to
* re-authenticate itself on the next request because it has lost the
* cached authentication headers.
*/
PJ_TODO(FULL_CLONE_OF_AUTH_CLIENT_SESSION);
---------- Forwarded message ----------
From: segalion <segalion@xxxxxxxxx>
Date: 2011/5/18
Subject: Fwd: Problem with "407 Proxy Authorization Required" in IMS:
Missing "Authentication domain"
To: pjsip at lists.pjsip.org
Please, can anybody tellme how I could begin to modify code to make pjsua
include "domain" field received on authentication/authorization?
I have make all to replicate original sip client, and this is the only I
cant
Could be fine even hardcoded "domain=mydomain.net" for all auths!!!
Thanks.
Please helpme with sip_auth_client.c code.
---------- Forwarded message ----------
From: segalion <segalion@xxxxxxxxx>
Date: 2011/5/17
Subject: Fwd: Problem with "407 Proxy Authorization Required" in IMS:
Missing "Authentication domain"
To: pjsip at lists.pjsip.org
I have been investigating more and more...
pjsua register fine. IMS send WWW-Authenticate, pjsua responds with
Authorization, without domain, and IMS responds OK:
-> 18:34:29.249 pjsua_core.c TX 511 bytes Request msg REGISTER/cseq=32910
(tdta00c485c8) to UDP x.x.x.x:5060:
(without auth)
<-18:34:29.296 pjsua_core.c RX 529 bytes Response msg
401/REGISTER/cseq=32910 (rdata00c45464) from UDP x.x.x.x:5060:
SIP/2.0 401 Unauthorized
(WWW-Authenticate: Digest
realm="xxx.xxx",domain="sip:xxx.xxx",nonce="xxxx",stale=false,qop="auth",algorithm=MD5)
-> 18:34:29.296 pjsua_core.c TX 797 bytes Request msg REGISTER/cseq=32911
(tdta00c485c8) to UDP x.x.x.x:5060:
(Authorization: Digest username="xxx at xxx.xxx", realm="xxx.xxx", nonce="xxx",
uri="sip:xxx.xxx", response="xxx", algorithm=MD5, cnonce="xxx", qop=auth,
nc=00000001
<- 18:34:29.359 pjsua_core.c RX 652 bytes Response msg
200/REGISTER/cseq=32911 (rdata00c45464) from UDP x.x.x.x:5060:
SIP/2.0 200 OK
There are a little problem with reregister 3GPP timeout (as expected due to
the known issue #432 <http://trac.pjsip.org/repos/ticket/432> Support 3GPP
refresh interval rule). Please if you solve this I can test with real
enviroment.
But real problem appear (I suspect) because the IMS has a SBC (Session
Border Controller) that uses domain for routing calls.
On an INVITE with same auth scheme, the call is stablished with a locution
from IMS (183 early with media fine), and a 500 Internal server error.
-> 10:40:52.733 pjsua_core.c TX 1027 bytes Request msg INVITE/cseq=6925
(tdta00c85f10) to UDP x.x.x.x:5060:
<- 10:40:52.780 pjsua_core.c RX 304 bytes Response msg
100/INVITE/cseq=6925 (rdata00c45434) from UDP x.x.x.x:5060:
SIP/2.0 100 Trying
<- 10:40:52.827 pjsua_core.c RX 536 bytes Response msg
407/INVITE/cseq=6925 (rdata00c45434) from UDPx.x.x.x:5060:
SIP/2.0 407 Proxy Authorization Required
( Proxy-Authenticate: Digest
realm="xxx.xxx",domain="sip:xxx.xxx",nonce="xxx",stale=false,qop="auth",algorithm=MD5)
-> 10:40:52.843 pjsua_core.c TX 350 bytes Request msg ACK/cseq=6925
(tdta00c8a610) to UDP x.x.x.x:5060:
ACK SIP/2.0
-> 10:40:52.858 pjsua_core.c TX 1320 bytes Request msg INVITE/cseq=6926
(tdta00c85f10) to UDP x.x.x.x:5060:
( Proxy-Authorization: Digest username="xxx at xxx.xxx", realm="xxx.xx",
nonce="xxx", uri="sip:xxx at xxx.xxx", response="xxx", algorithm=MD5,
cnonce="xxx", qop=auth, nc=00000001)
<- 10:40:53.015 pjsua_core.c RX 304 bytes Response msg
100/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060:
SIP/2.0 100 Trying
<- 10:40:53.655 pjsua_core.c RX 882 bytes Response msg
183/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060:
SIP/2.0 183 Session Description
-> 10:40:53.702 pjsua_core.c TX 401 bytes Request msg PRACK/cseq=6927
(tdta00c92bc0) to UDP x.x.x.x:5060:
<- 10:40:53.780 pjsua_core.c RX 568 bytes Response msg
200/PRACK/cseq=6927 (rdata00c45434) from UDP x.x.x.x:5060:
SIP/2.0 200 OK
(Locution)
<- 10:41:02.577 pjsua_core.c RX 426 bytes Response msg
500/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060:
SIP/2.0 500 Internal Server Error
Reason: Q.850;cause=41;eri-location=3
-> 10:41:02.593 pjsua_core.c TX 330 bytes Request msg ACK/cseq=6926
(tdta00c92bc0) to UDP x.x.x.x:5060:
Please could anybody help me to modify code to send "domain" field sended by
IMS?...
Seems that sip_auth_client.c has the code to make something with domain, but
I dont know howto patch...
...
[
#if PJSIP_AUTH_AUTO_SEND_NEXT!=0
if (!cached_auth->last_chal || pj_stricmp2(&hdr->scheme, "digest")) {
cached_auth->last_chal = (pjsip_www_authenticate_hdr*)
pjsip_hdr_clone(ses_pool, hdr);
} else {
/* Only update if the new challenge is "significantly different"
* than the one in the cache, to reduce memory usage.
*/
const pjsip_digest_challenge *d1 =
&cached_auth->last_chal->challenge.digest;
const pjsip_digest_challenge *d2 = &hdr->challenge.digest;
if (pj_strcmp(&d1->domain, &d2->domain) ||
pj_strcmp(&d1->realm, &d2->realm) ||
pj_strcmp(&d1->nonce, &d2->nonce) ||
pj_strcmp(&d1->opaque, &d2->opaque) ||
pj_strcmp(&d1->algorithm, &d2->algorithm) ||
pj_strcmp(&d1->qop, &d2->qop))
{
cached_auth->last_chal = (pjsip_www_authenticate_hdr*)
pjsip_hdr_clone(ses_pool, hdr);
}
}
#endif
]
Thanks in advance...
Forwarded message ----------
From: segalion <segalion@xxxxxxxxx>
Date: 2009/11/2
Subject: Problem with "407 Proxy Authorization Required" in IMS: Missing
"Authentication domain"
To: pjsip at lists.pjsip.org
I was trying pjsua (1.4.5) with an IMS system, and I have a problem making
outgoing calls, because IMS responds with 407 Proxy Authorization Required:
[extract from wireshark inside 407 Proxy Authorization Required IMS response
packet]
Proxy-Authenticate: Digest realm="mydomain.net",domain="sip:
mydomain.net
",nonce="c803a53ff76b7e11d8615f0015adc4e2",stale=false,qop="auth",algorithm=MD5
Authentication Scheme: Digest
Realm: "mydomain.net"
Authentication Domain: "sip:domain.net"
Nonce Value: "c803a53ff76b7e11d8615f0015adc4e2"
Stale Flag: false
QOP: "auth"
Algorithm: MD5
and pjsua make the second invite with proper MD5 authentication, but without
"Authentication domain" field:
[extract from wireshark pjsua Invite with MD5 auth]
Authorization: Digest username="segalion at mydomain.es", realm="
mydomain.net", nonce="", uri="sip:999999999 at mydomain.es", response=""
Authentication Scheme: Digest
Username: "segalion at mydomain.es"
Realm: "mydomain.net"
Nonce Value: ""
Authentication URI: "sip:999999999 at mydomain.es"
Digest Authentication Response: ""
k: replaces, 100rel, timer, norefersub
x: 1800
Min-SE: 90
User-Agent: PJSUA v1.4.5/i686-pc-mingw32
[truncated] Proxy-Authorization: Digest username="
segalion at mydomain.es", realm="mydomain.net",
nonce="c803a53ff76b7e11d8615f0015adc4e2", uri="sip:999999999 at mydomain.es",
response="9bd8fc0a1488f95f51df5aff69fc3c4a", algorithm=M
Authentication Scheme: Digest
Username: "segalion at mydomain.es"
Realm: "mydomain.net"
Nonce Value: "c803a53ff76b7e11d8615f0015adc4e2"
Authentication URI: "sip:999999999 at mydomain.es"
Digest Authentication Response:
"9bd8fc0a1488f95f51df5aff69fc3c4a"
Algorithm: MD5
CNonce Value: "538f092c348f485cb882e34cb35924c5"
QOP: auth
Nonce Count: 00000001
As you can see pjsua miss "Authentication Domain", so IMS is not abble to
finish the call (responds with 480 Temporaly not available).
Please help me if this is a bug, or not standard field, or how to change
pjsua code to support this...
Thanks in advance..
PD: Finally, after a hard work, I could integrate voiceage g729 in pjsua
w32-mingw enviroment!!!.
Now, I need to solve this to test with IMS.
Thanks in advance, and please help me with this....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20110518/a27e4239/attachment.html>
