Hello again. Please if anybody can helpme with code... I?ve been trying modify code to insert domain field to all the auths (statically), but seems that Im making somethig wrong, because no new field is sended... Please, if any here understand pj types, pool and all this stufs, please helpme... This is my modifications to the sip_auth_client.c code at the end of pj_status_t respond_digest( ) function [...] static pj_status_t respond_digest( pj_pool_t *pool, pjsip_digest_credential *cred, const pjsip_digest_challenge *chal, const pj_str_t *uri, const pjsip_cred_info *cred_info, const pj_str_t *cnonce, pj_uint32_t nc, const pj_str_t *method) { const pj_str_t pjsip_AKAv1_MD5_STR = { "AKAv1-MD5", 9 }; /* Check algorithm is supported. We support MD5 and AKAv1-MD5. */ if (chal->algorithm.slen==0 || (pj_stricmp(&chal->algorithm, &pjsip_MD5_STR) || pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5_STR))) { ; } else { PJ_LOG(4,(THIS_FILE, "Unsupported digest algorithm \"%.*s\"", chal->algorithm.slen, chal->algorithm.ptr)); return PJSIP_EINVALIDALGORITHM; } /* Build digest credential from arguments. */ pj_strdup(pool, &cred->username, &cred_info->username); pj_strdup(pool, &cred->realm, &chal->realm); pj_strdup(pool, &cred->nonce, &chal->nonce); pj_strdup(pool, &cred->uri, uri); pj_strdup(pool, &cred->algorithm, &chal->algorithm); pj_strdup(pool, &cred->opaque, &chal->opaque); /* Allocate memory. */ cred->response.ptr = (char*) pj_pool_alloc(pool, PJSIP_MD5STRLEN); cred->response.slen = PJSIP_MD5STRLEN; if (chal->qop.slen == 0) { /* Server doesn't require quality of protection. */ if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) { /* Call application callback to create the response digest */ return (*cred_info->ext.aka.cb)(pool, chal, cred_info, method, cred); } else { /* Convert digest to string and store in chal->response. */ pjsip_auth_create_digest( &cred->response, &cred->nonce, NULL, NULL, NULL, uri, &chal->realm, cred_info, method); } } else if (has_auth_qop(pool, &chal->qop)) { /* Server requires quality of protection. * We respond with selecting "qop=auth" protection. */ cred->qop = pjsip_AUTH_STR; cred->nc.ptr = (char*) pj_pool_alloc(pool, 16); cred->nc.slen = pj_ansi_snprintf(cred->nc.ptr, 16, "%08u", nc); if (cnonce && cnonce->slen) { pj_strdup(pool, &cred->cnonce, cnonce); } else { pj_str_t dummy_cnonce = { "b39971", 6}; pj_strdup(pool, &cred->cnonce, &dummy_cnonce); } if ((cred_info->data_type & EXT_MASK) == PJSIP_CRED_DATA_EXT_AKA) { /* Call application callback to create the response digest */ return (*cred_info->ext.aka.cb)(pool, chal, cred_info, method, cred); } else { pjsip_auth_create_digest( &cred->response, &cred->nonce, &cred->nc, cnonce, &pjsip_AUTH_STR, uri, &chal->realm, cred_info, method ); } } else { /* Server requires quality protection that we don't support. */ PJ_LOG(4,(THIS_FILE, "Unsupported qop offer %.*s", chal->qop.slen, chal->qop.ptr)); return PJSIP_EINVALIDQOP; } /*segalion mod*/ pj_str_t pname = pj_str("domain"); pj_str_t pvalue = pj_str("sip:mydomain.net") ; pjsip_param *p = PJ_POOL_ALLOC_T(pool, pjsip_param); p->name = pname; p->value = pvalue; pjsip_param_clone(pool, &cred->other_param, p); /*segalion mod*/ return PJ_SUCCESS; } [...] ---------- Forwarded message ---------- From: segalion <segalion@xxxxxxxxx> Date: 2011/5/18 Subject: Fwd: Problem with "407 Proxy Authorization Required" in IMS: Missing "Authentication domain" To: pjsip at lists.pjsip.org Ive find the problem!!!! This is inside sip_auth_client.c code /* TODO note: * Cloning the full authentication client is quite a big task. * We do only the necessary bits here, i.e. cloning the credentials. * The drawback of this basic approach is, a forked dialog will have to * re-authenticate itself on the next request because it has lost the * cached authentication headers. */ PJ_TODO(FULL_CLONE_OF_AUTH_CLIENT_SESSION); ---------- Forwarded message ---------- From: segalion <segalion@xxxxxxxxx> Date: 2011/5/18 Subject: Fwd: Problem with "407 Proxy Authorization Required" in IMS: Missing "Authentication domain" To: pjsip at lists.pjsip.org Please, can anybody tellme how I could begin to modify code to make pjsua include "domain" field received on authentication/authorization? I have make all to replicate original sip client, and this is the only I cant Could be fine even hardcoded "domain=mydomain.net" for all auths!!! Thanks. Please helpme with sip_auth_client.c code. ---------- Forwarded message ---------- From: segalion <segalion@xxxxxxxxx> Date: 2011/5/17 Subject: Fwd: Problem with "407 Proxy Authorization Required" in IMS: Missing "Authentication domain" To: pjsip at lists.pjsip.org I have been investigating more and more... pjsua register fine. IMS send WWW-Authenticate, pjsua responds with Authorization, without domain, and IMS responds OK: -> 18:34:29.249 pjsua_core.c TX 511 bytes Request msg REGISTER/cseq=32910 (tdta00c485c8) to UDP x.x.x.x:5060: (without auth) <-18:34:29.296 pjsua_core.c RX 529 bytes Response msg 401/REGISTER/cseq=32910 (rdata00c45464) from UDP x.x.x.x:5060: SIP/2.0 401 Unauthorized (WWW-Authenticate: Digest realm="xxx.xxx",domain="sip:xxx.xxx",nonce="xxxx",stale=false,qop="auth",algorithm=MD5) -> 18:34:29.296 pjsua_core.c TX 797 bytes Request msg REGISTER/cseq=32911 (tdta00c485c8) to UDP x.x.x.x:5060: (Authorization: Digest username="xxx at xxx.xxx", realm="xxx.xxx", nonce="xxx", uri="sip:xxx.xxx", response="xxx", algorithm=MD5, cnonce="xxx", qop=auth, nc=00000001 <- 18:34:29.359 pjsua_core.c RX 652 bytes Response msg 200/REGISTER/cseq=32911 (rdata00c45464) from UDP x.x.x.x:5060: SIP/2.0 200 OK There are a little problem with reregister 3GPP timeout (as expected due to the known issue #432 <http://trac.pjsip.org/repos/ticket/432> Support 3GPP refresh interval rule). Please if you solve this I can test with real enviroment. But real problem appear (I suspect) because the IMS has a SBC (Session Border Controller) that uses domain for routing calls. On an INVITE with same auth scheme, the call is stablished with a locution from IMS (183 early with media fine), and a 500 Internal server error. -> 10:40:52.733 pjsua_core.c TX 1027 bytes Request msg INVITE/cseq=6925 (tdta00c85f10) to UDP x.x.x.x:5060: <- 10:40:52.780 pjsua_core.c RX 304 bytes Response msg 100/INVITE/cseq=6925 (rdata00c45434) from UDP x.x.x.x:5060: SIP/2.0 100 Trying <- 10:40:52.827 pjsua_core.c RX 536 bytes Response msg 407/INVITE/cseq=6925 (rdata00c45434) from UDPx.x.x.x:5060: SIP/2.0 407 Proxy Authorization Required ( Proxy-Authenticate: Digest realm="xxx.xxx",domain="sip:xxx.xxx",nonce="xxx",stale=false,qop="auth",algorithm=MD5) -> 10:40:52.843 pjsua_core.c TX 350 bytes Request msg ACK/cseq=6925 (tdta00c8a610) to UDP x.x.x.x:5060: ACK SIP/2.0 -> 10:40:52.858 pjsua_core.c TX 1320 bytes Request msg INVITE/cseq=6926 (tdta00c85f10) to UDP x.x.x.x:5060: ( Proxy-Authorization: Digest username="xxx at xxx.xxx", realm="xxx.xx", nonce="xxx", uri="sip:xxx at xxx.xxx", response="xxx", algorithm=MD5, cnonce="xxx", qop=auth, nc=00000001) <- 10:40:53.015 pjsua_core.c RX 304 bytes Response msg 100/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060: SIP/2.0 100 Trying <- 10:40:53.655 pjsua_core.c RX 882 bytes Response msg 183/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060: SIP/2.0 183 Session Description -> 10:40:53.702 pjsua_core.c TX 401 bytes Request msg PRACK/cseq=6927 (tdta00c92bc0) to UDP x.x.x.x:5060: <- 10:40:53.780 pjsua_core.c RX 568 bytes Response msg 200/PRACK/cseq=6927 (rdata00c45434) from UDP x.x.x.x:5060: SIP/2.0 200 OK (Locution) <- 10:41:02.577 pjsua_core.c RX 426 bytes Response msg 500/INVITE/cseq=6926 (rdata00c45434) from UDP x.x.x.x:5060: SIP/2.0 500 Internal Server Error Reason: Q.850;cause=41;eri-location=3 -> 10:41:02.593 pjsua_core.c TX 330 bytes Request msg ACK/cseq=6926 (tdta00c92bc0) to UDP x.x.x.x:5060: Please could anybody help me to modify code to send "domain" field sended by IMS?... Seems that sip_auth_client.c has the code to make something with domain, but I dont know howto patch... ... [ #if PJSIP_AUTH_AUTO_SEND_NEXT!=0 if (!cached_auth->last_chal || pj_stricmp2(&hdr->scheme, "digest")) { cached_auth->last_chal = (pjsip_www_authenticate_hdr*) pjsip_hdr_clone(ses_pool, hdr); } else { /* Only update if the new challenge is "significantly different" * than the one in the cache, to reduce memory usage. */ const pjsip_digest_challenge *d1 = &cached_auth->last_chal->challenge.digest; const pjsip_digest_challenge *d2 = &hdr->challenge.digest; if (pj_strcmp(&d1->domain, &d2->domain) || pj_strcmp(&d1->realm, &d2->realm) || pj_strcmp(&d1->nonce, &d2->nonce) || pj_strcmp(&d1->opaque, &d2->opaque) || pj_strcmp(&d1->algorithm, &d2->algorithm) || pj_strcmp(&d1->qop, &d2->qop)) { cached_auth->last_chal = (pjsip_www_authenticate_hdr*) pjsip_hdr_clone(ses_pool, hdr); } } #endif ] Thanks in advance... Forwarded message ---------- From: segalion <segalion@xxxxxxxxx> Date: 2009/11/2 Subject: Problem with "407 Proxy Authorization Required" in IMS: Missing "Authentication domain" To: pjsip at lists.pjsip.org I was trying pjsua (1.4.5) with an IMS system, and I have a problem making outgoing calls, because IMS responds with 407 Proxy Authorization Required: [extract from wireshark inside 407 Proxy Authorization Required IMS response packet] Proxy-Authenticate: Digest realm="mydomain.net",domain="sip: mydomain.net ",nonce="c803a53ff76b7e11d8615f0015adc4e2",stale=false,qop="auth",algorithm=MD5 Authentication Scheme: Digest Realm: "mydomain.net" Authentication Domain: "sip:domain.net" Nonce Value: "c803a53ff76b7e11d8615f0015adc4e2" Stale Flag: false QOP: "auth" Algorithm: MD5 and pjsua make the second invite with proper MD5 authentication, but without "Authentication domain" field: [extract from wireshark pjsua Invite with MD5 auth] Authorization: Digest username="segalion at mydomain.es", realm=" mydomain.net", nonce="", uri="sip:999999999 at mydomain.es", response="" Authentication Scheme: Digest Username: "segalion at mydomain.es" Realm: "mydomain.net" Nonce Value: "" Authentication URI: "sip:999999999 at mydomain.es" Digest Authentication Response: "" k: replaces, 100rel, timer, norefersub x: 1800 Min-SE: 90 User-Agent: PJSUA v1.4.5/i686-pc-mingw32 [truncated] Proxy-Authorization: Digest username=" segalion at mydomain.es", realm="mydomain.net", nonce="c803a53ff76b7e11d8615f0015adc4e2", uri="sip:999999999 at mydomain.es", response="9bd8fc0a1488f95f51df5aff69fc3c4a", algorithm=M Authentication Scheme: Digest Username: "segalion at mydomain.es" Realm: "mydomain.net" Nonce Value: "c803a53ff76b7e11d8615f0015adc4e2" Authentication URI: "sip:999999999 at mydomain.es" Digest Authentication Response: "9bd8fc0a1488f95f51df5aff69fc3c4a" Algorithm: MD5 CNonce Value: "538f092c348f485cb882e34cb35924c5" QOP: auth Nonce Count: 00000001 As you can see pjsua miss "Authentication Domain", so IMS is not abble to finish the call (responds with 480 Temporaly not available). Please help me if this is a bug, or not standard field, or how to change pjsua code to support this... Thanks in advance.. PD: Finally, after a hard work, I could integrate voiceage g729 in pjsua w32-mingw enviroment!!!. Now, I need to solve this to test with IMS. Thanks in advance, and please help me with this.... -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20110525/a361a463/attachment-0001.html>