El 01/07/14 14:44, Alex Villacís Lasso escribió:
El 26/06/14 18:39, Alex Villacís Lasso escribió:
I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls
work correctly.
With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the
packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user
B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the
communication eventually times out.
I have built and installed the python-sipsimple-clients package. With this, I
can see that the receiving party attempts to make a MSRP connection to my
Kamailio, and the authentication challenge triggers the following message:
SIP session failed: media stream failed: 'opaque'
It seems that msrplib (used by Blink and the test programs) wants a digest authentication
with an "opaque" parameter. Currently the failing dialog goes like this:
MSRP fa4a1c4d39cbf3fd AUTH
To-Path: msrp://pbx.elastix.com:5060;tcp
From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
-------fa4a1c4d39cbf3fd$
MSRP fa4a1c4d39cbf3fd 401 Unauthorized
To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
From-Path: msrp://pbx.elastix.com:5060;tcp
WWW-Authenticate: Digest realm="pbx.elastix.com",
nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth"
-------fa4a1c4d39cbf3fd$
which is, in turn, produced by this code segment in kamailio.cfg:
$var(msrprealm) = $(hdr(To-Path){msrpuri.host});
xlog("L_ALERT","============ msrprealm: [$var(msrprealm)]\n");
if (!www_authenticate("$var(msrprealm)", "subscriber",
"$msrp(method)")) {
if(auth_get_www_authenticate("$var(msrprealm)", "1", "$var(wauth)")) {
msrp_reply("401", "Unauthorized",
"$var(wauth)");
} else {
msrp_reply("500", "Server Error");
}
exit;
}
So, how do I make the authentication issue an adequate "opaque" parameter? I do not want to resort to appending a static value opaque="something" if a more elegant solution can be found. From http://en.wikipedia.org/wiki/Digest_access_authentication , I
deduce that I need the server to issue an "opaque" parameter like the following:
WWW-Authenticate: Digest realm="testre...@host.com",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Apparently, there is no authentication procedure implemented in Kamailio 4.1.4
that is RFC compliant with MSRP.
According to http://tools.ietf.org/html/rfc4976#section-9.1 , MSRP AUTH request must be authenticated. Simply accepting any AUTH request without actually checking the credentials is not RFC-compliant. However, the authentication specified in rfc4976
differs from ordinary Digest-Authentication - the required URI for the Digest authentication is taken from the To-Path: header in the MSRP request, and is apparently not sent in the Authorization header (at least as implemented by the python-msrplib
library). Additionally, none of the Kamailio methods for authentication appear capable of sending an "opaque" parameter that is apparently requested by python-msrplib. It seems that new methods msrp_authenticate() and msrp_challenge() are required.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
