Bugs item #3231716, was opened at 2011-03-21 13:11 Message generated for change (Settings changed) made by bogdan_iancu You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3231716&group_id=232389
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: modules Group: 1.6.x >Status: Closed Resolution: Invalid Priority: 2 Private: No Submitted By: Emmanuel BUU (neutrino38) Assigned to: Bogdan-Andrei Iancu (bogdan_iancu) Summary: retransmitted INVITE with auth is wrongly challenged Initial Comment: Hello, I have the following call case with transmission UA OpenSIPs INVITE (cseq=1) -----------> NVITE (cseq=1) -----------> <--------------------------- 407 (cseq=1) ACK (cseq=1) -----------------------> INVITE (cseq=2, auth) -------------> <--------------------------- 407 (cseq=1) ACK (cseq=1) -----------------------> INVITE (cseq=2, auth) -------------> <--------------------------- 407 (cseq=2) ACK (cseq=2) -----------------------> <-------------------------- 180 Ringing So basically, the invite with cseq=2 is sent twice and the first time, it seems to be re-challenged again although the creds seems to be correcte. The SECOND attempt is processed correctly. Of course, the UA is considering the call as failed because it received a 407 on its second invite. Digging in ze code, I founf the following in auth_mod.c static inline int pv_authorize(struct sip_msg* msg, gparam_p realm, hdr_types_t hftype) { static char ha1[256]; int res; struct hdr_field* h; auth_body_t* cred; auth_result_t ret; str domain; if(fixup_get_svalue(msg, realm, &domain)!=0) { LM_ERR("invalid realm parameter\n"); return -1; } Why the ha1 variable need to be STATIC ? It thpught that the auth processing of OpenSIPS was to be stateless? Emmanuel BUU http://www.ives.fr ---------------------------------------------------------------------- Comment By: Bogdan-Andrei Iancu (bogdan_iancu) Date: 2011-04-07 14:07 Message: Hi Emmanuel, What happens in your case is having the 2 INVITEs (original and retransmission) handled differently - even if they both have the same valid credentials, they are differently handled because of the "nonce reusage" - a nonce can be used for only one authentication. So, you have 2 options: 1) disable the "nonce checking" - http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id250185 2) be sure retransmissions do not hit authentication - put a t_newtran() before the auth section. Regards, Bogdan ---------------------------------------------------------------------- Comment By: Emmanuel BUU (neutrino38) Date: 2011-03-21 16:20 Message: I have removed the "static" declaration from the aformentioned piece of code and tested it. It seems to work without any regression. I have now to test whether it fixes the issue. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3231716&group_id=232389 _______________________________________________ Devel mailing list Devel@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/devel