Re: [Sofia-sip-devel] 904 No Matching Challenge
Hello All, Okay, I tried setting AUTHTAG_EXPIRES(1) and AUTHTAG_CACHE_ERRORS(1), but neither of these fixed the problem, that is, where nua_register() retries did not reply with the authentication header (only the first nua_register() call does). However, Mikhail's suggestion of commenting out the auc_clear_credentials() call in nua_base_client_check_restart() function works. Now subsequent nua_register() calls include the authentication header in the 401 reply. Perhaps I should explain my implementation: I first call nua_register() from my app. When 401 is received, I call nua_authenticate(). If the username/password is bad, my app receives the 904 No matching challenge upon receipt of the 2nd 401 reply. Then I wait 30 seconds and start the process again. Do you know any pitfalls I might encounter if I leave the auc_clear_credentials() call commented out? Best Regards, Jerry -Original Message- From: mikhail.zabal...@nokia.com [mailto:mikhail.zabal...@nokia.com] Sent: Friday, March 13, 2009 1:42 AM To: jer...@tonecommander.com Cc: sofia-sip-devel@lists.sourceforge.net; pekka.pe...@nokia.com Subject: RE: 904 No Matching Challenge Hi, -Original Message- From: ext Jerry Richards [mailto:jer...@tonecommander.com] Sent: Thursday, March 12, 2009 10:57 PM To: Zabaluev Mikhail (Nokia-D/Helsinki) Cc: sofia-sip-devel@lists.sourceforge.net Subject: RE: 904 No Matching Challenge Could you send me a patch (or point out the code) for what you described below? When I removed the line that invalidated the cached challenge upon authentication failure, ... Ehm, it wasn't strictly a patch, I was just experimenting. I did it against an older tree. There have been code movements in nua recently, so I dropped it for a clean update. I will try to redo it and check when I have more time. Look for a comment like Bad username/password pair in the nua code. Pekka may know better where the line is now. Best regards, Mikhail -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
Re: [Sofia-sip-devel] 904 No Matching Challenge
Hello All, By the way, it could be that I don't understand something about the registration/authentication concept implemented in sofia-sip. Given this scenario where the username or password is incorrect, then as the phone periodically retries registration, a user must EITHER correct the username/password in the phone OR correct the username/password in the server. Is sofia-sip smart enough to know that if the username/password is changed at either endpoint, then it will then add the authentication header to the REGISTER message (in reply to the 401)? Best Regards, Jerry -Original Message- From: Jerry Richards [mailto:jer...@tonecommander.com] Sent: Friday, March 13, 2009 8:03 AM To: 'sofia-sip-devel@lists.sourceforge.net' Cc: 'pekka.pe...@nokia.com'; 'mikhail.zabal...@nokia.com' Subject: RE: 904 No Matching Challenge Hello All, Okay, I tried setting AUTHTAG_EXPIRES(1) and AUTHTAG_CACHE_ERRORS(1), but neither of these fixed the problem, that is, where nua_register() retries did not reply with the authentication header (only the first nua_register() call does). However, Mikhail's suggestion of commenting out the auc_clear_credentials() call in nua_base_client_check_restart() function works. Now subsequent nua_register() calls include the authentication header in the 401 reply. Perhaps I should explain my implementation: I first call nua_register() from my app. When 401 is received, I call nua_authenticate(). If the username/password is bad, my app receives the 904 No matching challenge upon receipt of the 2nd 401 reply. Then I wait 30 seconds and start the process again. Do you know any pitfalls I might encounter if I leave the auc_clear_credentials() call commented out? Best Regards, Jerry -Original Message- From: mikhail.zabal...@nokia.com [mailto:mikhail.zabal...@nokia.com] Sent: Friday, March 13, 2009 1:42 AM To: jer...@tonecommander.com Cc: sofia-sip-devel@lists.sourceforge.net; pekka.pe...@nokia.com Subject: RE: 904 No Matching Challenge Hi, -Original Message- From: ext Jerry Richards [mailto:jer...@tonecommander.com] Sent: Thursday, March 12, 2009 10:57 PM To: Zabaluev Mikhail (Nokia-D/Helsinki) Cc: sofia-sip-devel@lists.sourceforge.net Subject: RE: 904 No Matching Challenge Could you send me a patch (or point out the code) for what you described below? When I removed the line that invalidated the cached challenge upon authentication failure, ... Ehm, it wasn't strictly a patch, I was just experimenting. I did it against an older tree. There have been code movements in nua recently, so I dropped it for a clean update. I will try to redo it and check when I have more time. Look for a comment like Bad username/password pair in the nua code. Pekka may know better where the line is now. Best regards, Mikhail -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel
Re: [Sofia-sip-devel] 904 No Matching Challenge
Hi, -Original Message- From: ext Martin Drasar [mailto:dra...@optimsys.cz] Sent: Monday, March 09, 2009 10:24 AM To: sofia-sip-devel Subject: Re: [Sofia-sip-devel] 904 No Matching Challenge Jerry Richards napsal(a): Hello All, If my MD5 Authentication username is incorrect, I noticed my sofia-sip phone will get a 904 No Matching Challenge event in response to my nua_authenticate() call. This only happens AFTER the first nua_authenticate() call (the first one works correctly). Has anyone encountered a similar issue? Yup, I did and some others too (for a bit different use cases though)... I suggest you search the mailing list. Maybe one of these two will help you a bit: Sofia-sip no matching challenge 904 in event_callback. proxy authentication failed when redirecting I was onto it when investigating some other problem recently. It's intended to be legitimate, if the proxy keeps challenging a request to which the user supplies the same authentication string more than once. The purpose is to eliminate endless request loops. When I removed the line that invalidated the cached challenge upon authentication failure, NUA still failed gracefully on a challenge loop condition. I should investigate if this is true for all cases. There maybe others, but these two I know about Martin Here is the scenario: NUASofia-SIP Network -- --- --- nua_register() === === REGISTER (w/o Auth) === nua_r_register === 401 Unauth. (401 Unauthorized) nua_authenticate() === === REGISTER (with Auth) === nua_r_register (401 Unauthorized) nua_authenticate() === === nua_r_register (904 Operation has no matching chal- lenge) ... 30 seconds elapse here ... nua_register() === === REGISTER (w/o Auth) === nua_r_register === 401 Unauth. (401 Unauthorized) nua_authenticate() === === nua_r_register (904 Operation has no matching chal- lenge) Best regards, Mikhail -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ Sofia-sip-devel mailing list Sofia-sip-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sofia-sip-devel