Hi, This looks like a bug in sipp to me, although I should mention that I am not very familiar with its implementation.
Here is an exercpt from <http://sourceforge.krugle.com/kse/files/svn/svn.sourceforge.net/sipp/sipp/t runk/auth.c> in the createAuthHeaderMD5 method: 194 // Extract the Auth Type - If not present, using 'none' 195 cnonce[0] = '\0'; 196 authtype[0] = '\0'; 197 if ((start = stristr(auth, "qop=")) != NULL) { 198 start = start + strlen("qop="); 199 if (*start == '"') { start++; } 200 end = start + strcspn(start, " ,\"\r\n"); 201 strncpy(authtype, start, end - start); 202 authtype[end - start] ='\0'; 203 sprintf(cnonce, "%x", rand()); 204 sprintf(nc, "%08x", mync); 205 } Later, this value is simply used in the result, as you've experienced: 239 sprintf(result, "Digest username=\"%s\",realm=\"%s\"",user,tmp); 240 if (cnonce[0] != '\0') { 241 sprintf(result, "%s,cnonce=\"%s\",nc=%s,qop=%s",result,cnonce,nc,authtype); 242 } Moreover, they actually look for auth-int as well and "use it" if found as part of the qop-parameter: 251 // If using Auth-Int make a hash of the body - which is NULL for REG 252 if (stristr(authtype, "auth-int") != NULL) { 253 MD5_Init(&Md5Ctx); 254 MD5_Update(&Md5Ctx, msgbody, strlen(msgbody)); 255 MD5_Final(body, &Md5Ctx); 256 hashToHex(&body[0], &body_hex[0]); 257 } Therefore, I believe sipp should wait setting qop in the result until after they've checked for "auth-int" (lines 251-257). Sorry that I don't have the time to include such a patch here... Best regards, Andreas > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:openimscore- > [EMAIL PROTECTED] On Behalf Of Franz Edler > Sent: 10. juli 2008 08:26 > To: [email protected] > Cc: [EMAIL PROTECTED] > Subject: [OpenIMSCore-Users] Wrong qop-parameter in REGISTER request of > SIPp > > Hi, > > I just have some troubles when using SIPp with OpenIMSCore. OpenIMSCore > recently upgraded the authentication algorithm to support the qop- > parameter. > That's fine. > > The WWW-Authenticate header field in "401 Unauthorized" response from > OpenIMSCore now contains the qop parameter: qop="auth,auth-int". > But the next REGISTER request sent by SIPp contains an Authorization > header > field with a qop parameter with wrong syntax and semantic: > qop=auth,auth-int. Only one of the alternatives "auth" or "auth-int" > should > be selected in the qop parameter. > > According to RFC 2617 the value of the qop parameter MUST be one of the > alternatives the server indicated in the WWW-Authenticate header. So a > qop > parameter qop=auth-int would be perfect if the response parameter is > also > calculated correctly. > > A correct Authorization header field should look like: > Authorization: Digest > username="[EMAIL PROTECTED]",realm="net1.test",nonce="AlzSH3r4r3XJVFejmXb > 9cfot > nn/KHwAA3jMuEhKyjzE=",uri="sip:net1.test",algorithm=AKAv1- > MD5,response="a7e0 > dde1b0aae6f0d9e93370380b05f9",qop=auth- > int,nc=00000001,cnonce="9756535152495 > 749" > > Can that be corrected in SIPp? > > regards > Franz > > _______________________________________________ > OpenIMSCore-Users mailing list > [EMAIL PROTECTED] > https://lists.berlios.de/mailman/listinfo/openimscore-users ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Sipp-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sipp-users
