Re: [SR-Users] people complain Kamailio not handling stale nonce correctly

Tue, 02 Jul 2019 09:49:05 -0700 

Hello Juha,

sounds like a good idea to me, we should integrate it to the default cfg.

Just a small comment, I think this would be match the current behaviour 
more closely (only return stale=true, don't use qop=auth).

!                       case -4:
!                               auth_challenge("$fd", 16);
!                               exit;


Cheers,

Henning

Am 02.07.19 um 17:15 schrieb Juha Heinanen:

> Several people are complaining on baresip git that Kamailio is among
> those SIP servers that don't handle stale nonce properly, i.e., don't
> include stale=true flag in WWW-Authenticate header of 401 response.
>
> I have tried to tell that Kamailio does what it has been configured to
> do, but the response is that "by default" Kamailio works incorrectly.  "By
> default" I guess refers to the example Kamailio kamailio.cfg in etc dir.
>
> How about adding stale nonce handling to the example config, for
> example, like in below?
>
> -- Juha
>
> *** kamailio.cfg      2019-06-13 17:17:17.182148989 +0300
> --- /tmp/kamailio.cfg 2019-07-02 18:02:02.947183503 +0300
> ***************
> *** 745,753 ****
>    
>       if (is_method("REGISTER") || from_uri==myself) {
>               # authenticate requests
> !             if (!auth_check("$fd", "subscriber", "1")) {
> !                     auth_challenge("$fd", "0");
> !                     exit;
>               }
>               # user authenticated - remove auth header
>               if(!is_method("REGISTER|PUBLISH"))
> --- 745,759 ----
>    
>       if (is_method("REGISTER") || from_uri==myself) {
>               # authenticate requests
> !             switch (auth_check("$fd", "subscriber", "1")) {
> !                     case 1:
> !                             break;
> !                     case -4:
> !                             auth_challenge("$fd", 17);
> !                             exit;
> !                     default:
> !                             auth_challenge("$fd", "0");
> !                             exit;
>               }
>               # user authenticated - remove auth header
>               if(!is_method("REGISTER|PUBLISH"))
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> [email protected]
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services

_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to