Re: [OpenSER-Users] Doesn't "proxy_authorize()" allow credentials if "From" == "Anonymous" ?

Thu, 05 Jun 2008 08:46:45 -0700 

Hi!

Do you have the domain hardcoded in the authenticate function? If not 
openser tries to detect it from the from header (anonymous.invalid) and 
thus may not find the authorization header.

regards
klaus

Iñaki Baz Castillo schrieb:
> Hi, when I do a call with hiddn callerid from my Twinkle it sends an INVITE 
> with:
> 
> -----------
>   INVITE sip:[EMAIL PROTECTED] SIP/2.0
>   From: "Anonymous" <sip:[EMAIL PROTECTED]>;tag=emirn
>   Privacy: id
>   P-Preferred-Identity: "IBC" <sip:[EMAIL PROTECTED]>
> -----------
> 
> and of course my Openser asks Twinkle for authentication:
> 
> -----------
>   SIP/2.0 407 Proxy Authentication Required
>   Proxy-Authenticate: Digest realm="my_domain.net", 
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
> -----------
> 
> and I see the $rc code of "proxy-authentication()" is -4  (no credentials).
> 
> So my Twinkle sends a correct INVITE (CSeq + 1 and "Proxy-Authorization" 
> header):
> 
> -----------
>   INVITE sip:[EMAIL PROTECTED] SIP/2.0
>   From: "Anonymous" <sip:[EMAIL PROTECTED]>;tag=emirn
>   Privacy: id
>   P-Preferred-Identity: "IBC" <sip:[EMAIL PROTECTED]>
>   Proxy-Authorization: Digest username="ibc", realm="mt_domain.net",     
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e",  
>       uri="sip:[EMAIL PROTECTED]",   
>       response="061d82967778669a01e53d168f2da93b",
>       algorithm=MD5, cnonce="9n7ln49l46", qop=auth, nc=00000001
> -----------
> 
> But "proxy-authentication()" replies again with -4  (no credentials).
> -----------
>   SIP/2.0 407 Proxy Authentication Required
>   Proxy-Authenticate: Digest realm="my_domain.net", 
>       nonce="4838005d57e5ee0a1f96430d63696fe1407ef93e", qop="auth"
> -----------
> 
> 
> Why? Obviously the INVITE **does include** Proxy-Authorization.
> Maybe RC3261 says that a server must not challenge for authentication a user 
> with From "Anonymous" <sip:[EMAIL PROTECTED]> ?
> 
> Of course authentication works properly when not hidding callerid.
> 
> Thanks for any explanation.
> 
> 
> 

_______________________________________________
Users mailing list
Users@lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users

Reply via email to