[OpenSIPS-Devel] [ opensips-Bugs-3231716 ] retransmitted INVITE with auth is wrongly challenged

SourceForge.net noreply at sourceforge.net
Tue Jun 28 09:18:22 CEST 2011 

Bugs item #3231716, was opened at 2011-03-21 13:11
Message generated for change (Settings changed) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3231716&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: 1.6.x
>Status: Closed
Resolution: Invalid
Priority: 2
Private: No
Submitted By: Emmanuel BUU (neutrino38)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: retransmitted INVITE with auth is wrongly challenged

Initial Comment:
Hello,

I have the following call case with transmission

UA                                  OpenSIPs

INVITE (cseq=1) -----------> 
NVITE (cseq=1)  ----------->

<--------------------------- 407 (cseq=1)
ACK (cseq=1) ----------------------->

INVITE (cseq=2, auth) ------------->
<--------------------------- 407 (cseq=1)
ACK (cseq=1) ----------------------->

INVITE (cseq=2, auth) ------------->
<--------------------------- 407 (cseq=2)
ACK (cseq=2) ----------------------->

<-------------------------- 180 Ringing


So basically, the invite with cseq=2 is sent twice and the first time, it seems to be re-challenged again although the creds seems to be correcte.
The SECOND attempt is processed correctly. Of course, the UA is considering the call as failed because it received a 407 on its second invite.

Digging in ze code, I founf the following in auth_mod.c 
 
static inline int pv_authorize(struct sip_msg* msg, gparam_p realm,
                                                                                hdr_types_t hftype)
{
        static char ha1[256];
        int res;
        struct hdr_field* h;
        auth_body_t* cred;
        auth_result_t ret;
        str domain;

        if(fixup_get_svalue(msg, realm, &domain)!=0)
        {
                LM_ERR("invalid realm parameter\n");
                return -1;
        }

Why the ha1 variable  need to be STATIC ? It thpught that the auth processing of OpenSIPS was to be stateless?

Emmanuel BUU
http://www.ives.fr



----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2011-04-07 14:07

Message:
Hi Emmanuel,

What happens in your case is having the 2 INVITEs (original and
retransmission) handled differently - even if they both have the same valid
credentials,  they are differently handled because of the "nonce reusage" -
a nonce can be used for only one authentication.

So, you have 2 options:
1) disable the "nonce checking" -
http://www.opensips.org/html/docs/modules/1.6.x/auth.html#id250185
2) be sure retransmissions do not hit authentication - put a t_newtran()
before the auth section.

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Emmanuel BUU (neutrino38)
Date: 2011-03-21 16:20

Message:
I have removed the "static" declaration from the aformentioned piece of
code and tested it. It seems to work without any regression. I have now to
test whether it fixes the issue.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3231716&group_id=232389

More information about the Devel mailing list