[OpenSIPS-Users] Problem with nonce (probably due to configuration)
Joan
aseques at gmail.com
Fri Jun 5 11:39:36 CEST 2009
I'm having a problem in a new setup, I have been looking at it for
some time, but I cannot find the real reason that it is failing.
Basically I can only call for the first few calls after restarting
opensips. After that I cannot call anymore.
Tracing the problem I found that it seems to be a problem with the
generation of the nonces.
The relevant part is that I see
I posted the output of cat /var/log/syslog | grep nonce in the
pastebin: http://pastebin.com/m4344e16a
For the first entries, the nonces are generated appropiately ....
Jun 5 11:16:09 pulse DBG:auth:reserve_nonce_index: second= 4,
sec_monit= -1, index= 0
Jun 5 11:16:09 pulse DBG:auth:build_auth_hf: nonce index= 0
Jun 5 11:16:09 pulse DBG:auth:build_auth_hf: 'Proxy-Authenticate:
Digest realm="example.com",
nonce="4a28e27700000000f987ee1aea739d268b8cf3a941dc12bb"^M '
Jun 5 11:16:09 pulse DBG:auth:check_nonce: comparing
[4a28e27700000000f987ee1aea739d268b8cf3a941dc12bb] and
[4a28e27700000000f987ee1aea739d268b8cf3a941dc12bb]
Jun 5 11:16:09 pulse DBG:auth:post_auth: nonce index= 0
Jun 5 11:16:09 pulse DBG:auth:check_nonce: comparing
[4a28e27700000000f987ee1aea739d268b8cf3a941dc12bb] and
[4a28e27700000000f987ee1aea739d268b8cf3a941dc12bb]
Jun 5 11:16:09 pulse DBG:auth:post_auth: nonce index= 0
Jun 5 11:16:14 pulse DBG:auth:reserve_nonce_index: second= 8,
sec_monit= -1, index= 1
Jun 5 11:16:14 pulse DBG:auth:build_auth_hf: nonce index= 1
Jun 5 11:16:14 pulse DBG:auth:build_auth_hf: 'Proxy-Authenticate:
Digest realm="example.com",
nonce="4a28e27c00000001cbab3d6af9ffd998167291ec85f873cd"^M '
Jun 5 11:16:14 pulse DBG:auth:check_nonce: comparing
[4a28e27c00000001cbab3d6af9ffd998167291ec85f873cd] and
[4a28e27c00000001cbab3d6af9ffd998167291ec85f873cd]
Jun 5 11:16:14 pulse DBG:auth:post_auth: nonce index= 1
Jun 5 11:16:14 pulse DBG:auth:check_nonce: comparing
[4a28e27c00000001cbab3d6af9ffd998167291ec85f873cd] and
[4a28e27c00000001cbab3d6af9ffd998167291ec85f873cd]
Jun 5 11:16:14 pulse DBG:auth:post_auth: nonce index= 1
After a while, with no apparent reason, nonces start to collide:
Jun 5 11:16:39 pulse DBG:auth:reserve_nonce_index: second= 3,
sec_monit= -1, index= 7
Jun 5 11:16:39 pulse DBG:auth:build_auth_hf: nonce index= 7
Jun 5 11:16:39 pulse DBG:auth:build_auth_hf: 'Proxy-Authenticate:
Digest realm="example.com",
nonce="4a28e29500000007fb204a1185fed36378ef6868f672ae6e"^M '
Jun 5 11:16:39 pulse DBG:auth:check_nonce: comparing
[4a28e29500000007fb204a1185fed36378ef6868f672ae6e] and
[4a28e29500000007fb204a1185fed36378ef6868f672ae6e]
Jun 5 11:16:39 pulse DBG:auth:post_auth: nonce index= 7
Jun 5 11:16:39 pulse DBG:auth:check_nonce: comparing
[4a28e29500000007fb204a1185fed36378ef6868f672ae6e] and
[4a28e29500000007fb204a1185fed36378ef6868f672ae6e]
Jun 5 11:16:39 pulse DBG:auth:post_auth: nonce index= 7
Jun 5 11:16:42 pulse DBG:auth:reserve_nonce_index: second= 6,
sec_monit= 0, index= 8
Jun 5 11:16:42 pulse DBG:auth:build_auth_hf: nonce index= 8
Jun 5 11:16:42 pulse DBG:auth:build_auth_hf: 'Proxy-Authenticate:
Digest realm="example.com",
nonce="4a28e29800000008d0eb660696e699d4481e16bc773771d2"^M '
Jun 5 11:16:43 pulse DBG:auth:check_nonce: comparing
[4a28e29800000008d0eb660696e699d4481e16bc773771d2] and
[4a28e29800000008d0eb660696e699d4481e16bc773771d2]
Jun 5 11:16:43 pulse DBG:auth:post_auth: nonce index= 8
Jun 5 11:16:43 pulse DBG:auth:check_nonce: comparing
[4a28e29800000008d0eb660696e699d4481e16bc773771d2] and
[4a28e29800000008d0eb660696e699d4481e16bc773771d2]
Jun 5 11:16:43 pulse DBG:auth:post_auth: nonce index= 8
Jun 5 11:16:43 pulse DBG:auth:is_nonce_index_valid: nonce already used
Jun 5 11:16:43 pulse DBG:auth:post_auth: nonce index not valid
At the moment, there's only one single client connected, and I'm only
doing missed calls (I don't pick up the phone).
I found also that if I turn off the nonce checking, everything goes
fine, but I'm not confident about living it this way.
Any tracks I can follow? I don't know if it would be a problem with
the proxy_authorize or with the termination of the previous call?
Thanks a lot!
More information about the Users
mailing list