dani783 / sipdroid

Automatically exported from code.google.com/p/sipdroid
GNU General Public License v3.0
0 stars 0 forks source link

Missing cnonce and nc parameters in Authorization header when qop is set #33

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
NOTE: This form is only for reporting bugs. For questions, comments, or
advice please visit:  http://groups.google.com/group/sipdroid-users

What steps will reproduce the problem?
1. Configure the UAC to use a SIP registrar that sets the qop parameter in
WWW-Authenticate/Proxy-Authenticate headers in the 401/407 reply.
2. Initiate registration process

What is the expected output? What do you see instead?
A WWW-Authenticate/Proxy-Authenticate header with cnonce and nc parameters

What version of the product are you using? On what operating system?
svn trunk in emulator

Please provide any additional information below.

The missing cnonce and nc values makes the registration process fail with
some SIP registrars. These parameters are mandatory if the qop parameter is
set according to section 3.2.2 of RFC 2617.

The example below shows that qop="auth" is set in the 401 reply and that
the following REGISTER is missing the nc and cnonce parameters in the
Authorization header which results in a 400 Bad Request reply from the
registrar.

The same behavior is observed with Proxy-Authenticate/407 transactions.

---

REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bK00429
Max-Forwards: 70
To: <sip:foo@example.com>
From: <sip:foo@example.com>;tag=z9hG4bK92140648
Call-ID: 408799865694@127.0.0.1
CSeq: 1 REGISTER
Contact: <sip:foo@127.0.0.1>
Expires: 3600
User-Agent: mjsip stack 1.6
Content-Length: 0

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
127.0.0.1:5060;rport=33234;branch=z9hG4bK00429;received=192.168.1.10
To: <sip:foo@example.com>;tag=9e3d5c42014a5041c27e22f1f36bbce6.462c
From: <sip:foo@example.com>;tag=z9hG4bK92140648
Call-ID: 408799865694@127.0.0.1
CSeq: 1 REGISTER
WWW-Authenticate: Digest realm="example.com",
nonce="4a12b95f3b08eb9291a51b7c341446194a705efb", qop="auth"
Content-Length: 0

REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/UDP 127.0.0.1:5060;rport;branch=z9hG4bK00429
Max-Forwards: 70
To: <sip:foo@example.com>
From: <sip:foo@example.com>;tag=z9hG4bK92140648
Call-ID: 408799865694@127.0.0.1
CSeq: 2 REGISTER
Contact: <sip:foo@127.0.0.1>
Expires: 3600
User-Agent: mjsip stack 1.6
Authorization: Digest username="foo", realm="example.com",
nonce="4a12b95f3b08eb9291a51b7c341446194a705efb", uri="sip:example.com",
qop=auth, response="9d11f6ae2adfca089b596d8769b09ed2"
Content-Length: 0

SIP/2.0 400 Bad Request 
Via: SIP/2.0/UDP
127.0.0.1:5060;rport=33234;branch=z9hG4bK00429;received=192.168.1.10
To: <sip:foo@example.com>;tag=9e3d5c42014a5041c27e22f1f36bbce6.462c
From: <sip:foo@example.com>;tag=z9hG4bK92140648
Call-ID: 408799865694@127.0.0.1
CSeq: 2 REGISTER
Content-Length: 0

---

Patch:

diff -r 5f03464e13bb src/org/zoolu/sip/authentication/DigestAuthentication.java
--- a/src/org/zoolu/sip/authentication/DigestAuthentication.java        Tue
May 19 14:49:15 2009 +0200
+++ b/src/org/zoolu/sip/authentication/DigestAuthentication.java        Tue
May 19 16:17:28 2009 +0200
@@ -5,6 +5,7 @@ import org.zoolu.sip.header.ProxyAuthori
 import org.zoolu.sip.header.ProxyAuthorizationHeader;
 import org.zoolu.sip.header.WwwAuthenticateHeader;
 import org.zoolu.tools.MD5;
+import org.zoolu.tools.Random;

 /**
  * The HTTP Digest Authentication as defined in RFC2617. It can be used to i)
@@ -53,6 +54,14 @@ public class DigestAuthentication {
                init(method, ah, body, passwd);
                this.uri = uri;
                this.qop = qop;
+               if (qop != null && cnonce == null) {
+                       this.cnonce = Random.nextHexString(16);
+                       /*
+                        * A new cnonce is generated for every new instance so 
+                        * no need to keep track of the nc value.
+                        */
+                       this.nc = "00000001";
+               }
                this.username = username;
        }

@@ -119,6 +128,8 @@ public class DigestAuthentication {
                        ah.addQopParam(qop);
                if (nc != null)
                        ah.addNcParam(nc);
+               if (cnonce != null)
+                       ah.addCnonceParam(cnonce);
                String response = getResponse();
                ah.addResponseParam(response);
                return ah;

Original issue reported on code.google.com by eriksson...@gmail.com on 19 May 2009 at 3:08

GoogleCodeExporter commented 9 years ago
Thanks for your report, but please don't post patches here. I've added you as a 
member to upload tested patches.

Original comment by pmerl...@googlemail.com on 19 May 2009 at 3:18

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
The patch has been submitted as r100. It will be included in v0.9.5.

Original comment by pmerl...@googlemail.com on 22 May 2009 at 5:32

GoogleCodeExporter commented 9 years ago

Original comment by pmerl...@googlemail.com on 25 May 2009 at 4:48