[prev in list] [next in list] [prev in thread] [next in thread]
List: openser-devel
Subject: [sr-dev] Various fixes for Kamailio's IMS code
From: Rob Day <rkd () rkd ! me ! uk>
Date: 2013-12-28 21:04:34
Message-ID: 52BF3CE2.904 () rkd ! me ! uk
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I've been trying to set up Kamailio 4.0.5 as a P-CSCF, I-CSCF and S-CSCF
today, and hit a few issues which I've fixed.
http://sip-router.org/contribute/ suggests that patches should be
submitted to this list, so here I am.
The first issue I hit was the sem_post issue that has been reported from
time to time
(http://lists.kamailio.org/pipermail/sr-users/2013-January/076554.html)
- it looks as though sem_post is only included in -lpthread on Ubuntu
12.04, not -lrt
(https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/874418), so
I've updated some Makefiles to reflect that.
I subsequently hit a segfault when calling pcscf_save: I've tracked this
down to a while loop that was missing curly braces, and so tried to
dereference a null pointer. I think there's another bug in this piece of
code - because h is NULL at the end of the first while loop, we never go
round the second loop, and so never call free_rr. It looks like even if
we did, h->parsed has been set to 0 before we try and free it, so
nothing would happen. I wasn't sure how the memory management here
works, though, and so haven't tried to change this.
I also found that the ims_auth module didn't handle standard SIP Digest
authentication on the MAR interface, only AKA and Digest-MD5 (which
seems to be specific to OpenIMSCore HSS, and not mentioned in the IMS
specs). Most of the code to allow SIP Digest authentication was already
there, so I just hooked the last piece in to get it to work. I'm not
sure whether this counts as a new feature or a bugfix - it's not clear
whether this was meant to be supported but just missing a piece, or not
meant to be supported but very easy to add in.
Finally, I was working from the 4.0 nightlies Debian repository, and the
examples/scsf/kamailio.cfg file for 4.0.x seems to skip authentication.
It looks like this section has been reworked heavily in 4.1.0, so this
may be less important - but I put together a different kamailio.cfg
based on a mailing list post
(http://lists.sip-router.org/pipermail/sr-users/2013-March/077142.html),
and it might make sense to use that as the default file for 4.0.x.
The attached patches are against the 4.0 branch in Git (specifically,
commit 1b98961522fd8a7eb73ecc7d1772541f8b81aabc). I'm happy to apply any
feedback which more knowledgeable contributors have.
Best regards,
Rob
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1">Hi,<br>
<br>
I've been trying to set up Kamailio 4.0.5 as a P-CSCF, I-CSCF and
S-CSCF today, and hit a few issues which I've fixed.
<a class="moz-txt-link-freetext" \
href="http://sip-router.org/contribute/">http://sip-router.org/contribute/</a> \
suggests that patches should be submitted to this list, so here I am.<br>
<br>
The first issue I hit was the sem_post issue that has been
reported from time to time
(<a class="moz-txt-link-freetext" \
href="http://lists.kamailio.org/pipermail/sr-users/2013-January/076554.html">http://lists.kamailio.org/pipermail/sr-users/2013-January/076554.html</a>)
- it looks as though sem_post is only included in -lpthread on
Ubuntu 12.04, not -lrt
(<a class="moz-txt-link-freetext" \
href="https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/874418">https://bugs.launchpad.net/ubuntu/+source/manpages/+bug/874418</a>),
so I've updated some Makefiles to reflect that.<br>
<br>
I subsequently hit a segfault when calling pcscf_save: I've
tracked this down to a while loop that was missing curly braces,
and so tried to dereference a null pointer. I think there's
another bug in this piece of code - because h is NULL at the end
of the first while loop, we never go round the second loop, and so
never call free_rr. It looks like even if we did, h->parsed has
been set to 0 before we try and free it, so nothing would happen.
I wasn't sure how the memory management here works, though, and so
haven't tried to change this.<br>
<br>
I also found that the ims_auth module didn't handle standard SIP
Digest authentication on the MAR interface, only AKA and
Digest-MD5 (which seems to be specific to OpenIMSCore HSS, and not
mentioned in the IMS specs). Most of the code to allow SIP Digest
authentication was already there, so I just hooked the last piece
in to get it to work. I'm not sure whether this counts as a new
feature or a bugfix - it's not clear whether this was meant to be
supported but just missing a piece, or not meant to be supported
but very easy to add in.<br>
<br>
Finally, I was working from the 4.0 nightlies Debian repository,
and the examples/scsf/kamailio.cfg file for 4.0.x seems to skip
authentication. It looks like this section has been reworked
heavily in 4.1.0, so this may be less important - but I put
together a different kamailio.cfg based on a mailing list post
(<a class="moz-txt-link-freetext" \
href="http://lists.sip-router.org/pipermail/sr-users/2013-March/077142.html">http://lists.sip-router.org/pipermail/sr-users/2013-March/077142.html</a>),
and it might make sense to use that as the default file for 4.0.x.<br>
<br>
The attached patches are against the 4.0 branch in Git
(specifically, commit 1b98961522fd8a7eb73ecc7d1772541f8b81aabc).
I'm happy to apply any feedback which more knowledgeable
contributors have.<br>
<br>
Best regards,<br>
Rob<br>
</font>
</body>
</html>
["0001-Change-lrt-to-lpthread-to-avoid-error-due-to-missing.patch" (text/x-patch)]
From 874055ce8b1ed7438b830ed9b469a95f46f4be36 Mon Sep 17 00:00:00 2001
From: Rob Day <rkd@rkd.me.uk>
Date: Sat, 28 Dec 2013 20:20:29 +0000
Subject: [PATCH 1/4] Change "-lrt" to "-lpthread" to avoid error due to
missing sem_post symbol on Ubuntu 12.04.
---
modules/cdp/Makefile | 2 +-
modules/ims_qos/Makefile | 4 ++--
modules/ims_registrar_pcscf/Makefile | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/cdp/Makefile b/modules/cdp/Makefile
index d555e62..9779ff8 100644
--- a/modules/cdp/Makefile
+++ b/modules/cdp/Makefile
@@ -20,7 +20,7 @@ else
endif
ifneq ($(OS),darwin)
- LIBS += -lrt
+ LIBS += -lpthread
endif
include ../../Makefile.modules
diff --git a/modules/ims_qos/Makefile b/modules/ims_qos/Makefile
index 147f162..923673b 100644
--- a/modules/ims_qos/Makefile
+++ b/modules/ims_qos/Makefile
@@ -2,7 +2,7 @@
#
# ims_qos make file
#
-#
+#
include ../../Makefile.defs
auto_gen=
@@ -16,7 +16,7 @@ SER_LIBS+=$(SERLIBPATH)/kcore/kcore
SER_LIBS+=$(SERLIBPATH)/ims/kamailio_ims
ifneq ($(OS),darwin)
- LIBS += -lrt
+ LIBS += -lpthread
endif
include ../../Makefile.modules
diff --git a/modules/ims_registrar_pcscf/Makefile b/modules/ims_registrar_pcscf/Makefile
index 8c45b9d..ef3538a 100644
--- a/modules/ims_registrar_pcscf/Makefile
+++ b/modules/ims_registrar_pcscf/Makefile
@@ -23,7 +23,7 @@ else
endif
ifneq ($(OS),darwin)
- LIBS += -lrt
+ LIBS += -lpthread
endif
DEFS+=-DOPENSER_MOD_INTERFACE
--
1.8.3.2
["0002-Fix-segfault-when-calling-pcscf_save.patch" (text/x-patch)]
From 784b77de094b6f8875752d5b235429130000dbaa Mon Sep 17 00:00:00 2001
From: Rob Day <rkd@rkd.me.uk>
Date: Sat, 28 Dec 2013 20:35:59 +0000
Subject: [PATCH 2/4] Fix segfault when calling pcscf_save.
---
lib/ims/ims_getters.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/ims/ims_getters.c b/lib/ims/ims_getters.c
index d1c84c7..dd05c9f 100644
--- a/lib/ims/ims_getters.c
+++ b/lib/ims/ims_getters.c
@@ -1258,14 +1258,15 @@ str* cscf_get_service_route(struct sip_msg *msg, int *size, int is_shm) {
h = h->next;
}
if (is_shm) {
- while (h)
+ while (h) {
if (h->name.len == 13
&& strncasecmp(h->name.s, "Service-Route", 13) == 0) {
h->parsed = 0;
r = (rr_t*) h->parsed;
free_rr(&r);
}
- h = h->next;
+ h = h->next;
+ }
}
return x;
--
1.8.3.2
["0003-Add-support-for-SIP-Digest-3GPP-Digest-authenticatio.patch" (text/x-patch)]
From 05f3903feb937a7b4dc498eabfb18e3f11d0a54c Mon Sep 17 00:00:00 2001
From: Rob Day <rkd@rkd.me.uk>
Date: Sat, 28 Dec 2013 20:37:24 +0000
Subject: [PATCH 3/4] Add support for SIP Digest/3GPP-Digest authentication.
---
modules/ims_auth/authorize.c | 10 ++++++++++
modules/ims_auth/doc/ims_auth_admin.xml | 4 ++++
2 files changed, 14 insertions(+)
diff --git a/modules/ims_auth/authorize.c b/modules/ims_auth/authorize.c
index 8b1904d..0a8f65e 100644
--- a/modules/ims_auth/authorize.c
+++ b/modules/ims_auth/authorize.c
@@ -689,6 +689,16 @@ int authenticate(struct sip_msg* msg, char* _realm, char* str2, \
int is_proxy_aut
LM_INFO("UE said: %.*s and we expect %.*s ha1 %.*s (%.*s)\n",
response16.len, response16.s, \
/*av->authorization.len,av->authorization.s,*/32, expected, 32, ha1, \
msg->first_line.u.request.method.len, msg->first_line.u.request.method.s); break;
+ case AUTH_SIP_DIGEST:
+ calc_response(av->authorization.s, &(av->authenticate),
+ &nc,
+ &cnonce,
+ &qop_str,
+ qop == QOP_AUTHINT,
+ &msg->first_line.u.request.method, &uri, hbody, expected);
+ LM_INFO("UE said: %.*s and we expect %.*s ha1 %.*s (%.*s)\n",
+ response16.len, response16.s, \
/*av->authorization.len,av->authorization.s,*/32, expected, 32, av->authorization.s, \
msg->first_line.u.request.method.len, msg->first_line.u.request.method.s); + \
break; default:
LM_ERR("algorithm %.*s is not handled.\n",
algorithm_types[av->type].len, algorithm_types[av->type].s);
diff --git a/modules/ims_auth/doc/ims_auth_admin.xml \
b/modules/ims_auth/doc/ims_auth_admin.xml index 18834cd..0a2194c 100644
--- a/modules/ims_auth/doc/ims_auth_admin.xml
+++ b/modules/ims_auth/doc/ims_auth_admin.xml
@@ -185,6 +185,10 @@ modparam("ims_auth", "av_request_at_sync", 1)
</listitem>
<listitem>
+ <para><emphasis>3GPP-Digest</emphasis></para>
+ </listitem>
+
+ <listitem>
<para>HSS-Selected - HSS will decide on auth algorithm</para>
</listitem>
</itemizedlist>Default value is <quote>AKAv1-MD5</quote>.</para>
--
1.8.3.2
["0004-Updated-example-S-CSCF-config-with-working-authentic.patch" (text/x-patch)]
From 64aaf8ac60e50e1ad2ed219e83e4b070890c7f92 Mon Sep 17 00:00:00 2001
From: Rob Day <rkd@rkd.me.uk>
Date: Sat, 28 Dec 2013 20:44:00 +0000
Subject: [PATCH 4/4] Updated example S-CSCF config with working authentication
---
examples/scscf/kamailio.cfg | 123 ++++++++++++++++++++++++++------------------
1 file changed, 74 insertions(+), 49 deletions(-)
diff --git a/examples/scscf/kamailio.cfg b/examples/scscf/kamailio.cfg
index 4fa09b0..93b10e0 100644
--- a/examples/scscf/kamailio.cfg
+++ b/examples/scscf/kamailio.cfg
@@ -44,7 +44,7 @@ log_stderror=no
sip_warning=no
#!endif
-/* uncomment and configure the following line if you want Kamailio to
+/* uncomment and configure the following line if you want Kamailio to
bind on a specific interface/port/proto (default bind on all available) */
#!ifdef NETWORK_INTERFACE
listen=NETWORK_INTERFACE
@@ -123,7 +123,7 @@ loadmodule "cdp_avp.so"
loadmodule "ims_diameter_ro.so"
#!endif
-loadmodule "ims_usrloc_scscf.so"
+loadmodule "ims_usrloc_scscf.so"
loadmodule "ims_registrar_scscf.so"
loadmodule "ims_auth.so"
loadmodule "ims_isc.so"
@@ -223,7 +223,7 @@ modparam("siptrace", "hep_mode_on", 1)
# -- ims_auth params --
modparam("ims_auth", "name", URI)
modparam("ims_auth", "registration_default_algorithm", REG_AUTH_DEFAULT_ALG)
-modparam("ims_auth","ignore_failed_auth",1)
+modparam("ims_auth","ignore_failed_auth",0)
#!ifdef CXDX_FORCED_PEER
modparam("ims_auth", "cxdx_forced_peer", CXDX_FORCED_PEER)
#!endif
@@ -304,7 +304,7 @@ route {
route(subscribe);
break;
}
-
+
#Set DLG flag to track dialogs using dialog2
if (!is_method("REGISTER|SUBSCRIBE"))
setflag(FLT_DIALOG);
@@ -324,13 +324,13 @@ route {
# Originating
route(orig);
- break;
+ break;
} else {
isc_from_as("term");
if ($retcode == -2) {
# Treat as originating, since it was retargeted:
route(orig);
- break;
+ break;
}
if ((is_in_profile("orig") || has_totag()) && ($route_uri =~ "sip:mo@"+".*")) {
route(orig_subsequent);
@@ -363,7 +363,7 @@ route {
route[REQINIT] {
# Trace this message
#!ifdef CAPTURE_NODE
- sip_trace();
+ sip_trace();
setflag(FLT_CAPTURE);
#!endif
@@ -387,8 +387,8 @@ route[REQINIT] {
if (is_method("OPTIONS") && (uri==myself)) {
options_reply();
exit;
- }
-
+ }
+
# Ignore Re-Transmits:
if (t_lookup_request()) {
exit;
@@ -430,32 +430,57 @@ route[XMLRPC] {
# Route for handling Registrations:
######################################################################
route[REGISTER] {
- xlog("L_ERR", "Enter register block");
- t_newtran();
-
- ims_www_authenticate(NETWORKNAME);
-
- #check to see if user is authenticated - ie sip header has auth information - \
(already challenged)
- if ($avp(maa_return_code) == 1) {
- # user has not been authenticated. Lets send a challenge via 401 Unauthorized
- ims_www_challenge("$td");
- exit;
- } else {
- # We need to check if this user is registered or not
- if (!impu_registered("location")) {
- save("location");
- if ($avp(saa_return_code) == 1) {
- isc_match_filter_reg("0","location");
- exit;
- }
- } else {
- save("location");
- if($avp(saa_return_code) == 1) {
- isc_match_filter_reg("1","location");
- exit;
- }
- }
- }
+ xlog("L_DBG", "Enter register block");
+ if (!t_newtran()) { #absorb retransmissions
+ sl_reply("500","Could not create transaction");
+ exit;
+ }
+ if (!ims_www_authenticate(NETWORKNAME)) {
+ if ($? == -2) {
+ t_reply("403", "Authentication Failed");
+ exit;
+ } else if ($? == -3) {
+ t_reply("400", "Bad Request");
+ exit;
+ } else {
+ #user has not been authenticated. Lets send a challenge via \
401 Unauthorized + xlog("L_DBG","About to challenge! \
auth_ims\n"); + ims_www_challenge("$td");
+ #this is async so to know status we have to check the reply \
avp + xlog("L_DBG","maa_return code is \
$avp(s:maa_return_code)\n"); +
+ switch ($avp(s:maa_return_code)){
+ case 1: #success
+ xlog("L_DBG", "MAR success - 401/407 \
response sent from module"); + break;
+ case -1: #failure
+ xlog("L_ERR", "MAR failure - error response \
sent from module"); + break;
+ case -2: #error
+ xlog("L_ERR", "MAR error - sending error \
response now"); + t_reply("500", "MAR \
failed"); + break;
+ default:
+ xlog("L_ERR", "Unknown return code from MAR, \
value is [$avp(s:uaa_return_code)]"); + \
t_reply("500", "Unknown response code from MAR"); + \
break; + }
+ exit;
+ }
+ } else {
+ xlog("L_DBG", "Auth succeeded\n");
+ # We need to check if this user is registered or not
+ if (!impu_registered("location")) {
+ xlog("L_DBG", "Not REGISTERED\n");
+ isc_match_filter_reg("0","location");
+ save("location");
+ exit;
+ } else {
+ isc_match_filter_reg("1","location");
+ save("location");
+ exit;
+ }
+ }
}
######################################################################
@@ -483,7 +508,7 @@ route[orig]
# }
if (is_method("INVITE|SUBSCRIBE")) {
$avp(RR_CUSTOM_USER_AVP)="mo";
- record_route();
+ record_route();
}
#!ifdef WITH_RO
@@ -496,12 +521,12 @@ route[orig]
sl_send_reply("402","Payment required");
exit;
}
- xlog("L_DBG","CCR Request success\n");
+ xlog("L_DBG","CCR Request success\n");
}
#!endif
# check if dialog saved as fwded to AS
if (isc_match_filter("orig", "location")) {
- t_on_failure("isc_orig_failure");
+ t_on_failure("isc_orig_failure");
xlog("Orig - msg was fwded to AS\n");
exit;
}
@@ -513,7 +538,7 @@ route[orig]
# Check for PSTN destinations:
if (is_method("INVITE")) {
- route(PSTN_handling);
+ route(PSTN_handling);
}
t_on_reply("orig_reply");
@@ -550,7 +575,7 @@ onreply_route[orig_reply]
route[orig_subsequent]
{
xlog("L_DBG","Orig_Subsequent\n");
-
+
if (!is_method("ACK")) {
t_on_reply("orig_subsequent_reply");
}
@@ -572,10 +597,10 @@ onreply_route[orig_subsequent_reply]
######################################################################
failure_route[isc_orig_failure]
{
- xlog("L_DBG","ISC_Orig_failure\n");
+ xlog("L_DBG","ISC_Orig_failure\n");
if (t_check_status("(408)|(5..)")){
- t_on_failure("isc_orig_failure");
+ t_on_failure("isc_orig_failure");
if (isc_match_filter("orig","location")){
xlog("L_DBG","ISC_Orig_failure - msg was fwded to AS\n");
exit;
@@ -610,7 +635,7 @@ route[term]
if (is_method("INVITE|SUBSCRIBE")) {
$avp(RR_CUSTOM_USER_AVP)="mt";
$avp(i:20)="mt";
- record_route();
+ record_route();
}
# check if dialog saved as fwded to AS
@@ -625,7 +650,7 @@ route[term]
if (!t_newtran()) {
sl_reply_error();
exit;
- }
+ }
t_reply("404","Not Found - destination user not found on this S-CSCF");
exit;
}
@@ -634,7 +659,7 @@ route[term]
if (!t_newtran()) {
sl_reply_error();
exit;
- }
+ }
t_reply("404","Not Found - destination user not found on this S-CSCF");
exit;
}
@@ -652,9 +677,9 @@ failure_route[isc_term_failure]
xlog("L_DBG","ISC_term_failure\n");
if (t_check_status("(408)|(5..)")){
- t_on_failure("isc_term_failure");
+ t_on_failure("isc_term_failure");
if (isc_match_filter("term","location")){
- xlog("L_DBG","Term - msg was fwded to AS\n");
+ xlog("L_DBG","Term - msg was fwded to AS\n");
exit;
}
@@ -698,7 +723,7 @@ route[PSTN_handling]
if ($rU =~ "[0-9]+") {
if (dp_translate("1")) {
xlog("L_INFO", "R-URI rewritten to $rU - M=$rm R=$ru F=$fu T=$tu IP=$si:$sp \
ID=$ci\n");
- }
+ }
}
#!endif
if ($rU =~ "\+[0-9]+") {
@@ -736,7 +761,7 @@ failure_route[PSTN_failure] {
# - receive a 5xx or 6xx reply from the proxy.
if (t_branch_timeout() || t_check_status("[5-6]..")) {
if (ds_next_dst()) {
- # Do Failover in case problems:
+ # Do Failover in case problems:
t_on_failure("PSTN_failure");
t_relay();
} else {
--
1.8.3.2
_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic