<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2017-06-21 20:49 GMT+02:00 Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">We are effectively upstream for sofia at this point, there are a number of fixes in our tree that are not in their abandoned tree.. <span class=""><div><br></div></span></div></blockquote><div><br></div><div><br></div><div>Yep, I know, but AFAIK there's no repo for Sofia SIP alone, one would have to grab the whole Freeswitch repo even to just have access to the updated library, which means I can't just take that and work on it. Same if I wanted to suggest people to use yours rather than what repos provide (e.g., my Fedora 25). Or am I mistaken and there is indeed a way to do that?</div><div><br></div><div>L.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><span class=""><div><div><blockquote type="cite"><div>On Jun 21, 2017, at 2:40 PM, Lorenzo Miniero <<a href="mailto:lminiero@gmail.com" target="_blank">lminiero@gmail.com</a>> wrote:</div><br class="m_8665031034591862363Apple-interchange-newline"><div><div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div class="gmail_extra"><div class="gmail_quote">2017-06-21 19:39 GMT+02:00 Michael Jerris<span class="m_8665031034591862363Apple-converted-space"> </span><span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word">If you can put a patch together I’m happy to review it…. would simplify our code a bit to use that.<span><div><br></div></span></div></blockquote><div><br></div><div>Sure, I'll try to work on one in the next few days. It would be on the plain Sofia SIP source code I have available, though, so I hope that's ok... shouldn't be too hard to adapt to your fork in case it works fine, as I don't expect it to touch much.</div><div><br></div><div>L.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><span><div><div><blockquote type="cite"><div>On Jun 21, 2017, at 1:20 PM, Lorenzo Miniero <<a href="mailto:lminiero@gmail.com" target="_blank">lminiero@gmail.com</a>> wrote:</div><br class="m_8665031034591862363m_-5830333220987588185Apple-interchange-newline"><div><div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div class="gmail_extra"><div class="gmail_quote">2017-06-21 18:22 GMT+02:00 Michael Jerris<span class="m_8665031034591862363m_-5830333220987588185Apple-converted-space"> </span><span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">The function in play here is: auc_credentials… note the TODO at the top of that function… A new tag that allows for passing those as a structure is probably needed to do this cleaner without issues.<br><div><div class="m_8665031034591862363m_-5830333220987588185gmail-h5"><br></div></div></blockquote><div><br></div><div><br></div><div>Hi Michael,</div><div><br></div><div>yes, that's the function I had identified as well, when debugging. I agree a new tag (or new tags, as I believe multiple ones would be relayed as well, due to how Sofia SIP works internally) would indeed fix the ambiguity here.</div><div><br></div><div>Before receiving your answer I also opened an issue on Jira on this:</div><div><a href="https://freeswitch.org/jira/browse/FS-10415" target="_blank">https://freeswitch.org/jira/br<wbr>owse/FS-10415</a></div><div><br></div><div>Apologies for the double post, but I wasn't sure my message here had gone through (it had been in a moderated state for a while).</div><div><br></div><div>Lorenzo</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div class="m_8665031034591862363m_-5830333220987588185gmail-h5"><br>> On Jun 20, 2017, at 6:24 AM, Lorenzo Miniero <<a href="mailto:lminiero@gmail.com" target="_blank">lminiero@gmail.com</a>> wrote:<br>><br>> Hi,<br>><br>> I'm not sure this is the right place to discuss a potential issue related to Sofia SIP, especially considering I'm going to describe something that happens in another software, but I thought that, considering that Freeswitch uses Sofia SIP as well and has kept it alive so far, it would be of interest to you guys as well, as you may be affected too.<br>><br>> To give you some context, I'm using Sofia SIP in one of the plugins of my WebRTC server, Janus. Specifically, this plugin acts as a SIP client on behalf of WebRTC users, meaning I create NUA instances for them, doing registers, invites and stuff like that from the server side and exposing a simpler API and events (not SIP) to users.<br>><br>> This usually works fine, but I recently encountered a weird problem that can occur when users try to REGISTER and provide a username with a colon in it. This fails, and apparently the cause is in how the NUTAG_AUTH works. As you probably know, NUTAG_AUTH is the tag nua_authenticate requires when answering a REGISTER challenge, and it needs a string that is basically a colon-separated concatenation of digest/realm/user/pass, e.g.:<br>><br>> Digest:"nokia proxy":xyz:secret<br>><br>> This breaks when the username contains a colon, as the method that parses this concatenated string (auc_credentials() in auth_client.c) seems to do a "brutal" split on the colon character. I tried wrapping the username in quotes, but that didn't work, which seems to confirm what the code suggests. Apparently the only way to get Sofia SIP to digest the username with the colon in it, is escaping the colon (%3A) in there, but then this obviously results in a broken authentication when it gets to the registrar, as the usernames differ (ciccio:123 != ciccio%3A123). Some may argue that it should be the registrar's responsibility to unescape the username part, but this is a quoted string in the authorization challenge and not the username part of a URI, so I don't think they're required to do that.<br>><br>> Is this something you encountered as well? Being more of a SIP server, I guess this may be seen as less of an issue in Freeswitch, but it might still occur if/when you're doing active REGISTERs yourself. If it's a known problem, do you happen to know of any workaround that wouldn't require patching auc_credentials to do the right thing? (which might be either changing the delimiter in NUTAG_AUTH to a much less used character, or automatically unescaping %3A internally when formatting the username).<br>><br>> Thanks in advance for any feedback you may have for me!<br>> Lorenzo</div></div></blockquote></div></div></div></div></blockquote></div></div></span></div></blockquote></div></div></div></div></blockquote></div><br></div></span></div><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.<wbr>freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" rel="noreferrer" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-dev mailing list<br>
<a href="mailto:FreeSWITCH-dev@lists.freeswitch.org">FreeSWITCH-dev@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>dev</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-dev" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-dev</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div></div>