[Pidgin] #48: Make SIP/SIMPLE work with Microsoft Live Communication Server

Pidgin trac at pidgin.im
Mon Oct 20 09:30:49 EDT 2008 

#48: Make SIP/SIMPLE work with Microsoft Live Communication Server
---------------------------+------------------------------------------------
 Reporter:  MarkDoliner    |        Owner:  shulman
     Type:  patch          |       Status:  new    
Milestone:                 |    Component:  SIMPLE 
  Version:  2.0            |   Resolution:         
 Keywords:  MS LCS SIMPLE  |  
---------------------------+------------------------------------------------

Comment(by djflux):

 Would a patch to the SIMPLE protocol code be preferred here?  Since
 OCS2007 requires SSL/TLS I would think adding SSL functionality to the
 SIMPLE code would be in order.

 I have patched the simple.c code with the SSL code from the SIPE mob
 branch to use SSL and I can successfully receive the 201 SIP Unauthorized
 from our OCS server, however the NTLM gssapi-data header that is added
 doesn't seem to be working.  The NTLM gssapi-data is added to the REGISTER
 message but I keep getting the 201 Unauthorized message back from the
 server.

 I have also modified the code from the SIPE mob branch and I can
 successfully register to our OCS 2007 server, but when I try to SUBSCRIBE
 with the sipe_get_buddies code I get a 407 and the NTLM gssapi-data
 returned to the server doesn't seem to be working with the SUBSCRIBE.  I
 receive the following from the OCS server:


 {{{
 ms-diagnostics: 1000;reason="Final handshake
 failed";source="ourocs2007server.domain.local";HRESULT="C3E93EC3(SIP_E_AUTH_UNAUTHORIZED)"
 }}}


 I'm also working on getting Kerberos authentication working.  I have code
 that will retrieve a KRB_AP_REQ token and Base64 encode it according to
 the MS SIPAE document.  The problem with getting Kerberos working is that
 the current sipmsg_find_header code only returns the first WWW-
 Authenticate header which in our OCS implementation is NTLM.  My Kerberos
 code will never get called because only the NTLM header is returned.

 I can submit patches, but without guidance from the main developers they
 may be wrong or going in the wrong direction with regard to the vision of
 the project.  My patches are for the 2.5.1 branch that is included with
 Fedora 9.  I can modify them to work for the current monotone "HEAD"
 branch (never used Monotone so I'm not sure that those are the correct
 terms).

 Here are the things that I believe should be decided:

 * Since OCS2007 requires TLS should that code be implemented in simple.c?

 * Since OCS2007 (maybe previous OCS versions) supply multiple WWW-
 Authenticate SIP headers, should and option be available on the advanced
 account options page that allows the user to select the authentication
 protocol?

 * Related to the above question, should an additional method be placed in
 sipmsg.c (sipmsg_find_auth_header?) that is only used to find
 authentication headers and either default to a particular authentication
 method, or use the one specified by the account options?

 * Should all of these patches/changes just be put into their own plugin
 (SIPE)?

 Core Pidgin developer comments are encouraged.

 Thanks for the great IM client.

 Regards,
 Flux.

-- 
Ticket URL: <http://developer.pidgin.im/ticket/48#comment:122>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list