[asterisk-bugs] [JIRA] (ASTERISK-22386) Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details

Tue Sep 3 16:47:03 CDT 2013

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=209867#comment-209867 ] 

George Joseph commented on ASTERISK-22386:
------------------------------------------

I'm actually working on a patch for this.

Adding a function to res_pjsip_outbound_registration.c that finds the proxy or www authenticate header.
In set_outbound_authentication_credentials, substitute the realm from the header if the auth config object's realm is null.

> Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22386
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22386
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_outbound_authenticator_digest
>    Affects Versions: 12
>         Environment: SVN-branch-12-r397614M (with patch from ASTERISK-22380)
>            Reporter: Rusty Newton
>            Assignee: Mark Michelson
>         Attachments: full10.txt, full11.txt, pjsip10.txt, pjsip11.txt
>
>
> Without "realm=<somevalue>" defined we see 
> {noformat}
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_authenticator_digest.c:90 digest_create_request_with_auth: Failed to create new request with authentication credentials
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_registration.c:387 handle_registration_response: Temporal response '401' received from 'sip:gw1.sip.us' on registration attempt to 'sip:5279938664 at gw1.sip.us', retrying in '15' seconds
> {noformat}
> after the 401 in an outbound REGISTER dialog. The WARNING messages don't really make it clear why we fail to create a new request.
> I'll attach a working and non-working example to make it clear. For Asterisk to issue a new REGISTER request with Authentication I had to define realm specifically with the value we see in the 401's WWW-Authenticate header.
> *In the failing config pjsip10.txt, realm is undefined. The same failure mode occurs with realm defined, but not set specifically to the realm value from the challenge.*
> I'm not sure what the solution here is.
> * It looks like a bug that we *don't* create a new REGISTER without realm specifically defined
> * If it is legit that we are failing out here, can the WARNING be made to detail the issue?
> * Should we be responding with the default realm of "asterisk" or should we be responding using the realm in the challenge if we don't define it specifically in config?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira