[asterisk-bugs] [JIRA] (ASTERISK-22386) Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details

Tue Sep 3 17:05:09 CDT 2013

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=209868#comment-209868 ] 

George Joseph commented on ASTERISK-22386:
------------------------------------------

Actually, need a little guidance here...

Shouldn't the realm ALWAYS be set to the realm of the challenge in the context of an outbound invite or register?
It would be a guaranteed failure if it wasn't.

So basically the realm from the auth object should ALWAYS be overridden in the context of an outbound request, no?

If we don't override, how can we tell if the realm from the auth object was set to "asterisk" or just defaulted to "asterisk"?

> Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22386
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22386
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_outbound_authenticator_digest
>    Affects Versions: 12
>         Environment: SVN-branch-12-r397614M (with patch from ASTERISK-22380)
>            Reporter: Rusty Newton
>            Assignee: Mark Michelson
>         Attachments: full10.txt, full11.txt, pjsip10.txt, pjsip11.txt
>
>
> Without "realm=<somevalue>" defined we see 
> {noformat}
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_authenticator_digest.c:90 digest_create_request_with_auth: Failed to create new request with authentication credentials
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_registration.c:387 handle_registration_response: Temporal response '401' received from 'sip:gw1.sip.us' on registration attempt to 'sip:5279938664 at gw1.sip.us', retrying in '15' seconds
> {noformat}
> after the 401 in an outbound REGISTER dialog. The WARNING messages don't really make it clear why we fail to create a new request.
> I'll attach a working and non-working example to make it clear. For Asterisk to issue a new REGISTER request with Authentication I had to define realm specifically with the value we see in the 401's WWW-Authenticate header.
> *In the failing config pjsip10.txt, realm is undefined. The same failure mode occurs with realm defined, but not set specifically to the realm value from the challenge.*
> I'm not sure what the solution here is.
> * It looks like a bug that we *don't* create a new REGISTER without realm specifically defined
> * If it is legit that we are failing out here, can the WARNING be made to detail the issue?
> * Should we be responding with the default realm of "asterisk" or should we be responding using the realm in the challenge if we don't define it specifically in config?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira