[asterisk-bugs] [JIRA] (ASTERISK-22386) Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details
Mark Michelson (JIRA)
noreply at issues.asterisk.org
Wed Sep 4 17:35:03 CDT 2013
[ https://issues.asterisk.org/jira/browse/ASTERISK-22386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=209905#comment-209905 ]
Mark Michelson commented on ASTERISK-22386:
-------------------------------------------
I've committed a change to Asterisk 12 (revision 398299) that gives further details in the warning messages than was previously given. In my previous comment, I mostly spoke regarding the patch on the issue. Let me answer the three questions from the original description:
1) It's not a bug that we don't create a new REGISTER. If we don't have credentials that match the realm in the 401, then we can't attempt to authenticate. By the way, if no realm is given in an auth section, the realm defaults to the value "asterisk".
2) The commit I pointed out at the beginning of this comment should give better warning messages.
3) We should not respond with a default realm or mirror the one in the challenge. Instead, we can only provide credentials for realms we have credentials for.
Even though I have committed a fix for this, I'm leaving the issue open for now just in case I get proven wrong about what behavior should be here. Either way, the finer-grained warning messages are needed.
> Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ASTERISK-22386
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-22386
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip, Resources/res_pjsip_outbound_authenticator_digest
> Affects Versions: 12
> Environment: SVN-branch-12-r397614M (with patch from ASTERISK-22380)
> Reporter: Rusty Newton
> Assignee: Mark Michelson
> Attachments: full10.txt, full11.txt, outbound_auth_realm_v2.patch, pjsip10.txt, pjsip11.txt
>
>
> Without "realm=<somevalue>" defined we see
> {noformat}
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_authenticator_digest.c:90 digest_create_request_with_auth: Failed to create new request with authentication credentials
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_registration.c:387 handle_registration_response: Temporal response '401' received from 'sip:gw1.sip.us' on registration attempt to 'sip:5279938664 at gw1.sip.us', retrying in '15' seconds
> {noformat}
> after the 401 in an outbound REGISTER dialog. The WARNING messages don't really make it clear why we fail to create a new request.
> I'll attach a working and non-working example to make it clear. For Asterisk to issue a new REGISTER request with Authentication I had to define realm specifically with the value we see in the 401's WWW-Authenticate header.
> *In the failing config pjsip10.txt, realm is undefined. The same failure mode occurs with realm defined, but not set specifically to the realm value from the challenge.*
> I'm not sure what the solution here is.
> * It looks like a bug that we *don't* create a new REGISTER without realm specifically defined
> * If it is legit that we are failing out here, can the WARNING be made to detail the issue?
> * Should we be responding with the default realm of "asterisk" or should we be responding using the realm in the challenge if we don't define it specifically in config?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list