[asterisk-bugs] [JIRA] (ASTERISK-22386) Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details

Thu Sep 5 09:21:03 CDT 2013

    [ https://issues.asterisk.org/jira/browse/ASTERISK-22386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=209945#comment-209945 ] 

Mark Michelson commented on ASTERISK-22386:
-------------------------------------------

Your paraphrase sums it up well.

I think point 2) can be dropped entirely, because it appears that PJSIP only will try to authenticate for the top-most WWW-Authenticate/Proxy-Authenticate header anyway. So even if we tried to be diligent and account for multiple realms (which as you pointed out is incredibly unlikely in the first place) it wouldn't do us any good.

> Outbound SIP registration, if the auth object's realm option is not set to the same value as the 401's realm, then we fail to create a new REGISTER with auth details
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-22386
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-22386
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_outbound_authenticator_digest
>    Affects Versions: 12
>         Environment: SVN-branch-12-r397614M (with patch from ASTERISK-22380)
>            Reporter: Rusty Newton
>            Assignee: Mark Michelson
>         Attachments: full10.txt, full11.txt, outbound_auth_realm_v2.patch, pjsip10.txt, pjsip11.txt
>
>
> Without "realm=<somevalue>" defined we see 
> {noformat}
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_authenticator_digest.c:90 digest_create_request_with_auth: Failed to create new request with authentication credentials
> [Aug 25 16:57:54] WARNING[21069]: res_pjsip_outbound_registration.c:387 handle_registration_response: Temporal response '401' received from 'sip:gw1.sip.us' on registration attempt to 'sip:5279938664 at gw1.sip.us', retrying in '15' seconds
> {noformat}
> after the 401 in an outbound REGISTER dialog. The WARNING messages don't really make it clear why we fail to create a new request.
> I'll attach a working and non-working example to make it clear. For Asterisk to issue a new REGISTER request with Authentication I had to define realm specifically with the value we see in the 401's WWW-Authenticate header.
> *In the failing config pjsip10.txt, realm is undefined. The same failure mode occurs with realm defined, but not set specifically to the realm value from the challenge.*
> I'm not sure what the solution here is.
> * It looks like a bug that we *don't* create a new REGISTER without realm specifically defined
> * If it is legit that we are failing out here, can the WARNING be made to detail the issue?
> * Should we be responding with the default realm of "asterisk" or should we be responding using the realm in the challenge if we don't define it specifically in config?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira