[asterisk-bugs] [JIRA] (ASTERISK-26799) res_pjsip: Using an auth object for inbound and outbound authentication fails.

Friendly Automation (JIRA) noreply at issues.asterisk.org
Tue Feb 21 23:54:10 CST 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=235374#comment-235374 ] 

Friendly Automation commented on ASTERISK-26799:
------------------------------------------------

Change 4990 merged by zuul:
res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.

[https://gerrit.asterisk.org/4990|https://gerrit.asterisk.org/4990]

> res_pjsip: Using an auth object for inbound and outbound authentication fails.
> ------------------------------------------------------------------------------
>
>                 Key: ASTERISK-26799
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26799
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip, Resources/res_pjsip_authenticator_digest
>    Affects Versions: 13.14.0
>            Reporter: Richard Mudgett
>            Assignee: Richard Mudgett
>
> I had a setup where I used the same auth object for inbound and outbound authentication.  For example:
> {noformat}
> [my_trunk]
> type = auth
> auth_type = userpass
> username = trunk
> password = shh_its_a_secret
> ; Use the default realm by not setting it.
> ;realm=
> {noformat}
> The auth object works for inbound or outbound authentication when used for one or the other.  However, if you use the auth object for both inbound and outbound authentication at the same time then it works for a little while and stops working for outbound authentication.  To make it worse, the diagnostic message claims that there are no auth realms that match.  What realm?  No realm was set.
> The key is what happens to the realm when the auth object is used the first time for incoming authentication.  The realm gets set to a default value and thus no longer works as an outgoing auth object.
> The problem is rooted in the difference between the meaning of an empty realm for an inbound and outbound auth object.  An empty inbound auth realm represents the global section's default_realm value when the authentication object is used to challenge an incoming request.  An empty outgoing auth realm is treated as a don't care wildcard when the authentication object is used to respond to an incoming authentication challenge.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list