[asterisk-bugs] [JIRA] (ASTERISK-27304) Registration with digest authentication in PJSIP fails if a username contains symbol @

Wed Oct 4 23:14:38 CDT 2017

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239014#comment-239014 ] 

Oleg commented on ASTERISK-27304:
---------------------------------

@Benjamin Keith Ford,

I would like to highlight that @ symbol should NOT be allowed "From" and "To" - otherwise, it will result in two @'s when the domain part comes in. 
However, it should be safe to allow @ in the field "username" which is used for authentication and is not amended by a domain part. 
It is also important to note that chan_sip allows setting @ as a part of a username in REGISTER string.

> Registration with digest authentication in PJSIP fails if a username contains symbol @
> --------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-27304
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27304
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 13.16.0
>         Environment: Operating system:
> CentOS7, x86_64, kernel 3.10.0-514.
>            Reporter: Oleg
>            Assignee: Benjamin Keith Ford
>            Severity: Minor
>         Attachments: pjsip.conf, SIP_digest_response.png
>
>
> For an endpoint with outbound authetication enabled, it is required to provide username in the format “user at domain”. However, outbound authentication fails in case username contains symbol “@” and PJSIP channel driver is used.
> The following options were attempted to resolve this issue.
> Option 1. Provide username in section “auth” in the format:
> username= +74852207186@ yar.ims.ctc.ru
> In this case, Asterisk does not identify the endpoint or send any SIP requests to it. It also provides the following errors in the log:
> ERROR[28847] res_pjsip_outbound_registration.c: Invalid client URI 'sip: +74852207186 at yar.ims.ctc.ru@10.1.1.1:5060' specified on outbound registration 'RostelecomPJ'
> ERROR[28847] res_pjsip/pjsip_options.c: Unable to create request to qualify contact sip: +74852207186@ yar.ims.ctc.ru @10.1.1.1:5060
> Option 2. Provide username in section “auth” in the format:
> 	username= “+74852207186@ yar.ims.ctc.ru”
> In this case, Asterisk identifies the endpoint and start sending OPTIONS and REGISTER requests. However, SIP digest authentication response generated by Asterisk contains an incorrect value.
> Manipulations with SIP Digest Calculator application reveal that values of “response” parameter generated by Asterisk and by this calculator are identical when the full username, including quotes, is taken as an argument. This makes it impossible to work with usernames containing @, but not containing quote symbols.
> Considering that the same username works with chan_sip driver, it is suggested to enable either Option 1 or Option 2 in PJSIP, namely:
> •	allow providing symbol “@” in the username, or
> •	exclude quotes around username when this argument is used for SIP digest response calculation.

--
This message was sent by Atlassian JIRA
(v6.2#6252)