[asterisk-bugs] [JIRA] (ASTERISK-27304) Registration with digest authentication in PJSIP fails if a username contains symbol @

Wed Oct 18 05:31:21 CDT 2017

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=239422#comment-239422 ] 

Oleg commented on ASTERISK-27304:
---------------------------------

@Benjamin Keith Ford & all,

Having dug deeper, I found out that the error specified in the description was actually caused not by @ in the field 'username', but by incorrectly generated field 'contact' in the section [aor]. More specifically, two @'s in the 'contact' field are causing this error:
contact=sip: +74852207186 at yar.ims.ctc.ru@10.1.1.1:5060

In its turn, invalid value of 'contact' parameter was provisioned from FreePBX. Moreover, two @'s in the 'contact' appear when both below conditions are met:
- username contains @;
- SIP server hostname / IP address is different from the domain.

Manual adjustment of the 'contact' parameter resolved the issue.
So, I apologize for raising this ticket against Asterisk whereas it should have been raised against FreePBX.

I am closing this bug.

> Registration with digest authentication in PJSIP fails if a username contains symbol @
> --------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-27304
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27304
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 13.16.0
>         Environment: Operating system:
> CentOS7, x86_64, kernel 3.10.0-514.
>            Reporter: Oleg
>            Assignee: Benjamin Keith Ford
>            Severity: Minor
>         Attachments: pjsip.conf, SIP_digest_response.png
>
>
> For an endpoint with outbound authetication enabled, it is required to provide username in the format “user at domain”. However, outbound authentication fails in case username contains symbol “@” and PJSIP channel driver is used.
> The following options were attempted to resolve this issue.
> Option 1. Provide username in section “auth” in the format:
> username= +74852207186@ yar.ims.ctc.ru
> In this case, Asterisk does not identify the endpoint or send any SIP requests to it. It also provides the following errors in the log:
> ERROR[28847] res_pjsip_outbound_registration.c: Invalid client URI 'sip: +74852207186 at yar.ims.ctc.ru@10.1.1.1:5060' specified on outbound registration 'RostelecomPJ'
> ERROR[28847] res_pjsip/pjsip_options.c: Unable to create request to qualify contact sip: +74852207186@ yar.ims.ctc.ru @10.1.1.1:5060
> Option 2. Provide username in section “auth” in the format:
> 	username= “+74852207186@ yar.ims.ctc.ru”
> In this case, Asterisk identifies the endpoint and start sending OPTIONS and REGISTER requests. However, SIP digest authentication response generated by Asterisk contains an incorrect value.
> Manipulations with SIP Digest Calculator application reveal that values of “response” parameter generated by Asterisk and by this calculator are identical when the full username, including quotes, is taken as an argument. This makes it impossible to work with usernames containing @, but not containing quote symbols.
> Considering that the same username works with chan_sip driver, it is suggested to enable either Option 1 or Option 2 in PJSIP, namely:
> •	allow providing symbol “@” in the username, or
> •	exclude quotes around username when this argument is used for SIP digest response calculation.

--
This message was sent by Atlassian JIRA
(v6.2#6252)