[Asterisk-Dev] possible bug in checking SIP authentication ?

Luigi Rizzo rizzo at icir.org
Mon May 30 09:41:49 MST 2005


I did try to replace type=peer with type=friend
where you pointed it. Behaviour unchanged.

Requests from 'office' still coming out using the extension
instead of the username, and 'home' still pretending to use
peer->name as the username.

So, sorry, your suggestion does not cure the problem :(

Note that there is a workaround, which is use the 'peer->name' string as
the extension we register. However it is really ugly and confusing.

Unless you have a better explaination I do suspect a bug or two
at this point :)

	cheers
	luigi


On Mon, May 30, 2005 at 10:59:33AM -0500, Tilghman Lesher wrote:
> On Monday 30 May 2005 10:19, Luigi Rizzo wrote:
> > Hi,
> > I have spent a few hours trying to figure out what's wrong here,
> > and there are two things I do not understand.
> >
> > I have two asterisk nodes, 'home' (dynamic IP) and 'office' (static
> > IP) with the config below:
> >
> >     home: sip.conf
> >             register => bob:xxxyyyzzz at office/123456
> >        [office]
> >        type=peer
> >        host=12.34.56.78 ; actually, office's real IP!
> >        secret=xxxyyyzzz
> 
> Note type=peer.  That means that home can call office,
> but office cannot call home (because there's no user record).
> 
> >     office: sip.conf
> >        [bob]
> >        type=friend
> >        secret=xxxyyyzzz
> >        host=dynamic
> >
> >     office: extensions.conf
> >        [my_friends]
> >        exten => bob,1,Dial(SIP/${EXTEN})
> >
> >
> > 'home' registers with 'office' correctly. The REGISTER message has
> >
> >         Proxy-Authorization: Digest username="bob", ...
> >
> > and this is the username used to compute hashes. Pretty much what I
> > expected.
> >
> > 'home' can Dial(SIP/someexten at office) correctly. The INVITE message
> > has
> >
> >         Proxy-Authorization: Digest username="bob", ...
> >
> > and this is the username used to compute hashes. Pretty much what I
> > expected.
> >
> > If 'office' tries to call bob at my_friends, registration fails.
> 
> Yep, probably due to the reason above.
> 
> > "sip debug" shows that the INVITE message from 'office' has
> >
> >         Proxy-Authorization: Digest username="123456", ...
> >
> > which seems a bit odd, given that the '123456' comes from the
> > peer record, where there is also a username="bob" record.
> >
> > The second odd thing is that 'home' tries to compute the hashes
> > with
> >
> >         username="office"
> >
> > (in this particular case, the code matches a peer, and line 6157
> > in chan_sip.c calls check_user_full() with peer->name as username.
> > Once again, peer has a username field which i would expect to be
> > used.
> 
> The username field is used only for users.  I suspect it would use it
> if you changed the above type=peer to type=friend.
> 
> > So, are both intended behaviours or should I file a bug report ?
> 
> Yes.  ;-)
> 
> -- 
> Tilghman
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev



More information about the asterisk-dev mailing list