[Asterisk-Users] SIP protocol bug ???

John Todd jtodd at loligo.com
Fri Nov 7 14:17:42 MST 2003


>Hi Olle,
>
>--- "Olle E. Johansson" <oej at edvina.net> wrote:
>>  The first Invite is without credentials, since
>>  digest authentication needs input
>>  from the server to create credentials.
>
>This is also what I understood too from rfc.
>I was just confused becouse in the Asterisk code
>there was something like this:
>
>case 401: /* Not authorized on REGISTER */
>	if (p->registry && !strcasecmp(msg, "REGISTER")) {
>		if ((p->authtries > 1) || do_register_auth(p, req,
>"WWW-Authenticate", "Authorization")) {
>			ast_log(LOG_NOTICE, "Failed to authenticate on
>REGISTER to '%s'\n", get_header(&p->initreq, "From"));
>			p->needdestroy = 1;
>} else	p->needdestroy = 1;
>
>So, only the case of registration was handled in 401.
>
>However I just added something like:
>
>if(!strcasecmp(msg, "INVITE")) {
>		if ((p->authtries > 1) || do_proxy_auth2(p, req,
>"INVITE", 1)) {
>			ast_log(LOG_NOTICE, "Failed to authenticate on
>INVITE to '%s'\n", get_header(&p->initreq, "From"));
>			p->needdestroy = 1;
>}
>and I implemented the new function do_proxy_auth2 as a
>modified version of do_proxy_auth to work with
>"Authorization" instead of "Proxy-Authorization" and I
>got the thing to work fine.
>
>However, I wanted to check with others who was wrong:
>Asterisk or my SIP provider.
>Is this the right thing to do in respect to the
>standard?
>
>Tnx,
>MTM

 From what I can understand of the issue you describe, it sounds like 
the problem resides on the remote side, and not Asterisk's side.

You are sending an invalid request in your first query, and the 
remote side is sending "Unauthorized", meaning that it believes you 
have supplied credentials, but they are the wrong credentials.  This 
is the end of the conversation, since both sides have given their 
"final words" on the subject.

What arguably _should_ be happening is that the remote SIP host 
should be sending "407 Proxy Authentication Required", but it's not. 
Therefore, Asterisk is behaving correctly.  This is not a bug in 
Asterisk.

JT



More information about the asterisk-users mailing list