[asterisk-users] Initial REGISTER Request: Contains Credentials before 401: KDDI Japan

Matthew J. Roth mroth at imminc.com
Thu May 16 16:46:56 CDT 2013 

Brian,

> KDDI does provide a list of supported equipment and vendors.  Specific
> hardware or license based software products that quickly become cost
> prohibitive.
> 
> I doubt that Asterisk will find it's way on the list any time soon.  Because
> KDDI follows the traditional "big telco" method of interoperability, which
> normally means licensing products for use on their network.

That's exactly the sort of thing that the industry should be evolving away from.
For now, this should help quiet KDDI's complaints.

Here is a small patch to the transmit_register() function in chan_sip.c that
prevents adding an Authorization header to the initial REGISTER request:

================================================================================
--- certified-asterisk-1.8.15-cert1/channels/chan_sip.c.orig    2013-05-16 16:30:12.000000000 -0400
+++ certified-asterisk-1.8.15-cert1/channels/chan_sip.c 2013-05-16 16:57:49.000000000 -0400
@@ -13620,6 +13620,8 @@
        if (!ast_strlen_zero(global_useragent))
                add_header(&req, "User-Agent", global_useragent);

+/* Never add auth header to the initial REGISTER request */
+if (r->regattempts) {
        if (auth) {  /* Add auth header */
                add_header(&req, authheader, auth);
        } else if (!ast_strlen_zero(r->nonce)) {
@@ -13647,6 +13649,7 @@
                     ast_log(LOG_NOTICE, "No authorization available for authentication of registration to %s@%s\n", r->username, r->hostname);
                }
        }
+}

        snprintf(tmp, sizeof(tmp), "%d", r->expiry);
        add_header(&req, "Expires", tmp);
================================================================================

I tested it to make sure it works as advertised, but not thoroughly enough to
be completely confident that there are no side effects.  At the very least, it
should be a good starting point for a more robust patch.

Here is a SIP trace of the REGISTER dialog when Asterisk starts or when 'sip
reload' is entered at the CLI.

================================================================================
17:03:39.279847 IP astdev.imminc.com.sip > ekiga.net.sip: SIP, length: 381
REGISTER sip:ekiga.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.1:5060;branch=z9hG4bK0f4587f3;rport
Max-Forwards: 70
From: <sip:regtest at ekiga.net>;tag=as1f2818c1
To: <sip:regtest at ekiga.net>
Call-ID: 5f37c0dc188cdd5c02a9a092148ef217 at 192.168.1.1
CSeq: 104 REGISTER
User-Agent: Asterisk PBX 1.8.15-cert1
Expires: 120
Contact: <sip:s at 192.168.1.1:5060>
Content-Length: 0


17:03:39.370575 IP ekiga.net.sip > astdev.imminc.com.sip: SIP, length: 462
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.1:5060;branch=z9hG4bK0f4587f3;rport=42521
From: <sip:regtest at ekiga.net>;tag=as1f2818c1
To: <sip:regtest at ekiga.net>;tag=c64e1f832a41ec1c1f4e5673ac5b80f6.9b08
Call-ID: 5f37c0dc188cdd5c02a9a092148ef217 at 192.168.1.1
CSeq: 104 REGISTER
WWW-Authenticate: Digest realm="ekiga.net", nonce="519549c9000061b09f86679289f055e42960ed06592c052d"
Server: Kamailio (1.5.3-notls (i386/linux))
Content-Length: 0


17:03:39.403113 IP astdev.imminc.com.sip > ekiga.net.sip: SIP, length: 582
REGISTER sip:ekiga.net SIP/2.0
Via: SIP/2.0/UDP 192.168.1.1:5060;branch=z9hG4bK32be996c;rport
Max-Forwards: 70
From: <sip:regtest at ekiga.net>;tag=as36aa89ae
To: <sip:regtest at ekiga.net>
Call-ID: 5f37c0dc188cdd5c02a9a092148ef217 at 192.168.1.1
CSeq: 105 REGISTER
User-Agent: Asterisk PBX 1.8.15-cert1
Authorization: Digest username="regtest", realm="ekiga.net", algorithm=MD5, uri="sip:ekiga.net", nonce="519549c9000061b09f86679289f055e42960ed06592c052d", response="e477ad0f835211b06d750a8c3edf88ea"
Expires: 120
Contact: <sip:s at 192.168.1.1:5060>
Content-Length: 0


17:03:39.495126 IP ekiga.net.sip > astdev.imminc.com.sip: SIP, length: 399
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.1:5060;branch=z9hG4bK32be996c;rport=42521
From: <sip:regtest at ekiga.net>;tag=as36aa89ae
To: <sip:regtest at ekiga.net>;tag=c64e1f832a41ec1c1f4e5673ac5b80f6.bf7b
Call-ID: 5f37c0dc188cdd5c02a9a092148ef217 at 192.168.1.1
CSeq: 105 REGISTER
Contact: <sip:s at 192.168.1.1:5060>;expires=600
Server: Kamailio (1.5.3-notls (i386/linux))
Content-Length: 0
================================================================================

I hope this helps you convince KDDI that Asterisk is a legitimate VoIP platform.
Please reply and let me know how it goes.

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer

More information about the asterisk-users mailing list