[Asterisk-Dev] possible bug in checking SIP authentication ?
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Mon May 30 08:59:33 MST 2005
On Monday 30 May 2005 10:19, Luigi Rizzo wrote:
> Hi,
> I have spent a few hours trying to figure out what's wrong here,
> and there are two things I do not understand.
>
> I have two asterisk nodes, 'home' (dynamic IP) and 'office' (static
> IP) with the config below:
>
> home: sip.conf
> register => bob:xxxyyyzzz at office/123456
> [office]
> type=peer
> host=12.34.56.78 ; actually, office's real IP!
> secret=xxxyyyzzz
Note type=peer. That means that home can call office,
but office cannot call home (because there's no user record).
> office: sip.conf
> [bob]
> type=friend
> secret=xxxyyyzzz
> host=dynamic
>
> office: extensions.conf
> [my_friends]
> exten => bob,1,Dial(SIP/${EXTEN})
>
>
> 'home' registers with 'office' correctly. The REGISTER message has
>
> Proxy-Authorization: Digest username="bob", ...
>
> and this is the username used to compute hashes. Pretty much what I
> expected.
>
> 'home' can Dial(SIP/someexten at office) correctly. The INVITE message
> has
>
> Proxy-Authorization: Digest username="bob", ...
>
> and this is the username used to compute hashes. Pretty much what I
> expected.
>
> If 'office' tries to call bob at my_friends, registration fails.
Yep, probably due to the reason above.
> "sip debug" shows that the INVITE message from 'office' has
>
> Proxy-Authorization: Digest username="123456", ...
>
> which seems a bit odd, given that the '123456' comes from the
> peer record, where there is also a username="bob" record.
>
> The second odd thing is that 'home' tries to compute the hashes
> with
>
> username="office"
>
> (in this particular case, the code matches a peer, and line 6157
> in chan_sip.c calls check_user_full() with peer->name as username.
> Once again, peer has a username field which i would expect to be
> used.
The username field is used only for users. I suspect it would use it
if you changed the above type=peer to type=friend.
> So, are both intended behaviours or should I file a bug report ?
Yes. ;-)
--
Tilghman
More information about the asterisk-dev
mailing list