[Asterisk-Users] SIP protocol bug ???
John Todd
jtodd at loligo.com
Fri Nov 7 14:17:42 MST 2003
>Hi Olle,
>
>--- "Olle E. Johansson" <oej at edvina.net> wrote:
>> The first Invite is without credentials, since
>> digest authentication needs input
>> from the server to create credentials.
>
>This is also what I understood too from rfc.
>I was just confused becouse in the Asterisk code
>there was something like this:
>
>case 401: /* Not authorized on REGISTER */
> if (p->registry && !strcasecmp(msg, "REGISTER")) {
> if ((p->authtries > 1) || do_register_auth(p, req,
>"WWW-Authenticate", "Authorization")) {
> ast_log(LOG_NOTICE, "Failed to authenticate on
>REGISTER to '%s'\n", get_header(&p->initreq, "From"));
> p->needdestroy = 1;
>} else p->needdestroy = 1;
>
>So, only the case of registration was handled in 401.
>
>However I just added something like:
>
>if(!strcasecmp(msg, "INVITE")) {
> if ((p->authtries > 1) || do_proxy_auth2(p, req,
>"INVITE", 1)) {
> ast_log(LOG_NOTICE, "Failed to authenticate on
>INVITE to '%s'\n", get_header(&p->initreq, "From"));
> p->needdestroy = 1;
>}
>and I implemented the new function do_proxy_auth2 as a
>modified version of do_proxy_auth to work with
>"Authorization" instead of "Proxy-Authorization" and I
>got the thing to work fine.
>
>However, I wanted to check with others who was wrong:
>Asterisk or my SIP provider.
>Is this the right thing to do in respect to the
>standard?
>
>Tnx,
>MTM
From what I can understand of the issue you describe, it sounds like
the problem resides on the remote side, and not Asterisk's side.
You are sending an invalid request in your first query, and the
remote side is sending "Unauthorized", meaning that it believes you
have supplied credentials, but they are the wrong credentials. This
is the end of the conversation, since both sides have given their
"final words" on the subject.
What arguably _should_ be happening is that the remote SIP host
should be sending "407 Proxy Authentication Required", but it's not.
Therefore, Asterisk is behaving correctly. This is not a bug in
Asterisk.
JT
More information about the asterisk-users
mailing list