[Home]

Summary:ASTERISK-26799: res_pjsip: Using an auth object for inbound and outbound authentication fails.
Reporter:Richard Mudgett (rmudgett)Labels:
Date Opened:2017-02-16 21:24:04.000-0600Date Closed:2017-02-21 20:42:28.000-0600
Priority:MajorRegression?
Status:Closed/CompleteComponents:Resources/res_pjsip Resources/res_pjsip_authenticator_digest
Versions:13.14.0 Frequency of
Occurrence
Constant
Related
Issues:
Environment:Attachments:
Description:I had a setup where I used the same auth object for inbound and outbound authentication.  For example:

{noformat}
[my_trunk]
type = auth
auth_type = userpass
username = trunk
password = shh_its_a_secret
; Use the default realm by not setting it.
;realm=
{noformat}

The auth object works for inbound or outbound authentication when used for one or the other.  However, if you use the auth object for both inbound and outbound authentication at the same time then it works for a little while and stops working for outbound authentication.  To make it worse, the diagnostic message claims that there are no auth realms that match.  What realm?  No realm was set.

The key is what happens to the realm when the auth object is used the first time for incoming authentication.  The realm gets set to a default value and thus no longer works as an outgoing auth object.

The problem is rooted in the difference between the meaning of an empty realm for an inbound and outbound auth object.  An empty inbound auth realm represents the global section's default_realm value when the authentication object is used to challenge an incoming request.  An empty outgoing auth realm is treated as a don't care wildcard when the authentication object is used to respond to an incoming authentication challenge.
Comments:By: Friendly Automation (friendly-automation) 2017-02-21 20:42:29.293-0600

Change 4985 merged by zuul:
res_pjsip: Update authentication realm documentation.

[https://gerrit.asterisk.org/4985|https://gerrit.asterisk.org/4985]

By: Friendly Automation (friendly-automation) 2017-02-21 21:18:22.272-0600

Change 4986 merged by zuul:
res_pjsip: Update artificial auth whenever default_realm changes.

[https://gerrit.asterisk.org/4986|https://gerrit.asterisk.org/4986]

By: Friendly Automation (friendly-automation) 2017-02-21 21:57:47.042-0600

Change 4987 merged by zuul:
res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.

[https://gerrit.asterisk.org/4987|https://gerrit.asterisk.org/4987]

By: Friendly Automation (friendly-automation) 2017-02-21 22:40:10.963-0600

Change 4991 merged by zuul:
res_pjsip: Update authentication realm documentation.

[https://gerrit.asterisk.org/4991|https://gerrit.asterisk.org/4991]

By: Friendly Automation (friendly-automation) 2017-02-21 22:56:17.479-0600

Change 4992 merged by zuul:
res_pjsip: Update artificial auth whenever default_realm changes.

[https://gerrit.asterisk.org/4992|https://gerrit.asterisk.org/4992]

By: Friendly Automation (friendly-automation) 2017-02-21 23:14:45.334-0600

Change 4993 merged by zuul:
res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.

[https://gerrit.asterisk.org/4993|https://gerrit.asterisk.org/4993]

By: Friendly Automation (friendly-automation) 2017-02-21 23:52:56.644-0600

Change 4988 merged by zuul:
res_pjsip: Update authentication realm documentation.

[https://gerrit.asterisk.org/4988|https://gerrit.asterisk.org/4988]

By: Friendly Automation (friendly-automation) 2017-02-21 23:52:59.098-0600

Change 4989 merged by zuul:
res_pjsip: Update artificial auth whenever default_realm changes.

[https://gerrit.asterisk.org/4989|https://gerrit.asterisk.org/4989]

By: Friendly Automation (friendly-automation) 2017-02-21 23:53:01.758-0600

Change 4990 merged by zuul:
res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.

[https://gerrit.asterisk.org/4990|https://gerrit.asterisk.org/4990]