| Summary: | ASTERISK-29095: 401 Unauthorized on every request | ||
| Reporter: | Yury Kirsanov (lt_flash) | Labels: | |
| Date Opened: | 2020-09-24 08:49:38 | Date Closed: | 2020-09-24 09:03:07 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | pjproject/pjsip |
| Versions: | 16.12.0 16.13.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Ubuntu 18.04.5 LTS | Attachments: | |
| Description: | Hi,
We have an Asterisk server that has PJSIP configured in TCP transport mode. As this is a test server - only one SIP endpoint created with AOR and AUTH sections. Authentication mode is set to "auth_username,username,ip,anonymous". I can register to the PBX fine with my softphone, but upon each request Asterisk for some reason asks for credentials, even for de-registration, which is important to me. According to Asterisk documentation: https://wiki.asterisk.org/wiki/display/AST/Tests+for+Registration+Functionality section 'Un-registration tests' it shouldn't be asking for credentials as user is already registered in system. Same applies to calls, after successful registration when softphone sends INVITE packet Asterisk first replies with 401 Unauthorized and after authentication processes the call ok. What could be an issue of such behaviour? Thanks! | ||
| Comments: | By: Asterisk Team (asteriskteam) 2020-09-24 08:49:38.740-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/]. By: Yury Kirsanov (lt_flash) 2020-09-24 08:53:34.680-0500 This is an example of un-register attempt after successful registration is already active and AOR is saved by Asterisk: [Aug 27 06:10:18] REGISTER sip:10.22.20.29:7060;transport=TCP SIP/2.0 [Aug 27 06:10:18] Via: SIP/2.0/TCP 10.22.21.190:5060;branch=z9hG4bK64ef.0e91fb34.0 [Aug 27 06:10:18] To: sip:104571@ХХХХХХХХХХХХ:7060;transport=TCP [Aug 27 06:10:18] From: <sip:104571@ХХХХХХХХХХХХХХХ:7060;transport=TCP>;tag=50861319473291bdf2ee9351467673b7-e0dd [Aug 27 06:10:18] CSeq: 3 REGISTER [Aug 27 06:10:18] Call-ID: ruTdWqEWGUkEH8PQptf9Qg.. [Aug 27 06:10:18] Max-Forwards: 70 [Aug 27 06:10:18] Content-Length: 0 [Aug 27 06:10:18] User-Agent: OpenSIPS (3.1.0 (x86_64/linux)) [Aug 27 06:10:18] Contact: <sip:104571@10.22.21.190:60125;transport=TCP;ctid=8391961688487170>;expires=0 [Aug 27 06:10:18] [Aug 27 06:10:18] [Aug 27 06:10:18] DEBUG[85380]: res_pjsip/pjsip_distributor.c:394 find_dialog: Could not find matching transaction for Request msg REGISTER/cseq=3 (rdata0x7f9d8c0d8ee8) [Aug 27 06:10:18] DEBUG[85380]: res_pjsip/pjsip_distributor.c:472 ast_sip_get_distributor_serializer: Calculated serializer pjsip/distributor-0000007f to use for Request msg REGISTER/cseq=3 (rdata0x7f9d8c0d8ee8) [Aug 27 06:10:18] DEBUG[85381]: res_pjsip_endpoint_identifier_user.c:148 username_identify: Attempting identify by From username '104571' domain 'ХХХХХХХХХХХХХХХХХХХХХ' [Aug 27 06:10:18] DEBUG[85381]: res_pjsip_endpoint_identifier_user.c:160 username_identify: Identified by From username '104571' domain 'ХХХХХХХХХХХХХХХХХХХХХХХХХХ' [Aug 27 06:10:18] DEBUG[85381]: res_pjsip_authenticator_digest.c:454 digest_check_auth: Using default realm 'ХХХХХХХХХХХХХХХХХХХХХ' on incoming auth '104571'. [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '10.22.20.29' into... [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '10.22.20.29' and port ''. [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '10.22.21.190' into... [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '10.22.21.190' and port ''. [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:170 ast_sockaddr_split_hostport: Splitting '10.22.21.190' into... [Aug 27 06:10:18] DEBUG[85381]: netsock2.c:224 ast_sockaddr_split_hostport: ...host '10.22.21.190' and port ''. [Aug 27 06:10:18] <--- Transmitting SIP response (569 bytes) to TCP:10.22.21.190:59017 ---> [Aug 27 06:10:18] SIP/2.0 401 Unauthorized [Aug 27 06:10:18] Via: SIP/2.0/TCP 10.22.21.190:5060;rport=59017;received=10.22.21.190;branch=z9hG4bK64ef.0e91fb34.0 [Aug 27 06:10:18] Call-ID: ruTdWqEWGUkEH8PQptf9Qg.. [Aug 27 06:10:18] From: <sip:104571@ХХХХХХХХХХХХХХХХХХХХХ>;tag=50861319473291bdf2ee9351467673b7-e0dd [Aug 27 06:10:18] To: <sip:104571@ХХХХХХХХХХХХХХХХХХХХ>;tag=z9hG4bK64ef.0e91fb34.0;transport=TCP [Aug 27 06:10:18] CSeq: 3 REGISTER [Aug 27 06:10:18] WWW-Authenticate: Digest realm="ХХХХХХХХХХХХХХХХХХХХХХХ",nonce="1598472618/13f170422dd641af4a0e6175d185d555",opaque="1f042b941280b1d6",algorithm=md5,qop="auth" [Aug 27 06:10:18] Server: ХХХХХ/1.7.1 [Aug 27 06:10:18] Content-Length: 0 By: George Joseph (gjoseph) 2020-09-24 08:54:13.128-0500 We appreciate the difficulties you are facing, however this does not appear to be a bug report and your request or comments would be better served in a different forum. The Asterisk community provides support over IRC, mailing lists, and forums as described at http://asterisk.org/community. The Asterisk issue tracker is used specifically to track issues concerning bugs and documentation errors. Please see the Asterisk Issue Guidelines [1] for instruction on the intended use of the Asterisk issue tracker. Thanks! [1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines By: Asterisk Team (asteriskteam) 2020-09-24 08:55:54.485-0500 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. By: Yury Kirsanov (lt_flash) 2020-09-24 08:57:19.126-0500 Well, this looks like a bug to me as according to official Asterisk documentation when a valid Contact header is provided (it's valid, I've checked it thoroughly) and Expires: 0 header exists Asterisk shouldn't be asking for any additional authentication. Here's a cut from that document: Procedure: The UA sends a REGISTER request with a valid Contact header and with an Expires header of 0 to Asterisk for an endpoint & AOR defined in pjsip.conf. Asterisk responds with a 200 OK Pass Conditions: Asterisk properly un-registers the contact Asterisk responds with a 200 OK By: Joshua C. Colp (jcolp) 2020-09-24 09:03:07.434-0500 The documentation you've pointed to is not end user documentation, it's a development document for writing specific tests. Tests have different variants with authentication and without. When authentication is configured then it is expected for requests to be authenticated. This is not an issue. | ||