Summary:ASTERISK-03912: [request] support authenticated INFO
Reporter:Matthias Urlichs (smurfix)Labels:
Date Opened:2005-04-11 08:48:40Date Closed:2005-06-04 07:15:02
Versions:Frequency of
Description:Some SIP gateways require authorization even if a call is already established.

The authorization was no problem when the call was being set up, but Asterisk doesn't answer the request later.


[ I press the # key ]

INFO sip:+498972101099701@ SIP/2.0
Via: SIP/2.0/UDP;branch=z9hG4bK27170079
Route: <sip:+498972101099701@>
From: "Matthias Urlichs" <sip:bluesip/smurfix@bluesip.net>;tag=as0d3ccc37
To: <sip:+498972101099701@bluesip.net>;tag=as5ce6d2f5
Contact: <sip:bluesip/smurfix@>
Call-ID: 536ac8f23e79582245de53207499a075@bluesip.net
CSeq: 107 INFO
User-Agent: Asterisk PBX
Content-Type: application/dtmf-relay
Content-Length: 24

(no NAT) to

Sip read:
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP;branch=z9hG4bK27170079
From: "Matthias Urlichs" <sip:bluesip/smurfix@bluesip.net>;tag=as0d3ccc37
To: <sip:+498972101099701@bluesip.net>;tag=as5ce6d2f5
Call-ID: 536ac8f23e79582245de53207499a075@bluesip.net
CSeq: 107 INFO
Proxy-Authenticate: Digest realm="bluesip.net", nonce="425a7e8d73293beebc6f8ac7a4ed4b62d2436bc4"
Server: Sip EXpress router (0.8.14 (i386/linux))
Content-Length: 0
Warning: 392 "Noisy feedback tells:  pid=5600 req_src_ip= req_src_port=5060 in_uri=sip:+498972101099701@ out_uri=sip:+498972101099701@ via_cnt==1"

[ no more messages are exchanged ]
Comments:By: Olle Johansson (oej) 2005-04-12 10:23:08

Hmm, never seen this on SIP info, but it's easy to fix. btw, feature requests should be filed in the "feature requests" section.

Since I'm travelling the next few days, don't expect an immediate fix.

By: Matthias Urlichs (smurfix) 2005-04-12 13:13:12

Sorry about the feature vs. bug thing; to me the partial support for auth replies looked like a bug...

By: Olle Johansson (oej) 2005-05-01 15:32:46

...this is in the queue, but since it's a feature request, it's currently at the bottom of the list. We will have to fix chan_sip so that we can authenticate any outbound packet, not only a few methods.

By: Charles Duffy (cduffy) 2005-05-04 19:37:14

hmm. I supposed you'd want to generate the new response by copying initreq and adding the Proxy-Authenticate (or WWW-Authenticate) field, as appropriate?

This *would* get rid of the need to have an extra sip_pvt member... anyone more familiar with the codebase want to tell me if it really *is* that easy?

By: Kevin P. Fleming (kpfleming) 2005-05-04 20:39:54

No, I don't think that will work, because the INFO packet that went out is not the "initreq" of that call.

By: Olle Johansson (oej) 2005-06-04 07:14:34

Closing this since we have to auth issues open and we need one fix. See related bug report.

By: Olle Johansson (oej) 2005-06-04 07:15:02