Summary: | ASTERISK-11320: "auth" doesn't work inside a [peer] | ||
Reporter: | Iñaki Baz Castillo (ibc) | Labels: | |
Date Opened: | 2008-01-29 06:34:05.000-0600 | Date Closed: | 2008-07-01 09:24:20 |
Priority: | Minor | Regression? | No |
Status: | Closed/Complete | Components: | Channels/chan_sip/Interoperability |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) bug11861.txt ( 1) debug-Asterisk-auth-peer-doesnt-work.txt | |
Description: | I define a peer who needs authentication to accept calls form my Asterisk: ---sip.conf--- [peer-cdr] type=peer host=cdr.mydomain.org fromuser=991847150 fromdomain=mydomain.org auth=user51:1234@mydomain.org insecure=invite qualify=no nat=no canreinvite=no ------------- But it fails when Asterisk sends an INVITE to that peer. In fact, I think the "auth" parameter inside [peer] is not parsed at all. Note in the attached debug that after "407 Authentication required" there is not a new INVITE from Asterisk. But if I move the line: auth=user51:1234@cdr.mydomain.org to [authentication] section then it works! ¿?¿ ---sip.conf--- [authentication] auth=user51:1234@cdr.mydomain.org -------------- Note the comment in [authentication] section: ; You may also add auth= statements to [peer] definitions ; Peer auth= override all other authentication settings if we match on realm So something is buggy here IMHO. Of course, another solution would be using "username" and "secret", but why should I write the password in clear? ---sip.conf--- [peer-cdr] type=peer host=cdr.mydomain.org fromuser=991847150 fromdomain=mydomain.org username=user51 secret=1234 insecure=invite qualify=no nat=no canreinvite=no ------------- And remember that using "auth" in [authentication] is a risk (bug ASTERISK-11245): http://bugs.digium.com/view.php?id=11776 | ||
Comments: | By: Iñaki Baz Castillo (ibc) 2008-01-30 02:22:43.000-0600 Thanks for the summary fix ;) By: Olle Johansson (oej) 2008-01-30 07:16:18.000-0600 Can you please add a SIP debug showing this issue (add this as an attachment, don't forget to include debug logs). Thanks. By: Iñaki Baz Castillo (ibc) 2008-01-30 07:40:24.000-0600 Sorry, I did the debug but forgot to upload it :-p Now it's attached. By: Olle Johansson (oej) 2008-01-30 10:08:13.000-0600 For some reason, that part of the original code was missing. The peerauth pointer was still around though. Try this patch and please confirm if it works for you. /Olle By: Iñaki Baz Castillo (ibc) 2008-01-30 11:43:18.000-0600 I have problems to set the patch (the line numbers don't match with that revision), so finally I've patched the SVN trunk version (revision 101278) manually and recompiled (chan_sip.c is compiled again). But it doesn't work at all, the same occurs: after 407 there is not a new INVITE with credentials. By: Olle Johansson (oej) 2008-01-30 15:29:56.000-0600 The patch was made for 1.4 (the problem exists there too). I will have to test it a bit more later this week obviously. By: jmls (jmls) 2008-02-17 13:06:40.000-0600 oej, were you able to test ? By: Olle Johansson (oej) 2008-06-10 09:26:11 Will test this week actually. By: Olle Johansson (oej) 2008-07-01 07:19:54 Please test with latest svn version. Thanks. By: Iñaki Baz Castillo (ibc) 2008-07-01 09:04:22 It works :) Thanks. By: Olle Johansson (oej) 2008-07-01 09:24:12 Thanks for checking quickly! |