| Summary: | ASTERISK-13380: [regression] Authentication seems to be broken again for SIP NOTIFY requests | ||
| Reporter: | Bryant Zimmerman (zktech) | Labels: | |
| Date Opened: | 2009-01-15 17:15:18.000-0600 | Date Closed: | 2010-08-02 16:14:21 |
| Priority: | Major | Regression? | Yes |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Interoperability |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) debug14.txt ( 1) sip_notify_debug.txt | |
| Description: | This issue is the same as 9896? I am running release version 1.6.0.1 and the sip notify sends out and I get 401 Unauthorized back This happens with both Grandstream and Audiocodes devices. I had things working in 1.4 with the 9896 patch and it was working in the 1.6.0 beta at one point but now it is back to the pre fix behavior? Any help would be apperciated as I can't reboot or force config updates without this working. 1695.086809 192.168.150.111 -> 216.109.196.34 SIP Request: NOTIFY sip:6164581832-10@192.168.100.220:31876;transport=udp 1695.114263 216.109.196.34 -> 192.168.150.111 SIP Status: 401 Unauthorized 1697.138730 216.109.196.34 -> 192.168.150.111 SIP Request: REGISTER sip:65.183.171.213 1697.138889 192.168.150.111 -> 216.109.196.34 SIP Status: 401 Unauthorized (0 bindings) 1697.262276 216.109.196.34 -> 192.168.150.111 SIP Request: REGISTER sip:65.183.171.213 1697.264920 192.168.150.111 -> 216.109.196.34 SIP Status: 200 OK (1 bindings) | ||
| Comments: | By: Leif Madsen (lmadsen) 2009-01-20 13:49:06.000-0600 Could you provide the sip debug from the asterisk console, and the sip history as well as an attachment to this bug? Thanks! By: Bryant Zimmerman (zktech) 2009-01-22 12:26:32.000-0600 I am working on this. I will provide examples from asterisk 1.4.17 running the patch 9896 as well as from the asterisk 1.6.0.1 version. What option do I enable in the logger.conf to get teh sip debug messages to write to a log file? Right now I am just trying to cut and past them and it is not working well. Will wireshark traces give you the sip history you are asking for? By: Leif Madsen (lmadsen) 2009-01-22 15:11:29.000-0600 Try piping the output of your asterisk console to tee like this: asterisk -cvvvgn | tee /tmp/my_log_file.txt This is to start a new asterisk process in the foreground without console colouring (it'll make the txt file a lot easier to read without the ANSI colour codes). Just enable sipdebug and siphistory in sip.conf, then turn on debugging on the console with 'core set debug 4' and 'core set verbose 4'. I think that should give us all the info if I'm not forgetting anything :) By: Leif Madsen (lmadsen) 2009-02-02 13:41:57.000-0600 /Ping? Any update here with the requested information? By: Bryant Zimmerman (zktech) 2009-02-03 08:15:27.000-0600 I have attached the debugs and history from 1.4.17 This one works and causes the phone to reboot. I am working on getting the same from our 1.6.0.1 Production Server. I plan on doing it in our maintance window tonight. Please look at what I have posted from the 1.4.17 box and let me know if it has every thing you need? If not I we may need to augment before my test window with 1.6.0.1 tonight. Thanks By: Bryant Zimmerman (zktech) 2009-02-03 08:30:19.000-0600 This is the section from the sip notify for the gs-reboot. This is what was given to me by Grandstream to issue a reboot. [gs-reboot] Event=>check-sync Content-Length=>0 By: Leif Madsen (lmadsen) 2009-02-03 08:33:30.000-0600 The attached file does not contain the appropriate information. You need to capture the dialog that is failing between the end-points by enabling 'sipdebug=yes' and 'recordhistory=yes' and 'dumphistory=yes'. Then stop Asterisk, and start it with the 'tee' line I mention in an earlier post. Before you upload, make sure there is information in the file. Also, remove all the inappropriate stuff at the top (as when you start asterisk it will show output of all the modules loading -- we don't need to see that). By: Leif Madsen (lmadsen) 2009-02-13 13:30:09.000-0600 Suspended due to lack of activity. Please request a bug marshal in #asterisk-bugs on the IRC network irc.freenode.net to reopen the issue should you have the additional information requested. Further information can be found at http://www.asterisk.org/developers/bug-guidelines By: Michiel van Baak (mvanbaak) 2009-11-25 15:28:46.000-0600 re-opened on request by OwenL on #asterisk-bugs By: owenl (owenl) 2009-11-25 15:38:29.000-0600 More information - the NOTIFY goes out and receives a 401 back asking for authorization. The packet is received in handle_response in chan_sip.c but is dropped when __sip_ack sets ack_res false. It appears the packet is never looked at thus the authorization code is never reached. This was the case the 1.6.1 and 1.6.2 versions. SIP debug, Call history, and debug logs are attached in a single file I'm new to the code so am not sure what the proper solution is. It would be very useful for the Linksys phones we are using. Thanks! By: Bryant Zimmerman (zktech) 2010-01-05 13:18:46.000-0600 I am having the same issue as well. I had it working with the patch at one point and then it quit again. I would like to see a longterm supported fix. What do we need to figure this out. Thanks By: Rafael Prado Rocchi (prado) 2010-06-21 22:06:03 I fixed it and it is working fine again. It's tested with 1.4 branch. I'll build the patches and post here tomorrow. For 1.4 and 1.6 Prado By: Jeff Peeler (jpeeler) 2010-07-22 16:13:21 prado: Can you post that patch? By: Bryant Zimmerman (zktech) 2010-07-22 16:20:12 I have yet to see a working for for this for the 1.6.x builds. I would love to see this fixed and a patch for the 1.6.x and put into 1.8 By: Digium Subversion (svnbot) 2010-08-02 16:14:19 Repository: asterisk Revision: 280669 U branches/1.6.2/channels/chan_sip.c ------------------------------------------------------------------------ r280669 | jpeeler | 2010-08-02 16:14:19 -0500 (Mon, 02 Aug 2010) | 10 lines Change SIP NOTIFY requests to expect a response so authentication will work. This changes the request to be sent with the transmit type XMIT_RELIABLE so that sip_ack doesn't return false and cause the 401 to be ignored in cases where authentication is required. (closes issue ASTERISK-13380) Reported by: zktech ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=280669 | ||