Summary:ASTERISK-17518: [patch] Wrong uri in the authentication header
Reporter:Stanislaw Pitucha (viraptor)Labels:patch
Date Opened:2011-03-06 12:51:34.000-0600Date Closed:
Versions:1.8.3 13.18.4 Frequency of
Environment:Attachments:( 0) auth_uri.patch
Description:I just tried to send a call via callcentric.com from asterisk 1.8.3 box. During the password check is seems to send a wrong URI - skipping the user part. For example, the packet sent out was:

INVITE sip:17771234567@callcentric.com SIP/2.0.
Proxy-Authorization: Digest username="17772777xxx", realm="callcentric.com", algorithm=MD5, uri="sip:callcentric.com", nonce="xxxxxxxxxxxxxxxxxxxxxxxxxx", response="xxxxxxxxxxxxxxxxxxxxxxxxxx".

While according to the RFC3261 (22.4 step 3), it should be the request uri, so "sip:17771234567@callcentric.com".
Comments:By: Stanislaw Pitucha (viraptor) 2011-03-06 13:27:03.000-0600

Attached patch fixes the issue for invites... I'm not sure what else could be affected here. I switched the cases around to prefer uri over domain, but I'm not even sure why a situation without uri would ever occur.
If it does, this might cause some other issues.

By: Joshua C. Colp (jcolp) 2012-09-26 11:11:14.871-0500

I've been unable to reproduce this in the latest 1.8 with many different configurations. This has either been fixed already or there is a very specific configuration required to make it happen. If this is still occurring please reopen with full configuration information.

By: Olle Johansson (oej) 2013-11-29 07:59:42.266-0600

I've seen this replicated and it's still an open issue. Using realm based auth it happens.

By: Olle Johansson (oej) 2013-11-29 08:00:06.976-0600

Confirmed that this is an open issue.