Odd behaviors have been observed during outbound registrations. The most
common problem witnessed has been one where a request with
authentication credentials cannot be created after receiving a 401
response. Other behaviors include apparently processing an incorrect SIP
response.
Inspecting the code led to an apparent issue with regards to how we
handle transactions in outbound registration code. When a response to a
REGISTER arrives, we save a pointer to the transaction and then push a
task onto the registration serializer. Between the time that we save the
pointer and push the task, it's possible for the transaction to be
destroyed due to a timeout. It's also possible for the address to be
reused by the transaction layer for a new transaction.
To allow for authentication of a REGISTER request to be authenticated
after the transaction has timed out, we now hold a reference to the
original REGISTER request instead of the transaction. The function for
creating a request with authentication has been altered to take the
original request instead of the transaction where the original request
was sent.
ASTERISK-25020
Reported by Mark Michelson
Change-Id: I756c19ab05ada5d0503175db9676acf87c686d0a
The way PJSIP generates an authenticated request is to use a previous
request as a template. This means that the authenticated request will
have the same Call-ID, From header (including tag), and CSeq as the
original request. PJSIP generates a new branch on the Via header to
indicate that this is a new transaction, though.
There are some SIP implementations, though, that do not notice the
change in the branch and therefore will match the authed request to the
original request's transaction. Since the CSeq is the same, the server
will repeat the response it sent to the original request.
This patch aids interoperability by increasing the CSeq of the authed
request by one.
ASTERISK-24845 #close
Reported by: Carl Fortin
Tested by: Carl Fortin
Change-Id: I39c4ca52e688a9f83bcc1878371334becdc5be01
When generating the list of authentication credentials to pass to
PJSIP, Asterisk was using the raw pointer of a pj_str_t which is not
always NULL-terminated. This sometimes resulted in incorrect text for
the realm and a failure to match the realm for authentication purposes
which was causing the outbound nominal auth pjsip basic call test to
bounce. This now uses the pj_str_t that contains the realm instead of
generating a new one. Thanks to John Bigelow for helping to narrow this
down.
........
Merged revisions 400863 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@400864 65c4cc65-6c06-0410-ace0-fbb531ad65f3
With this change, if no realm is specified in an outbound auth
section, then we will simply match the realm that was present
in the 401/407 challenge.
(closes issue ASTERISK-22471)
Reported by George Joseph
(closes issue ASTERISK-22386)
Reported by Rusty Newton
Patches:
outbound_auth_realm_v4.patch uploaded by George Joseph (License #6322)
........
Merged revisions 399059 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@399082 65c4cc65-6c06-0410-ace0-fbb531ad65f3
The general gist is to have a clear boundary between old SIP stuff
and new SIP stuff by having the word "SIP" for old stuff and "PJSIP"
for new stuff. Here's a brief rundown of the changes:
* The word "Gulp" in dialstrings, functions, and CLI commands is now
"PJSIP"
* chan_gulp.c is now chan_pjsip.c
* Function names in chan_gulp.c that were "gulp_*" are now "chan_pjsip_*"
* All files that were "res_sip*" are now "res_pjsip*"
* The "res_sip" directory is now "res_pjsip"
* Files in the "res_pjsip" directory that began with "sip_*" are now "pjsip_*"
* The configuration file is now "pjsip.conf" instead of "res_sip.conf"
* The module info for all PJSIP-related files now uses "PJSIP" instead of "SIP"
* CLI and AMI commands created by Asterisk's PJSIP modules now have "pjsip" as
the starting word instead of "sip"
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@395764 65c4cc65-6c06-0410-ace0-fbb531ad65f3