Unauthorized when use sip account

[didikk]

Hi, I got some trouble here. When I try to login with sip account to my server it's always fail. Then I print the message from listener and it says "Unauthorized". I have no idea what actually happens, cause when I try with apps from playstore, it's succeed.

Any advice?
Btw sorry if my english is bad.

[dominic-p]

I have just started getting this after updating to the latest 3.3.2 code (compiled myself).

Looking at my server logs, it seems like the server (FreePBX 13) received the REGISTER request, responds with 401 Unauthorized, but linphone-android is not sending an Authorization header in its next request. Looking at the debug logs in logcat, I see the following error:

E linphone   : Algorithm [md5] is not correct

Note that I have devices running older versions of linphone on this same network/server that register without issue.

Server Logs (asterisk/FreePBX)

<--- Received SIP request (560 bytes) from UDP:192.168.1.12:48534 --->
REGISTER sip:192.168.1.80 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.12:48534;branch=z9hG4bK.EwdVc50QX;rport
From: <sip:101@192.168.1.80>;tag=gxYBR7PZ2
To: sip:101@192.168.1.80
CSeq: 118 REGISTER
Call-ID: T34~oAtoXj
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp
Accept: text/plain
Accept: application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:101@192.168.1.12:48534;transport=udp>;+sip.instance="<urn:uuid:ad22696e-6bc3-416a-b1c7-c4003170bbbc>"
Expires: 3600
User-Agent: LinphoneAndroid/3.3.2 (belle-sip/1.6.3)


<--- Transmitting SIP response (472 bytes) to UDP:192.168.1.12:48534 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.12:48534;rport=48534;received=192.168.1.12;branch=z9hG4bK.EwdVc50QX
Call-ID: T34~oAtoXj
From: <sip:101@192.168.1.80>;tag=gxYBR7PZ2
To: <sip:101@192.168.1.80>;tag=z9hG4bK.EwdVc50QX
CSeq: 118 REGISTER
WWW-Authenticate: Digest  realm="asterisk",nonce="1519945994/f152277a3c513d536f45c60d28d947a7",opaque="3678e5e1576d3e44",algorithm=md5,qop="auth"
Server: FPBX-13.0.194.2(13.18.3)
Content-Length:  0


<--- Received SIP request (560 bytes) from UDP:192.168.1.12:48534 --->
REGISTER sip:192.168.1.80 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.12:48534;branch=z9hG4bK.AaeVrNpQa;rport
From: <sip:101@192.168.1.80>;tag=gxYBR7PZ2
To: sip:101@192.168.1.80
CSeq: 119 REGISTER
Call-ID: T34~oAtoXj
Max-Forwards: 70
Supported: replaces, outbound
Accept: application/sdp
Accept: text/plain
Accept: application/vnd.gsma.rcs-ft-http+xml
Contact: <sip:101@192.168.1.12:48534;transport=udp>;+sip.instance="<urn:uuid:ad22696e-6bc3-416a-b1c7-c4003170bbbc>"
Expires: 3600
User-Agent: LinphoneAndroid/3.3.2 (belle-sip/1.6.3)


<--- Transmitting SIP response (472 bytes) to UDP:192.168.1.12:48534 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.12:48534;rport=48534;received=192.168.1.12;branch=z9hG4bK.AaeVrNpQa
Call-ID: T34~oAtoXj
From: <sip:101@192.168.1.80>;tag=gxYBR7PZ2
To: <sip:101@192.168.1.80>;tag=z9hG4bK.AaeVrNpQa
CSeq: 119 REGISTER
WWW-Authenticate: Digest  realm="asterisk",nonce="1519945994/f152277a3c513d536f45c60d28d947a7",opaque="2a6a69fe7c49a06c",algorithm=md5,qop="auth"
Server: FPBX-13.0.194.2(13.18.3)
Content-Length:  0

Linphone App Logs (logcat)

I linphone   : New registration state [RegistrationProgress]
I linphone   : Linphone core [0xb4da1280] notified [registration_state_changed]
I linphone   : bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x2006ee]
I linphone   : channel [0xb3798000]: starting recv background task with id=[2006ee].
I linphone   : channel [0xb3798000]: received [471] new bytes from [UDP://192.168.1.80:5060]:
I linphone   : SIP/2.0 401 Unauthorized
I linphone   : Via: SIP/2.0/UDP 192.168.1.12:36884;rport=36884;received=192.168.1.12;branch=z9hG4bK.1vGLsVh2u
I linphone   : Call-ID: ozQRzrYN6G
I linphone   : From: <sip:101@192.168.1.80>;tag=Wbn6N0pmH
I linphone   : To: <sip:101@192.168.1.80>;tag=z9hG4bK.1vGLsVh2u
I linphone   : CSeq: 46 REGISTER
I linphone   : WWW-Authenticate: Digest  realm="asterisk",nonce="1519949991/a35d3c9275890b06db4f2617d017a7e2",opaque="665dbac6794e6712",algorithm=md5,qop="auth"
I linphone   : Server: FPBX-13.0.194.2(13.18.3)
I linphone   : Content-Length:  0
I linphone   : channel [0xb3798000] [471] bytes parsed
I linphone   : Found transaction matching response.
I linphone   : Changing [client] [REGISTER] transaction [0x9d3f5900], from state [TRYING] to [COMPLETED]
I linphone   : linphone_core_find_auth_info(): returning auth info username=101, realm=asterisk
I linphone   : Auth info found for [101] realm [asterisk]
E linphone   : Algorithm [md5] is not correct 
I linphone   : bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x100722]
I linphone   : transaction [0xa10afb60]: starting transaction background task with id=[100722].
I linphone   : Changing [client] [REGISTER] transaction [0xa10afb60], from state [INIT] to [TRYING]
I linphone   : channel [0xb3798000]: message sent to [UDP://192.168.1.80:5060], size: [559] bytes
I linphone   : REGISTER sip:192.168.1.80 SIP/2.0
I linphone   : Via: SIP/2.0/UDP 192.168.1.12:36884;branch=z9hG4bK.DcytsDOWT;rport
I linphone   : From: <sip:101@192.168.1.80>;tag=Wbn6N0pmH
I linphone   : To: sip:101@192.168.1.80
I linphone   : CSeq: 47 REGISTER
I linphone   : Call-ID: ozQRzrYN6G
I linphone   : Max-Forwards: 70
I linphone   : Supported: replaces, outbound
I linphone   : Accept: application/sdp
I linphone   : Accept: text/plain
I linphone   : Accept: application/vnd.gsma.rcs-ft-http+xml
I linphone   : Contact: <sip:101@192.168.1.12:36884;transport=udp>;+sip.instance="<urn:uuid:ad22696e-6bc3-416a-b1c7-c4003170bbbc>"
I linphone   : Expires: 3600
I linphone   : User-Agent: LinphoneAndroid/3.3.2 (belle-sip/1.6.3)
I linphone   : channel [0xb3798000]: ending recv background task with id=[2006ee].
I linphone   : bellesip_wake_lock_release(): Android wake lock released [ref=0x2006ee]
I linphone   : Garbage collecting unowned object of type belle_sip_header_authorization_t
I linphone   : Garbage collecting unowned object of type belle_sip_header_authorization_t
I linphone   : bellesip_wake_lock_acquire(): Android wake lock acquired [ref=0x100726]
I linphone   : channel [0xb3798000]: starting recv background task with id=[100726].
I linphone   : channel [0xb3798000]: received [471] new bytes from [UDP://192.168.1.80:5060]:
I linphone   : SIP/2.0 401 Unauthorized
I linphone   : Via: SIP/2.0/UDP 192.168.1.12:36884;rport=36884;received=192.168.1.12;branch=z9hG4bK.DcytsDOWT
I linphone   : Call-ID: ozQRzrYN6G
I linphone   : From: <sip:101@192.168.1.80>;tag=Wbn6N0pmH
I linphone   : To: <sip:101@192.168.1.80>;tag=z9hG4bK.DcytsDOWT
I linphone   : CSeq: 47 REGISTER
I linphone   : WWW-Authenticate: Digest  realm="asterisk",nonce="1519949991/a35d3c9275890b06db4f2617d017a7e2",opaque="7e6ca86821000da1",algorithm=md5,qop="auth"
I linphone   : Server: FPBX-13.0.194.2(13.18.3)
I linphone   : Content-Length:  0
I linphone   : channel [0xb3798000] [471] bytes parsed
I linphone   : Found transaction matching response.
I linphone   : Changing [client] [REGISTER] transaction [0xa10afb60], from state [TRYING] to [COMPLETED]
W linphone   : Authentication is failing constantly, will retry later
I linphone   : Refresher[0xab492430]: scheduling next timer in 60000 ms for purpose [retry]
I linphone   : Register refresher [401] reason [Unauthorized] for proxy [<sip:192.168.1.80;transport=udp>]
I linphone   : Registration on <sip:192.168.1.80;transport=udp> failed: Unauthorized
I linphone   : Linphone core [0xb4da1280] notified [display_status]
I linphone   : Proxy config [0xb4dbd8c0] for identity [sip:101@192.168.1.80] moving from state [LinphoneRegistrationProgress] to [LinphoneRegistrationFailed] on core [0xb4da1280]
I linphone   : New registration state [RegistrationFailed]
I linphone   : Linphone core [0xb4da1280] notified [registration_state_changed]
I linphone   : channel [0xb3798000]: ending recv background task with id=[100726].
I linphone   : bellesip_wake_lock_release(): Android wake lock released [ref=0x100726]

[dominic-p]

Looking into this a bit further, it seems like belle-sip doesn't like the algorithm (md5) to be specified in lower case.

I think the error I mentioned above comes from this line. That relies on a call to the belle_sip_auth_define_size function which checks the algorithm type. It uses strcmp() and not strcasecmp(), so it doesn't return a size for the given md5 algorithm since it's looking for MD5.

I'm not sure if this is a bug with the belle_sip_auth_define_size function or whatever is feeding it the data. I see a lot of hard coded references to MD5 in upper case throughout that file. Maybe there should be some case normalization logic somewhere?

[dominic-p]

I have confirmed that if I change 4 instances of strmp() to strcasecmp() in this area of belle-sip I am able to register without issue.

I'm not sure what the process is for submitting patches to belle-sip, but maybe someone from Belledonne watching here can look into these changes?

[driesken]

I'm having the same issue. Changing the code to what @dominic-p suggested fixed the issue for me.

[jsponz]

@dominic-p , after changing the instances, what you have to do?

I still have the same issue, but I guess the library needs to be compile. Right?

Thanks for your quick answer :-)

[dominic-p]

@jsponz yes, you need to recompile. I just follow the instructions on the readme which boil down to:

./prepare.py --clean
./prepare.py
make
make install

[jsponz]

Thanks! It works great!

[dominic-p]

It looks like this has been fixed by this commit in belle-sip which was recently pulled in to linphone-android.

So, this issue can probably be closed.

[davidedec]

Hi to all!
I'm using linphone for android since one week.
Today my linphone app got an update and coudn't authenticate anymore to my asterisk pbx.

Asterisk is sending WWW-Authenticate: Digest algorithm=md5 ... (lowercase)

Until yesterday it was working without problem.
I tried to authenticate to an old asterisk box (a very old version) that use uppercase MD5 algo and it works.

So I think the issue is still the same. Maybe the old code come back? I'm using the official google play store version.

Thanks

EDIT:
I installed the 3.3.1 APK from here https://www.linphone.org/releases/android/ and it works.
If I try the 3.99.1 it doesn't works.
The play store version is 4.0

[Pedulla]

I can confirm the previous issue and it affects both iOS and android.
Linphone to FreePBX 13.
The asterisk log show linphone trying to register with sip:null@server....

System was working flawlessly till the linphone update.

It's easy enough to downgrade android, but ios, not so much.
This NPO is out of production now. :(

[rtreleaven]

from the rfc
"algorithm = "algorithm" "=" ( "MD5" | "MD5-sess" | token )"
https://tools.ietf.org/html/rfc2617#section-3.2.1
Looks like asterisk should be sending uppercase "MD5".

But there is a general concept in these thing to be conservative in what you send and liberal in what you accept.

[dominic-p]

@rtreleaven interesting. Maybe you should file a bug with Asterisk?

[Pedulla]

???? Asterisk didn't change, Linphone did.

…

On Mon, Jun 25, 2018 at 4:13 PM, Dominic ***@***.***> wrote: @rtreleaven <https://github.com/rtreleaven> interesting. Maybe you should file a bug with Asterisk <https://issues.asterisk.org>? — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#216 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/Akc1j_giJGbonq1mBTe7jY5lH1T-AYYMks5uAW6agaJpZM4SJ_5K> .

-- *Rapture*, the ultimate flash mob... Will you get the call?

[rtreleaven]

Jehan Monnier wrote on the linphone users list

"...Thanks for pointing us this issue.
Even if the SIP ABNF grammar says it should be written MD5 (not md5), « ABNF strings are case insensitive » . This is a general rule with ABNF grammars (rfc5234 , chapter 2.3. Terminal Values).
We are working on a 4.0.1 which is about to be release with a fix for this issue."

I stand corrected.
Thanks for setting me straight Jehan.

[davidedec]

I just tested the new 4.0.1 and now it works.
Great job.
Thanks

[ameerhamza6733]

i have same error so where i can find this file? i have clone this repo :
https://github.com/BelledonneCommunications/belle-sip/blob/e5f46fb66106bac0e5d1e7ea12928da697c8923d/src/auth_helper.c#L76-L87 so i can change strmp() to strcasecmp()

[devjva]

In my case I forced the use of md5 in objc

linphone_auth_info_set_algorithm(info,(char*)[@"md5" UTF8String]);

worked well !