New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong QOP value in UAC auth_alg #1684
Comments
I pushed a patch for it (see the reference above) in master branch. Can you test and if all ok, then I will back port to 5.1 branch. |
Any chance to test this one soon, in the near future we will do another 5.1.x release and it would be good to know if works in order to backport. |
Hi, Sorry, I’ll try to test it today and get back to you. Thanks |
@miconda Currently testing this, however, looking at the patch, I guess this assumes that "auth" would always be first? If the server sends I don't know if the standards say anything about the order, however. |
@miconda I can confirm that the proposed fix works (for my use-case). |
Description
While trying to setup a handoff to a third party SIP trunk with authentication, I ran into some issues with said authentication. I'm using qop auth on the inbound leg (and
consume_credentials()
), and then UAC to authenticate against the SIP trunk with different credentials. The third party SIP trunk offers qop auth/auth-int.I manually tried to verify the digest that Kamailio was sending, but couldn't. I added some logging to the
auth_alg.c
file, and ran the whole thing again. HA1 is calculated correctly, and so is HA2. However, the final step of the algorithm produced an incorrect value.After further debugging, I realised that the issue comes from https://github.com/kamailio/kamailio/blob/master/src/modules/uac/auth_alg.c#L151. More specifically, in my case, the value passed on to
MD5Update
isauth,auth-int
, instead of the simpleauth
I was expecting (uac doesn't support auth-int).Troubleshooting
SIP Traffic
I have PCAPs demonstrating the issue and the hack/fix below. I'd rather not post them publicly, however, I am happy to share them privately with Kamailio devs.
In essence:
Possible Solutions
The hack I've used for the time being is to replace:
with:
Obviously, I realise this is not the correct fix, but I figured I'd let the experts fix the value of
auth->qop.len
. I can spend more time on this, if required, but I don't know exactly what the "correct" solution is.Additional Information
kamailio -v
Dockerized version of Kamailio on Ubuntu xenial:
The text was updated successfully, but these errors were encountered: