[asterisk-dev] bug or feature (use From: instead of Digest username to match INVITE) ?

Mon, 09 Oct 2006 15:15:20 -0700 

Hi,
i am experiencing the following and i am not sure if it is caused
by a local misconfiguration, a fundamental problem with SIP, or
a problem in the way asterisk matches INVITEs against directly
connected SIP devices.

I have asterisk connected to a SIP provider, and to some SIP phones
(type=friend). If the number in the From: line in an INVITE request
coming from the provider matches the "username" of one of the phones,
asterisk will try to match the provider's authentication info
in the INVITE against the phone's entry.

This may look as a contrived example, however i just hit that
in a configuration where a call from a local phone (username=551) goes
to extension 27533 on the provider, which in turn forwards it back to
the original asterisk at extension 21611, which in turn is redirected
through the dialplan to another local phone (username=552):

        [1] 551 -> asterisk (10.0.9.236)
        dialplan forwards the call to SIP/[EMAIL PROTECTED]

        [2] asterisk -> provider (10.0.21.38)
        dialplan on the provider forwards to SIP/[EMAIL PROTECTED]
        [3] provider -> asterisk
        xx problem here - in principle, should match the provider's
           entry, but the INVITE has From: 551 so it matches
           the wrong entry.

        [4] asterisk -> 552   
        in theory, dialplan forwards 21611 to 522   

The relevant INVITE that fails for step 3 is this:

        INVITE sip:[EMAIL PROTECTED] SIP/2.0  
        Via: SIP/2.0/UDP 10.0.21.38:5060;branch=z9hG4bK21f9eb4d;rport  
        From: "551" <sip:[EMAIL PROTECTED]>;tag=as350877d9  
        To: <sip:[EMAIL PROTECTED]>  
        Contact: <sip:[EMAIL PROTECTED]>  
        Call-ID: [EMAIL PROTECTED]  
        CSeq: 103 INVITE  
        User-Agent: Asterisk PBX  
        Max-Forwards: 70  
        Proxy-Authorization: Digest username="21611", realm="asterisk", 
                algorithm=MD5, uri="sip:[EMAIL PROTECTED]", 
                nonce="340341e4",
                response="8f54583026d317102db35a69a9266ac5", opaque=""
        Date: Mon, 09 Oct 2006 21:08:55 GMT
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
        Content-Type: application/sdp
        Content-Length: 240

        ...

I am not sure how to handle this. Maybe i miss that, but what's wrong
in using the "username" entry in the Proxy-Authorization: line
to lookup the matching entry in the users list ?

        cheers
        luigi
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

Reply via email to