I guess I found a bug in the register logic in chan_sip
I'm trying of registering two extensions from a SIP gateway into Asterisk.
I have defined two user entries in sip.conf as follows:
[0191]
type = friend
auth=md5
username=0191
secret=planet
disallow=all
allow=ulaw
dtmfmode=inband
host = dynamic
default = 192.168.2.183
[0192]
type = friend
auth=md5
username=0192
secret=planet
disallow=all
allow=ulaw
dtmfmode=inband
host = dynamic
default = 192.168.2.183
And configured the gateway to register to asterisk (192.168.2.175) both
numbers with these username and passwords.
***
reg_num: 0191
Registrar_ID 1: UnRegistered
registrar: 192.168.2.175 5060expires: 600
name: 0191passwd: planet
reg_num: 0192
Registrar_ID 2: Registered
registrar: 192.168.2.175 5060expires: 600
name: 0192passwd: planet
***
When I reset the gateway I see the first sip user (0191) FAILS to
register, but the second one (0192) registers OK.
I first thought there was a problem with the digest response from the
gateway but after logging the SIP headers, and
reading the RFC's and use md5sum to check the digest values I realiced
the values from the cliente where OK.
In inserted some ast_log(LOG_NOTICE, ..) into the chan_sip.c 's
register_verify() and check_auth() functions
and found the problem is in Asterisk.
As you can see It seems for some reason when Asterisk receives both
REGISTER request messages one after the other,
he is mixing the nonce value (called randdata into chan_sip.c) for one
peer with the other.
So he ends evaluating the digest for the first register (0191) using the
nonce value from the second one (0192) and It fails.
For some reason (I think It is because the randdata is resetted to ''
after 0191 fails) the second register (0192) gets a second 407 Proxy
Authentication Required with a third randdata and this time It is
registered OK because the right nonce value is used.
I'm using Asterisk CVS version from 2004/05/19.
Here follow the console log (with my LOG_NOTICE debug messages) and the
corresponding ngrep SIP capture. Look specially the randdata values used
in check_auth (nonce value) and the (not) corresponding values sent in
the SIP responses for each REGISTER.
Everyone can check the response=... sent by the gateway are ok using
something like this:
A1=$(echo -n '0192:asterisk:planet'|md5sum|awk '{print $1}')
A2=$(echo -n 'REGISTER:sip:192.168.2.175'|md5sum|awk '{print $1}')
NONCE=17e63cd4
$(echo -n $A1:$NONCE:$A2|md5sum|awk '{print $1}')
**
*
Asterisk Console Logs
*
May 26 16:56:47 NOTICE[196621]: chan_sip.c:3861 register_verify:
Checking Auth: randata= name=0191 secret=planet uri=sip:192.168.2.175
May 26 16:56:47 NOTICE[196621]: chan_sip.c:3861 register_verify:
Checking Auth: randata=17e63cd4 name=0192 secret=planet
uri=sip:192.168.2.175
May 26 16:56:47 NOTICE[196621]: chan_sip.c:3861 register_verify:
Checking Auth: randata=49760cde name=0191 secret=planet
uri=sip:192.168.2.175
May 26 16:56:47 WARNING[196621]: chan_sip.c:3764 check_auth:
A1='0191:asterisk:planet'
May 26 16:56:47 WARNING[196621]: chan_sip.c:3769 check_auth:
resp_uri='sip:192.168.2.175' uri='sip:192.168.2.175'
May 26 16:56:47 WARNING[196621]: chan_sip.c:3770 check_auth:
A2='REGISTER:sip:192.168.2.175'
May 26 16:56:47 WARNING[196621]: chan_sip.c:3778 check_auth:
resp='160723a2f5a8dcf360271903c6818b63:49760cde:c70c5186f40f678679f57680d2a4390d'
resp_hash='267b05f67388676fcffb6bd3ee381b2e'
May 26 16:56:47 WARNING[196621]: chan_sip.c:3781 check_auth: Client
response='406d89d8d15ba1c9753b5bef95931934'
May 26 16:56:47 NOTICE[196621]: chan_sip.c:5691 handle_request:
Registration from 'sip:[EMAIL PROTECTED]' failed for '192.168.2.183'
May 26 16:56:48 NOTICE[196621]: chan_sip.c:3861 register_verify:
Checking Auth: randata= name=0192 secret=planet uri=sip:192.168.2.175
May 26 16:56:48 NOTICE[196621]: chan_sip.c:3861 register_verify:
Checking Auth: randata=23b5124b name=0192 secret=planet
uri=sip:192.168.2.175
May 26 16:56:48 WARNING[196621]: chan_sip.c:3764 check_auth:
A1='0192:asterisk:planet'
May 26 16:56:48 WARNING[196621]: chan_sip.c:3769 check_auth:
resp_uri='sip:192.168.2.175' uri='sip:192.168.2.175'
May 26 16:56:48 WARNING[196621]: chan_sip.c:3770 check_auth:
A2='REGISTER:sip:192.168.2.175'
May 26 16:56:48 WARNING[196621]: chan_sip.c:3778 check_auth:
resp='c04abf6412f4f786ba81daddb46a82ee:23b5124b:c70c5186f40f678679f57680d2a4390d'
resp_hash='c370755ec882aafa390ff867d1a99449'
May 26 16:56:48 WARNING[196621]: chan_sip.c:3781 check_auth: Client
response='c370755ec882aafa390ff867d1a99449'
interface: eth0 (192.168.2.0/255.255.255.0)
filter: ip and ( port 5060 and host