search

drachtio / drachtio-server

A SIP call processing server that can be controlled via nodejs applications
https://drachtio.org
MIT License
237 stars 92 forks source link

Incorrect proxy authentication behaviour, response indicated 'auth-int' is supported while it isn't #311

Closed GigaDroid closed 12 months ago

GigaDroid commented 12 months ago

To summarize, when I'm trying to place a call using drachtio as a proxy server I get a response saying that 'auth-int' is supported while it doesn't seem like it is, leading to an unsuccessful response. I'm using the following sample to replicate this https://github.com/davehorton/drachtio-b2b-media-proxy with sip2sip.org

Steps in detail Client sends INVITE

INVITE sip:3333@sip2sip.info SIP/2.0
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK11536463710000000
Max-Forwards: 69
To: <sip:3333@sip2sip.info>
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
Call-ID: gdsu05146640479p7sh7
CSeq: 1250 INVITE
Contact: <sip:im0r4515@02l5893u63yb.invalid;transport=ws;ob>
Content-Type: application/sdp
Session-Expires: 120
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY
Supported: timer,ice,replaces,outbound
User-Agent: dart-sip-ua v0.5.3
Content-Length: 2391

Server sends response

SIP/2.0 100 Trying
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK11536463710000000;received=172.17.0.1;rport=36898
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
To: <sip:3333@sip2sip.info>
Call-ID: gdsu05146640479p7sh7
CSeq: 1250 INVITE
Content-Length: 0
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK11536463710000000;received=172.17.0.1;rport=36898
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
To: <sip:3333@sip2sip.info>;tag=9m38eXe98g97D
Call-ID: gdsu05146640479p7sh7
CSeq: 1250 INVITE
Proxy-Authenticate: Digest realm="sip2sip.info", nonce="ek6HpayYwIckJVNGEk8H0razRsUcZRZa2hYownyK6RIA", qop="auth,auth-int"
Content-Length: 0

See qop="auth,auth-int" even though as far as I can tell "auth-int" is not supported! Client sends ACK and new invite using auth-int

ACK sip:3333@sip2sip.info SIP/2.0
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK11536463710000000
Max-Forwards: 69
To: <sip:3333@sip2sip.info>;tag=9m38eXe98g97D
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
Call-ID: gdsu05146640479p7sh7
CSeq: 1250 ACK
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY
Supported: outbound
User-Agent: dart-sip-ua v0.5.3
Content-Length: 0
INVITE sip:3333@sip2sip.info SIP/2.0
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK2856277450000000
Max-Forwards: 69
To: <sip:3333@sip2sip.info>
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
Call-ID: gdsu05146640479p7sh7
CSeq: 1251 INVITE
Proxy-Authorization: Digest algorithm=MD5, username="gigadroid", realm="sip2sip.info", nonce="ek6HpayYwIckJVNGEk8H0razRsUcZRZa2hYownyK6RIA", uri="sip:3333@sip2sip.info", response="d18ec53a483dc40e505d3a598ae3d717", qop=auth-int, cnonce="3l3v7jqs2o18", nc=00000001
Contact: <sip:im0r4515@02l5893u63yb.invalid;transport=ws;ob>
Content-Type: application/sdp
Session-Expires: 120
Allow: INVITE,ACK,CANCEL,BYE,UPDATE,MESSAGE,OPTIONS,REFER,INFO,NOTIFY
Supported: timer,ice,replaces,outbound
User-Agent: dart-sip-ua v0.5.3
Content-Length: 2391

Server fails to authenticate client because it doesn't know how to handle auth-int

SIP/2.0 100 Trying
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK2856277450000000;received=172.17.0.1;rport=36898
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
To: <sip:3333@sip2sip.info>
Call-ID: gdsu05146640479p7sh7
CSeq: 1251 INVITE
Content-Length: 0
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/WS 02l5893u63yb.invalid;branch=z9hG4bK2856277450000000;received=172.17.0.1;rport=36898
From: "tesijfi" <sip:gigadroid@sip2sip.info>;tag=g818x0b8ec
To: <sip:3333@sip2sip.info>;tag=ayv1grZc6SZtS
Call-ID: gdsu05146640479p7sh7
CSeq: 1251 INVITE
Proxy-Authenticate: Digest realm="sip2sip.info", nonce="M2b8kUuLpFFAH5qH2fMLF5yerkGK9ZzHqNLyZ+1wLpYA", qop="auth,auth-int"
Content-Length: 0
davehorton commented 12 months ago

if you are using drachtio as a proxy then it would be best to show the entire drachtio log, including every message it receive and sends.,

GigaDroid commented 12 months ago

@davehorton here you go drachtio.log

davehorton commented 12 months ago

drachtio is simply acting as a proxy here. The interop issue, if any, seems to be between the UAC and UAS. I cant see an issue with how drachtio is proxying the sip traffic

GigaDroid commented 12 months ago

Yeah I already thought that after looking at the drachtio logs. Sorry for blaming this on drachtio, guess I have to investigate this deeper. Keep up the good work!