<h3>Description</h3>
<pre><code>Installed new kamailio 5.3, setting the uac module to register trunk.
The trunk has been added to the Mysql with an open password (or use ha1).
When try to register and send authorization data, the provider's server always gives a 403 error.
After the analysis, I found that the kamailio sends an incorrect hash in response header.
</code></pre>
<h3>Troubleshooting</h3>
<h4>Reproduction</h4>
<h4>Debugging Data</h4>
<pre><code>(paste your debugging data here)
</code></pre>
<h4>Log Messages</h4>
<pre><code>(paste your log messages here)
</code></pre>
<h4>SIP Traffic</h4>
<pre><code>Provider send "407 Proxy Authentication Required":
Proxy-Authenticate: Digest nonce="MTU3MTY5Mzg2MTrbrxRPWP0AIkC7fowq+nZn",
opaque="MTU3MTY5Mzg2MTrbrxRPWP0AIkC7fowq+nZn",
algorithm=md5,
realm="BREDBAND",
qop="auth"
Kamailio send new "Register":
Proxy-Authorization: Digest username="79205615793",
realm="BREDBAND",
nonce="MTU3MTY5Mzg2MTrbrxRPWP0AIkC7fowq+nZn",
uri="sip:sbc.megafon.ru",
opaque="MTU3MTY5Mzg2MTrbrx
WP0AIkC7fowq+nZn",
qop=auth,
nc=00000001,
cnonce="3335441185",
response="395830e40a92fd7d4564d82dfab1dac0", algorithm=MD5
If you calculate the hash manually:
Correct response: "2cee0f5a35c0e4831455496ce040eaf4"
</code></pre>
<h3>Possible Solutions</h3>
<pre><code>Problem with code in auth_alg.c.
He tries to verify that there is an encrypted password, even if it is not set in the database. Next, an uncorrect calculation of the hash for the answer 401 occurs. If you remove the block
</code></pre>
<pre><code> if(UAC_FLCRED_HA1 & UAC_FLCRED_HA1) {
memcpy(sess_key, crd->passwd.s, HASHHEXLEN);
sess_key[HASHHEXLEN] = '\0';
if ( auth->flags& AUTHENTICATE_MD5SESS ) {
cvt_bin(sess_key, HA1);
} else {
return;
}
</code></pre>
<pre><code>
Password registration works.
Maybe there are 2 problems. He constantly tries to calculate the hash for ha1 password (if used open password), and if it is, then the function cvt_bin incorrectly considers it.
</code></pre>
<h3>Additional Information</h3>
<ul>
<li><strong>Kamailio Version</strong> - output of <code>kamailio -v</code></li>
</ul>
<pre><code> kamailio 5.3.0 (x86_64/linux) 4cc67a
</code></pre>
<ul>
<li><strong>Operating System</strong>:</li>
</ul>
<pre><code>Linux refs4 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) x86_64 GNU/Linux
</code></pre>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/issues/2108?email_source=notifications&email_token=ABO7UZKGQCGE53FXPAXJ5QDQP3WVHA5CNFSM4JDO6QQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HTPPIWA">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABO7UZJERGBE5KXRMKFYZVLQP3WVHANCNFSM4JDO6QQQ">unsubscribe</a>.<img src="https://github.com/notifications/beacon/ABO7UZOLDFLM3ZBN6LTNZJTQP3WVHA5CNFSM4JDO6QQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HTPPIWA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/kamailio/kamailio/issues/2108?email_source=notifications\u0026email_token=ABO7UZKGQCGE53FXPAXJ5QDQP3WVHA5CNFSM4JDO6QQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HTPPIWA",
"url": "https://github.com/kamailio/kamailio/issues/2108?email_source=notifications\u0026email_token=ABO7UZKGQCGE53FXPAXJ5QDQP3WVHA5CNFSM4JDO6QQ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HTPPIWA",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>