[sr-dev] [kamailio/kamailio] Wrong QOP value in UAC auth_alg (#1684)
Sebastian Lauwers
notifications at github.com
Wed Oct 24 15:35:08 CEST 2018
### Description
While trying to setup a handoff to a third party SIP trunk with authentication, I ran into some issues with said authentication. I'm using qop auth on the inbound leg (and `consume_credentials()`), and then UAC to authenticate against the SIP trunk with different credentials. The third party SIP trunk offers qop auth/auth-int.
I manually tried to verify the digest that Kamailio was sending, but couldn't. I added some logging to the `auth_alg.c` file, and ran the whole thing again. HA1 is calculated correctly, and so is HA2. However, the final step of the algorithm produced an incorrect value.
After further debugging, I realised that the issue comes from https://github.com/kamailio/kamailio/blob/master/src/modules/uac/auth_alg.c#L151. More specifically, in my case, the value passed on to `MD5Update` is `auth,auth-int`, instead of the simple `auth` I was expecting (uac doesn't support auth-int).
### Troubleshooting
#### SIP Traffic
I have PCAPs demonstrating the issue and the hack/fix below. I'd rather not post them publicly, however, I am happy to share them privately with Kamailio devs.
In essence:
```
-> INVITE sip:12345 at someprovider.org:5060;transport=tcp
<- 401 Unauthorized
WWW-Authenticate: Digest realm="someprovider.org", qop="auth,auth-int", nonce="5BCF48671749b873534dc63e76d5594f3988555f"
-> INVITE sip:12345 at someprovider.org:5060;transport=tcp
Authorization: Digest username="redacted", realm="someprovider.org", nonce="5BCF48671749b873534dc63e76d5594f3988555f", uri="sip:12345 at eu.out.didww.com:5060;transport=tcp", qop=auth, nc=00000001, cnonce="2106889321", response="redacted71d4c9ce119dcf3ec56209e", algorithm=MD5
```
### Possible Solutions
The hack I've used for the time being is to replace:
```c
MD5Update(&Md5Ctx, ":", 1);
MD5Update(&Md5Ctx, auth->qop.s, auth->qop.len);
MD5Update(&Md5Ctx, ":", 1);
```
with:
```c
MD5Update(&Md5Ctx, ":auth:", 6);
```
Obviously, I realise this is not the correct fix, but I figured I'd let the experts fix the value of `auth->qop.len`. I can spend more time on this, if required, but I don't know exactly what the "correct" solution is.
### Additional Information
* **Kamailio Version** - output of `kamailio -v`
```
version: kamailio 5.1.6 (x86_64/linux)
flags: STATS: Off, USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144 MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
id: unknown
compiled with gcc 5.3.1
```
* **Operating System**:
Dockerized version of Kamailio on Ubuntu xenial:
```
kamailio/kamailio:5.1.6-xenial
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1684
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20181024/a89d03a3/attachment-0001.html>
More information about the sr-dev
mailing list