[SR-Users] help with SIP Notify message, to make a endpoint (SPA504G and similar) to reboot.

Pedro Niño nino.pedro at gmail.com
Thu Mar 13 15:26:38 CET 2014 

Sorry for intruding, but this is puzzling me a lot.

I followed the guide to make Kamailio work with asterisk and realtime,
Kamailio version 4 and asterisk 11.

(http://kb.asipto.com/asterisk:realtime:kamailio-4.0.x-asterisk-11.3.0-astdb
)

up until now its working, and now want to get the phones (CISCO SPA504G,
former linksys) to get the SIP notify command and reload to get their new
config, from the asterisk cli

the cli command is "sip notify spa-reboot <username>"

The problem is that, using the setup in the guide, the phones registers
with kamailio, kamalio then strip the password and register with no
password to the asterisk, as supposed to be.

by that, when asterisk sends the SIP Notify with the reboot commands, it
arrives to the kamailio, and is forwarded to phone, and the phone answers
with a '401' and a digest.

In the flow, the kamailio (in the middle) receives the 401 and sends again
the sip message to asterisk, and asterisk uses the digest to cipher the
password and reply, but as asterisk is configured with no password, the
reply contains as 'wrong' password (the empty/blank one)

is there any way to make kamailio intercepts again that '401' and reply
with a crafted message, with the right digest, password, (the one in the ul
table) and user, so the phone can accept the order and reboots?

The other (ugly) option, is to remove the auth from the phone, for the Sip
Provisioning, but that would leave and open door to a reboot attack without
auth needed from any IP. And I dont like that option.

As we talk, I managed to create a routing logic, but is that the right
approach? :

===================

request_route {

        if (is_method("NOTIFY"))
        {
                #xlog("NOTIFY received: $rs");

                t_on_failure("MANAGE_FAILURE_401"); #try to intercep a 401

        }

.....
}


failure_route[MANAGE_FAILURE_401] {


        if (t_check_status("401")) {
                #401 detectado dentro de un Notify,
                #probablemente ha sido por una orden de reboot.
                #hay que construir un paquete e intentar enviar, con el
digest adecuado....

                $uac_req(method)="NOTIFY";
                $uac_req(ruri)="sip:";
                $uac_req(furi)="sip:";
                $uac_req(turi)="sip:";
                $uac_req(hdrs)="Contact: <sip:"+ ">\r\n";
                #Paquete construido, debe ser enviado
                uac_req_send();
               xlog("401 detectado");
               # exit;
        }

===================


Thanks in advance.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140313/809f5e27/attachment.html>

More information about the sr-users mailing list