[jitsi-dev] SIP authentication problem with 3CX Phone System


#1

Hi all,

I'm using Jitsi nightly build with 3CX Phone System as a SIP server.
There's a problem with authentication. It takes about 4-7 tries before
server accepts the password. I enter 4-7 times the same correct password in
the authentication dialog. Option to store the password doesn't help.

I tried to look into the logs and packets, but I see no difference between
the accepted REGISTER message and the one that is rejected. The only thing
I've noticed is that when I try to enter the password as fast as possible
between each password prompt it can succeed after just 2 retries.

Do you think it's a problem with the server ? The time between resent is
probably important in this case as in Android version I've entered
programatically the password in place where it should ask for it and it
always succeeds.

Also there is a strange thing I don't understand in
SipSecuirtyManager.createAuthorizationHeader:574.
The "nc_value" and "cnonce" have predifined static values. Shouldn't they
come from the server's message ?

Here's the code:

String response = null;

        // JvB: authHeader.getQop() is a quoted _list_ of qop values
        // (e.g. "auth,auth-int") Client is supposed to pick one
        String qopList = authHeader.getQop();
        String qop = (qopList != null) ? "auth" : null;
        String nc_value = "00000001";
        String cnonce = "xyz";

        try
        {
            response = MessageDigestAlgorithm.calculateResponse(
                authHeader.getAlgorithm(),
                userCredentials.getUserName(),
                authHeader.getRealm(),
                new String(userCredentials.getPassword()),
                authHeader.getNonce(),
                nc_value, // JvB added
                cnonce, // JvB added
                method,
                uri,
                requestBody,
                qop);//jvb changed
        }
        catch (NullPointerException exc)
        {
            throw new OperationFailedException(
                "The authenticate header was malformatted"
                , OperationFailedException.GENERAL_ERROR
                , exc);
        }

        AuthorizationHeader authorization = null;
        try
        {
            if (authHeader instanceof ProxyAuthenticateHeader)
            {
                authorization =
headerFactory.createProxyAuthorizationHeader(
                    authHeader.getScheme());
            }
            else
            {
                authorization = headerFactory.createAuthorizationHeader(
                    authHeader.getScheme());
            }

            authorization.setUsername(userCredentials.getUserName());
            authorization.setRealm(authHeader.getRealm());
            authorization.setNonce(authHeader.getNonce());
            authorization.setParameter("uri", uri);
            authorization.setResponse(response);
            if (authHeader.getAlgorithm() != null)
            {
                authorization.setAlgorithm(authHeader.getAlgorithm());
            }

            if (authHeader.getOpaque() != null)
            {
                authorization.setOpaque(authHeader.getOpaque());
            }

            // jvb added
            if (qop!=null)
            {
                authorization.setQop(qop);
                authorization.setCNonce(cnonce);
                authorization.setNonceCount( Integer.parseInt(nc_value) );
            }

            authorization.setResponse(response);

        }
        catch (ParseException ex)
        {
            throw new SecurityException(
                "Failed to create an authorization header!");
        }

        return authorization;

3cxSipAuth.log (76.1 KB)

3cxSipAuth.pcap (34.1 KB)

···

--
Regards,
Pawel


#2

I've been experiencing a similar problem with XMPP (jabber.org). Jitsi asks for the password, and then apparently the authentication times out and jitsi asks the password again, although one can see that in the background it has already gone online from the first attempt. Maybe a too short timeout value somewhere?

-- Heikki Lindholm

···

On 3/13/13 1:55 PM, Paweł Domas wrote:

Hi all,

I'm using Jitsi nightly build with 3CX Phone System as a SIP server.
There's a problem with authentication. It takes about 4-7 tries before
server accepts the password. I enter 4-7 times the same correct password
in the authentication dialog. Option to store the password doesn't help.