janus-gateway icon indicating copy to clipboard operation
janus-gateway copied to clipboard

Published 20 hours ago verified publisher icon meetecho

[1.x] SIP plugin: unable to REGISTER to a SIP server with plaintext secret if it contains character ":".

Open BernardoGiordano opened this issue 9 months ago • 4 comments

What version of Janus is this happening on?

  • Janus version: 1201 (1.2.1)
  • Janus commit: 77e4ce31816c66e41e74f97228ed6f432e0af2ef

Have you tested a more recent version of Janus too? N/A

Was this working before? N/A

Is there a gdb or libasan trace of the issue? N/A

Additional context I'm using the SIP plugin to perform a REGISTER request to an Asterisk PBX. Every time I try to register with plaintext secret and the secret contains character ":" (example: "pass:word") the REGISTER fails. Asterisk's security logs says "wrong password". If I try to eliminate the ":" from the password and I try to register to the same SIP server keeping the other credentials unchanged, the request succeeds.

Note: I didn't try registering using the prehashed ha1_secret param.

BernardoGiordano avatar Nov 23 '23 08:11 BernardoGiordano

I remember a similar issue ages ago, and it was a problem with Sofia SIP, rather than Janus. Specifically, when providing the challenge, in Sofia SIP you use NUTAG_AUTH, which uses semicolons to separate the different parts (realm, username, etc.). As such, if the password contains a semicolon too, it confuses Sofia.

At the time we fixed this by escaping authuser and/or password in case they contained a semicolon, but that required a change in Sofia SIP too, which was implemented here. As such, make sure you're compiling Janus against a recent enough version of Sofia SIP, as older versions will not support this. If you're using an older version, uninstall it, install an updated one, and then reconfigure (touch configure.ac) and recompile (make clean && make install) Janus so that it recognizes the new version of the library.

lminiero avatar Nov 23 '23 10:11 lminiero

Thanks for your response. I compiled Janus from source, referring to the documentation available in the repo. Here are the details of the environment I used to build it:

  • Ubuntu Server 20.04.4 LTS
  • Sofia SIP installed through apt:
    • ii libsofia-sip-ua-dev 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library development files
    • ii libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2 amd64 Sofia-SIP library runtime

Looks like Sofia SIP 1.12.11 has been released in 2011 so it is quite old. The Sofia SIP change you pointed out has been committed in 2009 though. However, it surely seems a library version issue.

I'll try recompiling against a more recent Sofia SIP version and give you feedback; will close the issue if the problem is solved.

BernardoGiordano avatar Nov 23 '23 10:11 BernardoGiordano

I just tried to fresh compile Janus against v1.13.17 of libsofia and the issue still persists.

BernardoGiordano avatar Dec 01 '23 09:12 BernardoGiordano

Then you may want to open an issue on the sofia-sip repo to track it, as it's not something we can fix in Janus.

lminiero avatar Dec 13 '23 13:12 lminiero