From bd61c9300cb143b44b326bbe4c5340307d18c2cd Mon Sep 17 00:00:00 2001
From: Mark Michelson <mmichelson@digium.com>
Date: Fri, 24 Apr 2015 09:17:25 -0500
Subject: [PATCH] res_pjsip_outbound_authenticator: Increase CSeq on authed
 requests.

The way PJSIP generates an authenticated request is to use a previous
request as a template. This means that the authenticated request will
have the same Call-ID, From header (including tag), and CSeq as the
original request. PJSIP generates a new branch on the Via header to
indicate that this is a new transaction, though.

There are some SIP implementations, though, that do not notice the
change in the branch and therefore will match the authed request to the
original request's transaction. Since the CSeq is the same, the server
will repeat the response it sent to the original request.

This patch aids interoperability by increasing the CSeq of the authed
request by one.

ASTERISK-24845 #close
Reported by: Carl Fortin
Tested by: Carl Fortin

Change-Id: I39c4ca52e688a9f83bcc1878371334becdc5be01
---
 res/res_pjsip_outbound_authenticator_digest.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/res/res_pjsip_outbound_authenticator_digest.c b/res/res_pjsip_outbound_authenticator_digest.c
index 64238a868f..35e59f21ad 100644
--- a/res/res_pjsip_outbound_authenticator_digest.c
+++ b/res/res_pjsip_outbound_authenticator_digest.c
@@ -105,6 +105,7 @@ static int digest_create_request_with_auth(const struct ast_sip_auth_vector *aut
 		pjsip_transaction *tsx, pjsip_tx_data **new_request)
 {
 	pjsip_auth_clt_sess auth_sess;
+	pjsip_cseq_hdr *cseq;
 
 	if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(),
 				tsx->pool, 0) != PJ_SUCCESS) {
@@ -120,6 +121,15 @@ static int digest_create_request_with_auth(const struct ast_sip_auth_vector *aut
 	switch (pjsip_auth_clt_reinit_req(&auth_sess, challenge,
 				tsx->last_tx, new_request)) {
 	case PJ_SUCCESS:
+		/* PJSIP creates a new transaction for new_request (meaning it creates a new
+		 * branch). However, it recycles the Call-ID, from-tag, and CSeq from the
+		 * original request. Some SIP implementations will not process the new request
+		 * since the CSeq is the same as the original request. Incrementing it here
+		 * fixes the interop issue
+		 */
+		cseq = pjsip_msg_find_hdr((*new_request)->msg, PJSIP_H_CSEQ, NULL);
+		ast_assert(cseq != NULL);
+		++cseq->cseq;
 		return 0;
 	case PJSIP_ENOCREDENTIAL:
 		ast_log(LOG_WARNING, "Unable to create request with auth."
-- 
GitLab