[OpenSIPS-Devel] [ opensips-Patches-3516387 ] B2B_LOGIC - transparent authentication

SourceForge.net noreply at sourceforge.net
Wed Jan 23 15:23:17 CET 2013


Patches item #3516387, was opened at 2012-04-10 03:35
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086412&aid=3516387&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: trunk
>Status: Closed
>Resolution: Accepted
Priority: 5
Private: No
Submitted By: Nick Altmann (nikbyte)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: B2B_LOGIC - transparent authentication

Initial Comment:
New option:
auth_mode = 0 - normal authentication
auth_mode = 1 - transparent authentication

Passes authentication from one to another side thorough b2b.


----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2013-01-23 06:23

Message:
Thanks for reworking the patch, I uploaded it on svn.

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2012-09-05 11:16

Message:
I think there is a corner case where flags might be used.
If the b2b modules are loaded with authentication support, then the modules
will try to authenticate if credentials are found and if not, the challenge
will be passed upstream.
If we want to always force the upstream authentication, we might use a
flag.

But again, this is a corner case when local authentication is used/mixed
with remote authentication.

-ovidiu

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-09-05 10:54

Message:
I'll include this support in #3520528, when I'll rewrite it. (It also
depends on #3516387).
I don't know any other patches that require flags support, except
#3520528.

I think that there is no need to include flags support into b2b_logic
module when this support is not used (yet), isn't it?


----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-09-05 10:43

Message:
Hi Nick,

So this patch should be reworked just to offer the generic support for
flags (which is used by the other patches) ?

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-09-05 08:05

Message:
Hmm, it really works. I made patch because it doesn't work for me earlier.
Anca, where were you 5 months ago? :-)
Now it works for me with
modparam("b2b_logic", "custom_headers", "WWW-Authenticate;Authorization")

Possible it was bug, I think it fixed in commit number 9088.

In my first patch was the same fix as in commit 9088.
I did'nt try custom_headers param after my first (v1) patch.

Ticket may be closed, but please, apply this small fixes to the
documentation:
-                       Then it can take at most 4 other parameters that
represent the parameters for
+                       Then it can take at most 5 other parameters that
represent the parameters for
                        the xml scenario. The expected number of parameters
is also specified as an attribute

-               If you have a multi interface setup and want to chance the
outbound interface,
+               If you have a multi interface setup and want to change the
outbound interface,


----------------------------------------------------------------------

Comment By: Anca Vamanu (anca_vamanu)
Date: 2012-09-05 06:52

Message:
Hi Nick,


I have looked also at this patch and my question is - is this patch really
needed?
What you are trying to achieve is to patch the authentication headers from
one part to another, right?
Have you tried putting in the custom_headers module parameter the
authentication headers? Something like:
modparam("b2b_logic", "custom_headers",
"Proxy-Authorization|Proxy-Authenticate")
I think I have tried this at some point and it was working.

Regards,
Anca



----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-09-03 22:55

Message:
And small patch for doc - opensips_b2b_transp_auth_v4_doc.patch

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-09-03 22:06

Message:
The new patch (v4).

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-09-03 02:33

Message:
Of course, I'll change it.

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-09-03 02:28

Message:
Nick, sorry for this going back and forward on how this feature should be
implemented . On my side, the final decision is have the flags in the first
parameter (like b2b2_init_request("my_scenario/flags","",""); ) and not to
add any new functions.
Reasons: simplicity in usage and in coding.

Let me know if you are willing to rework (again :D) the patch.

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-05-29 04:29

Message:
I've added updated version with fixed bug in late variables initialization.
opensips_b2b_transp_auth_v3.patch It's production patch now.


----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-04-23 00:51

Message:
I've added per b2b session flags. And the first flag - "a" for transparent
authentication.

Usage:
b2b_set_mode("a");
b2b_init_request("scenario");

It affects only this b2b session.

The new patch attached in file opensips_b2b_transp_auth_v2.patch file.
Also I attached opensips_b2b_lumpsbug_v2.patch that fixes lumps bug when
opensips_b2b_transp_auth_v2.patch and opensips_b2b_lumps.patch (#3519778)
applied together.


----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-04-20 21:10

Message:
Okay, let it be separate command and one-character flags.

Like
b2b_set_mode("A");
A - Enable transparent authentication

b2b_set_mode("AxSZ"); // For example


----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2012-04-20 17:12

Message:
If we want this functionality implemented as a flag, then it shouldn't be
passed as an extension to the first parameter because:
 - it's an awkward syntax
 - and it's really messy when you want to pass more flags.

Best thing would be to set up the flag(s) before calling b2b_init_request
and leave the syntax for b2b_init_request as is.

Regards,
Ovidiu Sas

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-04-20 12:22

Message:
Wow! I think flags in the first param is the best solution!

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2012-04-20 12:13

Message:
I agree with Ovidiu on both things - it should not be a global option and
it should be backward compatible.

The only options I see here is either use a kind of module variable to set
the flags before the init:
     $b2b_flags = xxxxxx ;
or as Nick suggested, with a function, to do more or less the same.

Another approach may be to quiz the flags in the first param, using a
separator - this will be backward compat. Like:
   b2b2_init_request("my_scenario","","");
->
   b2b2_init_request("my_scenario/flags","","");

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-04-15 22:41

Message:
What do you think about new command, like b2b_set_flags("flags")?
I think that there are more than one option (flag) will be needed in
future.

Something like:
b2b_set_flags("T"); # transparent authentication
b2b_init_request("top hiding");

I think it would be better than just a variable.


----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2012-04-10 08:05

Message:
I would prefer a variable to be set.
Even if auth mode would be controlled as a parameter for b2b_init_request,
it must accept pvars and the work is pretty much there.  Also, inserting a
param in the middle of existing ones, will break forward compatibility (old
scripts will no longer work with new opensips versions).

----------------------------------------------------------------------

Comment By: Nick Altmann (nikbyte)
Date: 2012-04-10 07:51

Message:
What do you think about change b2b_init_request parameters?
First - scenario
Second - FLAGS (I think it will be useful in future)
Third-Sixth - scenario params

And make first flag to manage authentication mode?


----------------------------------------------------------------------

Comment By: Ovidiu Sas (osas)
Date: 2012-04-10 07:28

Message:
Controlling auth mode globally (via a module param) is a little bit
restrictive.
I would prefer having a variable the will will be set before initiating the
b2b call.  This will allow both authentication modes to coexist on the same
server.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086412&aid=3516387&group_id=232389



More information about the Devel mailing list