[OpenSIPS-Users] Proxy Authorization problem

Kennard_White at logitech.com Kennard_White at logitech.com
Thu Sep 30 16:32:29 CEST 2010


HI James,

Your "From" header as geneated by your client doesn't have a user name. The
db_check_from() will fail because of this.

Kennard



From:	James Mbuthia <jmmbuthia at gmail.com>
To:	OpenSIPS users mailling list <users at lists.opensips.org>
Date:	09/30/2010 12:08 AM
Subject:	Re: [OpenSIPS-Users] Proxy Authorization problem
Sent by:	users-bounces at lists.opensips.org



Hi, Am still having the same problem and am still lost. Below is what
I have on my invite header:

INVITE sip:james at 72.55.133.123 SIP/2.0
Via: SIP/2.0/UDP 72.55.133.123:5060;rport;branch=z9hG4bK
From: ;tag=232323
To: James
Call-ID:ytaRyb at 72.55.133.123
CSeq: 3 INVITE
Contact:
Content-type: application/sdp
Max-Forwards: 70
User-Agent: PHP SIP
Subject: click2call
Content-Length: 225
Proxy-Authorization: Digest username="jm21", realm="72.55.133.123",
nonce="4ca43525000000c92236b97996ebc9378f70674fe6ba6d7a",
uri="james at 72.55.133.123",
response="e9b0b226c39cee9d80783832a53d3931", algorithm=MD5


Below is what I have on my opensips.cfg

 # authenticate if from local subscriber (uncomment to enable auth)
        # authenticate all initial non-REGISTER request that pretend to be
        # generated by local subscriber (domain from FROM URI is local)
        if (!(method=="REGISTER") && from_uri==myself) /*no
multidomain version*/
        ##if (!(method=="REGISTER") && is_from_local())  /*multidomain
version*/
        {
                if (!proxy_authorize("", "subscriber")) {
                        proxy_challenge("", "0");
                        exit;
                }
                if (!db_check_from()) {
                        sl_send_reply("403","Forbidden auth ID");
                        exit;
                }
        ##
                consume_credentials();
        ##      # caller authenticated
        }


Below is what i get on /var/log/messages

Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: No
authorized credentials found (error in scripts)
Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: Call
{www,proxy}_authorize before calling check_* functions!


Am still as confused as ever as to what am doing wrong, can anyone
give me some pointers or maybe a sample invite authorization script.
Thanks

james


On 9/29/10, Anca Vamanu <anca at opensips.org> wrote:
> Sorry, it's "check_to" or "check_from" what you have in your script, I
> can't tell from the logs you pasted.
>
> Regards,
> Anca
>
>
> On 09/29/2010 06:29 PM, James Mbuthia wrote:
>> Ok, sorry to sound like a blond but which is
>> the check_username function? Please can you give me an example snippet
>> just so that I can have an idea?
>>
>> On Wed, Sep 29, 2010 at 5:19 PM, Anca Vamanu <anca at opensips.org
>> <mailto:anca at opensips.org>> wrote:
>>
>>     Hi James,
>>
>>     As the error says, you have to call a *_authorize function before
>>     calling the check_username function. As it is in the default
>>     configuration file:
>>
>>     if (!(method=="REGISTER") && from_uri==myself) /*no multidomain
>>     version*/
>>     {
>>         if (!proxy_authorize("", "subscriber")) {
>>             proxy_challenge("", "0");
>>             exit;
>>         }
>>         if (!db_check_from()) {
>>             sl_send_reply("403","Forbidden auth ID");
>>             exit;
>>         }
>>     }
>>
>>
>>     Regards,
>>
>>     --
>>     Anca Vamanu
>>     www.voice-system.ro  <http://www.voice-system.ro>
>>
>>
>>
>>     On 09/29/2010 05:47 PM, James Mbuthia wrote:
>>>     Hi guys,
>>>     I hope you can help, am trying to do proxy authentication but I
>>>     seem to be making a mistake when compiling the
>>>     proxy-authorization response. The following is what I have as the
>>>     response on my INVITE header:
>>>
>>>     Proxy-Authorization: Digest username="james",
realm="72.55.133.123",
>>> nonce="4ca351fd000000ba2f06398974466cff346fa0ee28e9c12b",
>>> uri="james at 72.55.133.123  <mailto:james at 72.55.133.123>",
>>> response="6caa56878d256a8220f6f70cfc4b10fe", algorithm=MD5
>>>
>>>
>>>
>>>
>>>
>>>     The following is the error on the server
>>>
>>>     Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:
>>>     No authorized credentials found (error in scripts)
>>>     Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:
>>>     Call {www,proxy}_authorize before calling check_* functions!
>>>
>>>     I've checked through books and websites but there's no clear
>>>     indication on how to compile the Proxy-authorization header, can
>>>     someone help me out and give me some pointers on what amd doing
>>>     wrong and how to compile the header. Thank.
>>>
>>>     james
>>>
>>>
>>>     _______________________________________________
>>>     Users mailing list
>>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> --
> Anca Vamanu
> www.voice-system.ro
>
>

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20100930/e8ee034d/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://lists.opensips.org/pipermail/users/attachments/20100930/e8ee034d/attachment.gif 


More information about the Users mailing list