[OpenSIPS-Users] Proxy Authorization problem
James Mbuthia
jmmbuthia at gmail.com
Thu Sep 30 16:39:49 CEST 2010
Hi Kennard,
The From header does have a username, however since am echoing the
response from a webpage the browser will intepret the <> as an html
tag and wont display anything but I know its working because am using
the same code to generate the first Invite, the ack and the second
invite with the proxy authorization header
On 9/30/10, Kennard_White at logitech.com <Kennard_White at logitech.com> wrote:
>
> HI James,
>
> Your "From" header as geneated by your client doesn't have a user name. The
> db_check_from() will fail because of this.
>
> Kennard
>
>
>
> From: James Mbuthia <jmmbuthia at gmail.com>
> To: OpenSIPS users mailling list <users at lists.opensips.org>
> Date: 09/30/2010 12:08 AM
> Subject: Re: [OpenSIPS-Users] Proxy Authorization problem
> Sent by: users-bounces at lists.opensips.org
>
>
>
> Hi, Am still having the same problem and am still lost. Below is what
> I have on my invite header:
>
> INVITE sip:james at 72.55.133.123 SIP/2.0
> Via: SIP/2.0/UDP 72.55.133.123:5060;rport;branch=z9hG4bK
> From: ;tag=232323
> To: James
> Call-ID:ytaRyb at 72.55.133.123
> CSeq: 3 INVITE
> Contact:
> Content-type: application/sdp
> Max-Forwards: 70
> User-Agent: PHP SIP
> Subject: click2call
> Content-Length: 225
> Proxy-Authorization: Digest username="jm21", realm="72.55.133.123",
> nonce="4ca43525000000c92236b97996ebc9378f70674fe6ba6d7a",
> uri="james at 72.55.133.123",
> response="e9b0b226c39cee9d80783832a53d3931", algorithm=MD5
>
>
> Below is what I have on my opensips.cfg
>
> # authenticate if from local subscriber (uncomment to enable auth)
> # authenticate all initial non-REGISTER request that pretend to be
> # generated by local subscriber (domain from FROM URI is local)
> if (!(method=="REGISTER") && from_uri==myself) /*no
> multidomain version*/
> ##if (!(method=="REGISTER") && is_from_local()) /*multidomain
> version*/
> {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
> ##
> consume_credentials();
> ## # caller authenticated
> }
>
>
> Below is what i get on /var/log/messages
>
> Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: No
> authorized credentials found (error in scripts)
> Sep 30 03:07:43 CL-T020-483CL opensips: ERROR:uri:check_username: Call
> {www,proxy}_authorize before calling check_* functions!
>
>
> Am still as confused as ever as to what am doing wrong, can anyone
> give me some pointers or maybe a sample invite authorization script.
> Thanks
>
> james
>
>
> On 9/29/10, Anca Vamanu <anca at opensips.org> wrote:
>> Sorry, it's "check_to" or "check_from" what you have in your script, I
>> can't tell from the logs you pasted.
>>
>> Regards,
>> Anca
>>
>>
>> On 09/29/2010 06:29 PM, James Mbuthia wrote:
>>> Ok, sorry to sound like a blond but which is
>>> the check_username function? Please can you give me an example snippet
>>> just so that I can have an idea?
>>>
>>> On Wed, Sep 29, 2010 at 5:19 PM, Anca Vamanu <anca at opensips.org
>>> <mailto:anca at opensips.org>> wrote:
>>>
>>> Hi James,
>>>
>>> As the error says, you have to call a *_authorize function before
>>> calling the check_username function. As it is in the default
>>> configuration file:
>>>
>>> if (!(method=="REGISTER") && from_uri==myself) /*no multidomain
>>> version*/
>>> {
>>> if (!proxy_authorize("", "subscriber")) {
>>> proxy_challenge("", "0");
>>> exit;
>>> }
>>> if (!db_check_from()) {
>>> sl_send_reply("403","Forbidden auth ID");
>>> exit;
>>> }
>>> }
>>>
>>>
>>> Regards,
>>>
>>> --
>>> Anca Vamanu
>>> www.voice-system.ro <http://www.voice-system.ro>
>>>
>>>
>>>
>>> On 09/29/2010 05:47 PM, James Mbuthia wrote:
>>>> Hi guys,
>>>> I hope you can help, am trying to do proxy authentication but I
>>>> seem to be making a mistake when compiling the
>>>> proxy-authorization response. The following is what I have as the
>>>> response on my INVITE header:
>>>>
>>>> Proxy-Authorization: Digest username="james",
> realm="72.55.133.123",
>>>> nonce="4ca351fd000000ba2f06398974466cff346fa0ee28e9c12b",
>>>> uri="james at 72.55.133.123 <mailto:james at 72.55.133.123>",
>>>> response="6caa56878d256a8220f6f70cfc4b10fe", algorithm=MD5
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> The following is the error on the server
>>>>
>>>> Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:
>>>> No authorized credentials found (error in scripts)
>>>> Sep 29 10:47:38 CL-T020-483CL opensips: ERROR:uri:check_username:
>>>> Call {www,proxy}_authorize before calling check_* functions!
>>>>
>>>> I've checked through books and websites but there's no clear
>>>> indication on how to compile the Proxy-authorization header, can
>>>> someone help me out and give me some pointers on what amd doing
>>>> wrong and how to compile the header. Thank.
>>>>
>>>> james
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>>
>> --
>> Anca Vamanu
>> www.voice-system.ro
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list