[OpenSIPS-Users] uac_auth to uac_registrant module
Bogdan-Andrei Iancu
bogdan at opensips.org
Wed Jul 30 15:36:13 CEST 2014
Oh... OK and thank you :)
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 30.07.2014 16:31, Igor Olhovskiy wrote:
> No, no errors with last code.
> Just show solution to other user-list readers.
>
> 30.07.14 16:23, Bogdan-Andrei Iancu написав(ла):
>> Do you still get that error ? and issues with this code ?
>>
>> Regards,
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>> On 30.07.2014 15:39, Igor Olhovskiy wrote:
>>> Made it in a more accurate way:
>>>
>>> if ($(<reply>hdr(Proxy-Authenticate))) {
>>> $var(raw_auth) =
>>> $(<reply>hdr(Proxy-Authenticate));
>>> }
>>> if ($(<reply>hdr(WWW-Authenticate))) {
>>> $var(raw_auth) =
>>> $(<reply>hdr(WWW-Authenticate));
>>> }
>>> .........
>>>
>>> 30.07.14 11:42, Igor Olhovskiy написав(ла):
>>>> Code to get realm from failure_route is now looks like
>>>>
>>>> $var(hdr) = $(<reply>hdr(Proxy-Authenticate));
>>>> if ( $var(hdr) != NULL ) {
>>>> $var(raw_auth) = $var(hdr);
>>>> xlog("L_INFO", "Proxy-Auth is
>>>> present");
>>>> }
>>>> #WWW is an Asterisk flavour
>>>> $var(hdr) = $(<reply>hdr(WWW-Authenticate));
>>>> if ( $var(hdr) != NULL ) {
>>>> $var(raw_auth) = $var(hdr);
>>>> xlog("L_INFO", "WWW-Auth is present");
>>>> }
>>>> $var(reg_start) = "/(.*?)realm=\"//g";
>>>> $var(reg_end) = "/\"(.*)//g";
>>>> xlog("L_INFO", "Raw data $var(raw_auth)");
>>>> $var(raw_auth) =
>>>> $(var(raw_auth){re.subst,$var(reg_start)});
>>>> $var(raw_auth) =
>>>> $(var(raw_auth){re.subst,$var(reg_end)});
>>>> xlog("L_INFO", "Got realm data
>>>> $var(raw_auth)");
>>>>
>>>> One little problem is I have not found analog of is_set function,
>>>> so I get
>>>> WARNING:core:do_assign: no value in right expression on line
>>>> in console.
>>>>
>>>> 29.07.14 12:44, Bogdan-Andrei Iancu написав(ла):
>>>>> Hi,
>>>>>
>>>>> If you try it from a failure route, you need to do :
>>>>> $(<reply>hdr(Proxy-Authenticate))
>>>>>
>>>>> (see http://www.opensips.org/Documentation/Script-CoreVar-1-11)
>>>>>
>>>>> In failure route, the context is of the request message, so if you
>>>>> want to access the reply, you need to switch to its context.
>>>>>
>>>>> Regards,
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>> On 29.07.2014 12:41, Igor Olhovskiy wrote:
>>>>>> Hi again.
>>>>>> Seems to be, $hdr(Proxy-Authenticate) is NULL at 401 response.
>>>>>>
>>>>>> failure_route[1] {
>>>>>> ...
>>>>>> if ( t_check_status("40[17]") ) {
>>>>>> ...
>>>>>> xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate),
>>>>>> Proxy flavour $hdr(Proxy-Authenticate)");
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> becomes
>>>>>>
>>>>>> /usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour
>>>>>> <null>
>>>>>>
>>>>>> It's logic, cause in failure_route we work with initial INVITE,
>>>>>> but not 401 reply. Cause, if we working with reply directly, we
>>>>>> can't apply uac_auth function to it.
>>>>>>
>>>>>> 28.07.14 21:10, Игорь Ольховский написав(ла):
>>>>>>> Hi,
>>>>>>>
>>>>>>> Many thanks on your answer, will wait for a new feature and look at $hdr var more close.
>>>>>>> Anyway, I have a little trouble with CSeq change (means it is need to do accurate), but for now it’s a solution.
>>>>>>> Many thanks again.
>>>>>>> 28 июля 2014, в 20:46, Bogdan-Andrei Iancu<bogdan at opensips.org> написал(а):
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> 1) on changing cseq as a simple text - this is not wise as you break the sequence of cseq number in the dialog; we are working on a feature to allow you do that in sip-wise way.
>>>>>>>>
>>>>>>>> 2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) has the realm parameter; you can grab it by transformations; on $hdr(Proxy-Authenticate) apply a regexp transformation (seehttp://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the realm param from there.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> Bogdan-Andrei Iancu
>>>>>>>> OpenSIPS Founder and Developer
>>>>>>>> http://www.opensips-solutions.com
>>>>>>>>
>>>>>>>> On 21.07.2014 20:15, Igor Olkhovskii wrote:
>>>>>>>>> Made it work via modification of CSeq (remove_hf -> append_hf) and now is a question, how to get correct realm from response. OpenSIPs is very limitated to text processing....
>>>>>>>>>
>>>>>>>>> 21.07.2014 18:39, Igor Olhovskiy пишет:
>>>>>>>>>> Found this tread, but seems to be no luck in to work with INVITE on
>>>>>>>>>> Asterisk.
>>>>>>>>>> Is there any luck to get Asterisk auth (without touching Asterisk)
>>>>>>>>>>
>>>>>>>>>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html
>>>>>>>>>> On 21.07.2014 16:14, Igor Olhovskiy wrote:
>>>>>>>>>>> Hi!
>>>>>>>>>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
>>>>>>>>>>> only register on external servers, but take care of INVITE's and so.
>>>>>>>>>>> I've configured modules as:
>>>>>>>>>>>
>>>>>>>>>>> loadmodule "uac_auth.so"
>>>>>>>>>>> loadmodule "uac.so"
>>>>>>>>>>> loadmodule "uac_registrant.so"
>>>>>>>>>>> modparam("uac","restore_mode","auto")
>>>>>>>>>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
>>>>>>>>>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)")
>>>>>>>>>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)")
>>>>>>>>>>> modparam("uac_registrant", "timer_interval", 120)
>>>>>>>>>>> modparam("uac_registrant", "hash_size", 2)
>>>>>>>>>>> modparam("uac_registrant", "db_url",
>>>>>>>>>>> "mysql://opensips:opensips@localhost/opensips")
>>>>>>>>>>>
>>>>>>>>>>> ....
>>>>>>>>>>> failure_route[1] {
>>>>>>>>>>> ......
>>>>>>>>>>> # have we already tried to authenticate?
>>>>>>>>>>> if (isflagset(8)) {
>>>>>>>>>>> xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8:
>>>>>>>>>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
>>>>>>>>>>> t_reply("503","Authentication failed");
>>>>>>>>>>> exit;
>>>>>>>>>>> }
>>>>>>>>>>> if (is_method("INVITE")) {
>>>>>>>>>>> # mark that auth was performed
>>>>>>>>>>> setflag(8);
>>>>>>>>>>> # trigger again the failure route
>>>>>>>>>>> t_on_failure("1");
>>>>>>>>>>> # repeat the request with auth response this time
>>>>>>>>>>> $avp(uac_realm) = $td;
>>>>>>>>>>> $avp(uac_username) = $fU;
>>>>>>>>>>> avp_db_query("SELECT password FROM registrant
>>>>>>>>>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
>>>>>>>>>>> '$avp(uac_username)')","$avp(uac_password)");
>>>>>>>>>>> xlog("L_INFO",
>>>>>>>>>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
>>>>>>>>>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
>>>>>>>>>>> :$avp(uac_password)");
>>>>>>>>>>> uac_auth();
>>>>>>>>>>> t_relay();
>>>>>>>>>>> }
>>>>>>>>>>> }
>>>>>>>>>>> .....
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I see correct vars in debug message, but uac_auth() not to append branch
>>>>>>>>>>> to reply INVITE.
>>>>>>>>>>>
>>>>>>>>>>> For example, I have such string
>>>>>>>>>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
>>>>>>>>>>> AVP_UAC_PASSWORD :SuperStrongPassword
>>>>>>>>>>>
>>>>>>>>>>> What is wrong in this config/AVP's?
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at lists.opensips.org
>>>>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140730/cde88abb/attachment.htm>
More information about the Users
mailing list