[OpenSIPS-Users] uac_auth to uac_registrant module

Igor Olhovskiy igorolhovskiy at gmail.com
Tue Jul 29 11:41:00 CEST 2014


Hi again.
Seems to be,  $hdr(Proxy-Authenticate) is NULL at 401 response.

failure_route[1] {
    ...
    if ( t_check_status("40[17]") ) {
    ...
    xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate), Proxy
flavour $hdr(Proxy-Authenticate)");
    }
}

becomes

/usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour <null>

It's logic, cause in failure_route we work with initial INVITE, but not
401 reply. Cause, if we working with reply directly, we can't apply
uac_auth function to it.

28.07.14 21:10, Игорь Ольховский написав(ла):
> Hi,
>
> Many thanks on your answer, will wait for a new feature and look at $hdr var more close.
> Anyway, I have a little trouble with CSeq change (means it is need to do accurate), but for now it’s a solution. 
> Many thanks again.
> 28 июля 2014, в 20:46, Bogdan-Andrei Iancu <bogdan at opensips.org> написал(а):
>
>> Hi,
>>
>> 1) on changing cseq as a simple text - this is not wise as you break the sequence of cseq number in the dialog; we are working on a feature to allow you do that in sip-wise way.
>>
>> 2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) has the realm parameter; you can grab it by transformations; on $hdr(Proxy-Authenticate) apply a regexp transformation (see http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the realm param from there.
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>>
>> On 21.07.2014 20:15, Igor Olkhovskii wrote:
>>> Made it work via modification of CSeq (remove_hf -> append_hf) and now is a question, how to get correct realm from response. OpenSIPs is very limitated to text processing....
>>>
>>> 21.07.2014 18:39, Igor Olhovskiy пишет:
>>>> Found this tread, but seems to be no luck in to work with INVITE on
>>>> Asterisk.
>>>> Is there any luck to get Asterisk auth (without touching Asterisk)
>>>>
>>>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html
>>>> On 21.07.2014 16:14, Igor Olhovskiy wrote:
>>>>> Hi!
>>>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
>>>>> only register on external servers, but take care of INVITE's and so.
>>>>> I've configured modules as:
>>>>>
>>>>> loadmodule "uac_auth.so"
>>>>> loadmodule "uac.so"
>>>>> loadmodule "uac_registrant.so"
>>>>> modparam("uac","restore_mode","auto")
>>>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
>>>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)")
>>>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)")
>>>>> modparam("uac_registrant", "timer_interval", 120)
>>>>> modparam("uac_registrant", "hash_size", 2)
>>>>> modparam("uac_registrant", "db_url",
>>>>> "mysql://opensips:opensips@localhost/opensips")
>>>>>
>>>>> ....
>>>>> failure_route[1] {
>>>>>                 ......
>>>>>                 # have we already tried to authenticate?
>>>>>                 if (isflagset(8)) {
>>>>>                         xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8:
>>>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
>>>>>                         t_reply("503","Authentication failed");
>>>>>                         exit;
>>>>>                 }
>>>>>                 if (is_method("INVITE")) {
>>>>>                         # mark that auth was performed
>>>>>                         setflag(8);
>>>>>                         # trigger again the failure route
>>>>>                         t_on_failure("1");
>>>>>                         # repeat the request with auth response this time
>>>>>                         $avp(uac_realm) = $td;
>>>>>                         $avp(uac_username) = $fU;
>>>>>                         avp_db_query("SELECT password FROM registrant
>>>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
>>>>> '$avp(uac_username)')","$avp(uac_password)");
>>>>>                         xlog("L_INFO",
>>>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
>>>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
>>>>> :$avp(uac_password)");
>>>>>                         uac_auth();
>>>>>                         t_relay();
>>>>>                 }
>>>>>         }
>>>>> .....
>>>>> }
>>>>>
>>>>>
>>>>> I see correct vars in debug message, but uac_auth() not to append branch
>>>>> to reply INVITE.
>>>>>
>>>>> For example, I have  such string
>>>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
>>>>> AVP_UAC_PASSWORD :SuperStrongPassword
>>>>>
>>>>> What is wrong in this config/AVP's?
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140729/270518a3/attachment-0001.htm>


More information about the Users mailing list