<div dir="ltr">It's 1.10 pulled from git a few hours ago. Debian 7 64-bit.<div><br></div><div>The AVPs are set prior to calling the b2b scenario:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>modparam("uac_auth","auth_realm_avp", "$avp(auth_realm)")</div><div><div>modparam("uac_auth","auth_username_avp","$avp(auth_user)")</div></div><div><div>modparam("uac_auth","auth_password_avp","$avp(auth_pass)")</div>
</div><div>#modparam("uac_auth","credential","UserName:AuthRealm123:SuperS33cret")<br></div><div><br></div><div>route {</div><div> ...</div><div><div> $avp(auth_user) := "UserName";</div>
</div><div><div> $avp(auth_pass) := "SuperS33cret";</div></div><div><div> $avp(auth_realm) := "AuthRealm123";</div></div><div><br></div><div> b2b_init_request("top hiding/t105");</div>
<div>...</div><div>}</div></blockquote><div><br></div><div>debugs:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>Nov 18 18:07:55 [26004] DBG:b2b_entities:b2b_tm_cback: Received reply [407] for dialog [0x7ff941c13268], method [INVITE]</div>
</div><div><div>Nov 18 18:07:55 [26004] DBG:tm:t_unref_cell: UNREF_UNSAFE: [0x7ff941c18448] after is 1</div></div><div><div>Nov 18 18:07:55 [26004] DBG:b2b_entities:b2b_tm_cback: dlg=[0x7ff941c13268], uac_tran=NULL</div></div>
<div><div>Nov 18 18:07:55 [26004] DBG:core:parse_authenticate_body: <realm>="AuthRealm123" state=2</div></div><div><div>Nov 18 18:07:55 [26004] DBG:core:parse_authenticate_body: <nonce>="528a9de900013e5f13fe985df4a9848356a1f937207ecfe4" state=3</div>
</div><div><div>Nov 18 18:07:55 [26004] DBG:core:parse_authenticate_body: <qop>="auth" state=1</div></div><div><div>Nov 18 18:07:55 [26004] DBG:b2b_logic:b2bl_parse_key: hash_index = [472] - local_index= [0]</div>
</div></blockquote><div><br></div><div><br></div><div>The following (successful) debugs occur if I uncomment the credential modparam visible above:</div><div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div><div>Nov 18 18:15:45 [26118] DBG:b2b_entities:b2b_tm_cback: dlg=[0x7f8a06744c30], uac_tran=NULL</div></div><div><div>Nov 18 18:15:45 [26118] DBG:core:parse_authenticate_body: <realm>="66.94.76.24" state=2</div>
</div><div><div>Nov 18 18:15:45 [26118] DBG:core:parse_authenticate_body: <nonce>="528a9fbf00014297ef8f2335679f0310537c85fe2b007186" state=3</div></div><div><div>Nov 18 18:15:45 [26118] DBG:core:parse_authenticate_body: <qop>="auth" state=1</div>
</div><div><div>Nov 18 18:15:45 [26118] DBG:uac_auth:build_authorization_hdr: auth_hdr is <Proxy-Authorization: Digest username="UserName", realm="AuthRealm123", nonce="528a9fbf00014297ef8f2335679f0310537c85fe2b007186", uri="sip:2165551212@domain", qop=auth, nc=00000001, cnonce="3105687311", response="ef047011046690b6eea99c7848de499a", algorithm=MD5</div>
</div><div><div>></div></div><div><div>Nov 18 18:15:45 [26118] DBG:b2b_entities:b2b_tm_cback: [Proxy-Authorization: Digest ...]</div></div><div><div>Nov 18 18:15:45 [26118] DBG:b2b_entities:b2b_tm_cback: uri [...]</div>
</div></blockquote><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><br></div><div>I tried to follow the source to isolate the failing mechanism. I arrived at modules/uac_auth/auth.c. In get_avp_credential() at line 199:</div>
<div><br></div><div><div> avp = search_first_avp( realm_avp_type, realm_avp_name, &val, 0);</div><div> if ( avp==NULL || (avp->flags&AVP_VAL_STR)==0 || val.s.len<=0 )</div><div> return 0;</div>
</div><div><br></div><div>In my case I've discovered avp==NULL so the if-statement returns 0. avp==NULL because in the search_first_avp() at line 346 of usr_avp.c:</div><div><br></div><div><div> if (*crt_avps==0)</div>
<div> return 0;</div></div><div><br></div><div>And it's game over. I can't discern what causes this. I'm already way in over my pay grade. :)</div><div>
<br></div></div></div>
<div class="gmail_extra"><br></div>- Jeff</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 18, 2013 at 6:02 PM, Ovidiu Sas <span dir="ltr"><<a href="mailto:osas@voipembedded.com" target="_blank">osas@voipembedded.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Can you post the debug logs and let us know which version of opensips<br>
are you running?<br>
Also, make sure that you set the credentials in AVPs before invoking<br>
the b2b call.<br>
<br>
Thanks,<br>
Ovidiu<br>
<div class=""><div class="h5"><br>
On Mon, Nov 18, 2013 at 5:11 PM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com">jpyle@fidelityvoice.com</a>> wrote:<br>
> This functionality has become key for my configuration. I've done some<br>
> digging today. Here's what I know.<br>
><br>
> b2b_entities' auth call gets to around line 347 of usr_avp.c and fails:<br>
><br>
> if (*crt_avps==0)<br>
> return 0;<br>
><br>
> Programming is not my strength. Any thoughts what might cause this<br>
> condition, or how it might be related b2b_entities' ability to process an<br>
> auth request?<br>
><br>
><br>
> - Jeff<br>
><br>
><br>
><br>
><br>
> On Wed, Nov 13, 2013 at 6:03 PM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com">jpyle@fidelityvoice.com</a>> wrote:<br>
>><br>
>> Hi Ovidiu,<br>
>><br>
>> It does not. At least not for me. Here are some snippets of my config<br>
>> file:<br>
>><br>
>> modparam("uac_auth","auth_realm_avp", "$avp(auth_realm)")<br>
>> modparam("uac_auth","auth_username_avp","$avp(auth_user)")<br>
>> modparam("uac_auth","auth_password_avp","$avp(auth_pass)")<br>
>><br>
>> #modparam("uac_auth","credential","valid-username:appropriate-realm:valid-password")<br>
>><br>
>> route {<br>
>><br>
>> ... sanity checks, etc ...<br>
>><br>
>> $avp(auth_realm) := "appropriate-realm";<br>
>> $avp(auth_user) := "valid-username";<br>
>> $avp(auth_pass) := "valid-password";<br>
>><br>
>> if !(b2b_init_request("top hiding/t105")) {<br>
>> xlog("L_ERR", "** b2b_init failed - - S=$si:$sp T=$tU<br>
>> F=$fU C=$ci\n");<br>
>> send_reply("500", "Internal Server Error");<br>
>> }<br>
>> exit;<br>
>> }<br>
>><br>
>><br>
>> Configured like this, the 407 gets passed back to the client. If I<br>
>> uncomment the 'credential' modparam, the B2B will send an INVITE with the<br>
>> correct auth.<br>
>><br>
>> The same uac_auth config with the same AVPs work correctly if I use<br>
>> uac_auth() on a failure_route in a pure proxy config. That's why I'm<br>
>> confused about it not working with the B2B. I looked through the source and<br>
>> as best I can tell the same functions are called the same way for each.<br>
>><br>
>> Ok, let me be specific on that last point. The client to this B2B<br>
>> instance is another Opensips instance with proxy-only commands, most notably<br>
>> rtpproxy. That's where I have uac_auth() working today. With that I call<br>
>> the scenario here as "top hiding/at105" (note the "a") to intentionally pass<br>
>> the 407 back to the proxy config. It works. Ideally, I'd prefer the B2B<br>
>> scenario here field the 407.<br>
>><br>
>><br>
>> - Jeff<br>
>><br>
>><br>
>> On Wed, Nov 13, 2013 at 4:34 PM, Ovidiu Sas <<a href="mailto:osas@voipembedded.com">osas@voipembedded.com</a>> wrote:<br>
>>><br>
>>> If you set the AVPs before creating the b2b call, it should work on 1.10.<br>
>>><br>
>>> Regards,<br>
>>> Ovidiu Sas<br>
>>><br>
>>> On Tue, Nov 12, 2013 at 11:16 PM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com">jpyle@fidelityvoice.com</a>><br>
>>> wrote:<br>
>>> > I was about to let this one go when I found "B2B module gets visibility<br>
>>> > to<br>
>>> > credentials defined via AVPs" on the About Version 1.10 page. In my<br>
>>> > case it<br>
>>> > works only if I define the 'credential' modparam for uac_auth.<br>
>>> ><br>
>>> > The AVPs do work if I use the uac_auth() function in a failure_route<br>
>>> > instead<br>
>>> > of the B2BUA top hiding.<br>
>>> ><br>
>>> > Is there a trick I'm missing?<br>
>>> ><br>
>>> ><br>
>>> ><br>
>>> > - Jeff<br>
>>> ><br>
>>> ><br>
>>> > On Mon, Nov 11, 2013 at 11:09 AM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com">jpyle@fidelityvoice.com</a>><br>
>>> > wrote:<br>
>>> >><br>
>>> >> Hello,<br>
>>> >><br>
>>> >> I have uac_auth() working with AVPs in a proxy configuration on v1.10.<br>
>>> >> This is important because I need to choose the authentication username<br>
>>> >> and<br>
>>> >> password based on the usr_preferences of the source IP of the call.<br>
>>> >> Is it<br>
>>> >> possible choose the credentials at call-time (like the AVPs allow) in<br>
>>> >> a B2B<br>
>>> >> top-hiding scenario?<br>
>>> >><br>
>>> >> The scenario authenticates properly if I statically specify a<br>
>>> >> "credentials" modparam for uac_auth. It does not work, however, if I<br>
>>> >> set<br>
>>> >> AVPs prior to calling b2b_init_request("top hiding"). Is there<br>
>>> >> another way<br>
>>> >> to approach this?<br>
>>> >><br>
>>> >><br>
>>> >> Regards,<br>
>>> >> Jeff<br>
>>> >><br>
>>> ><br>
>>> ><br>
>>> > _______________________________________________<br>
>>> > Users mailing list<br>
>>> > <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>>> > <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>>> ><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> VoIP Embedded, Inc.<br>
>>> <a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a><br>
>>><br>
>>> _______________________________________________<br>
>>> Users mailing list<br>
>>> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
<br>
<br>
<br>
--<br>
VoIP Embedded, Inc.<br>
<a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div></div>