<div dir="ltr"><div>This functionality has become key for my configuration. I've done some digging today. Here's what I know.<br></div><div><br></div><div>b2b_entities' auth call gets to around line 347 of usr_avp.c and fails:</div>
<div><br></div><div><div> if (*crt_avps==0)</div><div> return 0;</div></div><div><br></div><div>Programming is not my strength. Any thoughts what might cause this condition, or how it might be related b2b_entities' ability to process an auth request?</div>
<div><br></div><div class="gmail_extra"><div><div dir="ltr"><div><br></div><div>- Jeff</div><div><br></div><div>
<br></div></div></div>
<br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 6:03 PM, Jeff Pyle <span dir="ltr"><<a href="mailto:jpyle@fidelityvoice.com" target="_blank">jpyle@fidelityvoice.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>Hi Ovidiu,</div><div><br></div>It does not. At least not for me. Here are some snippets of my config file:<div><div><br></div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div>
<div>
<div>modparam("uac_auth","auth_realm_avp", "$avp(auth_realm)")</div></div></div><div><div>modparam("uac_auth","auth_username_avp","$avp(auth_user)")</div></div>
<div><div>modparam("uac_auth","auth_password_avp","$avp(auth_pass)")</div></div><div><div>#modparam("uac_auth","credential","valid-username:appropriate-realm:valid-password")</div>
</div><div><div><br></div></div><div><div>route {</div></div><div><div><br></div></div><div><div> ... sanity checks, etc ...</div></div><div><div><br></div></div><div><div><div> $avp(auth_realm) := "appropriate-realm";</div>
</div></div><div><div><div> $avp(auth_user) := "valid-username";</div></div></div><div><div><div> $avp(auth_pass) := "valid-password";</div></div></div><div><div><br></div></div><div><div class="gmail_extra">
<div><div><div><div> if !(b2b_init_request("top hiding/t105")) {</div></div></div></div></div></div><div><div class="gmail_extra"><div><div><div><div> xlog("L_ERR", "** b2b_init failed - - S=$si:$sp T=$tU F=$fU C=$ci\n");</div>
</div></div></div></div></div><div><div class="gmail_extra"><div><div><div><div> send_reply("500", "Internal Server Error");</div></div></div></div></div></div><div><div class="gmail_extra">
<div><div><div><div> }</div></div></div></div></div></div><div><div class="gmail_extra"><div><div><div><div> exit;</div></div></div></div></div></div><div><div class="gmail_extra"><div><div><div><div>}</div>
</div></div></div></div></div></blockquote><div><div class="gmail_extra"><div><div dir="ltr"><div><br></div><div>Configured like this, the 407 gets passed back to the client. If I uncomment the 'credential' modparam, the B2B will send an INVITE with the correct auth.</div>
<div><br></div><div>The same uac_auth config with the same AVPs work correctly if I use uac_auth() on a failure_route in a pure proxy config. That's why I'm confused about it not working with the B2B. I looked through the source and as best I can tell the same functions are called the same way for each.</div>
<div><br></div><div>Ok, let me be specific on that last point. The client to this B2B instance is another Opensips instance with proxy-only commands, most notably rtpproxy. That's where I have uac_auth() working today. With that I call the scenario here as "top hiding/at105" (note the "a") to intentionally pass the 407 back to the proxy config. It works. Ideally, I'd prefer the B2B scenario here field the 407.</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div><br></div><div>- Jeff</div></font></span></div></div><div><div class="h5">
<br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 4:34 PM, Ovidiu Sas <span dir="ltr"><<a href="mailto:osas@voipembedded.com" target="_blank">osas@voipembedded.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
If you set the AVPs before creating the b2b call, it should work on 1.10.<br>
<br>
Regards,<br>
Ovidiu Sas<br>
<div><div><br>
On Tue, Nov 12, 2013 at 11:16 PM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com" target="_blank">jpyle@fidelityvoice.com</a>> wrote:<br>
> I was about to let this one go when I found "B2B module gets visibility to<br>
> credentials defined via AVPs" on the About Version 1.10 page. In my case it<br>
> works only if I define the 'credential' modparam for uac_auth.<br>
><br>
> The AVPs do work if I use the uac_auth() function in a failure_route instead<br>
> of the B2BUA top hiding.<br>
><br>
> Is there a trick I'm missing?<br>
><br>
><br>
><br>
> - Jeff<br>
><br>
><br>
> On Mon, Nov 11, 2013 at 11:09 AM, Jeff Pyle <<a href="mailto:jpyle@fidelityvoice.com" target="_blank">jpyle@fidelityvoice.com</a>> wrote:<br>
>><br>
>> Hello,<br>
>><br>
>> I have uac_auth() working with AVPs in a proxy configuration on v1.10.<br>
>> This is important because I need to choose the authentication username and<br>
>> password based on the usr_preferences of the source IP of the call. Is it<br>
>> possible choose the credentials at call-time (like the AVPs allow) in a B2B<br>
>> top-hiding scenario?<br>
>><br>
>> The scenario authenticates properly if I statically specify a<br>
>> "credentials" modparam for uac_auth. It does not work, however, if I set<br>
>> AVPs prior to calling b2b_init_request("top hiding"). Is there another way<br>
>> to approach this?<br>
>><br>
>><br>
>> Regards,<br>
>> Jeff<br>
>><br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
<span><font color="#888888"><br>
<br>
<br>
--<br>
VoIP Embedded, Inc.<br>
<a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</font></span></blockquote></div><br></div></div></div></div></div>
</blockquote></div><br></div></div>