<html>
  <head>
    <meta content="text/html; charset=windows-1251"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix"><tt>Oh... OK and thank you :)</tt><br>
      <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
      On 30.07.2014 16:31, Igor Olhovskiy wrote:<br>
    </div>
    <blockquote cite="mid:53D8F3C9.906@gmail.com" type="cite">
      <meta content="text/html; charset=windows-1251"
        http-equiv="Content-Type">
      No, no errors with last code.<br>
      Just show solution to other user-list readers.<br>
      <br>
      <div class="moz-cite-prefix">30.07.14 16:23, Bogdan-Andrei Iancu
        íàïèñàâ(ëà):<br>
      </div>
      <blockquote cite="mid:53D8F1E9.8050709@opensips.org" type="cite">
        <meta content="text/html; charset=windows-1251"
          http-equiv="Content-Type">
        <div class="moz-cite-prefix"><tt>Do you still get that error ?
            and issues with this code ?<br>
            <br>
            Regards,<br>
          </tt>
          <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
          On 30.07.2014 15:39, Igor Olhovskiy wrote:<br>
        </div>
        <blockquote cite="mid:53D8E78D.4090008@gmail.com" type="cite">
          <meta content="text/html; charset=windows-1251"
            http-equiv="Content-Type">
          Made it in a more accurate way:<br>
          <br>
                                  if
          ($(&lt;reply&gt;hdr(Proxy-Authenticate))) {<br>
                                          $var(raw_auth) =
          $(&lt;reply&gt;hdr(Proxy-Authenticate));<br>
                                  }<br>
                                  if
          ($(&lt;reply&gt;hdr(WWW-Authenticate))) {<br>
                                          $var(raw_auth) =
          $(&lt;reply&gt;hdr(WWW-Authenticate));<br>
                                  }<br>
                                  .........<br>
          <br>
          <div class="moz-cite-prefix">30.07.14 11:42, Igor Olhovskiy
            íàïèñàâ(ëà):<br>
          </div>
          <blockquote cite="mid:53D8AFDA.1060207@gmail.com" type="cite">
            <meta content="text/html; charset=windows-1251"
              http-equiv="Content-Type">
            Code to get realm from failure_route is now looks like<br>
            <br>
                                    $var(hdr) =
            $(&lt;reply&gt;hdr(Proxy-Authenticate));<br>
                                    if ( $var(hdr) != NULL ) {<br>
                                            $var(raw_auth) = $var(hdr);<br>
                                            xlog("L_INFO", "Proxy-Auth
            is present");<br>
                                    }<br>
                                    #WWW is an Asterisk flavour<br>
                                    $var(hdr) =
            $(&lt;reply&gt;hdr(WWW-Authenticate));<br>
                                    if ( $var(hdr) != NULL ) {<br>
                                            $var(raw_auth) = $var(hdr);<br>
                                            xlog("L_INFO", "WWW-Auth is
            present");<br>
                                    }<br>
                                    $var(reg_start) =
            "/(.*?)realm=\"//g";<br>
                                    $var(reg_end) = "/\"(.*)//g";<br>
                                    xlog("L_INFO", "Raw data
            $var(raw_auth)");<br>
                                    $var(raw_auth) =
            $(var(raw_auth){re.subst,$var(reg_start)});<br>
                                    $var(raw_auth) =
            $(var(raw_auth){re.subst,$var(reg_end)});<br>
                                    xlog("L_INFO", "Got realm data
            $var(raw_auth)");<br>
            <br>
            One little problem is I have not found analog of is_set
            function, so I get <br>
            WARNING:core:do_assign: no value in right expression on line<br>
            in console.<br>
            <br>
            <div class="moz-cite-prefix">29.07.14 12:44, Bogdan-Andrei
              Iancu íàïèñàâ(ëà):<br>
            </div>
            <blockquote cite="mid:53D76CF7.4090604@opensips.org"
              type="cite">
              <meta content="text/html; charset=windows-1251"
                http-equiv="Content-Type">
              <div class="moz-cite-prefix"><tt>Hi,</tt><tt><br>
                </tt><tt><br>
                </tt><tt>If you try it from a failure route, </tt><tt>you

                  need to do :</tt><tt><br>
                </tt><tt>    $</tt><tt>(&lt;reply&gt;hdr(Proxy-Authenticate)</tt><tt>)<br>
                  <br>
                  (see <a moz-do-not-send="true"
                    class="moz-txt-link-freetext"
                    href="http://www.opensips.org/Documentation/Script-CoreVar-1-11">http://www.opensips.org/Documentation/Script-CoreVar-1-11</a>)<br>
                  <br>
                  In failure route, the context is of the request
                  message, so if you want to access the reply, you need
                  to switch to its context.<br>
                </tt><tt><br>
                </tt><tt>Regards,</tt><br>
                <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
                On 29.07.2014 12:41, Igor Olhovskiy wrote:<br>
              </div>
              <blockquote cite="mid:53D76C2C.8030501@gmail.com"
                type="cite">
                <meta content="text/html; charset=windows-1251"
                  http-equiv="Content-Type">
                Hi again. <br>
                Seems to be,  $hdr(Proxy-Authenticate) is NULL at 401
                response.<br>
                <br>
                failure_route[1] {<br>
                    ...<br>
                    if ( t_check_status("40[17]") ) {<br>
                    ...<br>
                    xlog("L_INFO", "Asterisk flavour $hdr(<big><big><font
                      size="-2"><big><big>WWW-Authenticate</big></big></font></big></big>),






                Proxy flavour $hdr(Proxy-Authenticate)");<br>
                    }<br>
                }<br>
                <br>
                becomes <br>
                <br>
                /usr/sbin/opensips[18983]: Asterisk flavour
                &lt;null&gt;, Proxy flavour &lt;null&gt;<br>
                <br>
                It's logic, cause in failure_route we work with initial
                INVITE, but not 401 reply. Cause, if we working with
                reply directly, we can't apply uac_auth function to it.<br>
                <br>
                <div class="moz-cite-prefix">28.07.14 21:10, Èãîðü
                  Îëüõîâñêèé íàïèñàâ(ëà):<br>
                </div>
                <blockquote
                  cite="mid:48A28352-EFE5-4948-B511-A8628618E34A@gmail.com"
                  type="cite">
                  <pre wrap="">Hi,

Many thanks on your answer, will wait for a new feature and look at $hdr var more close.
Anyway, I have a little trouble with CSeq change (means it is need to do accurate), but for now it’s a solution. 
Many thanks again.
28 èþëÿ 2014, â 20:46, Bogdan-Andrei Iancu <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:bogdan@opensips.org">&lt;bogdan@opensips.org&gt;</a> íàïèñàë(à):

</pre>
                  <blockquote type="cite">
                    <pre wrap="">Hi,

1) on changing cseq as a simple text - this is not wise as you break the sequence of cseq number in the dialog; we are working on a feature to allow you do that in sip-wise way.

2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) has the realm parameter; you can grab it by transformations; on $hdr(Proxy-Authenticate) apply a regexp transformation (see <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips.org/Documentation/Script-Tran-1-11#toc72">http://www.opensips.org/Documentation/Script-Tran-1-11#toc72</a>) to get the realm param from there.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a>

On 21.07.2014 20:15, Igor Olkhovskii wrote:
</pre>
                    <blockquote type="cite">
                      <pre wrap="">Made it work via modification of CSeq (remove_hf -&gt; append_hf) and now is a question, how to get correct realm from response. OpenSIPs is very limitated to text processing....

21.07.2014 18:39, Igor Olhovskiy ïèøåò:
</pre>
                      <blockquote type="cite">
                        <pre wrap="">Found this tread, but seems to be no luck in to work with INVITE on
Asterisk.
Is there any luck to get Asterisk auth (without touching Asterisk)

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://www.mail-archive.com/users@lists.opensips.org/msg25236.html">https://www.mail-archive.com/users@lists.opensips.org/msg25236.html</a>
On 21.07.2014 16:14, Igor Olhovskiy wrote:
</pre>
                        <blockquote type="cite">
                          <pre wrap="">Hi!
I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
only register on external servers, but take care of INVITE's and so.
I've configured modules as:

loadmodule "uac_auth.so"
loadmodule "uac.so"
loadmodule "uac_registrant.so"
modparam("uac","restore_mode","auto")
modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
modparam("uac_auth","auth_username_avp","$avp(uac_username)")
modparam("uac_auth","auth_password_avp","$avp(uac_password)")
modparam("uac_registrant", "timer_interval", 120)
modparam("uac_registrant", "hash_size", 2)
modparam("uac_registrant", "db_url",
"mysql://opensips:opensips@localhost/opensips")

....
failure_route[1] {
                ......
                # have we already tried to authenticate?
                if (isflagset(8)) {
                        xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8:
[F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
                        t_reply("503","Authentication failed");
                        exit;
                }
                if (is_method("INVITE")) {
                        # mark that auth was performed
                        setflag(8);
                        # trigger again the failure route
                        t_on_failure("1");
                        # repeat the request with auth response this time
                        $avp(uac_realm) = $td;
                        $avp(uac_username) = $fU;
                        avp_db_query("SELECT password FROM registrant
WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
'$avp(uac_username)')","$avp(uac_password)");
                        xlog("L_INFO",
"FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
$avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
:$avp(uac_password)");
                        uac_auth();
                        t_relay();
                }
        }
.....
}


I see correct vars in debug message, but uac_auth() not to append branch
to reply INVITE.

For example, I have  such string
AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
AVP_UAC_PASSWORD :SuperStrongPassword

What is wrong in this config/AVP's?
</pre>
                        </blockquote>
                      </blockquote>
                      <pre wrap="">_______________________________________________
Users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
                    </blockquote>
                  </blockquote>
                </blockquote>
                <br>
              </blockquote>
              <br>
            </blockquote>
            <br>
          </blockquote>
          <br>
        </blockquote>
        <br>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>