Re: [SR-Users] consume_credentials not working on PRACK?
Hello, likely the commit was done due to: - https://lists.kamailio.org/pipermail/sr-dev/2013-April/019470.html However, apparently, even not common practice, PRACK can be challenged for authentication. Cheers, Daniel On 31.10.22 16:13, Henning Westerholt wrote: > Hello, > > this was actually changed some years ago to be like this: > > > commit 2a77ed2bdc9341ecf7d7200e420a1f49e4e9b6ab > Author: Daniel-Constantin Mierla > Date: Sun Apr 14 10:11:29 2013 +0200 > > auth: skip processing of PRACK in consume_credentials() > > The issue probably was that the module logs an error if there are no > credentials in the message. > > This could be improved e.g. by a pull-request. For now you could just use the > remove_hf(..) function. > > Cheers, > > Henning > > -- > Henning Westerholt – https://skalatan.de/blog/ > Kamailio services – https://gilawa.com > > -Original Message- > From: Benoit Panizzon > Sent: Monday, October 31, 2022 3:50 PM > To: Henning Westerholt > Cc: Kamailio (SER) - Users Mailing List > Subject: Re: [SR-Users] consume_credentials not working on PRACK? > > Hi Henning > >> Maybe the PRACK is not a new request, but an in-dialog request and therefore >> is not handled from the code quoted below. > It is handled: > > if(!is_method("REGISTER|PUBLISH")) { > consume_credentials(); > xlog("L_INFO", "$cfg(route): $rm creds: Mmh!\n"); > } > > Log: > > [...] 3 PRACK]
Re: [SR-Users] consume_credentials not working on PRACK?
Hi Henning > The issue probably was that the module logs an error if there are no > credentials in the message. Thank you for confirming my observation. It's weird that only 'PRACK' are skipped as causing an error if there are no credentials probably happens to every messages I guess, if you didn't check for the presence of credentials with has_credentials() before 'consuming' them. I will revert back to remove_hf(). Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ __ Kamailio - Users Mailing List - Non Commercial Discussions sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Re: [SR-Users] consume_credentials not working on PRACK?
Hello, this was actually changed some years ago to be like this: commit 2a77ed2bdc9341ecf7d7200e420a1f49e4e9b6ab Author: Daniel-Constantin Mierla Date: Sun Apr 14 10:11:29 2013 +0200 auth: skip processing of PRACK in consume_credentials() The issue probably was that the module logs an error if there are no credentials in the message. This could be improved e.g. by a pull-request. For now you could just use the remove_hf(..) function. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com -Original Message- From: Benoit Panizzon Sent: Monday, October 31, 2022 3:50 PM To: Henning Westerholt Cc: Kamailio (SER) - Users Mailing List Subject: Re: [SR-Users] consume_credentials not working on PRACK? Hi Henning > Maybe the PRACK is not a new request, but an in-dialog request and therefore > is not handled from the code quoted below. It is handled: if(!is_method("REGISTER|PUBLISH")) { consume_credentials(); xlog("L_INFO", "$cfg(route): $rm creds: Mmh!\n"); } Log: [...] 3 PRACK]
Re: [SR-Users] consume_credentials not working on PRACK?
Hi Henning > Maybe the PRACK is not a new request, but an in-dialog request and therefore > is not handled from the code quoted below. It is handled: if(!is_method("REGISTER|PUBLISH")) { consume_credentials(); xlog("L_INFO", "$cfg(route): $rm creds: Mmh!\n"); } Log: [...] 3
Re: [SR-Users] consume_credentials not working on PRACK?
Hello, Maybe the PRACK is not a new request, but an in-dialog request and therefore is not handled from the code quoted below. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com -Original Message- From: sr-users On Behalf Of Benoit Panizzon Sent: Monday, October 31, 2022 3:42 PM To: sr-users@lists.kamailio.org Subject: [SR-Users] consume_credentials not working on PRACK? Hi List I noticed, that one of our CPE copies the Proxy-Authorization HF in almost all messages sent. As PRACK were not authenticated, those headers were potentially sent on to the destination disclosing the authentication username and realm. So assuming, if credentials are present, the client wishes them to be validated, I added: if (has_credentials("$fd")) { xlog("L_INFO", "$cfg(route): got $rm with credentials. Validate them!\n"); route(AUTH); } and in route[AUTH] I call: pv_auth_check() which returns 1 thus success upon which I use: if(!is_method("REGISTER|PUBLISH")) consume_credentials(); If the method is INVITE: Proxy-Authorization HF is removed by consume_credentials() if the method is PRACK: Proxy-Authorization HF is still present on the outbound leg. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ __ Kamailio - Users Mailing List - Non Commercial Discussions sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users __ Kamailio - Users Mailing List - Non Commercial Discussions sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users