Re: [OpenSIPS-Users] uac_auth to uac_registrant module

Mon, 28 Jul 2014 10:47:54 -0700 

Hi,
1) on changing cseq as a simple text - this is not wise as you break the sequence of cseq number in the dialog; we are working on a feature to allow you do that in sip-wise way. 


2) about realm, the proxy/www -Authenticate header (in the 401/407 
reply) has the realm parameter; you can grab it by transformations; on 
$hdr(Proxy-Authenticate) apply a regexp transformation (see 
http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the 
realm param from there.


Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 21.07.2014 20:15, Igor Olkhovskii wrote:

Made it work via modification of CSeq (remove_hf -> append_hf) and now 
is a question, how to get correct realm from response. OpenSIPs is 
very limitated to text processing....


21.07.2014 18:39, Igor Olhovskiy пишет:

Found this tread, but seems to be no luck in to work with INVITE on
Asterisk.
Is there any luck to get Asterisk auth (without touching Asterisk)

https://www.mail-archive.com/[email protected]/msg25236.html
On 21.07.2014 16:14, Igor Olhovskiy wrote:

Hi!
I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
only register on external servers, but take care of INVITE's and so.
I've configured modules as:

loadmodule "uac_auth.so"
loadmodule "uac.so"
loadmodule "uac_registrant.so"
modparam("uac","restore_mode","auto")
modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
modparam("uac_auth","auth_username_avp","$avp(uac_username)")
modparam("uac_auth","auth_password_avp","$avp(uac_password)")
modparam("uac_registrant", "timer_interval", 120)
modparam("uac_registrant", "hash_size", 2)
modparam("uac_registrant", "db_url",
"mysql://opensips:opensips@localhost/opensips")

....
failure_route[1] {
                 ......
                 # have we already tried to authenticate?
                 if (isflagset(8)) {

                         xlog("L_INFO", 
"FAILUREROUTE_STATUS40X_SETFLAG8:

[F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
                         t_reply("503","Authentication failed");
                         exit;
                 }
                 if (is_method("INVITE")) {
                         # mark that auth was performed
                         setflag(8);
                         # trigger again the failure route
                         t_on_failure("1");

                         # repeat the request with auth response 
this time

                         $avp(uac_realm) = $td;
                         $avp(uac_username) = $fU;
                         avp_db_query("SELECT password FROM registrant
WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
'$avp(uac_username)')","$avp(uac_password)");
                         xlog("L_INFO",
"FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
$avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
:$avp(uac_password)");
                         uac_auth();
                         t_relay();
                 }
         }
.....
}



I see correct vars in debug message, but uac_auth() not to append 
branch

to reply INVITE.

For example, I have  such string
AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
AVP_UAC_PASSWORD :SuperStrongPassword

What is wrong in this config/AVP's?



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to