Do you still get that error ? and issues with this code ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 30.07.2014 15:39, Igor Olhovskiy wrote:
Made it in a more accurate way:
if ($(<reply>hdr(Proxy-Authenticate))) {
$var(raw_auth) =
$(<reply>hdr(Proxy-Authenticate));
}
if ($(<reply>hdr(WWW-Authenticate))) {
$var(raw_auth) =
$(<reply>hdr(WWW-Authenticate));
}
.........
30.07.14 11:42, Igor Olhovskiy написав(ла):
Code to get realm from failure_route is now looks like
$var(hdr) = $(<reply>hdr(Proxy-Authenticate));
if ( $var(hdr) != NULL ) {
$var(raw_auth) = $var(hdr);
xlog("L_INFO", "Proxy-Auth is present");
}
#WWW is an Asterisk flavour
$var(hdr) = $(<reply>hdr(WWW-Authenticate));
if ( $var(hdr) != NULL ) {
$var(raw_auth) = $var(hdr);
xlog("L_INFO", "WWW-Auth is present");
}
$var(reg_start) = "/(.*?)realm=\"//g";
$var(reg_end) = "/\"(.*)//g";
xlog("L_INFO", "Raw data $var(raw_auth)");
$var(raw_auth) =
$(var(raw_auth){re.subst,$var(reg_start)});
$var(raw_auth) =
$(var(raw_auth){re.subst,$var(reg_end)});
xlog("L_INFO", "Got realm data $var(raw_auth)");
One little problem is I have not found analog of is_set function, so
I get
WARNING:core:do_assign: no value in right expression on line
in console.
29.07.14 12:44, Bogdan-Andrei Iancu написав(ла):
Hi,
If you try it from a failure route, you need to do :
$(<reply>hdr(Proxy-Authenticate))
(see http://www.opensips.org/Documentation/Script-CoreVar-1-11)
In failure route, the context is of the request message, so if you
want to access the reply, you need to switch to its context.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 29.07.2014 12:41, Igor Olhovskiy wrote:
Hi again.
Seems to be, $hdr(Proxy-Authenticate) is NULL at 401 response.
failure_route[1] {
...
if ( t_check_status("40[17]") ) {
...
xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate), Proxy
flavour $hdr(Proxy-Authenticate)");
}
}
becomes
/usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour
<null>
It's logic, cause in failure_route we work with initial INVITE, but
not 401 reply. Cause, if we working with reply directly, we can't
apply uac_auth function to it.
28.07.14 21:10, Игорь Ольховский написав(ла):
Hi,
Many thanks on your answer, will wait for a new feature and look at $hdr var
more close.
Anyway, I have a little trouble with CSeq change (means it is need to do
accurate), but for now it’s a solution.
Many thanks again.
28 июля 2014, в 20:46, Bogdan-Andrei Iancu<[email protected]> написал(а):
Hi,
1) on changing cseq as a simple text - this is not wise as you break the
sequence of cseq number in the dialog; we are working on a feature to allow you
do that in sip-wise way.
2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) has
the realm parameter; you can grab it by transformations; on
$hdr(Proxy-Authenticate) apply a regexp transformation
(seehttp://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the
realm param from there.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 21.07.2014 20:15, Igor Olkhovskii wrote:
Made it work via modification of CSeq (remove_hf -> append_hf) and now is a
question, how to get correct realm from response. OpenSIPs is very limitated to
text processing....
21.07.2014 18:39, Igor Olhovskiy пишет:
Found this tread, but seems to be no luck in to work with INVITE on
Asterisk.
Is there any luck to get Asterisk auth (without touching Asterisk)
https://www.mail-archive.com/[email protected]/msg25236.html
On 21.07.2014 16:14, Igor Olhovskiy wrote:
Hi!
I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
only register on external servers, but take care of INVITE's and so.
I've configured modules as:
loadmodule "uac_auth.so"
loadmodule "uac.so"
loadmodule "uac_registrant.so"
modparam("uac","restore_mode","auto")
modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
modparam("uac_auth","auth_username_avp","$avp(uac_username)")
modparam("uac_auth","auth_password_avp","$avp(uac_password)")
modparam("uac_registrant", "timer_interval", 120)
modparam("uac_registrant", "hash_size", 2)
modparam("uac_registrant", "db_url",
"mysql://opensips:opensips@localhost/opensips")
....
failure_route[1] {
......
# have we already tried to authenticate?
if (isflagset(8)) {
xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8:
[F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
t_reply("503","Authentication failed");
exit;
}
if (is_method("INVITE")) {
# mark that auth was performed
setflag(8);
# trigger again the failure route
t_on_failure("1");
# repeat the request with auth response this time
$avp(uac_realm) = $td;
$avp(uac_username) = $fU;
avp_db_query("SELECT password FROM registrant
WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
'$avp(uac_username)')","$avp(uac_password)");
xlog("L_INFO",
"FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
$avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
:$avp(uac_password)");
uac_auth();
t_relay();
}
}
.....
}
I see correct vars in debug message, but uac_auth() not to append branch
to reply INVITE.
For example, I have such string
AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
AVP_UAC_PASSWORD :SuperStrongPassword
What is wrong in this config/AVP's?
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
