[OpenSIPS-Users] Authentication problem

Bogdan-Andrei Iancu bogdan at voice-system.ro
Thu Dec 24 20:06:37 CET 2009


The db_check_from() (if use_uac_table is turned off) will simply check 
if the username from the FROM hdr is the same with the authentication 
username.

Regards,
Bogdan

Daniel Goepp wrote:
> Yes, the section in the script was not modified from the default, so 
> it is:
>
>         if (!(method=="REGISTER") && is_from_local())  /*multidomain 
> version*/
>         {
>                 if (!proxy_authorize("", "subscriber")) {
>                         proxy_challenge("", "0");
>                         exit;
>                 }
>                 if (!db_check_from()) {
>                         sl_send_reply("403","Forbidden auth ID");
>                         exit;
>                 }
>        
>                 consume_credentials();
>                 # caller authenticated
>         }
>
> I am thinking perhaps this is to do with the domain, I don't see a 
> query in my sql trace log showing a query for domain, and the domain 
> of the request is in memory and the DB.  I did have an initial problem 
> where I was getting the "Preload Route denied", but I added the IP of 
> the server to the domain list, and that went away.
>
> Thanks
>
> -dg
>
>
> On Thu, Dec 24, 2009 at 12:13 AM, Bogdan-Andrei Iancu 
> <bogdan at voice-system.ro <mailto:bogdan at voice-system.ro>> wrote:
>
>     Hi Daniel,
>
>     The auth part is not sending by itself a 403 -> probably this is
>     explicitly sent from the script, so you need to check what function is
>     failing triggering the 403 in script -> is it the db_check_to()  ?
>
>     Regards,
>     Bogdan
>
>     Daniel Goepp wrote:
>     > I am having another issue with this latest version also, and I
>     believe
>     > it could perhaps be related to my last post.  Very straight forward
>     > here, I have just two users on this new lab system.
>     >
>     > The problem:
>     >
>     > First register comes in, challenged with 401 no problem, then a
>     > register with auth header, which is responded to with:
>     >
>     > SIP/2.0 403 Forbidden auth ID.
>     >
>     > I did an SQL trace, and the query is select password from subscriber
>     > where username='2001':
>     >
>     > When I execute manually, no problem:
>     >
>     > mysql> select password from subscriber where username='2001';
>     > +----------+
>     > | password |
>     > +----------+
>     > | 2001     |
>     > +----------+
>     >
>     > Did something change recently regarding how users are auth'd?
>      This is
>     > a very very basic setup, pretty much out of the box.  And ideas
>     about
>     > what boneheaded thing I have done here?
>     >
>     > Thanks
>


-- 
Bogdan-Andrei Iancu
www.voice-system.ro




More information about the Users mailing list