[OpenSIPS-Users] B2BUA help

opensipslist at encambio.com opensipslist at encambio.com
Fri Feb 5 20:32:28 CET 2010


Hello Anca,

An ven., févr 05, 2010, Anca Vamanu schrieb:
>opensipslist at encambio.com wrote:
>> Unfortunately, b2b_logic doesn't pass on the Authorization header
>> from the client to the server so authorization is failing. The
>> module parameters of my script are:
>>
>>   modparam("b2b_logic", "custom_headers", "WWW-Authenticate;Proxy-Authenticate;Authorization;Subject")
>>
>> The page 'B2buaTutorial' says:
>>
>>   If type node with message value is present, it means that the
>>   client will be created using the info from received SIP message:
>>   the body, the caller URI, some SIP headers(Accept, Supported,
>>   Content-Type).
>>
>> It seems as if custom_headers are only passed from the server to the
>> client, or maybe b2b_logic only recognizes them in dialog (after the
>> first INVITE is accepted?)
>>
>No, these are not the cases. The Authorization header should be passed 
>from the first Invite(it's the same processing function as for the 200OK 
>reply - b2b_logic_notify). Do you see something in the log? Any Error?
>
The log has no entries at all with debug=1. When changed to debug=10
I see a ton of stuff but still no errors. I tried to find anything,
and only found the INVITE and 401 WWW-Auth that b2b_logic is
handling. All seems normal.

>However, there will be a problem in the second call setup if
>authorization will be requested again, because there is no way to
>get that authorization information from the caller in the middle of
>the call..
>
I don't understand. So far there is only one UA challenging and that
is the media server (looking at your diagram called ppaid.jpeg) By
the way, b2b_init_request("top hiding"); is working correctly.

Here is a shorthand transcription of what is happening:

Caller                  OpenSIPS B2B                  Mediaserver
  |                          |                             |
INVITE --------------------->| INVITE -------------------->|
  |                          |                             |
  |<--- 401 WWW-Authenticate |<---------------- 401 WWW-Authenticate
  |                          |                             |
INVITE + Authorization ----->| INVITE (no auth) ---------->|
  |                          |        !!!!!!!!!            |
  |                          |                             |
  |<--- 401 WWW-Authenticate |<---------------- 401 WWW-Authenticate
  |                          |                             |

I've left out ACKs of course. As you see from the line marked '!!!!'
the b2b_logic is dropping the 'Authorization' header from the INVITE.

Here's the b2b_logic config:

    modparam("b2b_logic", "custom_headers", "Proxy-Authenticate;Proxy-Authorization;WWW-Authenticate;Authorization;Subject")

Here's the route script piece:

    # sequential requests
    if (has_totag()) {
        if (loose_route()) {
            #[...]
        }
        #[...]
    }
    
    # initial requests
    if (is_method("INVITE") && src_ip != myself) {
        if (!t_newtran()) {
            sl_reply_error();
            exit;
        }
        b2b_init_request("prepaid", "sip:test at medsrv.host.tld:5080;transport=tcp", "sip:test at medsrv.host.tld:5080;transport=tcp");
        #b2b_init_request("top hiding");
        exit;
    }

If I print the message body from the route script (xlog...$mb) then
I can see that the Authorization header is there before calling
'b2b_init_request.' Is it a problem that b2b_init_request is being
called twice, once for the first INVITE (with no auth) and then
again for the second INVITE (with the Authorization header.)?

Regards,
Brian



More information about the Users mailing list