[OpenSIPS-Users] B2BUA help

Anca Vamanu anca at opensips.org
Mon Feb 8 10:57:40 CET 2010


Hi Brian,

The scenario that you want - authorizing the user at the media server in 
a bridging scenario will not work. You can not call b2b_init twice for 
the same dialog. The B2B implementation does not include the 
authorization requirements. And in fact I believe that you are 
complicating things by wanting the user to authorize to the media 
server. The normal approach will be for the user to authorize to the 
proxy and only after it has been authorize to call b2b_init function. 
And for the media server not to ask for authorization because the proxy 
should be in a trusted source list and the requests coming from it 
should not be challenged.

Regards,

-- 
Anca Vamanu
www.voice-system.ro



opensipslist at encambio.com wrote:
> Hello Anca,
>
> An ven., févr 05, 2010, Anca Vamanu schrieb:
>   
>> opensipslist at encambio.com wrote:
>>     
>>> Unfortunately, b2b_logic doesn't pass on the Authorization header
>>> from the client to the server so authorization is failing. The
>>> module parameters of my script are:
>>>
>>>   modparam("b2b_logic", "custom_headers", "WWW-Authenticate;Proxy-Authenticate;Authorization;Subject")
>>>
>>> The page 'B2buaTutorial' says:
>>>
>>>   If type node with message value is present, it means that the
>>>   client will be created using the info from received SIP message:
>>>   the body, the caller URI, some SIP headers(Accept, Supported,
>>>   Content-Type).
>>>
>>> It seems as if custom_headers are only passed from the server to the
>>> client, or maybe b2b_logic only recognizes them in dialog (after the
>>> first INVITE is accepted?)
>>>
>>>       
>> No, these are not the cases. The Authorization header should be passed 
>>     
> >from the first Invite(it's the same processing function as for the 200OK 
>   
>> reply - b2b_logic_notify). Do you see something in the log? Any Error?
>>
>>     
> The log has no entries at all with debug=1. When changed to debug=10
> I see a ton of stuff but still no errors. I tried to find anything,
> and only found the INVITE and 401 WWW-Auth that b2b_logic is
> handling. All seems normal.
>
>   
>> However, there will be a problem in the second call setup if
>> authorization will be requested again, because there is no way to
>> get that authorization information from the caller in the middle of
>> the call..
>>
>>     
> I don't understand. So far there is only one UA challenging and that
> is the media server (looking at your diagram called ppaid.jpeg) By
> the way, b2b_init_request("top hiding"); is working correctly.
>
> Here is a shorthand transcription of what is happening:
>
> Caller                  OpenSIPS B2B                  Mediaserver
>   |                          |                             |
> INVITE --------------------->| INVITE -------------------->|
>   |                          |                             |
>   |<--- 401 WWW-Authenticate |<---------------- 401 WWW-Authenticate
>   |                          |                             |
> INVITE + Authorization ----->| INVITE (no auth) ---------->|
>   |                          |        !!!!!!!!!            |
>   |                          |                             |
>   |<--- 401 WWW-Authenticate |<---------------- 401 WWW-Authenticate
>   |                          |                             |
>
> I've left out ACKs of course. As you see from the line marked '!!!!'
> the b2b_logic is dropping the 'Authorization' header from the INVITE.
>
> Here's the b2b_logic config:
>
>     modparam("b2b_logic", "custom_headers", "Proxy-Authenticate;Proxy-Authorization;WWW-Authenticate;Authorization;Subject")
>
> Here's the route script piece:
>
>     # sequential requests
>     if (has_totag()) {
>         if (loose_route()) {
>             #[...]
>         }
>         #[...]
>     }
>     
>     # initial requests
>     if (is_method("INVITE") && src_ip != myself) {
>         if (!t_newtran()) {
>             sl_reply_error();
>             exit;
>         }
>         b2b_init_request("prepaid", "sip:test at medsrv.host.tld:5080;transport=tcp", "sip:test at medsrv.host.tld:5080;transport=tcp");
>         #b2b_init_request("top hiding");
>         exit;
>     }
>
> If I print the message body from the route script (xlog...$mb) then
> I can see that the Authorization header is there before calling
> 'b2b_init_request.' Is it a problem that b2b_init_request is being
> called twice, once for the first INVITE (with no auth) and then
> again for the second INVITE (with the Authorization header.)?
>
> Regards,
> Brian
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>   



More information about the Users mailing list