[OpenSIPS-Users] Authenticating CPL locations

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Dec 4 19:03:44 CET 2012


Hi Rick,

On 12/04/2012 06:26 PM, Rick van Rein wrote:
> Hello Bogdan,
>
>> you mean openspis to do client auth when sending the call as a
>> result of a "location" node ?
> Yes indeed.  I want to filter and forward domain-bound SIP services
> and forward that.  I'd like to keep it as general as possible, so
> others can use it too.
Not following you - location node can only look in the registered 
contacts (in the cpl module). So the outcome of a location node is 
loading contacts and forwarding to the devices.
Maybe you can detail a bit here.

>> you can do that by using the uac_auth() from uac  module (requires
>> uac_auth module for credentials)
> This is a single secret (or HA1) if I understand the small mod-doc.
> Would work when forwarding to a single node under my control, but not
> to permit users of a service to setup their own CPL scripts with
> arbitrary forwarding and their _own_ passwords, without letting other
> users benefit from those passwords too.
you can use as many secrets you want :) - the uac module has as params 3 
avps for dynamically passing to the uac_auth() function the username, 
realm and passwd to be used for auth - and you can load these values 
from DB or whatever.

> I suppose then, I would have to modify uac_auth to make it more
> flexible, and donate back the code.  I could try to do that.
> Do stop me if I'm saying something stupid :)
see above :)

>> do you get a DTD validation error ? or how are the examples rejected ?
> When I send it the first example in RFC 3880 I get
>
> | 500 Bad CPL file
> | Log:: Error: CPL script doesn't respect CPL grammar
> |
>
> This seems to be caused by an indent before<?xml...?>
> because when I remove that indentation, I get
>
> | 500 Bad CPL file
> | Log:: Error: CPL script is not a valid XML document
> |
>
> Then, when I change the RFC-compliant text
>
> <cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd ">
>
> into the minimalistic form
>
> <cpl>
>
> It finally gets accepted with
>
> | 200 OK
> |
>
> It may be due to the use of an XML Schema in the RFC and a DTD in
> OpenSIPS...?
It may be - i remember some hard times making DTD validation working 
with libxml2 while using namespaces... Simply skip that for the moment :).

Regards,
Bogdan



More information about the Users mailing list