[OpenSIPS-Users] Adding Proxy-Authorization header

Bogdan-Andrei Iancu bogdan at opensips.org
Thu Mar 27 17:28:39 CET 2014


Hello Diego,

Changing the Cseq is not possible with OpenSIPS - the second INVITE 
(with the credentials) is a new branch (serial forking) of the same 
transaction, so Cseq cannot be changed.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 27.03.2014 15:47, Diego Barberio wrote:
> Thanks Bogdan
>
> I added the t_relay() and now it's sending the INVITE with the 
> ProxyAuthorization header. However i need to increment its CSeq number 
> because my IPPBX is ignoring the second INVITE. I googled how to 
> increment the CSeq but I couldn't find anything useful. Is there a way 
> to increment the CSeq number?
>
> Thanks
> Diego
>
>
> On Wed, Mar 26, 2014 at 4:34 PM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Diego,
>
>     According to the log you posted (at the end of your email), the
>     Proxy-Authorization was at least computed (the hdr is actually
>     printed). If you do a t_relay() there, you should have the header
>     in the new outgoing INVITE.
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 26.03.2014 20:36, Diego Barberio wrote:
>>     Hi Bogdan,
>>
>>     I followed your sugestion and found the follwing error:
>>
>>     Mar 26 12:53:15 [12396] DBG:uac:uac_auth: no credential for realm
>>     "ctelpbx"
>>
>>     So, I added the following lines to my configuration script:
>>
>>     modparam("uac","auth_username_avp", "$avp(user)")
>>     modparam("uac","auth_password_avp", "$avp(pass)")
>>     modparam("uac","auth_realm_avp", "$avp(realm)")
>>
>>     route{
>>             $avp(user)="268";
>>             $avp(pass)="123456";
>>             $avp(realm)="ctelpbx";
>>
>>     Opensips is still not sending the invite with the
>>     Proxy-Authorizatin header, and now the log is showing this:
>>
>>     Mar 26 16:14:32 [5178] DBG:uac:uac_auth: picked reply is
>>     0xb6b68b68, code 407
>>     Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=20000000000
>>     Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
>>     <algorithm>="MD5" state=7
>>     Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
>>     <realm>="ctelpbx" state=2
>>     Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
>>     <nonce>="6f0a2c46" state=3
>>     Mar 26 16:14:32 [5178] DBG:uac_auth:build_authorization_hdr: hdr
>>     is <Proxy-Authorization: Digest username="268", realm="ctelpbx",
>>     nonce="6f0a2c46", uri="sip:229 at 192.168.2.98:5060
>>     <http://sip:229@192.168.2.98:5060>",
>>     response="fc3cfd31f4a053d5d16b5ae8f463830d", algorithm=MD5
>>     >
>>     Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=ffffffffffffffff
>>     Mar 26 16:14:32 [5178] DBG:core:buf_init: initializing...
>>
>>     Any suggestion?
>>
>>     Thanks
>>     Diego
>>
>>
>>     On Fri, Mar 7, 2014 at 8:50 AM, Bogdan-Andrei Iancu
>>     <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>>
>>         Hi Diego,
>>
>>         Set debug = 4 and watch the logs from the uac_auth() function
>>         (also the return code) - I assume the function did not find
>>         any credentials (on the server side) to match the
>>         authentication challenge (the matching is done based on the
>>         realm).
>>
>>         Regards,
>>
>>         Bogdan-Andrei Iancu
>>         OpenSIPS Founder and Developer
>>         http://www.opensips-solutions.com
>>
>>         On 05.03.2014 19:38, Diego Barberio wrote:
>>>         Hi Stefano, Vlad
>>>
>>>         Thank you for your response I tried your suggestion but
>>>         still doesn't work. This is a snippet from my script:
>>>
>>>         modparam("uac_auth","credential","268:192.168.2.98:password")
>>>
>>>         t_on_failure("2");
>>>         t_relay();
>>>
>>>         failure_route[2] {
>>>         if(t_check_status("407")){
>>>                         uac_auth();
>>>                         xlog("In failure route 2\n");
>>>                 }
>>>         }
>>>
>>>         According to the log, the uac_auth function is being called
>>>         but the following INVITEs doesn't include the
>>>         Proxy-Authorization header
>>>
>>>         What am I missing?
>>>
>>>         Thanks
>>>         Diego
>>>
>>>
>>>
>>>         On Mon, Feb 24, 2014 at 2:12 PM, Vlad Paiu
>>>         <vladpaiu at opensips.org <mailto:vladpaiu at opensips.org>> wrote:
>>>
>>>             Hello,
>>>
>>>             The registrant module is to be used only for generating
>>>             REGISTER requests ( with auth included ).
>>>             For proxied calls, you need to use the uac and uac_auth
>>>             modules ( [1] ) for adding the auth headers - call
>>>             uac_auth() ( [2] ) function within failure route when
>>>             receiving a challenge.
>>>
>>>             [1]
>>>             http://www.opensips.org/html/docs/modules/1.11.x/uac_auth.html
>>>             [2]
>>>             http://www.opensips.org/html/docs/modules/1.11.x/uac.html#id250288
>>>
>>>             Best Regards
>>>
>>>             Vlad Paiu
>>>             OpenSIPS Developer
>>>             http://www.opensips-solutions.com  
>>>
>>>             On 24.02.2014 17:33, Stefano Pisani wrote:
>>>>             You can use module UAC_AUTH
>>>>
>>>>             Il 24/02/2014 16.18, Diego Barberio ha scritto:
>>>>>             Hi all,
>>>>>
>>>>>             I have opensips registered to an IP-PBX using
>>>>>             registrant module and I want to make an outbound call
>>>>>             to that PBX through the proxy.
>>>>>
>>>>>             I'm sending and INVITE from my application to the
>>>>>             proxy with a From that is actually registered by the
>>>>>             proxy, however OpenSIPs is not adding the
>>>>>             Proxy-Authorization header so the INVITE is rejected
>>>>>             with a 401 Unauthorized and that response is forwarded
>>>>>             to my application.
>>>>>
>>>>>             I just want opensips to add the Proxy-Authorization
>>>>>             header so the call is not rejected by the IP-PBX. Is
>>>>>             it possible to achieve this?
>>>>>
>>>>>             Thanks
>>>>>             Diego
>>>>>
>>>>>
>>>>>             _______________________________________________
>>>>>             Users mailing list
>>>>>             Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>>             _______________________________________________
>>>>             Users mailing list
>>>>             Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>             _______________________________________________
>>>             Users mailing list
>>>             Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>>             http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140327/90cfed1a/attachment-0001.htm>


More information about the Users mailing list