[OpenSIPS-Users] Authenticating CPL locations

Rick van Rein rick at openfortress.nl
Tue Dec 4 17:26:46 CET 2012


Hello Bogdan,

> you mean openspis to do client auth when sending the call as a
> result of a "location" node ?

Yes indeed.  I want to filter and forward domain-bound SIP services
and forward that.  I'd like to keep it as general as possible, so
others can use it too.

> you can do that by using the uac_auth() from uac  module (requires
> uac_auth module for credentials)

This is a single secret (or HA1) if I understand the small mod-doc.
Would work when forwarding to a single node under my control, but not
to permit users of a service to setup their own CPL scripts with
arbitrary forwarding and their _own_ passwords, without letting other
users benefit from those passwords too.

I suppose then, I would have to modify uac_auth to make it more
flexible, and donate back the code.  I could try to do that.
Do stop me if I'm saying something stupid :)

> do you get a DTD validation error ? or how are the examples rejected ?

When I send it the first example in RFC 3880 I get

| 500 Bad CPL file
| Log:: Error: CPL script doesn't respect CPL grammar
| 

This seems to be caused by an indent before <?xml...?>
because when I remove that indentation, I get

| 500 Bad CPL file
| Log:: Error: CPL script is not a valid XML document
| 

Then, when I change the RFC-compliant text

<cpl xmlns="urn:ietf:params:xml:ns:cpl" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:cpl cpl.xsd ">

into the minimalistic form

<cpl>

It finally gets accepted with

| 200 OK
|

It may be due to the use of an XML Schema in the RFC and a DTD in
OpenSIPS...?


Thanks,
 -Rick



More information about the Users mailing list