[OpenSIPS-Users] uac_auth to uac_registrant module

Mon Jul 28 19:46:50 CEST 2014

Hi,

1) on changing cseq as a simple text - this is not wise as you break the 
sequence of cseq number in the dialog; we are working on a feature to 
allow you do that in sip-wise way.

2) about realm, the proxy/www -Authenticate header (in the 401/407 
reply) has the realm parameter; you can grab it by transformations; on 
$hdr(Proxy-Authenticate) apply a regexp transformation (see 
http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the 
realm param from there.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 21.07.2014 20:15, Igor Olkhovskii wrote:
> Made it work via modification of CSeq (remove_hf -> append_hf) and now 
> is a question, how to get correct realm from response. OpenSIPs is 
> very limitated to text processing....
>
> 21.07.2014 18:39, Igor Olhovskiy пишет:
>> Found this tread, but seems to be no luck in to work with INVITE on
>> Asterisk.
>> Is there any luck to get Asterisk auth (without touching Asterisk)
>>
>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html
>> On 21.07.2014 16:14, Igor Olhovskiy wrote:
>>> Hi!
>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
>>> only register on external servers, but take care of INVITE's and so.
>>> I've configured modules as:
>>>
>>> loadmodule "uac_auth.so"
>>> loadmodule "uac.so"
>>> loadmodule "uac_registrant.so"
>>> modparam("uac","restore_mode","auto")
>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)")
>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)")
>>> modparam("uac_registrant", "timer_interval", 120)
>>> modparam("uac_registrant", "hash_size", 2)
>>> modparam("uac_registrant", "db_url",
>>> "mysql://opensips:opensips@localhost/opensips")
>>>
>>> ....
>>> failure_route[1] {
>>>                  ......
>>>                  # have we already tried to authenticate?
>>>                  if (isflagset(8)) {
>>>                          xlog("L_INFO", 
>>> "FAILUREROUTE_STATUS40X_SETFLAG8:
>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
>>>                          t_reply("503","Authentication failed");
>>>                          exit;
>>>                  }
>>>                  if (is_method("INVITE")) {
>>>                          # mark that auth was performed
>>>                          setflag(8);
>>>                          # trigger again the failure route
>>>                          t_on_failure("1");
>>>                          # repeat the request with auth response 
>>> this time
>>>                          $avp(uac_realm) = $td;
>>>                          $avp(uac_username) = $fU;
>>>                          avp_db_query("SELECT password FROM registrant
>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
>>> '$avp(uac_username)')","$avp(uac_password)");
>>>                          xlog("L_INFO",
>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
>>> :$avp(uac_password)");
>>>                          uac_auth();
>>>                          t_relay();
>>>                  }
>>>          }
>>> .....
>>> }
>>>
>>>
>>> I see correct vars in debug message, but uac_auth() not to append 
>>> branch
>>> to reply INVITE.
>>>
>>> For example, I have  such string
>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
>>> AVP_UAC_PASSWORD :SuperStrongPassword
>>>
>>> What is wrong in this config/AVP's?
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users