[OpenSIPS-Users] Proxy authentication question

Yury Kirsanov y.kirsanov at gmail.com
Fri Oct 27 07:27:23 EDT 2017


Hi Bogdan,
Thanks a lot for your advise, I've also noticed that CallID is the same for
these calls and of course, at first there's no 'Proxy-Authorization'
header. But that header will be in place only if remote party has a
password to authenticate with us. So yes, I will have to use a cache module
probably, it's only I though that if CallID is the same that would be
treated as same transaction and all message flags would be present. Thanks
for your help!

Regards,
Yury.

2017-10-27 20:06 GMT+11:00 Bogdan-Andrei Iancu <bogdan at opensips.org>:

> Hi Bogdan,
>
> There are 2 transactions - first request without credentials and the
> second one without credentials - and the flags are only transaction
> persistent.
>
> If you really want to perform such a check, you can rely on the fact that
> both requests will have the same Call-ID (or they should, according to
> RFC3261) - so use the local cache (cachedb_local module) with cache_store()
> and cache_fetch() function to check.
>
> Best regards,
>
> Bogdan-Andrei Iancu
>   OpenSIPS Founder and Developer
>   http://www.opensips-solutions.com
>
> On 10/27/2017 08:19 AM, Yury Kirsanov wrote:
>
> Hi,
> I've got a question about proxy authentication - is there any way to
> determine if we previously already asked remote party to authenticate or
> not? For some reason it looks like to me that flags are not persistent
> during proxy authentication process, so my code doesn't work as flag is
> never set. Here's a code snippet:
>
> if (!proxy_authorize("","subscriber"))
> {
>  if (isflagset(7))
>  {
>    # We already tried to authenticate, do some code here
>  }
>  else
>  {
>    # We haven't tried to authenticate yet, challenge the request
>    setflag(7);
>    proxy_challenge("","1");
>    exit;
>  }
> }
> else
> {
> ... successful auth done
> }
>
> I need this as I want to try to authenticate users and if remote party
> can't authenticate - then try to do IP based authentication, for example.
>
> Thanks for help!
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20171027/13222676/attachment.html>


More information about the Users mailing list