Hi again. Seems to be, $hdr(Proxy-Authenticate) is NULL at 401 response. failure_route[1] { ... if ( t_check_status("40[17]") ) { ... xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate), Proxy flavour $hdr(Proxy-Authenticate)"); } }
becomes /usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour <null> It's logic, cause in failure_route we work with initial INVITE, but not 401 reply. Cause, if we working with reply directly, we can't apply uac_auth function to it. 28.07.14 21:10, Игорь Ольховский написав(ла): > Hi, > > Many thanks on your answer, will wait for a new feature and look at $hdr var > more close. > Anyway, I have a little trouble with CSeq change (means it is need to do > accurate), but for now it’s a solution. > Many thanks again. > 28 июля 2014, в 20:46, Bogdan-Andrei Iancu <bog...@opensips.org> написал(а): > >> Hi, >> >> 1) on changing cseq as a simple text - this is not wise as you break the >> sequence of cseq number in the dialog; we are working on a feature to allow >> you do that in sip-wise way. >> >> 2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) >> has the realm parameter; you can grab it by transformations; on >> $hdr(Proxy-Authenticate) apply a regexp transformation (see >> http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the >> realm param from there. >> >> Regards, >> >> Bogdan-Andrei Iancu >> OpenSIPS Founder and Developer >> http://www.opensips-solutions.com >> >> On 21.07.2014 20:15, Igor Olkhovskii wrote: >>> Made it work via modification of CSeq (remove_hf -> append_hf) and now is a >>> question, how to get correct realm from response. OpenSIPs is very >>> limitated to text processing.... >>> >>> 21.07.2014 18:39, Igor Olhovskiy пишет: >>>> Found this tread, but seems to be no luck in to work with INVITE on >>>> Asterisk. >>>> Is there any luck to get Asterisk auth (without touching Asterisk) >>>> >>>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html >>>> On 21.07.2014 16:14, Igor Olhovskiy wrote: >>>>> Hi! >>>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not >>>>> only register on external servers, but take care of INVITE's and so. >>>>> I've configured modules as: >>>>> >>>>> loadmodule "uac_auth.so" >>>>> loadmodule "uac.so" >>>>> loadmodule "uac_registrant.so" >>>>> modparam("uac","restore_mode","auto") >>>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)") >>>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)") >>>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)") >>>>> modparam("uac_registrant", "timer_interval", 120) >>>>> modparam("uac_registrant", "hash_size", 2) >>>>> modparam("uac_registrant", "db_url", >>>>> "mysql://opensips:opensips@localhost/opensips") >>>>> >>>>> .... >>>>> failure_route[1] { >>>>> ...... >>>>> # have we already tried to authenticate? >>>>> if (isflagset(8)) { >>>>> xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8: >>>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]"); >>>>> t_reply("503","Authentication failed"); >>>>> exit; >>>>> } >>>>> if (is_method("INVITE")) { >>>>> # mark that auth was performed >>>>> setflag(8); >>>>> # trigger again the failure route >>>>> t_on_failure("1"); >>>>> # repeat the request with auth response this time >>>>> $avp(uac_realm) = $td; >>>>> $avp(uac_username) = $fU; >>>>> avp_db_query("SELECT password FROM registrant >>>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username = >>>>> '$avp(uac_username)')","$avp(uac_password)"); >>>>> xlog("L_INFO", >>>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM: >>>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD >>>>> :$avp(uac_password)"); >>>>> uac_auth(); >>>>> t_relay(); >>>>> } >>>>> } >>>>> ..... >>>>> } >>>>> >>>>> >>>>> I see correct vars in debug message, but uac_auth() not to append branch >>>>> to reply INVITE. >>>>> >>>>> For example, I have such string >>>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678 >>>>> AVP_UAC_PASSWORD :SuperStrongPassword >>>>> >>>>> What is wrong in this config/AVP's? >>> >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users