Code to get realm from failure_route is now looks like $var(hdr) = $(<reply>hdr(Proxy-Authenticate)); if ( $var(hdr) != NULL ) { $var(raw_auth) = $var(hdr); xlog("L_INFO", "Proxy-Auth is present"); } #WWW is an Asterisk flavour $var(hdr) = $(<reply>hdr(WWW-Authenticate)); if ( $var(hdr) != NULL ) { $var(raw_auth) = $var(hdr); xlog("L_INFO", "WWW-Auth is present"); } $var(reg_start) = "/(.*?)realm=\"//g"; $var(reg_end) = "/\"(.*)//g"; xlog("L_INFO", "Raw data $var(raw_auth)"); $var(raw_auth) = $(var(raw_auth){re.subst,$var(reg_start)}); $var(raw_auth) = $(var(raw_auth){re.subst,$var(reg_end)}); xlog("L_INFO", "Got realm data $var(raw_auth)");
One little problem is I have not found analog of is_set function, so I get WARNING:core:do_assign: no value in right expression on line in console. 29.07.14 12:44, Bogdan-Andrei Iancu написав(ла): > Hi, > > If you try it from a failure route, you need to do : > $(<reply>hdr(Proxy-Authenticate)) > > (see http://www.opensips.org/Documentation/Script-CoreVar-1-11) > > In failure route, the context is of the request message, so if you > want to access the reply, you need to switch to its context. > > Regards, > Bogdan-Andrei Iancu > OpenSIPS Founder and Developer > http://www.opensips-solutions.com > On 29.07.2014 12:41, Igor Olhovskiy wrote: >> Hi again. >> Seems to be, $hdr(Proxy-Authenticate) is NULL at 401 response. >> >> failure_route[1] { >> ... >> if ( t_check_status("40[17]") ) { >> ... >> xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate), Proxy >> flavour $hdr(Proxy-Authenticate)"); >> } >> } >> >> becomes >> >> /usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour <null> >> >> It's logic, cause in failure_route we work with initial INVITE, but >> not 401 reply. Cause, if we working with reply directly, we can't >> apply uac_auth function to it. >> >> 28.07.14 21:10, Игорь Ольховский написав(ла): >>> Hi, >>> >>> Many thanks on your answer, will wait for a new feature and look at $hdr >>> var more close. >>> Anyway, I have a little trouble with CSeq change (means it is need to do >>> accurate), but for now it’s a solution. >>> Many thanks again. >>> 28 июля 2014, в 20:46, Bogdan-Andrei Iancu <bog...@opensips.org> написал(а): >>> >>>> Hi, >>>> >>>> 1) on changing cseq as a simple text - this is not wise as you break the >>>> sequence of cseq number in the dialog; we are working on a feature to >>>> allow you do that in sip-wise way. >>>> >>>> 2) about realm, the proxy/www -Authenticate header (in the 401/407 reply) >>>> has the realm parameter; you can grab it by transformations; on >>>> $hdr(Proxy-Authenticate) apply a regexp transformation (see >>>> http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the >>>> realm param from there. >>>> >>>> Regards, >>>> >>>> Bogdan-Andrei Iancu >>>> OpenSIPS Founder and Developer >>>> http://www.opensips-solutions.com >>>> >>>> On 21.07.2014 20:15, Igor Olkhovskii wrote: >>>>> Made it work via modification of CSeq (remove_hf -> append_hf) and now is >>>>> a question, how to get correct realm from response. OpenSIPs is very >>>>> limitated to text processing.... >>>>> >>>>> 21.07.2014 18:39, Igor Olhovskiy пишет: >>>>>> Found this tread, but seems to be no luck in to work with INVITE on >>>>>> Asterisk. >>>>>> Is there any luck to get Asterisk auth (without touching Asterisk) >>>>>> >>>>>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html >>>>>> On 21.07.2014 16:14, Igor Olhovskiy wrote: >>>>>>> Hi! >>>>>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not >>>>>>> only register on external servers, but take care of INVITE's and so. >>>>>>> I've configured modules as: >>>>>>> >>>>>>> loadmodule "uac_auth.so" >>>>>>> loadmodule "uac.so" >>>>>>> loadmodule "uac_registrant.so" >>>>>>> modparam("uac","restore_mode","auto") >>>>>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)") >>>>>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)") >>>>>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)") >>>>>>> modparam("uac_registrant", "timer_interval", 120) >>>>>>> modparam("uac_registrant", "hash_size", 2) >>>>>>> modparam("uac_registrant", "db_url", >>>>>>> "mysql://opensips:opensips@localhost/opensips") >>>>>>> >>>>>>> .... >>>>>>> failure_route[1] { >>>>>>> ...... >>>>>>> # have we already tried to authenticate? >>>>>>> if (isflagset(8)) { >>>>>>> xlog("L_INFO", "FAILUREROUTE_STATUS40X_SETFLAG8: >>>>>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]"); >>>>>>> t_reply("503","Authentication failed"); >>>>>>> exit; >>>>>>> } >>>>>>> if (is_method("INVITE")) { >>>>>>> # mark that auth was performed >>>>>>> setflag(8); >>>>>>> # trigger again the failure route >>>>>>> t_on_failure("1"); >>>>>>> # repeat the request with auth response this >>>>>>> time >>>>>>> $avp(uac_realm) = $td; >>>>>>> $avp(uac_username) = $fU; >>>>>>> avp_db_query("SELECT password FROM registrant >>>>>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username = >>>>>>> '$avp(uac_username)')","$avp(uac_password)"); >>>>>>> xlog("L_INFO", >>>>>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM: >>>>>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD >>>>>>> :$avp(uac_password)"); >>>>>>> uac_auth(); >>>>>>> t_relay(); >>>>>>> } >>>>>>> } >>>>>>> ..... >>>>>>> } >>>>>>> >>>>>>> >>>>>>> I see correct vars in debug message, but uac_auth() not to append branch >>>>>>> to reply INVITE. >>>>>>> >>>>>>> For example, I have such string >>>>>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678 >>>>>>> AVP_UAC_PASSWORD :SuperStrongPassword >>>>>>> >>>>>>> What is wrong in this config/AVP's? >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@lists.opensips.org >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users