Made it in a more accurate way:
if ($(<reply>hdr(Proxy-Authenticate))) {
$var(raw_auth) =
$(<reply>hdr(Proxy-Authenticate));
}
if ($(<reply>hdr(WWW-Authenticate))) {
$var(raw_auth) =
$(<reply>hdr(WWW-Authenticate));
}
.........
30.07.14 11:42, Igor Olhovskiy написав(ла):
> Code to get realm from failure_route is now looks like
>
> $var(hdr) = $(<reply>hdr(Proxy-Authenticate));
> if ( $var(hdr) != NULL ) {
> $var(raw_auth) = $var(hdr);
> xlog("L_INFO", "Proxy-Auth is present");
> }
> #WWW is an Asterisk flavour
> $var(hdr) = $(<reply>hdr(WWW-Authenticate));
> if ( $var(hdr) != NULL ) {
> $var(raw_auth) = $var(hdr);
> xlog("L_INFO", "WWW-Auth is present");
> }
> $var(reg_start) = "/(.*?)realm=\"//g";
> $var(reg_end) = "/\"(.*)//g";
> xlog("L_INFO", "Raw data $var(raw_auth)");
> $var(raw_auth) =
> $(var(raw_auth){re.subst,$var(reg_start)});
> $var(raw_auth) =
> $(var(raw_auth){re.subst,$var(reg_end)});
> xlog("L_INFO", "Got realm data $var(raw_auth)");
>
> One little problem is I have not found analog of is_set function, so I
> get
> WARNING:core:do_assign: no value in right expression on line
> in console.
>
> 29.07.14 12:44, Bogdan-Andrei Iancu написав(ла):
>> Hi,
>>
>> If you try it from a failure route, you need to do :
>> $(<reply>hdr(Proxy-Authenticate))
>>
>> (see http://www.opensips.org/Documentation/Script-CoreVar-1-11)
>>
>> In failure route, the context is of the request message, so if you
>> want to access the reply, you need to switch to its context.
>>
>> Regards,
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>> On 29.07.2014 12:41, Igor Olhovskiy wrote:
>>> Hi again.
>>> Seems to be, $hdr(Proxy-Authenticate) is NULL at 401 response.
>>>
>>> failure_route[1] {
>>> ...
>>> if ( t_check_status("40[17]") ) {
>>> ...
>>> xlog("L_INFO", "Asterisk flavour $hdr(WWW-Authenticate), Proxy
>>> flavour $hdr(Proxy-Authenticate)");
>>> }
>>> }
>>>
>>> becomes
>>>
>>> /usr/sbin/opensips[18983]: Asterisk flavour <null>, Proxy flavour <null>
>>>
>>> It's logic, cause in failure_route we work with initial INVITE, but
>>> not 401 reply. Cause, if we working with reply directly, we can't
>>> apply uac_auth function to it.
>>>
>>> 28.07.14 21:10, Игорь Ольховский написав(ла):
>>>> Hi,
>>>>
>>>> Many thanks on your answer, will wait for a new feature and look at $hdr
>>>> var more close.
>>>> Anyway, I have a little trouble with CSeq change (means it is need to do
>>>> accurate), but for now it’s a solution.
>>>> Many thanks again.
>>>> 28 июля 2014, в 20:46, Bogdan-Andrei Iancu <bog...@opensips.org>
>>>> написал(а):
>>>>
>>>>> Hi,
>>>>>
>>>>> 1) on changing cseq as a simple text - this is not wise as you break the
>>>>> sequence of cseq number in the dialog; we are working on a feature to
>>>>> allow you do that in sip-wise way.
>>>>>
>>>>> 2) about realm, the proxy/www -Authenticate header (in the 401/407 reply)
>>>>> has the realm parameter; you can grab it by transformations; on
>>>>> $hdr(Proxy-Authenticate) apply a regexp transformation (see
>>>>> http://www.opensips.org/Documentation/Script-Tran-1-11#toc72) to get the
>>>>> realm param from there.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>>
>>>>> On 21.07.2014 20:15, Igor Olkhovskii wrote:
>>>>>> Made it work via modification of CSeq (remove_hf -> append_hf) and now
>>>>>> is a question, how to get correct realm from response. OpenSIPs is very
>>>>>> limitated to text processing....
>>>>>>
>>>>>> 21.07.2014 18:39, Igor Olhovskiy пишет:
>>>>>>> Found this tread, but seems to be no luck in to work with INVITE on
>>>>>>> Asterisk.
>>>>>>> Is there any luck to get Asterisk auth (without touching Asterisk)
>>>>>>>
>>>>>>> https://www.mail-archive.com/users@lists.opensips.org/msg25236.html
>>>>>>> On 21.07.2014 16:14, Igor Olhovskiy wrote:
>>>>>>>> Hi!
>>>>>>>> I'm trying to get OpenSIPS 1.11 act as registrar proxy. Means it's not
>>>>>>>> only register on external servers, but take care of INVITE's and so.
>>>>>>>> I've configured modules as:
>>>>>>>>
>>>>>>>> loadmodule "uac_auth.so"
>>>>>>>> loadmodule "uac.so"
>>>>>>>> loadmodule "uac_registrant.so"
>>>>>>>> modparam("uac","restore_mode","auto")
>>>>>>>> modparam("uac_auth","auth_realm_avp","$avp(uac_realm)")
>>>>>>>> modparam("uac_auth","auth_username_avp","$avp(uac_username)")
>>>>>>>> modparam("uac_auth","auth_password_avp","$avp(uac_password)")
>>>>>>>> modparam("uac_registrant", "timer_interval", 120)
>>>>>>>> modparam("uac_registrant", "hash_size", 2)
>>>>>>>> modparam("uac_registrant", "db_url",
>>>>>>>> "mysql://opensips:opensips@localhost/opensips")
>>>>>>>>
>>>>>>>> ....
>>>>>>>> failure_route[1] {
>>>>>>>> ......
>>>>>>>> # have we already tried to authenticate?
>>>>>>>> if (isflagset(8)) {
>>>>>>>> xlog("L_INFO",
>>>>>>>> "FAILUREROUTE_STATUS40X_SETFLAG8:
>>>>>>>> [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]");
>>>>>>>> t_reply("503","Authentication failed");
>>>>>>>> exit;
>>>>>>>> }
>>>>>>>> if (is_method("INVITE")) {
>>>>>>>> # mark that auth was performed
>>>>>>>> setflag(8);
>>>>>>>> # trigger again the failure route
>>>>>>>> t_on_failure("1");
>>>>>>>> # repeat the request with auth response this
>>>>>>>> time
>>>>>>>> $avp(uac_realm) = $td;
>>>>>>>> $avp(uac_username) = $fU;
>>>>>>>> avp_db_query("SELECT password FROM registrant
>>>>>>>> WHERE (registrar = 'sip:$avp(uac_realm)') AND ( username =
>>>>>>>> '$avp(uac_username)')","$avp(uac_password)");
>>>>>>>> xlog("L_INFO",
>>>>>>>> "FAILUREROUTE_STATUS40X_UACAUTHINVITE_DEBUG_VARIABLES: AVP_UAC_REALM:
>>>>>>>> $avp(uac_realm) AVP_UAC_USERNAME: $avp(uac_username) AVP_UAC_PASSWORD
>>>>>>>> :$avp(uac_password)");
>>>>>>>> uac_auth();
>>>>>>>> t_relay();
>>>>>>>> }
>>>>>>>> }
>>>>>>>> .....
>>>>>>>> }
>>>>>>>>
>>>>>>>>
>>>>>>>> I see correct vars in debug message, but uac_auth() not to append
>>>>>>>> branch
>>>>>>>> to reply INVITE.
>>>>>>>>
>>>>>>>> For example, I have such string
>>>>>>>> AVP_UAC_REALM: some-dns.example.net.ua AVP_UAC_USERNAME: 2225678
>>>>>>>> AVP_UAC_PASSWORD :SuperStrongPassword
>>>>>>>>
>>>>>>>> What is wrong in this config/AVP's?
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users@lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
