hello,<br><br>I would really thank you Juha, it works perfectly :)<br>I had to adapt some part of Radiator code (a little hook to replace the $urg variable when the auth request is coming).<br><br># -- AUTH ---------------------------------------------------------------- #<br>
route[6]<br>{<br>...<br> # urgency numbers : if called, flag it and get the urg geo number by radius :<br> if (uri=~"^sip:1(5|7|8|12|15|19)@")<br> {<br> xlog("L_INFO","-> urgency code $rU called by $fU ");<br>
setflag(13); # flag urg<br> }<br> # radius www authentication<br> if (!radius_proxy_authorize(""))<br> {<br> proxy_challenge("", "1");<br> if ($retcode == -5)<br>
{<br> xlog("L_INFO", "-> 500: internal server error");<br> sl_send_reply("500", "Internal Server Error");<br> }<br> else if ($retcode == -4)<br>
{<br> xlog("L_INFO", "-> 404: credentials not found");<br> sl_send_reply("404", "Credentials Not Found");<br> }<br> else if ($retcode == -3)<br>
{<br> xlog("L_INFO", "-> 400: bad request");<br> sl_send_reply("400", "Bad Request");<br> }<br> else<br> {<br> if ($adu)<br>
{ append_to_reply("$adu"); }<br> xlog("L_INFO", "-> 407 - proxy auth required");<br> sl_send_reply("407", "Proxy Authentication Required");<br>
}<br> drop;<br> }<br> xlog("L_INFO", "-> authentication is ok, let it continue");<br> setflag(8); # flag auth_ok<br>...<br> if (isflagset(13))<br> {<br> xlog("L_INFO", "-> urgency $rU called by $fU : send directly to pstn");<br>
route(15); # route PSTN<br> }<br>}<br><br>And it's ok in the radius :<br><br>*** Received from <a href="http://192.168.60.9">192.168.60.9</a> port 56178 ....<br>Code: Access-Request<br>Identifier: 208<br>
Authentic: i.<179>;:_<197>H<131><232><219>+<7>2i<153><br>Attributes:<br> Cisco-AVPair = "<a href="mailto:0123451012@sip.720.fr">0123451012@sip.720.fr</a>"<br> Digest-Attributes = "<10><12>0123451012"<br>
Digest-Attributes = "<1><12><a href="http://sip.720.fr">sip.720.fr</a>"<br> Digest-Attributes = "<2>2490f6a370000000e4448ccf0eb032d4998da6b6142aa03ea"<br> Digest-Attributes = "<4><19><a href="mailto:sip%3A18@sip.720.fr">sip:18@sip.720.fr</a>"<br>
Digest-Attributes = "<3><8>INVITE"<br> Digest-Attributes = "<5><6>auth"<br> Digest-Attributes = "<9><10>00000001"<br> Digest-Attributes = "<8><10>da2ac20f"<br>
Digest-Response = "fbfa3947386bcdeb0bd9c825b50fca2f"<br> Service-Type = Sip-Session<br> Sip-URI-User = "0123451012"<br> cisco-avpair = "call-id=<a href="mailto:60df24b8-54ec4365@192.168.1.5">60df24b8-54ec4365@192.168.1.5</a>"<br>
NAS-Port = 5060<br> NAS-IP-Address = <a href="http://192.168.60.9">192.168.60.9</a><br><br>Mon Nov 3 22:11:39 2008: DEBUG: Handling request with Handler 'Service-Type=Sip-Session'<br>Mon Nov 3 22:11:39 2008: DEBUG: Rewrote user name to <a href="mailto:0123451012@sip.720.fr">0123451012@sip.720.fr</a><br>
...<br>*** Sending to <a href="http://192.168.60.9">192.168.60.9</a> port 56178 ....<br>Code: Access-Accept<br>Identifier: 208<br>Authentic: i.<179>;:_<197>H<131><232><219>+<7>2i<153><br>
Attributes:<br> Message-Authenticator = "<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>"<br> User-Name = "0123451012"<br>
Sip-User-ID = "0123451012"<br> Sip-User-Realm = "<a href="http://sip.720.fr">sip.720.fr</a>"<br> Sip-URI-User = "<a href="mailto:0123451012@sip.720.fr">0123451012@sip.720.fr</a>"<br>
Sip-Rpid = "0123451012"<br> Sip-Group = "full"<br> Sip-AVP = "asserted_id:0123451012"<br> Sip-AVP = "urg:01233450018"<br><br><br><br>I just want to know why the avp_print function understand another kind of AVP name than he one we got in the Radius request ?<br>
it adds "caller_" or "callee_" as a prefix ...<br><br>in the debug log :<br>Nov 3 22:07:34 ser0 kamailio[28252]: -> urgency code 18 called by 0123451012 <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth:check_nonce: comparing [490f69420000000c00de4aa46ee94c1b07cc0239f6ae8ef8] and [490f69420000000c00de4aa46ee94c1b07cc0239f6ae8ef8] <br>
Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:radius_authorize_sterman: Success <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:generate_avps: getting SIP AVPs from avpair 225 <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: string is <asserted_id:0123451012> <br>
Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: AVP name is <asserted_id> <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: AVP val is <0123451012> <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:generate_avps: AVP 'asserted_id'/0='0123451012'/0 has been added <br>
Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: string is <urg:01233450018> <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: AVP name is <urg> <br>Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:extract_avp: AVP val is <01233450018> <br>
Nov 3 22:07:34 ser0 kamailio[28252]: DBG:auth_radius:generate_avps: AVP 'urg'/0='01233450018'/0 has been added <br><br>with an avp_print() :<br><br>Nov 3 22:05:00 kamailio[28252]: INFO:avpops:ops_print_avp: p=0x7f0037677ec8, flags=0x0003 <br>
Nov 3 22:05:00 kamailio[28252]: INFO:avpops:ops_print_avp: ^I^I^Iname=<caller_urg> <br>Nov 3 22:05:00 kamailio[28252]: INFO:avpops:ops_print_avp: ^I^I^Ival_str=<01233450018 / 4> <br><br><br>Again, many thanks,<br>
<br>.Sam.<br><br><br><br><br><div class="gmail_quote">On Tue, Oct 28, 2008 at 7:02 PM, Samuel Muller <span dir="ltr"><<a href="mailto:sml@720.fr">sml@720.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
oh, you're right, nice !<br><br>the idea should be (not the real script lines but similar in the concept) :<br><br>$fu INVITE $ruri (where $ruri is a urg code) :<br><br>route(authenticate)<br>{<br> if (ruri = (15|17|18)@)<br>
{<br> ($username == $urg);<br> setflag(urg);<br> }<br> radius_proxy_authorize("...")<br> {...}<br>}<br>route(pstn)<br>{<br> if (isflagset(urg))<br> {<br> rewriteusername($urg);<br> route(send_to_a_dedicated_trunk);<br>
exit;<br> }<br>}<br><br>and the radius replies during the authentication, the real associated geo number of the urg code.<br><br>nice ! many thanks ! I'll try it asap !<br><br>.Sam.<div><div></div><div class="Wj3C7c">
<br><br><br><br><div class="gmail_quote">
On Tue, Oct 28, 2008 at 6:39 PM, Juha Heinanen <span dir="ltr"><<a href="mailto:jh@tutpro.com" target="_blank">jh@tutpro.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Samuel Muller writes:<br>
<br>
> when the sipphone calls the urgency code "15", openser receives<br>
> sip:15@realm<br>
> "<br>
> so I use the avp_load_radius to get the AVP $urg (for example).<br>
> the radius checks its db :<br>
> . $fu -> insee code=$insee (insee codes relates the geo number of urgencies)<br>
> . $ruri -> urg code=$urg<br>
> so it translates the code in the good geo number (15 = 0123456789)<br>
> then openser just rewrite the ruri like sip:$urg@realm.<br>
<br>
</div>sounds good, but if you authenticate the call in kamailio, you don't<br>
need this extra avp_load_radius call, because you can return the goe<br>
number already during authentication. on the other hand, there are not<br>
that many emergency calls that the extra call would matter.<br>
<font color="#888888"><br>
-- juha<br>
</font></blockquote></div><br><br clear="all"><br></div></div><div><div></div><div class="Wj3C7c">-- <br>Samuel MULLER<br>Ingénieur Reseaux & Telecom<br>720 DEGRES<br>+33 (0)663 128 505<br><a href="mailto:sml@720.fr" target="_blank">sml@720.fr</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Samuel MULLER<br>Ingénieur Reseaux & Telecom<br>720 DEGRES<br>+33 (0)663 128 505<br><a href="mailto:sml@720.fr">sml@720.fr</a><br>