<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>the 3.0.x was the first release after merging kamailio and ser
source code trees and there were two variants of many functions,
and depending on which proxy_authorize() you use the behaviour
might have been different that what's now in 5.x.</p>
<p>If you want to send an error response if proxy_authorize() fails
(very unlikely because of in memory only operations), then yes,
add an if condition.<br>
</p>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 12.11.18 17:32, Abdulaziz Alghosh
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP61AuwxPD8Hbzn4--AEoZUhXXa-R1-dNrVtKu39AAD5XOLUnw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hello,<br>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">I migrated from Kamailio 3.0.3 to
Kamailio 5.1.4. and have two questions about the
execution sequence of the Request_Route.</div>
<div dir="ltr">The following condition trys to
authenticate the first INVITE or REGISTER request
which normally does not have the Authorization
Header:</div>
<div>route (auth)</div>
<div>..</div>
<div>..</div>
<div>..<br>
</div>
<div>route[auth]{<br>
</div>
<div dir="ltr">
<div> if ( !proxy_authorize("myrealm", "subscriber")
) {<br>
proxy_challenge("myrealm", "0");<br>
</div>
<div> sl_reply_error();<br>
</div>
<div> exit;<br>
</div>
<div> };</div>
<div>return;<br>
</div>
</div>
<div dir="ltr">}</div>
<div dir="ltr"><br>
</div>
<div>For sure the Return Code of "proxy_authorize"
will not be one (1) at the beginneing, so the
proxy_challenge() will generate the "407 Proxy
Authentication Required" request and the agent will
send the INVITE or the REGISTER again with the
Authorization-Header and the call or the
registration attempt succeeds. During my observation
to the new returned codes (values) of both
proxy_authorize()
and proxy_challenge() in Kamailio 5.1.4, I noticed
the following differnet execution sequence of this
"Request_Route".</div>
<div dir="ltr"><br>
</div>
<div>at Kamailio 3.0.3, and exactly after the
proxy_challenge("myrealm", "0") command was
executed, no more commands were excuted as if it
jumped out of the if statement, and the proxy was
wating for the new INVITE or REGISTER. Hence the
sl_reply_error() did not send any error reply. I
wrote several logging commad before and after the
proxy_challenge("myrealm", "0"), so I am pretty sure
that the proxy_challenge("myrealm", "0") is last
excuted command to be excuted here.<br>
</div>
<div><br>
</div>
<div>at Kamailio 5.1.4, the behaviour was more logical
and the proxy executes commands which come under the
proxy_challenge("myrealm", "0") like logging
commands or sl_reply_error() which generates usually
the error reply " 500 I'm terribly sorry, server
error occurred".</div>
<div dir="ltr"><br>
</div>
<div>My first question is: May somebody explain this
different behavior?</div>
<div><br>
</div>
<div>My second Question: assume that the agent will
send a wrong credentials and response, does the
proxy_challenge("myrealm", "0") function terminate
this dialouge with 401 Unauthorized Error or I must
add the following "if condition" afterwards:</div>
<div>
<div><br>
</div>
<div>if ( !proxy_authorize("myrealm", "subscriber")
) {<br>
proxy_challenge("myrealm", "0");<br>
</div>
<div> if (!$rc){</div>
<div> sl_reply_error();
'#### or I will be more specific sl_send_reply
(code, reason)<br>
</div>
<div> }<br>
</div>
<div> exit;<br>
</div>
<div>};</div>
</div>
<div dir="ltr">
<div><br>
</div>
<div>Thanks and best regards</div>
<div>Abdulaziz Alghosh<br>
</div>
<br>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio World Conference -- <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a>
Kamailio Advanced Training, Nov 12-14, 2018, in Berlin -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a></pre>
</body>
</html>