Re: [SR-Users] Auth for SUBSCRIBE and others

thank you! I will check that again.

In the mean time, I tried to get this running: http://kb.asipto.com/kamailio:presence:k43-blf In my setup, the local node is also the presence server (... or should be). BLF is working perfectly fine if I disable AUTH (PUBLISH to local -> NOTIFY to phones). If I enable AUTH, I can see "PUBLISH" sent to the node itself, getting denied by a 407 "Proxy Authentication Required". Do I realy need a SIP message flowing to myself to "PUBLISH" the change detected by dlg_manage() + presence_dialoginfo + pua_dialoginfo? The behavior seems to be correct for external presence management where I do IP based auth. For my understanding, Kamailio could handle that internal without building a SIP message(?). This is what I set up as params (pbx.example.com -> DOMAIN, 123.123.123.123 Public IP of node): =======================>%======================= #!ifdef WITH_PRESENCE # ----- presence params ----- modparam("presence", "db_url", DBURL) modparam("presence", "server_address","sip:123.123.123.123:5060") modparam("presence", "send_fast_notify", 0) modparam("presence", "db_update_period", 20) modparam("presence", "subs_db_mode", 2) modparam("presence", "fetch_rows", 1000) # ----- presence_xml params ----- modparam("presence_xml", "db_url", DBURL) modparam("presence_xml", "force_active", 1) # ----- presence_dialoginfo params ----- modparam("presence_dialoginfo", "force_single_dialog", 0) # -- dialog params -- modparam("dialog", "db_url", DBURL) modparam("dialog", "db_mode", 1) modparam("dialog", "dlg_match_mode", 1) modparam("dialog", "enable_stats", 1) modparam("dialog", "dlg_flag", FLT_DLG) # -- pua parameters -- modparam("pua", "db_url", DBURL) modparam("pua", "db_mode", 2) modparam("pua", "update_period", 60) modparam("pua", "dlginfo_increase_version", 0) modparam("pua", "reginfo_increase_version", 0) modparam("pua", "check_remote_contact", 1) modparam("pua", "fetch_rows", 1000) # ----- pua_dialoginfo params ----- modparam("pua_dialoginfo", "include_callid", 1) modparam("pua_dialoginfo", "send_publish_flag", FLT_DLGINFO) modparam("pua_dialoginfo", "caller_confirmed", 0) modparam("pua_dialoginfo", "include_tags", 1) modparam("pua_dialoginfo", "override_lifetime", 124) # CUSTOM modparam("pua_usrloc", "default_domain", "pbx.example.com") modparam("pua_reginfo", "server_address", "sip:123.123.123.123:5060") modparam("pua_reginfo", "default_domain", "pbx.example.com") #!endif =======================>%======================= Kind regards Kevin Am Mo., 18. März 2019 um 22:55 Uhr schrieb Henning Westerholt

> Am Montag, 18. März 2019, 19:42:30 CET schrieb Kevin Olbrich: > > I rolled back the change and Kamailio still sends the challenge. Seems > > I took the wrong transaction during debug... > > > > Am Mo., 18. März 2019 um 19:16 Uhr schrieb Kevin Olbrich <ko(a)sv01.de>de>: > > > Hi! > > > > > > I am implementing forwarding of SUBSCRIBE (BLF) to an Asterisk behind > > > Kamailio. This works but Kamailio is not requesting for Auth. > > > > > > I then added SUBSCRIBE to: > > > https://github.com/kamailio/kamailio/blob/master/etc/kamailio.cfg#L746 > > > > > > And it now challenges the client correctly. > > > > > > Why does this line only show REGISTER? > > > Shouldn't it request a challenge for all messages? > > > And why does it work with INVITES ootb? > > Hi Kevin, > > have a look to e.g. this page: > > https://andrewjprokop.wordpress.com/2015/01/27/understanding-sip-authentic > ation/ > > "That means that messages like INVITE and BYE will receive 407 responses > and REGISTER and SUBSCRIBE will receive 401 responses." > > For this reasons they are two *challenge functions in the auth module > available. > > Cheers, > > Henning > > > -- > Henning Westerholt - https://skalatan.de/blog/ > Kamailio services - https://skalatan.de/services > Kamailio security assessment - https://skalatan.de/de/assessment