[OpenSER-Users] fail to authenticate INVITE messages

29 Feb 2008


      Hi all,
I'm trying to authenticate INVITE messages with OpenSER 1.3.0 (SIP Proxy +
RTPPROXY) and LDAP module. Although REGISTER authentication works well, I cannot
check user authorization for INVITE messages. I'm using an openser.cfg
configuration template from sipwise (see an extract below).
pv_proxy_authorize() routine always returns false, even if my user is registered
and authenticated through our OpenLDAP. Can you tell me what I'm doing wrong ?
Many thks,
---------------------------
openser.cfg
---------------------------
route {
...
   if(is_method("REGISTER"))
        {
                route(2);
        }
   if(is_method("INVITE"))
        {
                route(4);
        }
...
}
########################################################################
# Request route 'base-route-register'
########################################################################
route[2]
{
        sl_send_reply("100", "Trying");
if(is_present_hf("Authorization")||is_present_hf("Proxy-Authorization"))
{
xlog("L_INFO", "is_present_hf Authorization or
Proxy-Authorization\n");
if
(!ldap_search("ldap://blabla/blabla?uid,userPassword?sub?(uid=$fU)")) {
                                        switch ($retcode) {
                                                case -1:
                                                # no LDAP entry found
                                                xlog("L_INFO", "Ldap user not
found\n");
                                                sl_send_reply("404", "User Not
Found");
                                                exit;
                                                case -2:
                                                # internal error
                                                xlog("L_INFO", "Internal server
error during authentication\n");
                                                sl_send_reply("500", "Internal
server error");
                                                exit;
                                                default:
                                                exit;
                                        }
                                }
ldap_result("uid/$avp(s:username)");
                                ldap_result("userPassword/$avp(s:password)");
                        }
if(!pv_www_authorize(""))
        {
xlog("L_INFO", "Register authentication failed - M=$rm RURI=$ru
F=$fu T=$tu IP=$si ID=$ci\n");
                www_challenge("mydomain", "1");
                exit;
        }
if(!check_to())
        {
xlog("L_INFO", "Spoofed To-URI detected - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
                sl_send_reply("403", "Spoofed To-URI Detected");
                exit;
        }
        consume_credentials();
        if(!search("^Contact:[ ]**") && nat_uac_test("19"))
        {
                fix_nated_register();
                setbflag(6);
        }
        if(!save("location"))
        {
xlog("L_ERR", "Saving contact failed - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
                sl_reply_error();
                exit;
        }
xlog("L_INFO", "Registration successful - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
        exit;
}
########################################################################
# Request route 'base-route-invite'
########################################################################
route[4]
{
        sl_send_reply("100", "Trying");
        if(nat_uac_test("19"))
        {
                fix_nated_contact();
                setbflag(6);
        }
route(5);
}
########################################################################
# Request route 'invite-find-callee'
########################################################################
route[5]
{
        if(!is_domain_local("$rd"))
        {
                setflag(20);
route(7);
        }
        if(does_uri_exist())
        {
xlog("L_INFO", "Callee is local - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
                route(6);
        }
        else
        {
xlog("L_INFO", "Callee is not local - M=$rm RURI=$ru F=$fu T=$tu
IP=$si ID=$ci\n");
                route(7);
        }
        exit;
}
########################################################################
# Request route 'invite-to-external'
########################################################################
route[7]
{
        if(isflagset(20))
        {
xlog("L_INFO", "Call to foreign domain - M=$rm RURI=$ru F=$fu
T=$tu IP=$si ID=$ci\n");
                if (!pv_proxy_authorize(""))
                {
                        xlog("L_INFO", "TESTING : NOT AUTHENTICATED !!!!\n");
                }
                else
                {
                        xlog("L_INFO", "TESTING : AUTHENTICATED !!!!\n");
                }
route(3);
                exit;
        }
xlog("L_INFO", "Call to unknown user - M=$rm RURI=$ru F=$fu T=$tu IP=$si
ID=$ci\n");
        sl_send_reply("404", "User Not Found");
        exit;
}
---------------------
DEBUG LOGS
---------------------
eb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: DBG:core:parse_headers:
flags=80
Feb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: DBG:core:parse_headers:
flags=80
Feb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: Call to foreign domain -
M=INVITE RURI=sip:beacon@columbia.edu F=sip:test@xxxxxxxx T=sip:beacon@co
lumbia.edu IP=xxxxxxx ID=282a363f-5be5-dc11-8272-0015c56ccfaa@xxxxxx
Feb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: DBG:core:parse_headers:
flags=10000
Feb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: DBG:auth:pre_auth:
credentials with given realm not found
Feb 29 15:33:14 proxy_sip /usr/sbin/openser[5444]: TESTING : NOT AUTHENTICATED

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

[OpenSER-Users] fail to authenticate INVITE messages