Hello,
REGISTER should have Authorization header.
Can you paste the headers of such PUBLISH?
The log message you pasted in a previous email shows that the realm was
not matching:
Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth [api.c:86]:
pre_auth(): auth:pre_auth: Credentials with realm 'myhome2.xip.bpt.com'
not found
Maybe it is different than From header domain.
Cheers,
Daniel
On 28/04/15 09:13, Tomas Zanet wrote:
Hello, yes it is.
The real parameter in Proxy-Authorization header is the same for
PUBLISH and REGISTER and INVIATE as well.
I’m doing authentication in this way:
if (!auth_check("$fd", "subscriber", "1"))
{
auth_challenge("$fd", "0");
exit;
}
Thanks,
T.
*Da:*Daniel-Constantin Mierla [mailto:miconda@gmail.com]
*Inviato:* lunedì 27 aprile 2015 17:56
*A:* Kamailio (SER) - Users Mailing List; Tomas Zanet
*Oggetto:* Re: [SR-Users] publish authentication problem
Hello,
can you check what is the value of the realm parameter in
Proxy-Authorization header of PUBLISH? Is it myhome2.xip.bpt.com?
Cheers,
Daniel
On 24/04/15 15:31, Tomas Zanet wrote:
Hello everyone,
I’ve been working on a project where I would like to implement RFC6035
https://tools.ietf.org/html/rfc6035
Basically, after the end of the call, our SIP UAC sends a SIP
PUBLISH to Kamailio where there are some useful information about
media quality (packet loss, mos, etc..)
This information is stored by Kamailio with sql_query command…
To achieve this, I implemented a custom route function inside
Kamailio cfg file, which handles PUBLISH request, check vq-rtcpxr
body and store that information into a database.
Here is a snippet code:
# AVPF report route
route[AVPF] {
if(!is_method("PUBLISH"))
return;
if (has_body("application/vq-rtcpxr"))
{
$var(x) = "INSERT INTO quality_reporting_raw(body) VALUES (\"" +
$(rb{s.escape.common}) + "\");";
sql_query("cb", "$(var(x))");
…… reply 200 ok and so on….
exit(0)
}
}
Everything works fine (almost fine, because the report is stored
twice…) if I do the route(AVPF) before authentication, like this…
(main route):
# handle AVPF reports
route(AVPF);
# authentication
route(AUTH);
Instead if I swap these two functions, doing the authentication
before publish processing, I have some problems about publish
authentication….not for the other requests (INVITE and REGISTER)
As far as I know From, To and Request-URI must match the
authentication user, in the PUBLISH REQUEST as described here
http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#auth_db.f.auth_…
I confirm that…I’m sending the SIP PUBLISH from user 101 to user
101, which is currently registered.
My problem is that Kamailio is continuously answering with 407 to
the SIP PUBLISH, even if the PUBLISH request has the right
Proxy-Authorization header…
Digging into the log file, I found this :
Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
[authorize.c:486]: auth_check(): realm [
myhome2.xip.bpt.com] table
[subscriber] flags [1]
Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth
[api.c:86]: pre_auth(): *auth:pre_auth: Credentials with realm
'myhome2.xip.bpt.com' not found*
Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
[authorize.c:252]: *digest_authenticate_hdr(): no credentials*
Just for your better understanding I’m doing authorization with
db, using subscriber table where there are all the users with
'myhome2.xip.bpt.com' domain…
In fact, all INVITEs and REGISTERs are correctly authenticated…
Would you mind address me to find out the problem? Maybe, there’s
something wrong in my cfg file.
Thanks in advance
T,