Hey All,
So, I want to use the UAC module to handle Digest Auth to upstream carriers. But, I don’t know which carrier will be selected until another module (dRouting in this case) tells the logic which carrier to use.
I can see in the logs that the uac_auth function can capture the Auth Realm. But, I need to access it from the Kamailio script so that I can lookup the credentials for that realm and then call uac_auth. I’ve tried getting the info from $ar, but that gives me the realm of the inbound request versus the realm of the upstream carrier. Also, I’ve tried using $T_rpl($ar), but that returns 0. Here’s my logic from the Kamailio file:
if(t_check_status("401|407")) { $var(reply_realm) = $T_rpl($ar); $var(query)="select auth_username,auth_password from uacreg where realm='" + $var(reply_realm) + "'"; sql_xquery("cb","$var(query)","rb"); xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The query is $var(query) auth realm is $var(reply_realm) and the user name is $xavp(rb=>auth_username)"); $avp(auser) = $xavp(rb=>auth_username); $avp(apass) = $xavp(rb=>auth_password); uac_auth(); t_relay(); exit;` }
A snippet of the log file is below:
Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1616 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1617 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1618 a=24 n=uac_auth Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:225]: get_autenticate_hdr(): looking for header "Proxy-Authenticate" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:429]: uac_auth(): header found; body=<Digest realm="sip.flowroute.com", nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth"> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <realm>="sip.flowroute.com" state=2 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1619 a=24 n=t_relay
Thanks in advance for any help
Mack Hendricks dSIPRouter
Hello,
iirc, the auth header related variables (like $ar) are set when some authentication functions are used, but that is for requests. For replies, I am not sure if it is done at all, being also a different header name.
Unless you want to dig a bit in the code and see what happens there, for now a solution here would be using transformations to extract fields from the header Proxy-Authenticate or WWW-Authenticate.
If you want to have these variables set in other cases than it is now, you can open a new feature request on github issue tracker.
Cheers, Daniel
On 20.01.19 12:58, Mack Hendricks wrote:
Hey All,
So, I want to use the UAC module to handle Digest Auth to upstream carriers. But, I don’t know which carrier will be selected until another module (dRouting in this case) tells the logic which carrier to use.
I can see in the logs that the uac_auth function can capture the Auth Realm. But, I need to access it from the Kamailio script so that I can lookup the credentials for that realm and then call uac_auth. I’ve tried getting the info from $ar, but that gives me the realm of the inbound request versus the realm of the upstream carrier. Also, I’ve tried using $T_rpl($ar), but that returns 0. Here’s my logic from the Kamailio file:
if(t_check_status("401|407")) { $var(reply_realm) = $T_rpl($ar); $var(query)="select auth_username,auth_password from uacreg where realm='" + $var(reply_realm) + "'"; sql_xquery("cb","$var(query)","rb"); xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The query is $var(query) auth realm is $var(reply_realm) and the user name is $xavp(rb=>auth_username)"); $avp(auser) = $xavp(rb=>auth_username); $avp(apass) = $xavp(rb=>auth_password); uac_auth(); t_relay(); exit;` }
A snippet of the log file is below:
Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1616 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1617 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1618 a=24 n=uac_auth Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:225]: get_autenticate_hdr(): looking for header "Proxy-Authenticate" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:429]: uac_auth(): header found; body=<Digest realm="sip.flowroute.com http://sip.flowroute.com", nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth"> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <realm>="sip.flowroute.com http://sip.flowroute.com" state=2 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com http://sip.flowroute.com" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1619 a=24 n=t_relay
Thanks in advance for any help
Mack Hendricks dSIPRouter
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
I suspect you could check $rd or $du ? Although I don’t quite understand why you won’t know the realm to begin with based on the selection?
On Sun, Jan 20, 2019 at 03:59 Mack Hendricks mack@dopensource.com wrote:
Hey All,
So, I want to use the UAC module to handle Digest Auth to upstream carriers. But, I don’t know which carrier will be selected until another module (dRouting in this case) tells the logic which carrier to use.
I can see in the logs that the uac_auth function can capture the Auth Realm. But, I need to access it from the Kamailio script so that I can lookup the credentials for that realm and then call uac_auth. I’ve tried getting the info from $ar, but that gives me the realm of the inbound request versus the realm of the upstream carrier. Also, I’ve tried using $T_rpl($ar), but that returns 0. Here’s my logic from the Kamailio file:
if(t_check_status("401|407")) { $var(reply_realm) = $T_rpl($ar); $var(query)="select auth_username,auth_password fromuacreg where realm='" + $var(reply_realm) + "'"; sql_xquery("cb","$var(query)","rb"); xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The query is $var(query) auth realm is $var(reply_realm) and the user name is $xavp(rb=>auth_username)"); $avp(auser) = $xavp(rb=>auth_username); $avp(apass) = $xavp(rb=>auth_password); uac_auth(); t_relay(); exit;` }
A snippet of the log file is below:
Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1616 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1617 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1618 a=24 n=uac_auth Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:225]: get_autenticate_hdr(): looking for header "Proxy-Authenticate" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:429]: uac_auth(): header found; body=<Digest realm=" sip.flowroute.com", nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth"> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <realm>="sip.flowroute.com" state=2 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1619 a=24 n=t_relay
Thanks in advance for any help
Mack Hendricks dSIPRouter _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
I’m using the dRouting module. Is there a way to store the realm using this module?
Also, I don’t think I know the realm until the first time I send a Register or Invite to the carrier. I could guess the realm, but we want to make sure we handle edge cases where the name of the realm is different then the domain name of the carrier.
Sent from my iPhone
On Jan 20, 2019, at 2:22 PM, Brandon Armstead brandon@cryy.com wrote:
I suspect you could check $rd or $du ? Although I don’t quite understand why you won’t know the realm to begin with based on the selection?
On Sun, Jan 20, 2019 at 03:59 Mack Hendricks mack@dopensource.com wrote: Hey All,
So, I want to use the UAC module to handle Digest Auth to upstream carriers. But, I don’t know which carrier will be selected until another module (dRouting in this case) tells the logic which carrier to use.
I can see in the logs that the uac_auth function can capture the Auth Realm. But, I need to access it from the Kamailio script so that I can lookup the credentials for that realm and then call uac_auth. I’ve tried getting the info from $ar, but that gives me the realm of the inbound request versus the realm of the upstream carrier. Also, I’ve tried using $T_rpl($ar), but that returns 0. Here’s my logic from the Kamailio file:
if(t_check_status("401|407")) { $var(reply_realm) = $T_rpl($ar); $var(query)="select auth_username,auth_password from uacreg where realm='" + $var(reply_realm) + "'"; sql_xquery("cb","$var(query)","rb"); xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The query is $var(query) auth realm is $var(reply_realm) and the user name is $xavp(rb=>auth_username)"); $avp(auser) = $xavp(rb=>auth_username); $avp(apass) = $xavp(rb=>auth_password); uac_auth(); t_relay(); exit;` }A snippet of the log file is below:
Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1616 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1617 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1618 a=24 n=uac_auth Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:225]: get_autenticate_hdr(): looking for header "Proxy-Authenticate" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:429]: uac_auth(): header found; body=<Digest realm="sip.flowroute.com", nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth"> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <realm>="sip.flowroute.com" state=2 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1619 a=24 n=t_relay
Thanks in advance for any help
Mack Hendricks dSIPRouter _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Sent from Gmail Mobile _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
I’m not sure if I’m missing the important point here, but can you just set the realm to whatever the carrier expects in the uacreg table?
I think I use it that way and we have different realms for different carriers...
https://www.kamailio.org/docs/modules/5.2.x/modules/uac.html#idm1047648852
Or the problem is that you don’t know the realm in advance?
On Sun, Jan 20, 2019 at 12:03 Mack Hendricks mack@dopensource.com wrote:
I’m using the dRouting module. Is there a way to store the realm using this module?
Also, I don’t think I know the realm until the first time I send a Register or Invite to the carrier. I could guess the realm, but we want to make sure we handle edge cases where the name of the realm is different then the domain name of the carrier.
Sent from my iPhone
On Jan 20, 2019, at 2:22 PM, Brandon Armstead brandon@cryy.com wrote:
I suspect you could check $rd or $du ? Although I don’t quite understand why you won’t know the realm to begin with based on the selection?
On Sun, Jan 20, 2019 at 03:59 Mack Hendricks mack@dopensource.com wrote:
Hey All,
So, I want to use the UAC module to handle Digest Auth to upstream carriers. But, I don’t know which carrier will be selected until another module (dRouting in this case) tells the logic which carrier to use.
I can see in the logs that the uac_auth function can capture the Auth Realm. But, I need to access it from the Kamailio script so that I can lookup the credentials for that realm and then call uac_auth. I’ve tried getting the info from $ar, but that gives me the realm of the inbound request versus the realm of the upstream carrier. Also, I’ve tried using $T_rpl($ar), but that returns 0. Here’s my logic from the Kamailio file:
if(t_check_status("401|407")) { $var(reply_realm) = $T_rpl($ar); $var(query)="select auth_username,auth_password fromuacreg where realm='" + $var(reply_realm) + "'"; sql_xquery("cb","$var(query)","rb"); xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The query is $var(query) auth realm is $var(reply_realm) and the user name is $xavp(rb=>auth_username)"); $avp(auser) = $xavp(rb=>auth_username); $avp(apass) = $xavp(rb=>auth_password); uac_auth(); t_relay(); exit;` }
A snippet of the log file is below:
Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1616 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1617 a=63 n=assign Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1618 a=24 n=uac_auth Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:225]: get_autenticate_hdr(): looking for header "Proxy-Authenticate" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:429]: uac_auth(): header found; body=<Digest realm=" sip.flowroute.com", nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth"> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <realm>="sip.flowroute.com" state=2 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1 Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com" Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: *** cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg] l=1619 a=24 n=t_relay
Thanks in advance for any help
Mack Hendricks dSIPRouter _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Sent from Gmail Mobile
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Brandon Armstead -
Daniel-Constantin Mierla -
Joel Serrano -
Mack Hendricks