[SR-Users] Possible bug in authentication

Daniel-Constantin Mierla miconda at gmail.com
Thu Aug 23 12:21:03 CEST 2012 

Hello,

On 8/23/12 11:54 AM, martian at centrum.sk wrote:
>
> Hello to everybody.
>
> I am currently working with Kamailio 3.3.1 on RedHat.
>
> The "loose_route" function was not working correctly and I observed 
> some very strange behaviour (not as one described in the documentation 
> of the function).
>
> I have found that there needs to be a port included in the "alias" 
> variable for the loose_route function to work correctly.
>
> However, upon adding the port to alias, the INVITE messages were no 
> longer authenticated (Kamailio just accepted them and didn't send 
> proxy-auth header in 407 message).
>
> My alias:
>
> alias="domain.ch:5060"
>
> Examining default routing logic, I found the problem here:
>
> if (is_method("REGISTER") || from_uri==myself)
>
> {
>
> # authenticate requests
>
> ...
>
> }
>
> The "from_uri==myself" was no longer evaluated as true, because there 
> was a port at the end of the alias.
>
> The FROM Header of the INVITE messages looks like:
>
> From: "acc1" <sip:acc1 at domain.ch>;tag=12345
>
> ..so .. no port number there.
>
> Btw, I have fixed this with replacing the "myself" list with my own 
> defined variable MY_DOMAIN.
>
> #!define MY_DOMAIN ".*@domain.ch"
>
> So now the condition looks like this:
>
> if (is_method("REGISTER") || from_uri=~MY_DOMAIN)
>
> {
>
> ...
>
> }
>
> I am not sure if this is a bug that needs to be fixed or not. I am 
> just pointing my finger at it and I hope it will contribute to the 
> development.
>
> Also, a valid description of this behavior (when using port in alias) 
> would be appreciated.
>

if you enclose the value of the alias parameter in double quotes, then 
it is taken as string value. If you want to set it to a host:port, then 
remove the double quotes:

alias=domain.ch:5060


Why do you say the loose_route() was working strangely? Do you add the 
hostname as record-route, not the IP address? Detail more about what you 
think is wrong with record routing/loose routing.


Cheers,
Daniel

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120823/65bd3e53/attachment.htm>

More information about the sr-users mailing list