[SR-Users] Re:   How to proxy/authenticRe:   How to proxy/authenticate on thiRe:   How to proxy/authenticate on third party sip server?

intel at intrans.baku.az intel at intrans.baku.az
Tue Jul 10 12:14:43 CEST 2012 

Daniel-Constantin Mierla said:
>
> On 7/10/12 11:50 AM, intel at intrans.baku.az wrote:
>> Daniel-Constantin Mierla said:
>>> Hello,
>>>
>>> On 7/6/12 7:59 PM, intel at intrans.baku.az wrote:
>>>> Can anybody help me with configuration kamailio to authenticate call
>>>> on
>>>> 3rd party server?
>>>>
>>>> I want to authenticate(and proxy) call's on other server.
>>>>
>>>> for example, user A have account on my server(let it be
>>>> A at myserver.com)
>>>> and account on other server (let it be AA at hisserver.com)
>>>> myserver.com keeps A's credentials for AA at hisserver.com
>>>> when A is registered on myserver.com, he make call to B at othersip.com
>>>> (using myserver.com as a proxy)
>>>> Kamailio on myserver authenticate itself on hisserver as
>>>> AA at hisserver.com,
>>>> makes call to destination, and connect it to A.
>>>>
>>>> How can I setup kamailio for such behavior?
>>>> Which module should I use?
>>>> UAC seems can authenticate on another server, but I don't sure that it
>>>> do
>>>> what I want. (I've tried it, but without much success)
>>> indeed, the uac module is the one that can provide what you want, with
>>> some limitations in regard to cseq incrementation. You have to set a
>>> failure route and if the reply code is 407, the sent the realm/username
>>> and password to the avps specified by the appropriate module parameters
>>> -- the next tree at:
>>>
>>>    *
>>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id
>>>
>>> Then call uac_auth() and relay again.
>> You mean, i need set auth_*_avp with credentials. set failure route,
>> send
>> request to auth_proxy (btw, how? ) and call uac_auth() in failure route,
>> correct?
> t_relay() is one of the functions to sent the request further.

I mean how set next hop not to final destination, but to auth_proxy?

>
>>
>> I've tried to use uacreg sql table and uac_reg_request_to, but there was
>> some problems:
>> 1) in uac_reg_request_to with mode 1 mistake (it found credentials only
>> if
>> l_uuid==l_username)
>> i've opened ticket on bugtracker
>> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020
>> 2) uac_reg_request_to changes uri in request and instead INVITE
>> sip:B at othersip.com makes INVITE sip:AA at hisserver.com
>> if comment out
>>        snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s",
>>                          reg->r_username.len, reg->r_username.s,
>>                          reg->r_domain.len, reg->r_domain.s);
>> and so on seems working, but I'm don't sure that such modification don't
>> break something else
>> (pretty sure that breaks, but don't know where exactly :)
>> 3)uacreg table loaded on startup, and AFAIK there is no way to modify it
>> dynamically,
>>   so if you change something in this table you MUST restart kamailio
>> (not
>> convinient)
>> I've tried to make RPC for adding new record in htable (using
>> reg_ht_add()), but it returns error and in log I can see
>>   ERROR: uac [uac_reg.c:313]: no more shm
> If you have a lot of records, you need to allocate more shared memory,
> via -m command line parameter.
19 records in table -OK
1 record in table and try to add using RPC (self modified uac_reg.c) - no
more shm.
I think than there is not shortage of shared memory, but something
forgotten in function for RPC. Here is src

static void rpc_uac_reg_add(rpc_t* rpc, void* ctx)
{
        reg_uac_t reg ;
        str l_uuid, l_username, l_domain, r_username, r_domain, realm,
auth_username, auth_password, auth_proxy;
        int expire;

        if(_reg_htable==NULL)
        {
                rpc->fault(ctx, 500, "Not enabled");
                return;
        }

        if (rpc->scan(ctx, "SSSSSSSSSd", &l_uuid, &l_username, &l_domain,
&r_username, &r_domain, &realm, &auth_username, &auth_password,
&auth_proxy, &expire) < 0) {
                return;
        }
        memset(&reg, 0, sizeof(reg_uac_t));;
        /* check for NULL values ?!?! */
        reg.l_uuid=l_uuid;
        reg.l_username=l_username;
        reg.l_domain=l_domain;
        reg.r_username=r_username;
        reg.r_domain=r_domain;
        reg.realm=realm;
        reg.auth_username=auth_username;
        reg.auth_password=auth_password;
        reg.auth_proxy=auth_proxy;
        reg.expires = expire;

        if(reg_ht_add(&reg)<0)
        {
                rpc->fault(ctx, 500, "Error adding reg to htable");
                return;
        }



}


>
> uacreg is to register for incoming calls, it is not used for
> authentication of outgoing calls. Use uac_auth() instead, as I said in
> previous email.
>
I'll try.
> Cheers,
> Daniel
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
> http://asipto.com/u/katu
> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
> http://asipto.com/u/kpw
>
>


--

More information about the sr-users mailing list