[SR-Users] Re:  How to proxy/authenticate on third...

intel at intrans.baku.az intel at intrans.baku.az
Tue Jul 10 12:47:30 CEST 2012 

Daniel-Constantin Mierla said:
>
> On 7/10/12 12:14 PM, intel at intrans.baku.az wrote:
>> Daniel-Constantin Mierla said:
>>> On 7/10/12 11:50 AM, intel at intrans.baku.az wrote:
>>>> Daniel-Constantin Mierla said:
>>>>> Hello,
>>>>>
>>>>> On 7/6/12 7:59 PM, intel at intrans.baku.az wrote:
>>>>>> Can anybody help me with configuration kamailio to authenticate call
>>>>>> on
>>>>>> 3rd party server?
>>>>>>
>>>>>> I want to authenticate(and proxy) call's on other server.
>>>>>>
>>>>>> for example, user A have account on my server(let it be
>>>>>> A at myserver.com)
>>>>>> and account on other server (let it be AA at hisserver.com)
>>>>>> myserver.com keeps A's credentials for AA at hisserver.com
>>>>>> when A is registered on myserver.com, he make call to B at othersip.com
>>>>>> (using myserver.com as a proxy)
>>>>>> Kamailio on myserver authenticate itself on hisserver as
>>>>>> AA at hisserver.com,
>>>>>> makes call to destination, and connect it to A.
>>>>>>
>>>>>> How can I setup kamailio for such behavior?
>>>>>> Which module should I use?
>>>>>> UAC seems can authenticate on another server, but I don't sure that
>>>>>> it
>>>>>> do
>>>>>> what I want. (I've tried it, but without much success)
>>>>> indeed, the uac module is the one that can provide what you want,
>>>>> with
>>>>> some limitations in regard to cseq incrementation. You have to set a
>>>>> failure route and if the reply code is 407, the sent the
>>>>> realm/username
>>>>> and password to the avps specified by the appropriate module
>>>>> parameters
>>>>> -- the next tree at:
>>>>>
>>>>>     *
>>>>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id
>>>>>
>>>>> Then call uac_auth() and relay again.
>>>> You mean, i need set auth_*_avp with credentials. set failure route,
>>>> send
>>>> request to auth_proxy (btw, how? ) and call uac_auth() in failure
>>>> route,
>>>> correct?
>>> t_relay() is one of the functions to sent the request further.
>> I mean how set next hop not to final destination, but to auth_proxy?
>>
>>>> I've tried to use uacreg sql table and uac_reg_request_to, but there
>>>> was
>>>> some problems:
>>>> 1) in uac_reg_request_to with mode 1 mistake (it found credentials
>>>> only
>>>> if
>>>> l_uuid==l_username)
>>>> i've opened ticket on bugtracker
>>>> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020
>>>> 2) uac_reg_request_to changes uri in request and instead INVITE
>>>> sip:B at othersip.com makes INVITE sip:AA at hisserver.com
>>>> if comment out
>>>>         snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s",
>>>>                           reg->r_username.len, reg->r_username.s,
>>>>                           reg->r_domain.len, reg->r_domain.s);
>>>> and so on seems working, but I'm don't sure that such modification
>>>> don't
>>>> break something else
>>>> (pretty sure that breaks, but don't know where exactly :)
>>>> 3)uacreg table loaded on startup, and AFAIK there is no way to modify
>>>> it
>>>> dynamically,
>>>>    so if you change something in this table you MUST restart kamailio
>>>> (not
>>>> convinient)
>>>> I've tried to make RPC for adding new record in htable (using
>>>> reg_ht_add()), but it returns error and in log I can see
>>>>    ERROR: uac [uac_reg.c:313]: no more shm
>>> If you have a lot of records, you need to allocate more shared memory,
>>> via -m command line parameter.
>> 19 records in table -OK
>> 1 record in table and try to add using RPC (self modified uac_reg.c) -
>> no
>> more shm.
> can you set debug=3 in you config file, try again and send all log
> messages of the operation here?
>

debug=4

kamctl sercmd uac.reg_add 1 2 3 4 5 6 7 8 sip:85.132.76.182:36999 100
database engine 'DB_BERKELEY' loaded
Control engine 'FIFO' loaded
entering ser_cmd uac.reg_add 1 2 3 4 5 6 7 8 sip:85.132.76.182:36999 100
error: 500 - Error adding reg to htable

in log:

Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
[../../io_wait.h:390]: DBG: io_watch_add(0x7fc0e9310680, 15, 3,
0x2066670), fd_no=1
Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
[io_listener.c:453]: handle_stream read: new connection (1) on
/tmp/kamailio_ctl
Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: ERROR: uac
[uac_reg.c:313]: no more shm
Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
[io_listener.c:506]: handle_stream read: eof on /tmp/kamailio_ctl
Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
[../../io_wait.h:617]: DBG: io_watch_del (0x7fc0e9310680, 15, -1, 0x10)
fd_no=2 called

uac_reg.c is modified, so line 313 in it is not exist in distribution
sources.
there is

        nr = (reg_uac_t*)shm_malloc(sizeof(reg_uac_t) + len);
        if(nr==NULL)
        {
                LM_ERR("no more shm\n");// 313 is here!
                return -1;
        }

the full source of function in previous message.


> Cheers,
> DAniel
>
> --
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
> http://asipto.com/u/katu
> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
> http://asipto.com/u/kpw
>
>


--

More information about the sr-users mailing list