[SR-Users] Re:  How to proxy/authenticate on third...

intel at intrans.baku.az intel at intrans.baku.az
Tue Jul 10 12:55:25 CEST 2012 

intel at intrans.baku.az said:
>
> Daniel-Constantin Mierla said:
>>
>> On 7/10/12 12:14 PM, intel at intrans.baku.az wrote:
>>> Daniel-Constantin Mierla said:
>>>> On 7/10/12 11:50 AM, intel at intrans.baku.az wrote:
>>>>> Daniel-Constantin Mierla said:
>>>>>> Hello,
>>>>>>
>>>>>> On 7/6/12 7:59 PM, intel at intrans.baku.az wrote:
>>>>>>> Can anybody help me with configuration kamailio to authenticate
>>>>>>> call
>>>>>>> on
>>>>>>> 3rd party server?
>>>>>>>
>>>>>>> I want to authenticate(and proxy) call's on other server.
>>>>>>>
>>>>>>> for example, user A have account on my server(let it be
>>>>>>> A at myserver.com)
>>>>>>> and account on other server (let it be AA at hisserver.com)
>>>>>>> myserver.com keeps A's credentials for AA at hisserver.com
>>>>>>> when A is registered on myserver.com, he make call to
>>>>>>> B at othersip.com
>>>>>>> (using myserver.com as a proxy)
>>>>>>> Kamailio on myserver authenticate itself on hisserver as
>>>>>>> AA at hisserver.com,
>>>>>>> makes call to destination, and connect it to A.
>>>>>>>
>>>>>>> How can I setup kamailio for such behavior?
>>>>>>> Which module should I use?
>>>>>>> UAC seems can authenticate on another server, but I don't sure that
>>>>>>> it
>>>>>>> do
>>>>>>> what I want. (I've tried it, but without much success)
>>>>>> indeed, the uac module is the one that can provide what you want,
>>>>>> with
>>>>>> some limitations in regard to cseq incrementation. You have to set a
>>>>>> failure route and if the reply code is 407, the sent the
>>>>>> realm/username
>>>>>> and password to the avps specified by the appropriate module
>>>>>> parameters
>>>>>> -- the next tree at:
>>>>>>
>>>>>>     *
>>>>>> http://kamailio.org/docs/modules/stable/modules_k/uac.html#auth-realm-avp-id
>>>>>>
>>>>>> Then call uac_auth() and relay again.
>>>>> You mean, i need set auth_*_avp with credentials. set failure route,
>>>>> send
>>>>> request to auth_proxy (btw, how? ) and call uac_auth() in failure
>>>>> route,
>>>>> correct?
>>>> t_relay() is one of the functions to sent the request further.
>>> I mean how set next hop not to final destination, but to auth_proxy?
>>>
>>>>> I've tried to use uacreg sql table and uac_reg_request_to, but there
>>>>> was
>>>>> some problems:
>>>>> 1) in uac_reg_request_to with mode 1 mistake (it found credentials
>>>>> only
>>>>> if
>>>>> l_uuid==l_username)
>>>>> i've opened ticket on bugtracker
>>>>> http://sourceforge.net/tracker/?func=detail&aid=3540479&group_id=139143&atid=743020
>>>>> 2) uac_reg_request_to changes uri in request and instead INVITE
>>>>> sip:B at othersip.com makes INVITE sip:AA at hisserver.com
>>>>> if comment out
>>>>>         snprintf(ruri, MAX_URI_SIZE, "sip:%.*s@%.*s",
>>>>>                           reg->r_username.len, reg->r_username.s,
>>>>>                           reg->r_domain.len, reg->r_domain.s);
>>>>> and so on seems working, but I'm don't sure that such modification
>>>>> don't
>>>>> break something else
>>>>> (pretty sure that breaks, but don't know where exactly :)
>>>>> 3)uacreg table loaded on startup, and AFAIK there is no way to modify
>>>>> it
>>>>> dynamically,
>>>>>    so if you change something in this table you MUST restart kamailio
>>>>> (not
>>>>> convinient)
>>>>> I've tried to make RPC for adding new record in htable (using
>>>>> reg_ht_add()), but it returns error and in log I can see
>>>>>    ERROR: uac [uac_reg.c:313]: no more shm
>>>> If you have a lot of records, you need to allocate more shared memory,
>>>> via -m command line parameter.
>>> 19 records in table -OK
>>> 1 record in table and try to add using RPC (self modified uac_reg.c) -
>>> no
>>> more shm.
>> can you set debug=3 in you config file, try again and send all log
>> messages of the operation here?
>>
>
> debug=4
>
> kamctl sercmd uac.reg_add 1 2 3 4 5 6 7 8 sip:85.132.76.182:36999 100
> database engine 'DB_BERKELEY' loaded
> Control engine 'FIFO' loaded
> entering ser_cmd uac.reg_add 1 2 3 4 5 6 7 8 sip:85.132.76.182:36999 100
> error: 500 - Error adding reg to htable
>
> in log:
>
> Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
> [../../io_wait.h:390]: DBG: io_watch_add(0x7fc0e9310680, 15, 3,
> 0x2066670), fd_no=1
> Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
> [io_listener.c:453]: handle_stream read: new connection (1) on
> /tmp/kamailio_ctl
> Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: ERROR: uac
> [uac_reg.c:313]: no more shm
> Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
> [io_listener.c:506]: handle_stream read: eof on /tmp/kamailio_ctl
> Jul 10 15:29:07 dsdb01 /usr/sbin/kamailio[526]: DEBUG: ctl
> [../../io_wait.h:617]: DBG: io_watch_del (0x7fc0e9310680, 15, -1, 0x10)
> fd_no=2 called
>
> uac_reg.c is modified, so line 313 in it is not exist in distribution
> sources.
> there is
>
>         nr = (reg_uac_t*)shm_malloc(sizeof(reg_uac_t) + len);
>         if(nr==NULL)
>         {
>                 LM_ERR("no more shm\n");// 313 is here!
>                 return -1;
>         }
>
> the full source of function in previous message.
Sorry, i've mistaken.
this is part of standard function reg_ht_add(), not my addition

BTW, I also wrote RPCS uac.reg_dump_byuuid and uac.reg_dump_byuser to get
just one record from hash table, to where should I send patches for
including this fuctionality in mainstream?
>
>
>> Cheers,
>> DAniel
>>
>> --
>> Daniel-Constantin Mierla - http://www.asipto.com
>> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
>> Kamailio Advanced Training, Seattle, USA, Sep 23-26, 2012 -
>> http://asipto.com/u/katu
>> Kamailio Practical Workshop, Netherlands, Sep 10-12, 2012 -
>> http://asipto.com/u/kpw
>>
>>
>
>
> --
>
>


--

More information about the sr-users mailing list