[SR-Users] Users being registered without any Authentication
Faisal Rehman
faisal.rehman22 at yahoo.com
Mon Mar 19 13:47:12 CET 2012
Hi Veneet,
Yeah its seems so that is why it is registering the users without any authorization, but I am new to Kamailio so will you please tell me how can I set that WITH_AUTH environment variable?
Regards,
Faisal Rehman
________________________________
From: Vineet Menon <mvineetmenon at gmail.com>
To: Faisal Rehman <faisal.rehman22 at yahoo.com>; SIP Router - Kamailio (OpenSER) and SIP Express Router (SER) - Users Mailing List <sr-users at lists.sip-router.org>
Sent: Monday, March 19, 2012 9:46 AM
Subject: Re: [SR-Users] Users being registered without any Authentication
Hi,
have you set the WITH_AUTH environment variable? A quick glance over your config fie says the negative.... Just have a look...
Regards,
Vineet Menon
On 17 March 2012 03:03, Faisal Rehman <faisal.rehman22 at yahoo.com> wrote:
Hi Sir,
>
>
>Sending the email again.
>
>Regards,
>
>
>Faisal Rehman
>
>----- Forwarded Message -----
>From: Faisal Rehman <faisal.rehman22 at yahoo.com>
>To: SIP Router - Kamailio ( Open SER) and SIP Express Router ( SER) - Users Mailing List <sr-users at lists.sip-router.org>
>Sent: Saturday, March 17, 2012 2:31 AM
>Subject: Users being registered without any Authentication
>
>
>Hi,
>
>
>I have the below configuration file kamailio.cfg but all the users are not being registered with authentication, so am I doing some mistake in it?
>
>
>
>
>#!KAMAILIO
>#
># Kamailio (OpenSER) SIP Server v3.2 - default configuration script
># - web: http://www.kamailio.org
># - git: http://sip-router.org
>#
># Direct your questions about this file to: <sr-users at lists.sip-router.org>
>#
># Refer to the Core CookBook at http://www.kamailio.org/dokuwiki/doku.php
># for an explanation of possible statements, functions and parameters.
>#
># Several features can be enabled using '#!define WITH_FEATURE' directives:
>#
># *** To run in debug mode:
># - define WITH_DEBUG
>#
># *** To enable mysql:
># - define WITH_MYSQL
>#
># *** To enable authentication execute:
># - enable mysql
># - define WITH_AUTH
># - add users using 'kamctl'
>#
># *** To enable IP authentication execute:
># - enable mysql
># - enable authentication
># - define WITH_IPAUTH
># - add IP addresses with group id '1' to 'address' table
>#
># *** To enable persistent user location execute:
># - enable mysql
># - define WITH_USRLOCDB
>#
># *** To enable presence server execute:
># - enable mysql
># - define WITH_PRESENCE
>#
># *** To enable nat traversal execute:
># - define WITH_NAT
># - install RTPProxy: http://www.rtpproxy.org
># - start RTPProxy:
># rtpproxy -l _your_public_ip_ -s udp:localhost:7722
>#
># *** To enable PSTN gateway routing execute:
># - define WITH_PSTN
># - set the value of pstn.gw_ip
># - check route[PSTN] for regexp routing condition
>#
># *** To enable database aliases lookup execute:
># - enable mysql
># - define WITH_ALIASDB
>#
># *** To enable speed dial lookup execute:
># - enable mysql
># - define WITH_SPEEDDIAL
>#
># *** To enable multi-domain support execute:
># - enable mysql
># - define WITH_MULTIDOMAIN
>#
># *** To enable TLS support execute:
># - adjust CFGDIR/tls.cfg as needed
># - define WITH_TLS
>#
># *** To enable XMLRPC support execute:
># - define WITH_XMLRPC
># - adjust route[XMLRPC] for access policy
>#
># *** To enable anti-flood detection execute:
># - adjust pike and htable=>ipban settings as needed (default is
># block if more than 16 requests in 2 seconds and ban for 300 seconds)
># - define WITH_ANTIFLOOD
>#
># *** To block 3XX redirect replies execute:
># - define WITH_BLOCK3XX
>#
># *** To enable VoiceMail routing execute:
># - define WITH_VOICEMAIL
># - set the value of voicemail.srv_ip
># - adjust the value of voicemail.srv_port
>#
># *** To enhance accounting execute:
># - enable mysql
># - define WITH_ACCDB
># - add following columns to database
>#!ifdef ACCDB_COMMENT
> ALTER TABLE acc ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN src_ip varchar(64) NOT NULL default '';
> ALTER TABLE acc ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE acc ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN src_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN src_domain VARCHAR(128) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN src_ip varchar(64) NOT NULL default '';
> ALTER TABLE missed_calls ADD COLUMN dst_ouser VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN dst_user VARCHAR(64) NOT NULL DEFAULT '';
> ALTER TABLE missed_calls ADD COLUMN dst_domain VARCHAR(128) NOT NULL DEFAULT '';
>#!endif
>
>
>####### Defined Values #########
>
>
># *** Value defines - IDs used later in config
>#!ifdef WITH_MYSQL
># - database URL - used to connect to database server by modules such
># as: auth_db, acc, usrloc, a.s.o.
>#!define DBURL "mysql://faisal:faisal123@localhost/kamailio"
>#!endif
>#!ifdef WITH_MULTIDOMAIN
># - the value for 'use_domain' parameters
>#!define MULTIDOMAIN 1
>#!else
>#!define MULTIDOMAIN 0
>#!endif
>
>
># - flags
># FLT_ - per transaction (message) flags
>#FLB_ - per branch flags
>#!define FLT_ACC 1
>#!define FLT_ACCMISSED 2
>#!define FLT_ACCFAILED 3
>#!define FLT_NATS 5
>
>
>#!define FLB_NATB 6
>#!define FLB_NATSIPPING 7
>
>
>####### Global Parameters #########
>
>
>#!ifdef WITH_DEBUG
>debug=4
>log_stderror=yes
>#!else
>debug=2
>log_stderror=no
>#!endif
>
>
>memdbg=5
>memlog=5
>
>
>log_facility=LOG_LOCAL0
>
>
>fork=yes
>children=4
>
>
>/* uncomment the next line to disable TCP (default on) */
>#disable_tcp=yes
>
>
>/* uncomment the next line to disable the auto discovery of local aliases
> based on reverse DNS on IPs (default on) */
>#auto_aliases=no
>
>
>/* add local domain aliases */
>
>
>/* uncomment and configure the following line if you want Kamailio to
> bind on a specific interface/port/proto (default bind on all available) */
>listen=udp:192.162.15.23:5161
>listen=tcp:129.162.15.23:5161
>alias="xmpp.kamailio.org"
>
>
>/* port to listen to
> * - can be specified more than once if needed to listen on many ports */
>port=5161
>
>
>#!ifdef WITH_TLS
>enable_tls=yes
>#!endif
>
>
># life time of TCP connection when there is no traffic
># - a bit higher than registration expires to cope with UA behind NAT
>tcp_connection_lifetime=3605
>
>
>####### Custom Parameters #########
>
>
># These parameters can be modified runtime via RPC interface
># - see the documentation of 'cfg_rpc' module.
>#
># Format: group.id = value 'desc' description
># Access: $sel(cfg_get.group.id) or @cfg_get.group.id
>#
>
>
>#!ifdef WITH_PSTN
># PSTN GW Routing
>#
># - pstn.gw_ip: valid IP or hostname as string value, example:
># pstn.gw_ip = "10.0.0.101" desc "My PSTN GW Address"
>#
># - by default is empty to avoid misrouting
>pstn.gw_ip = "" desc "PSTN GW Address"
>#!endif
>
>
>#!ifdef WITH_VOICEMAIL
># VoiceMail Routing on offline, busy or no answer
>#
># - by default Voicemail server IP is empty to avoid misrouting
>voicemail.srv_ip = "" desc "VoiceMail IP Address"
>voicemail.srv_port = "5060" desc "VoiceMail Port"
>#!endif
>
>
>####### Modules Section ########
>
>
># set paths to location of modules (to sources or installation folders)
>#!ifdef WITH_SRCPATH
>mpath="modules_k:modules"
>#!else
>mpath="/usr/local/lib/kamailio/modules_k/:/usr/local/lib/kamailio/modules/"
>#!endif
>
>
>#!ifdef WITH_MYSQL
>loadmodule "db_mysql.so"
>#!endif
>
>
>loadmodule "mi_fifo.so"
>loadmodule "kex.so"
>loadmodule "tm.so"
>loadmodule "tmx.so"
>loadmodule "sl.so"
>loadmodule "rr.so"
>loadmodule "pv.so"
>loadmodule "maxfwd.so"
>loadmodule "usrloc.so"
>loadmodule "registrar.so"
>loadmodule "textops.so"
>loadmodule "siputils.so"
>loadmodule "xlog.so"
>loadmodule "sanity.so"
>loadmodule "ctl.so"
>loadmodule "cfg_rpc.so"
>loadmodule "mi_rpc.so"
>loadmodule "acc.so"
>loadmodule "xmpp.so"
>
>
>#!ifdef WITH_AUTH
>loadmodule "auth.so"
>loadmodule "auth_db.so"
>#!ifdef WITH_IPAUTH
>loadmodule "permissions.so"
>#!endif
>#!endif
>
>
>#!ifdef WITH_ALIASDB
>loadmodule "alias_db.so"
>#!endif
>
>
>#!ifdef WITH_SPEEDDIAL
>loadmodule "speeddial.so"
>#!endif
>
>
>#!ifdef WITH_MULTIDOMAIN
>loadmodule "domain.so"
>#!endif
>
>
>#!ifdef WITH_PRESENCE
>loadmodule "presence.so"
>loadmodule "presence_xml.so"
>#!endif
>
>
>#!ifdef WITH_NAT
>loadmodule "nathelper.so"
>loadmodule "rtpproxy.so"
>#!endif
>
>
>#!ifdef WITH_TLS
>loadmodule "tls.so"
>#!endif
>
>
>#!ifdef WITH_ANTIFLOOD
>loadmodule "htable.so"
>loadmodule "pike.so"
>#!endif
>
>
>#!ifdef WITH_XMLRPC
>loadmodule "xmlrpc.so"
>#!endif
>
>
>#!ifdef WITH_DEBUG
>loadmodule "debugger.so"
>#!endif
>
>
># ----------------- setting module-specific parameters ---------------
>
>
>
>
># ----- mi_fifo params -----
>modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
>
>
>
>
># ----- tm params -----
># auto-discard branches from previous serial forking leg
>modparam("tm", "failure_reply_mode", 3)
># default retransmission timeout: 30sec
>modparam("tm", "fr_timer", 30000)
># default invite retransmission timeout after 1xx: 120sec
>modparam("tm", "fr_inv_timer", 120000)
>
>
>#--------XMPP Module Params---------------
>modparam("xmpp", "domain_separator", "%")
>modparam("xmpp", "xmpp_domain", "192.168.15.23")
>modparam("xmpp", "xmpp_host", "192.168.15.23")
>modparam("xmpp", "gateway_domain", "192.168.15.23")
>modparam("xmpp", "backend", "server")
>modparam("xmpp", "xmpp_port", 5299)
>modparam("xmpp", "xmpp_password", "casilla233")
>
>
># ----- rr params -----
># add value to ;lr param to cope with most of the UAs
>modparam("rr", "enable_full_lr", 1)
># do not append from tag to the RR (no need for this script)
>modparam("rr", "append_fromtag", 0)
>
>
>
>
># ----- registrar params -----
>modparam("registrar", "method_filtering", 1)
>/* uncomment the next line to disable parallel forking via location */
># modparam("registrar", "append_branches", 0)
>/* uncomment the next line not to allow more than 10 contacts per AOR */
>#modparam("registrar", "max_contacts", 10)
># max value for expires of registrations
>modparam("registrar", "max_expires", 3600)
>
>
>
>
># ----- acc params -----
>/* what special events should be accounted ? */
>modparam("acc", "early_media", 0)
>modparam("acc", "report_ack", 0)
>modparam("acc", "report_cancels", 0)
>/* by default ww do not adjust the direct of the sequential requests.
> if you enable this parameter, be sure the enable "append_fromtag"
> in "rr" module */
>modparam("acc", "detect_direction", 0)
>/* account triggers (flags) */
>modparam("acc", "log_flag", FLT_ACC)
>modparam("acc", "log_missed_flag", FLT_ACCMISSED)
>modparam("acc", "log_extra",
>"src_user=$fU;src_domain=$fd;src_ip=$si;"
>"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>modparam("acc", "failed_transaction_flag", FLT_ACCFAILED)
>/* enhanced DB accounting */
>#!ifdef WITH_ACCDB
>modparam("acc", "db_flag", FLT_ACC)
>modparam("acc", "db_missed_flag", FLT_ACCMISSED)
>modparam("acc", "db_url", DBURL)
>modparam("acc", "db_extra",
>"src_user=$fU;src_domain=$fd;src_ip=$si;"
>"dst_ouser=$tU;dst_user=$rU;dst_domain=$rd")
>#!endif
>
>
>
>
># ----- usrloc params -----
>/* enable DB persistency for location entries */
>#!ifdef WITH_USRLOCDB
>modparam("usrloc", "db_url", DBURL)
>modparam("usrloc", "db_mode", 2)
>modparam("usrloc", "use_domain", MULTIDOMAIN)
>#!endif
>
>
>
>
># ----- auth_db params -----
>#!ifdef WITH_AUTH
>modparam("auth_db", "db_url", DBURL)
>modparam("auth_db", "calculate_ha1", yes)
>modparam("auth_db", "password_column", "password")
>modparam("auth_db", "load_credentials", "")
>modparam("auth_db", "use_domain", MULTIDOMAIN)
>
>
># ----- permissions params -----
>#!ifdef WITH_IPAUTH
>modparam("permissions", "db_url", DBURL)
>modparam("permissions", "db_mode", 1)
>#!endif
>
>
>#!endif
>
>
>
>
># ----- alias_db params -----
>#!ifdef WITH_ALIASDB
>modparam("alias_db", "db_url", DBURL)
>modparam("alias_db", "use_domain", MULTIDOMAIN)
>#!endif
>
>
>
>
># ----- speedial params -----
>#!ifdef WITH_SPEEDDIAL
>modparam("speeddial", "db_url", DBURL)
>modparam("speeddial", "use_domain", MULTIDOMAIN)
>#!endif
>
>
>
>
># ----- domain params -----
>#!ifdef WITH_MULTIDOMAIN
>modparam("domain", "db_url", DBURL)
># use caching
>modparam("domain", "db_mode", 1)
># register callback to match myself condition with domains list
>modparam("domain", "register_myself", 1)
>#!endif
>
>
>
>
>#!ifdef WITH_PRESENCE
># ----- presence params -----
>modparam("presence", "db_url", DBURL)
>
>
># ----- presence_xml params -----
>modparam("presence_xml", "db_url", DBURL)
>modparam("presence_xml", "force_active", 1)
>#!endif
>
>
>
>
>#!ifdef WITH_NAT
># ----- rtpproxy params -----
>modparam("rtpproxy", "rtpproxy_sock", "udp:127.0.0.1:7722")
>
>
># ----- nathelper params -----
>modparam("nathelper", "natping_interval", 30)
>modparam("nathelper", "ping_nated_only", 1)
>modparam("nathelper", "sipping_bflag", FLB_NATSIPPING)
>modparam("nathelper", "sipping_from", "sip:pinger at kamailio.org")
>
>
># params needed for NAT traversal in other modules
>modparam("nathelper|registrar", "received_avp", "$avp(RECEIVED)")
>modparam("usrloc", "nat_bflag", FLB_NATB)
>#!endif
>
>
>
>
>#!ifdef WITH_TLS
># ----- tls params -----
>modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
>#!endif
>
>
>#!ifdef WITH_ANTIFLOOD
># ----- pike params -----
>modparam("pike", "sampling_time_unit", 2)
>modparam("pike", "reqs_density_per_unit", 16)
>modparam("pike", "remove_latency", 4)
>
>
># ----- htable params -----
># ip ban htable with autoexpire after 5 minutes
>modparam("htable", "htable", "ipban=>size=8;autoexpire=300;")
>#!endif
>
>
>#!ifdef WITH_XMLRPC
># ----- xmlrpc params -----
>modparam("xmlrpc", "route", "XMLRPC");
>modparam("xmlrpc", "url_match", "^/RPC")
>#!endif
>
>
>#!ifdef WITH_DEBUG
># ----- debugger params -----
>modparam("debugger", "cfgtrace", 1)
>#!endif
>
>
>####### Routing Logic ########
>
>
>
>
># Main SIP request routing logic
># - processing of any incoming SIP request starts with this route
># - note: this is the same as route { ... }
>request_route {
>
>
># per request initial checks
>route(REQINIT);
>
>
># NAT detection
>route(NATDETECT);
>
>
># handle requests within SIP dialogs
>route(WITHINDLG);
>
>
>### only initial requests (no To tag)
>
>
># CANCEL processing
>if (is_method("CANCEL"))
>{
>if (t_check_trans())
>t_relay();
>exit;
>}
>
>
>t_check_trans();
>#authentication
>route(AUTH);
>###############-----------------------------------XMPP Server Configuration----------------------------------------#################
>if (uri =~ "sip:.+ at sip-xmpp\.kamailio\.org") {
> #absorb transmission
>if (!t_newtran()){
>sl_reply_error();
>exit;
>}
>
>
>#Handling Instant Messaging
>if (is_method("MESSAGE")){
>xlog("message to XMPP: from <$fu> ru>\n");
>if (xmpp_send_message()){
>sl_send_reply("202", "Accepted");
>} else {
>sl_send_reply("404", "Not found");
>}
>exit;
> }
>#Un-supported Type of SIP Message
>xlog("message to XMPP: method [$rm] not supported yet\n");
>sl_send_reply("503", "Service unavailable");
>exit;
>}
>##################--------------------------------XMPP Server Configuration-----------------------------------------------###############
>
>
># record routing for dialog forming requests (in case they are routed)
># - remove preloaded route headers
>remove_hf("Route");
>if (is_method("INVITE|SUBSCRIBE"))
>record_route();
>
>
># account only INVITEs
>if (is_method("INVITE"))
>{
>setflag(FLT_ACC); # do accounting
>}
>
>
># dispatch requests to foreign domains
>route(SIPOUT);
>
>
>### requests for my local domains
>
>
># handle presence related requests
>route(PRESENCE);
>
>
># handle registrations
>route(REGISTRAR);
>
>
>if ($rU==$null)
>{
># request with no Username in RURI
>sl_send_reply("484","Address Incomplete");
>exit;
>}
>
>
># dispatch destinations to PSTN
>route(PSTN);
>
>
># user location service
>route(LOCATION);
>
>
>route(RELAY);
>}
>
>
>
>
>route[RELAY] {
>
>
># enable additional event routes for forwarded requests
># - serial forking, RTP relaying handling, a.s.o.
>if (is_method("INVITE|SUBSCRIBE")) {
>t_on_branch("MANAGE_BRANCH");
>t_on_reply("MANAGE_REPLY");
>}
>if (is_method("INVITE")) {
>t_on_failure("MANAGE_FAILURE");
>}
>
>
>if (!t_relay()) {
>sl_reply_error();
>}
>exit;
>}
>
>
># Per SIP request initial checks
>route[REQINIT] {
>#!ifdef WITH_ANTIFLOOD
># flood dection from same IP and traffic ban for a while
># be sure you exclude checking trusted peers, such as pstn gateways
># - local host excluded (e.g., loop to self)
>if(src_ip!=myself)
>{
>if($sht(ipban=>$si)!=$null)
>{
># ip is already blocked
>xdbg("request from blocked IP - $rm from $fu (IP:$si:$sp)\n");
>exit;
>}
>if (!pike_check_req())
>{
>xlog("L_ALERT","ALERT: pike blocking $rm from $fu (IP:$si:$sp)\n");
>$sht(ipban=>$si) = 1;
>exit;
>}
>}
>#!endif
>
>
>if (!mf_process_maxfwd_header("10")) {
>sl_send_reply("483","Too Many Hops");
>exit;
>}
>
>
>if(!sanity_check("1511", "7"))
>{
>xlog("Malformed SIP message from $si:$sp\n");
>exit;
>}
>}
>
>
># Handle requests within SIP dialogs
>route[WITHINDLG] {
>if (has_totag()) {
># sequential request withing a dialog should
># take the path determined by record-routing
>if (loose_route()) {
>if (is_method("BYE")) {
>setflag(FLT_ACC); # do accounting ...
>setflag(FLT_ACCFAILED); # ... even if the transaction fails
>}
>if ( is_method("ACK") ) {
># ACK is forwarded statelessy
>route(NATMANAGE);
>}
>route(RELAY);
>} else {
>if (is_method("SUBSCRIBE") && uri == myself) {
># in-dialog subscribe requests
>route(PRESENCE);
>exit;
>}
>if ( is_method("ACK") ) {
>if ( t_check_trans() ) {
># no loose-route, but stateful ACK;
># must be an ACK after a 487
># or e.g. 404 from upstream server
>t_relay();
>exit;
>} else {
># ACK without matching transaction ... ignore and discard
>exit;
>}
>}
>sl_send_reply("404","Not here");
>}
>exit;
>}
>}
>
>
># Handle SIP registrations
>route[REGISTRAR] {
>if (is_method("REGISTER"))
>{
>if(isflagset(FLT_NATS))
>{
>setbflag(FLB_NATB);
># uncomment next line to do SIP NAT pinging
>## setbflag(FLB_NATSIPPING);
>}
>if (!save("location"))
>sl_reply_error();
>
>
>exit;
>}
>}
>
>
># USER location service
>route[LOCATION] {
>
>
>#!ifdef WITH_SPEEDIAL
># search for short dialing - 2-digit extension
>if($rU=~"^[0-9][0-9]$")
>if(sd_lookup("speed_dial"))
>route(SIPOUT);
>#!endif
>
>
>#!ifdef WITH_ALIASDB
># search in DB-based aliases
>if(alias_db_lookup("dbaliases"))
>route(SIPOUT);
>#!endif
>
>
>$avp(oexten) = $rU;
>if (!lookup("location")) {
>$var(rc) = $rc;
>route(TOVOICEMAIL);
>t_newtran();
>switch ($var(rc)) {
>case -1:
>case -3:
>send_reply("404", "Not Found");
>exit;
>case -2:
>send_reply("405", "Method Not Allowed");
>exit;
>}
>}
>
>
># when routing via usrloc, log the missed calls also
>if (is_method("INVITE"))
>{
>setflag(FLT_ACCMISSED);
>}
>}
>
>
># Presence server route
>route[PRESENCE] {
>if(!is_method("PUBLISH|SUBSCRIBE"))
>return;
>
>
>#!ifdef WITH_PRESENCE
>if (!t_newtran())
>{
>sl_reply_error();
>exit;
>};
>
>
>if(is_method("PUBLISH"))
>{
>handle_publish();
>t_release();
>}
>else
>if( is_method("SUBSCRIBE"))
>{
>handle_subscribe();...
>
>[Message clipped]
>_______________________________________________
>SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>sr-users at lists.sip-router.org
>http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120319/81e8310c/attachment-0001.htm>
More information about the sr-users
mailing list