[SR-Users] Setting up web sockets and ephemeral auth

Nolan Darilek nolan at thewordnerd.info
Fri Oct 24 22:50:14 CEST 2014 

Having a hard time piecing together lots of pieces out of context.
Here's what I want:

1. User logs in to my web app via its own authentication mechanisms.
2. Via an authenticated REST endpoint, my web app connects to the
ephemeral auth service and returns a temporary username/password to the
client.
3. The client connects to a web socket SIP interface, authenticating
with the username/password it was given.
4. I'd also like to support authentication via standard SIP client using
the user's default username/password, but that's a bit down the road still.

Here is my kamailio-local.cfg. I'm using the web socket example copied
from the docs, with a little cleanup and a few optional checks removed
for now.

loadmodule "db_mongodb.so"

#!define DBURL "mongodb://mongo/perceptron"

#!define WITH_AUTH

#!define WITH_NAT

loadmodule "xhttp.so"

#modparam("xhttp", "url_match", "^/sip/")

tcp_accept_no_cl=yes

loadmodule "msrp.so"  # Only required if using MSRP over WebSockets
loadmodule "websocket.so"

loadmodule "auth_ephemeral.so"

modparam("auth_ephemeral", "secret", "Kamailio rulez!!11")

event_route[xhttp:request] {
  set_reply_close();
  set_reply_no_connect();

  # xlog("L_DBG", "HTTP Request Received\n");

  if ($hdr(Upgrade) =~ "websocket" && $hdr(Connection) =~ "Upgrade" &&
$rm=~ "GET" ) {
    # Validate Host - make sure the client is using the correct
    # alias for WebSockets
    if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
      # xlog("L_WARN", "Bad host $hdr(Host)\n");
      xhttp_reply("403", "Forbidden", "", "");
      exit;
    }

    if (ws_handle_handshake()) {
      exit;
    }
  }

  xhttp_reply("404", "Not found", "", "");

}


When I attempt to validate this, I get:

 0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching
pvar "hdr"
 0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char [U/85]
in [$hdr(
Upgrade)] at [5 (5)]
 0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file
/usr/local
/etc/kamailio/kamailio-local.cfg, line 28, column 7-19: Can't get from
cache: $h
dr(Upgrade)
ERROR: bad config file (1 errors)

I don't know what that means. I've copied the config directly from the
website.

I tried quoting "Upgrade" and such in the $hdr lines, but that gives me:

 0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching
pvar "hdr"
 0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char ["/34]
in [$hdr(
"Upgrade")] at [5 (5)]
 0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file
/usr/local
/etc/kamailio/kamailio-local.cfg, line 28, column 7-21: Can't get from
cache: $h
dr("Upgrade")
ERROR: bad config file (1 errors)


What am I missing here?

I also had to comment out the xlog lines because those gave me errors.
Do I need another module loaded to use xlog?

Finally, does anyone have a working, complete example of SIP over web
sockets with ephemeral auth integrated? I'm not sure if I should be
checking the ephemeral auth credentials in the web sockets code, the SIP
routes or somewhere else. I'm also not sure how I should set up
authentication such that users can log in with both their standard
credentials or those retrieved via the ephemeral auth module.

Thanks.

More information about the sr-users mailing list