[SR-Users] Setting up web sockets and ephemeral auth

Ben Langfeld ben at langfeld.co.uk
Mon Oct 27 12:18:59 CET 2014


The important part is this:

wrong char [U/85]
in [$hdr(
Upgrade)] at [5 (5)]

You have a unicode newline character after the opening parenthesis. You
should remove this and any other instances of weird characters which have
become inserted in your config.

On 24 October 2014 18:50, Nolan Darilek <nolan at thewordnerd.info> wrote:

> Having a hard time piecing together lots of pieces out of context.
> Here's what I want:
>
> 1. User logs in to my web app via its own authentication mechanisms.
> 2. Via an authenticated REST endpoint, my web app connects to the
> ephemeral auth service and returns a temporary username/password to the
> client.
> 3. The client connects to a web socket SIP interface, authenticating
> with the username/password it was given.
> 4. I'd also like to support authentication via standard SIP client using
> the user's default username/password, but that's a bit down the road still.
>
> Here is my kamailio-local.cfg. I'm using the web socket example copied
> from the docs, with a little cleanup and a few optional checks removed
> for now.
>
> loadmodule "db_mongodb.so"
>
> #!define DBURL "mongodb://mongo/perceptron"
>
> #!define WITH_AUTH
>
> #!define WITH_NAT
>
> loadmodule "xhttp.so"
>
> #modparam("xhttp", "url_match", "^/sip/")
>
> tcp_accept_no_cl=yes
>
> loadmodule "msrp.so"  # Only required if using MSRP over WebSockets
> loadmodule "websocket.so"
>
> loadmodule "auth_ephemeral.so"
>
> modparam("auth_ephemeral", "secret", "Kamailio rulez!!11")
>
> event_route[xhttp:request] {
>   set_reply_close();
>   set_reply_no_connect();
>
>   # xlog("L_DBG", "HTTP Request Received\n");
>
>   if ($hdr(Upgrade) =~ "websocket" && $hdr(Connection) =~ "Upgrade" &&
> $rm=~ "GET" ) {
>     # Validate Host - make sure the client is using the correct
>     # alias for WebSockets
>     if ($hdr(Host) == $null || !is_myself("sip:" + $hdr(Host))) {
>       # xlog("L_WARN", "Bad host $hdr(Host)\n");
>       xhttp_reply("403", "Forbidden", "", "");
>       exit;
>     }
>
>     if (ws_handle_handshake()) {
>       exit;
>     }
>   }
>
>   xhttp_reply("404", "Not found", "", "");
>
> }
>
>
> When I attempt to validate this, I get:
>
>  0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching
> pvar "hdr"
>  0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char [U/85]
> in [$hdr(
> Upgrade)] at [5 (5)]
>  0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file
> /usr/local
> /etc/kamailio/kamailio-local.cfg, line 28, column 7-19: Can't get from
> cache: $h
> dr(Upgrade)
> ERROR: bad config file (1 errors)
>
> I don't know what that means. I've copied the config directly from the
> website.
>
> I tried quoting "Upgrade" and such in the $hdr lines, but that gives me:
>
>  0(1) ERROR: <core> [pvapi.c:790]: pv_parse_spec2(): error searching
> pvar "hdr"
>  0(1) ERROR: <core> [pvapi.c:994]: pv_parse_spec2(): wrong char ["/34]
> in [$hdr(
> "Upgrade")] at [5 (5)]
>  0(1) : <core> [cfg.y:3436]: yyerror_at(): parse error in config file
> /usr/local
> /etc/kamailio/kamailio-local.cfg, line 28, column 7-21: Can't get from
> cache: $h
> dr("Upgrade")
> ERROR: bad config file (1 errors)
>
>
> What am I missing here?
>
> I also had to comment out the xlog lines because those gave me errors.
> Do I need another module loaded to use xlog?
>
> Finally, does anyone have a working, complete example of SIP over web
> sockets with ephemeral auth integrated? I'm not sure if I should be
> checking the ephemeral auth credentials in the web sockets code, the SIP
> routes or somewhere else. I'm also not sure how I should set up
> authentication such that users can log in with both their standard
> credentials or those retrieved via the ephemeral auth module.
>
> Thanks.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141027/c319eb9b/attachment.html>


More information about the sr-users mailing list