[SR-Users] publish authentication problem

Daniel-Constantin Mierla miconda at gmail.com
Mon Apr 27 17:55:51 CEST 2015 

Hello,

can you check what is the value of the realm parameter in
Proxy-Authorization header of PUBLISH? Is it myhome2.xip.bpt.com?

Cheers,
Daniel

On 24/04/15 15:31, Tomas Zanet wrote:
>
> Hello everyone,
>
> I’ve been working on a project where I would like to implement RFC6035
>
> https://tools.ietf.org/html/rfc6035
>
>  
>
> Basically, after the end of the call, our SIP UAC sends a SIP PUBLISH
> to Kamailio where there are some useful information about media
> quality (packet loss, mos, etc..)
>
> This information is stored by Kamailio with sql_query command…
>
>  
>
> To achieve this, I implemented a custom route function inside Kamailio
> cfg file, which handles PUBLISH request, check vq-rtcpxr body and
> store that information into a database.
>
> Here is a snippet code:
>
> # AVPF report route                                            
>
> route[AVPF] {
>
>         if(!is_method("PUBLISH"))
>
>                 return;
>
>         if (has_body("application/vq-rtcpxr"))
>
>         {
>
> $var(x) =  "INSERT INTO quality_reporting_raw(body) VALUES (\"" +
> $(rb{s.escape.common}) + "\");";
>
>                 sql_query("cb", "$(var(x))");
>
>                 …… reply 200 ok and so on….
>
> exit(0)
>
>         }
>
> }
>
>  
>
> Everything works fine (almost fine, because the report is stored
> twice…) if I do the route(AVPF) before authentication, like this…
>
>  
>
> (main route):
>
>         # handle AVPF reports
>
>         route(AVPF);
>
>  
>
>         # authentication
>
>         route(AUTH);
>
>  
>
> Instead if I swap these two functions, doing the authentication before
> publish processing, I have some problems about publish
> authentication….not for the other requests (INVITE and REGISTER)
>
> As far as I know From, To and Request-URI must match the
> authentication user, in the PUBLISH REQUEST as described here
>
> http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#auth_db.f.auth_check
>
>  
>
> I confirm that…I’m sending the SIP PUBLISH from user 101 to user 101,
> which is currently registered.
>
>  
>
> My problem is that Kamailio is continuously answering with 407 to the
> SIP PUBLISH, even if the PUBLISH request has the right
> Proxy-Authorization header…
>
> Digging into the log file, I found this :
>
> Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
> [authorize.c:486]: auth_check(): realm [myhome2.xip.bpt.com] table
> [subscriber] flags [1]
>
> Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth
> [api.c:86]: pre_auth(): *auth:pre_auth: Credentials with realm
> 'myhome2.xip.bpt.com' not found*
>
> Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
> [authorize.c:252]: *digest_authenticate_hdr(): no credentials*
>
>  
>
> Just for your better understanding I’m doing authorization with db,
> using subscriber table where there are all the users with
> 'myhome2.xip.bpt.com' domain…
>
> In fact, all INVITEs and REGISTERs are correctly authenticated…
>
>  
>
> Would you mind address me to find out the problem? Maybe, there’s
> something wrong in my cfg file.
>
> Thanks in advance
>
>  
>
> T,
>
>  
>
>  
>
> *Tomas Zanet*
> Software Design Department
> tzanet at came.com
>

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150427/2a12de62/attachment.html>

More information about the sr-users mailing list