[SR-Users] R: publish authentication problem

Daniel-Constantin Mierla miconda at gmail.com
Tue Apr 28 09:25:55 CEST 2015 

Hello,

REGISTER should have Authorization header.

Can you paste the headers of such PUBLISH?

The log message you pasted in a previous email shows that the realm was
not matching:

Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth [api.c:86]:
pre_auth(): auth:pre_auth: Credentials with realm 'myhome2.xip.bpt.com'
not found

Maybe it is different than From header domain.

Cheers,
Daniel

On 28/04/15 09:13, Tomas Zanet wrote:
>
> Hello, yes it is.
>
> The real parameter in Proxy-Authorization header is the same for
> PUBLISH and REGISTER and INVIATE as well.
>
> I’m doing authentication in this way:
>
>  
>
>                 if (!auth_check("$fd", "subscriber", "1")) {
>
>                         auth_challenge("$fd", "0");
>
>                         exit;
>
>                 }
>
>  
>
>  
>
> Thanks,
>
> T.
>
>  
>
>  
>
> *Da:*Daniel-Constantin Mierla [mailto:miconda at gmail.com]
> *Inviato:* lunedì 27 aprile 2015 17:56
> *A:* Kamailio (SER) - Users Mailing List; Tomas Zanet
> *Oggetto:* Re: [SR-Users] publish authentication problem
>
>  
>
> Hello,
>
> can you check what is the value of the realm parameter in
> Proxy-Authorization header of PUBLISH? Is it myhome2.xip.bpt.com?
>
> Cheers,
> Daniel
>
> On 24/04/15 15:31, Tomas Zanet wrote:
>
>     Hello everyone,
>
>     I’ve been working on a project where I would like to implement RFC6035
>
>     https://tools.ietf.org/html/rfc6035
>
>      
>
>     Basically, after the end of the call, our SIP UAC sends a SIP
>     PUBLISH to Kamailio where there are some useful information about
>     media quality (packet loss, mos, etc..)
>
>     This information is stored by Kamailio with sql_query command…
>
>      
>
>     To achieve this, I implemented a custom route function inside
>     Kamailio cfg file, which handles PUBLISH request, check vq-rtcpxr
>     body and store that information into a database.
>
>     Here is a snippet code:
>
>     # AVPF report route                                            
>
>     route[AVPF] {
>
>             if(!is_method("PUBLISH"))
>
>                     return;
>
>             if (has_body("application/vq-rtcpxr"))
>
>             {
>
>     $var(x) =  "INSERT INTO quality_reporting_raw(body) VALUES (\"" +
>     $(rb{s.escape.common}) + "\");";
>
>                     sql_query("cb", "$(var(x))");
>
>                     …… reply 200 ok and so on….
>
>     exit(0)
>
>             }
>
>     }
>
>      
>
>     Everything works fine (almost fine, because the report is stored
>     twice…) if I do the route(AVPF) before authentication, like this…
>
>      
>
>     (main route):
>
>             # handle AVPF reports
>
>             route(AVPF);
>
>      
>
>             # authentication
>
>             route(AUTH);
>
>      
>
>     Instead if I swap these two functions, doing the authentication
>     before publish processing, I have some problems about publish
>     authentication….not for the other requests (INVITE and REGISTER)
>
>     As far as I know From, To and Request-URI must match the
>     authentication user, in the PUBLISH REQUEST as described here
>
>     http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#auth_db.f.auth_check
>
>      
>
>     I confirm that…I’m sending the SIP PUBLISH from user 101 to user
>     101, which is currently registered.
>
>      
>
>     My problem is that Kamailio is continuously answering with 407 to
>     the SIP PUBLISH, even if the PUBLISH request has the right
>     Proxy-Authorization header…
>
>     Digging into the log file, I found this :
>
>     Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
>     [authorize.c:486]: auth_check(): realm [myhome2.xip.bpt.com] table
>     [subscriber] flags [1]
>
>     Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth
>     [api.c:86]: pre_auth(): *auth:pre_auth: Credentials with realm
>     'myhome2.xip.bpt.com' not found*
>
>     Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth_db
>     [authorize.c:252]: *digest_authenticate_hdr(): no credentials*
>
>      
>
>     Just for your better understanding I’m doing authorization with
>     db, using subscriber table where there are all the users with
>     'myhome2.xip.bpt.com' domain…
>
>     In fact, all INVITEs and REGISTERs are correctly authenticated…
>
>      
>
>     Would you mind address me to find out the problem? Maybe, there’s
>     something wrong in my cfg file.
>
>     Thanks in advance
>
>      
>
>     T,
>

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - http://www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150428/0031392e/attachment.html>

More information about the sr-users mailing list