[SR-Users] UAC authentication challenge response using KEMI/app_ruby

Andrew White andrew at uconnected.com.au
Fri Apr 5 05:07:14 CEST 2019 

Hi all,

I’m continuing on my quest to use app_ruby for my logic - it’s working very well so far!

The last major hurdle I’ve come across is UAC response to WWW challenge. On my outbound path, the correct URIs for From and To are set based on provider requirements, and the INVITE is sent using t_relay():

def ksr_route_to_trunk()
  KSR.info("Route to trunk")
  if KSR::TM.t_is_set("failure_route") < 0 then
    KSR::TM.t_on_failure("ksr_failure_manage_trunk")
  end

  # Relay
  KSR::PV.sets("$fu", "sip:#{$uacs[trunk]['r_username']}@#{$uacs[trunk]['r_domain']}")
  KSR::PV.sets("$fn", '')
  new_uri = "sip:61400123123@#{uacs[trunk]['r_domain']}"
  KSR.info("New URI is #{new_uri}")

  KSR.seturi(uri)
  KSR::UAC.uac_replace_to('', uri)

  KSR::TM.t_relay()
  exit
end

I’ve stripped it back, but this function is great and works perfectly. An INVITE is sent to the correct place, and the trunk receives the INVITE. It then responds with a 401/WWW-Authenticate.

My failure route is called fine. Below is the stripped down code:

def ksr_failure_manage_trunk()
  exit if KSR::TM.t_is_canceled() > 0
  KSR.info("Hit trunk failure manage route")
  KSR::PV.sets("$avp(auser)", 'user')
  KSR::PV.sets("$avp(apass)", 'pass')
  KSR::PV.sets("$avp(arealm)", 'test.local')
  KSR.info("AVPs: #{KSR::PV.gete("$avp(auser)")} #{KSR::PV.gete("$avp(apass)")} #{KSR::PV.gete("$avp(arealm)")}")

  if KSR::UAC.uac_auth() then
    KSR.info("UAC authed, relaying")
    KSR::TM.t_relay()
  else
    KSR.info("UAC NOT authed, no relay")
  end
  exit

end

Also the AVP values are set (I believe) correctly:

modparam("uac", "auth_username_avp", "$avp(auser)")
modparam("uac", "auth_password_avp", "$avp(apass)")
modparam("uac", "auth_realm_avp", "$avp(arealm)")

This throws the following complaint, and doesn’t send a new response back to the trunk:

Apr  5 02:55:22 ip-10-0-0-2 /usr/local/sbin/kamailio[26870]: ERROR: {1 102 INVITE 3a84da15272da66e527a79144c48516c at 10.0.0.20:5060} tm [t_fwd.c:1728]: t_forward_nonack(): no branches for forwarding
Apr  5 02:55:22 ip-10-0-0-2 /usr/local/sbin/kamailio[26870]: ERROR: {1 102 INVITE 3a84da15272da66e527a79144c48516c at 10.0.0.20:5060} tm [tm.c:1619]: _w_t_relay_to(): t_forward_noack failed

I don’t understand branches very well, however after some digging around, I appended KSR::COREX.append_branch() in before the t_relay() in the failure. This stops the error and now we send an ACK and a new INVITE, but still without the expected authorisation header.

I feel like my lack of understanding about branches is the issue here - I seem to be sending an INVITE, but not adding the auth header that I suspect is being generated somewhere!

Thanks for your help.

________________________________

Andrew White - Director
uConnected
Email: andrew at uconnected.com.au
Web: www.uConnected.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190405/8f0f95bc/attachment.html>

More information about the sr-users mailing list