[SR-Users] Dynamic UAC Registration

Daniel-Constantin Mierla miconda at gmail.com
Sun Jan 20 17:26:07 CET 2019 

Hello,

iirc, the auth header related variables (like $ar) are set when some
authentication functions are used, but that is for requests. For
replies, I am not sure if it is done at all, being also a different
header name.

Unless you want to dig a bit in the code and see what happens there, for
now a solution here would be using transformations to extract fields
from the header Proxy-Authenticate or WWW-Authenticate.

If you want to have these variables set in other cases than it is now,
you can open a new feature request on github issue tracker.

Cheers,
Daniel

On 20.01.19 12:58, Mack Hendricks wrote:
> Hey All,
>
> So, I want to use the UAC module to handle Digest Auth to upstream
> carriers.  But, I don’t know which carrier will be selected until
> another module (dRouting in this case) tells the logic which carrier
> to use.
>
> I can see in the logs that the uac_auth function can capture the Auth
> Realm.  But, I need to access it from the Kamailio script so that I
> can lookup the credentials for that realm and then call uac_auth.
>  I’ve tried getting the info from $ar, but that gives me the realm of
> the inbound request versus the realm of the upstream carrier.  Also,
> I’ve tried using $T_rpl($ar), but that returns 0.  Here’s my logic
> from the Kamailio file:
>
>
>         if(t_check_status("401|407")) {
>                 $var(reply_realm) = $T_rpl($ar);
>                 $var(query)="select auth_username,auth_password from
> uacreg where realm='" + $var(reply_realm) + "'";
>                 sql_xquery("cb","$var(query)","rb");
>                 xlog("L_DEBUG","[MANAGE_FAILURE: Proxy Auth]: The
> query is $var(query) auth realm is $var(reply_realm) and the user name
> is $xavp(rb=>auth_username)");
>                 $avp(auser) = $xavp(rb=>auth_username);
>                 $avp(apass) = $xavp(rb=>auth_password);
>                 uac_auth();
>                 t_relay();
>                 exit;`
>         }
>
>
> A snippet of the log file is below:
>
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: ***
> cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg]
> l=1616 a=63 n=assign
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: ***
> cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg]
> l=1617 a=63 n=assign
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: ***
> cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg]
> l=1618 a=24 n=uac_auth
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth.c:409]: uac_auth(): picked reply is 0x7f900cb7eaf0, code 407
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth.c:225]: get_autenticate_hdr(): looking for header
> "Proxy-Authenticate"
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth.c:429]: uac_auth(): header found; body=<Digest
> realm="sip.flowroute.com <http://sip.flowroute.com>",
> nonce="XERJMlxESAbDNCK3INmBfoET1GGxpcyr", qop="auth">
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth_hdr.c:209]: parse_authenticate_body():
> <realm>="sip.flowroute.com <http://sip.flowroute.com>" state=2
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth_hdr.c:209]: parse_authenticate_body():
> <nonce>="XERJMlxESAbDNCK3INmBfoET1GGxpcyr" state=3
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth_hdr.c:209]: parse_authenticate_body(): <qop>="auth" state=1
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: DEBUG: uac
> [auth.c:449]: uac_auth(): no credential for realm "sip.flowroute.com
> <http://sip.flowroute.com>"
> Jan 20 10:05:58 dsiprouter /usr/sbin/kamailio[2871]: exec: ***
> cfgtrace:failure_route=[DEFAULT_ROUTE] c=[/etc/kamailio/kamailio.cfg]
> l=1619 a=24 n=t_relay
>
>
> Thanks in advance for any help
>
> Mack Hendricks
> dSIPRouter
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC, USA -- www.asipto.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190120/55391b38/attachment.html>

More information about the sr-users mailing list