[SR-Users] BYE relays Digest and others in Proxy-Authorization header

Sergiu Pojoga pojogas at gmail.com
Sun May 19 18:41:47 CEST 2019 

Hi David,

Not sure if you read the entire thread, the question was specifically for
in-dialog subsequent requests. Even in the default config, *route[AUTH]* is
right after *route[WITHINDLG]*, so I highly doubt re-Invites, BYEs and
other in-dialogs are stripped of authentication credentials.

Correct me if I'm wrong.

Cheers.

On Sun, May 19, 2019 at 7:41 AM David Villasmil <
david.villasmil.work at gmail.com> wrote:

> After authentication, you always need to consume the credentials, as
> pointed out. There’s a function specifically for that.
> Check out the default-installed config, you’ll see it being used there.
>
> David
>
> On Sat, 18 May 2019 at 17:08, Sergiu Pojoga <pojogas at gmail.com> wrote:
>
>> Some update.
>>
>> I'll have to see in time if this is ok, but for now
>> * remove_hf("Proxy-Authorization")* in a *if (from_uri == myself &&
>> has_credentials("mydomain"))* statement WITHINDLG route seems to do
>> the trick. *consume_credentials()* for some reason doesn't on in-dialogs.
>>
>> Cheers.
>>
>> On Sat, May 18, 2019 at 10:44 AM Sergiu Pojoga <pojogas at gmail.com> wrote:
>>
>>> Hi Aqs,
>>>
>>> By all means I'm doing that for dialog-forming INVITEs, just in doubt if
>>> need (or not) to do the same for other methods that carry authentication
>>> headers.
>>>
>>> I now found this article which partially explains my dilemma.
>>>
>>> https://stackoverflow.com/questions/14066587/sip-getting-407-response-for-bye-request
>>>
>>>
>>> Cheers.
>>>
>>> On Sat, May 18, 2019 at 10:32 AM Aqs Younas <aqsyounas at gmail.com> wrote:
>>>
>>>> May be you need this.
>>>>
>>>>
>>>> https://www.kamailio.org/docs/modules/devel/modules/auth.html#auth.f.consume_credentials
>>>>
>>>> Br, Aqs
>>>>
>>>> On Sat, 18 May 2019, 7:26 pm Juha Heinanen, <jh at tutpro.com> wrote:
>>>>
>>>>> Sergiu Pojoga writes:
>>>>> >
>>>>> > Noticed BYE requests relayed from caller to callee have the
>>>>> > *Proxy-Authorization* header including *Digest*, *nonce* and
>>>>> *response*.
>>>>> >
>>>>> > Is that by SIP definition or am I doing something wrong? My concern
>>>>> is the
>>>>> > callee gets to see caller's authentication credentials.
>>>>>
>>>>> You can remove all unwanted headers from in-dialog requests using
>>>>> remove_hf function.
>>>>>
>>>>> -- Juha
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190519/7cdfc500/attachment.html>

More information about the sr-users mailing list