[SR-Users] exit after www_challenge

PICCORO McKAY Lenz mckaygerhard at gmail.com
Wed Oct 9 00:42:35 CEST 2019 

2019-10-08 12:13 GMT-04:00, David Villasmil <david.villasmil.work at gmail.com>:
> And this is because the next message (response to the authentication
> challenge) will come in as a different packet.

umm David gimme to me the most reasonable response..

maybe i must shared a more expanded code.. to property see if are
reasonable a "exit" call there?

that is the complete portion of the code:
(i follow the kamailio/asterisk integration realtime guide)



# Authentication route
route[AUTH] {
#!ifdef WITH_AUTH
#!ifdef WITH_ASTERISK
	# do not auth traffic from Asterisk - trusted!
	if(route(FROMASTERISK))
		return;
#!endif

	if (is_method("REGISTER"))
	{
		# authenticate the REGISTER requests (uncomment to enable auth)
#!ifdef WITH_ASTERISK
		if (!www_authorize("$td", "sipusers"))
#!else
		if (!www_authorize("$td", "subscriber"))
#!endif
		{
			www_challenge("$td", "0");
			exit;
		}

		if ($au!=$tU)
		{
			sl_send_reply("403","Forbidden auth ID");
			exit;
		}
		consume_credentials();
		xlog("L_ALERT","get hole from $si\n");
	} else {

#!ifdef WITH_IPAUTH
		if(allow_source_address())
		{
			# source IP allowed
			return;
		}



#!endif

if (from_uri==myself)
		{
#!ifdef WITH_ASTERISK
			if (!proxy_authorize("$fd", "sipusers")) {
#!else
			if (!proxy_authorize("$fd", "subscriber")) {
#!endif
				proxy_challenge("$fd", "0");
				exit;
			}
		xlog("L_ALERT","get hole from $si\n");
			if (is_method("PUBLISH"))
			{
				if ($au!=$tU) {
					sl_send_reply("403","Forbidden auth ID");
					exit;
				}
			} else {
				if ($au!=$fU) {
					sl_send_reply("403","Forbidden auth ID");
					exit;
				}
			}

			consume_credentials();
			# caller authenticated
		} else {
			# caller is not local subscriber, then check if it calls
			# a local destination, otherwise deny, not an open relay here
			if (!uri==myself)
			{
				sl_send_reply("403","Not relaying");
				exit;
			}
		}
	}


#!endif
	return;
}



>
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
>
> On Tue, Oct 8, 2019 at 4:57 PM Daniel Tryba <d.tryba at pocos.nl> wrote:
>
>> On Tue, Oct 08, 2019 at 11:07:44AM -0400, PICCORO McKAY Lenz wrote:
>> > i have the code with an exit, i dont know if are correct that "exit"
>> > in that line? or not? help me please?
>>
>> They are correct (to me). After calling www_challenge() you want to stop
>> any further processing. Same for your 403 condition. If you only want
>> authenticated after that pooint exit will stop the processing of the
>> message.
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>


-- 
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

More information about the sr-users mailing list