[SR-Users] uac_replace_from and uac_auth fails to authenticate.

Alex Balashov abalashov at evaristesys.com
Sun Jan 19 23:22:39 CET 2020

In non-REGISTER requests, the From URI is the identity being asserted,
and supported by the authentication credentials.

If you have control over the upstream Kamailio server, you can tinker
with authentication options which enforce equivalence between the
authentication username/realm and the From URI user/domain --
specifically, by turning off this enforcement. 

If you don't, then a modified From value will indeed be a problem
insofar as it may deviate from the authentication credentials.

-- Alex

On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:

> I have a setup where I have a fallback to a GSM number
> I look up the GSM number and provider information in a database and sets the
> headers.
>                   dlg_manage();
>                   $du = "sip:" + $dbr(ra=>[0,0]);
>                   $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
>                   $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
> After this the call goes to a failure_route to do uac_auth()
> Now my problem is that this works with the providers Asterisk server.
> But if the call is send to the providers Kamailio server, authentication is
> rejected.
> Removing uac_replace_from makes the call accepted on the Kamailio server
> The only possible problem I can see is that the first INVITE without
> authentication, has correct From header.
> But the second with the nonce and auth, uses the wrong From header. Thus two
> different From headers in the same SIP dialog.
> Unfortunately uac_replace_from is not allowed in failure_route, so I could
> test if this is the problem.
> Is the two different From headers a problem, and how could that be fixed.
> -- 
> -------------------- Med Liberalistiske Hilsner ----------------------
>    Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
>    Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
>    Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/

More information about the sr-users mailing list