[SR-Users] uac_replace_from and uac_auth fails to authenticate.

Kjeld Flarup kjeld.flarup at liberalismen.dk
Thu Jan 23 21:02:30 CET 2020 

Thanks for the suggestions.

Much to my surprise just setting $fu did the trick.


-------------------- Med Liberalistiske Hilsner ----------------------
    Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min tegnebog
    Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
    Den ikke akademiske hjemmeside for liberalismen - www.liberalismen.dk

On 1/20/20 4:27 AM, Joel Serrano wrote:
> Have you tried setting $fU/$fd directly in failure_route before 
> uac_auth()?
>
>
> On Sun, Jan 19, 2020 at 14:35 Kjeld Flarup 
> <kjeld.flarup at liberalismen.dk <mailto:kjeld.flarup at liberalismen.dk>> 
> wrote:
>
>     Thanks for confirming.
>
>     As there seems to be no way to correct the From header in
>     failure_dialog, then the From header has to be modified before I
>     receive
>     the call then. Which could be done by cascading with a Cascading
>     Kamailio instance.
>
>
>     -------------------- Med Liberalistiske Hilsner ----------------------
>         Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end min
>     tegnebog
>     Sofienlundvej 6B, 7560 Hjerm
>     <https://www.google.com/maps/search/Sofienlundvej+6B,+7560+Hjerm?entry=gmail&source=g>,
>     Tlf: 40 29 41 49
>         Den ikke akademiske hjemmeside for liberalismen -
>     www.liberalismen.dk <http://www.liberalismen.dk>
>
>     On 1/19/20 11:22 PM, Alex Balashov wrote:
>     > In non-REGISTER requests, the From URI is the identity being
>     asserted,
>     > and supported by the authentication credentials.
>     >
>     > If you have control over the upstream Kamailio server, you can
>     tinker
>     > with authentication options which enforce equivalence between the
>     > authentication username/realm and the From URI user/domain --
>     > specifically, by turning off this enforcement.
>     >
>     > If you don't, then a modified From value will indeed be a problem
>     > insofar as it may deviate from the authentication credentials.
>     >
>     > -- Alex
>     >
>     > On Sun, Jan 19, 2020 at 11:19:26PM +0100, Kjeld Flarup wrote:
>     >
>     >> I have a setup where I have a fallback to a GSM number
>     >>
>     >> I look up the GSM number and provider information in a database
>     and sets the
>     >> headers.
>     >>
>     >>                    dlg_manage();
>     >>                    $du = "sip:" + $dbr(ra=>[0,0]);
>     >>                    $tu = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
>     >>                    $ru = "sip:"+$rU+"@"+$dbr(ra=>[0,0]);
>     >> uac_replace_from("sip:"+$dbr(ra=>[0,1])+"@EXTERNALIP");
>     >>
>     >> After this the call goes to a failure_route to do uac_auth()
>     >>
>     >> Now my problem is that this works with the providers Asterisk
>     server.
>     >> But if the call is send to the providers Kamailio server,
>     authentication is
>     >> rejected.
>     >>
>     >> Removing uac_replace_from makes the call accepted on the
>     Kamailio server
>     >>
>     >> The only possible problem I can see is that the first INVITE
>     without
>     >> authentication, has correct From header.
>     >> But the second with the nonce and auth, uses the wrong From
>     header. Thus two
>     >> different From headers in the same SIP dialog.
>     >>
>     >> Unfortunately uac_replace_from is not allowed in failure_route,
>     so I could
>     >> test if this is the problem.
>     >>
>     >> Is the two different From headers a problem, and how could that
>     be fixed.
>     >>
>     >>
>     >> --
>     >> -------------------- Med Liberalistiske Hilsner
>     ----------------------
>     >>     Civilingeniør, Kjeld Flarup - Mit sind er mere åbent end
>     min tegnebog
>     >>     Sofienlundvej 6B, 7560 Hjerm, Tlf: 40 29 41 49
>     >>     Den ikke akademiske hjemmeside for liberalismen -
>     www.liberalismen.dk <http://www.liberalismen.dk>
>     >>
>     >>
>     >> _______________________________________________
>     >> Kamailio (SER) - Users Mailing List
>     >> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>     _______________________________________________
>     Kamailio (SER) - Users Mailing List
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200123/abea0714/attachment.html>

More information about the sr-users mailing list