[SR-Users] REGISTER with http_async_client ?

Cyril Ramière cyril.ramiere at gmail.com
Thu Feb 3 12:06:44 CET 2022 

Okay, so I have done that,

Please find here :
https://zerobin.net/?7743b78716b00c72#Jzmdq+5ZlFfZId+M/hP+52Ih0AMAMNUjeUT1cN7jL7Q=

My full config (I redacted some parts like IPs and domains), with the
minimal routing blocks to reproduce and the logs.

If you don't mind checking it, it would be great :)

Cheers,

Cyril

Le jeu. 3 févr. 2022 à 11:39, Federico Cabiddu <federico.cabiddu at gmail.com>
a écrit :

> I have to admit that even looking at the debug logs I cannot understand
> what's going on in your case.
> As said I'm running an authentication scenario very similar to yours,
> being the challenge the only difference.
> What I can suggest to further digging is to reduce your configuration as
> much as possible (e.g. I see that you are using topoh) and see if we can
> understand better what is causing the issue.
>
> Cheers,
>
> Federico
>
>
> On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson <oej at edvina.net> wrote:
>
>>
>>
>> On 2 Feb 2022, at 23:58, Cyril Ramière <cyril.ramiere at gmail.com> wrote:
>>
>> Hi Karsten,
>>
>> Thanks for the clue, unfortunately I can't use this module because the
>> clients are "dumb" sip phones.
>>
>> The goal of my implementation is to use our application API to handle the
>> login.
>>
>> The plan was that a sip phone sends a REGISTER, I ask the API endpoint if
>> this user/password is ok to connect and allow/deny based on the reply and
>> informations provided by the API.
>>
>> Everything is relying on the fact that I can make my HTTP call when
>> handling the REGISTER, sadly for me, it doesn't work and I still can't
>> figure why.
>>
>> Try http_client. I’ve used it a lot of time for authentication. It will
>> block your thread while waiting for response, but you can handle some of
>> those issues by caching secrets for a short time with htable.
>>
>> /O
>>
>>
>> Cheers,
>>
>> Cyril
>>
>> Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann <khorsmann at gmail.com> a
>> écrit :
>>
>>> Hi Cyril,
>>>
>>> This Kamailio module could imho do the same
>>>
>>> https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
>>>
>>>
>>> Cyril Ramière <cyril.ramiere at gmail.com> schrieb am Do., 27. Jan. 2022,
>>> 08:04:
>>>
>>>> Hi there,
>>>>
>>>> I have a weird issue with kamailio (latest docker
>>>> image kamailio-ci:5.5.2-alpine) and http_async_client.
>>>>
>>>> Before posting a lot of logs, let me describe what I want to achieve.
>>>>
>>>> I have a Kamailio and a SIP Phone.
>>>>
>>>> The SIP phone sends a REGISTER to kamailio, then in my routing block, I
>>>> check if I have an Authorization header.
>>>>
>>>> Since I don't have an Authorization (first message), I
>>>> use "www_challenge()".
>>>> This replies to the SIP phone, and then the SIP phone sends a new
>>>> REGISTER with the correct Authorization header.
>>>>
>>>> So far so good.
>>>>
>>>> Now, when I get the REGISTER with Authorization header, I want to ask
>>>> an HTTP endpoint if this user is allowed to connect and check the password
>>>> using http_async_query().
>>>>
>>>> The problem is that when the transaction resumes, the tmx module is
>>>> unhappy and throws this error :
>>>>
>>>> 30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked
>>>> branch (-1) for a final response in MODE_ONFAILURE
>>>>
>>>> And a 500 error is sent back to the sip phone.
>>>> The AUTH_REPLY route is still called and I can use the $http* values.
>>>>
>>>> Do you see something that I am doing wrong or missing in my logic?
>>>> Is pausing/resuming to use the async http client is allowed if I'm
>>>> handling a REGISTER transaction?
>>>>
>>>> Here's a simplified version of my routing block (not far from reality):
>>>>
>>>> ##### SNIP
>>>>
>>>> request_route{
>>>>
>>>> route(AUTH);
>>>>
>>>>
>>>> route[AUTH]{
>>>>
>>>>     if (is_method("REGISTER"){
>>>>
>>>>         if(no_auth_header){
>>>>
>>>>             www_challenge("$td","1");
>>>>
>>>>             exit;
>>>>
>>>>         }
>>>>
>>>>         else{
>>>>
>>>>             t_newtran();
>>>>
>>>>             http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar", "AUTH_REPLY");
>>>>
>>>>         }
>>>>
>>>>     }
>>>>
>>>> }
>>>>
>>>>
>>>> route[AUTH_REPLY]{
>>>>
>>>>     xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n");
>>>>
>>>> }
>>>>
>>>>
>>>> }
>>>>
>>>> ##### END SNIP
>>>>
>>>>
>>>> Best regards!
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>   * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>  * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>  * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
>   * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220203/febf95c6/attachment.htm>

More information about the sr-users mailing list