sr-users May 2019

sr-users@lists.kamailio.org

84 participants
101 discussions

implementing custom authentication method
by Walter.Martín Villalba 03 May '19

03 May '19

Dear list, I'm implementing a custom method for user authentication and would like to kindly ask for some guidance regarding the server side changes that may be needed in order to keep things running smoothly. The idea is to replace the standard user/pass-based digest authentication with a custom one based on Open ID Connect (OIDC) access tokens. I already have some pieces working (receiving access token in REGISTER message, validating the token by calling custom python routine, etc.), but I'm missing the bits needed to keep track of users who have successfully authenticated. While looking at sipcomm.cfg I found calls to *www_authenticate* (defined in modules/auth_db/authorize.c), which in turn calls to *mark_authorized_cred*, *check_auth_hr* (or *auth_check_hdr_md5*), and *generate_avps*,. Some of these functions are indeed changing some values in the DB and/or in memory, and this is where I would like some guidance. Is there any documentation I could look at which hopefully explains what DB values and/or data structures in memory need to be updated in order to keep track of successfully authenticated users? I believe with this last piece I'd be able to wrap up my custom authentication implementation. Thanks in advance! Regards, Walter Martín.

1 0

Kamailio bypassing RTP media
by Ali Taher 03 May '19

03 May '19

Hi everyone, I'm new to kamailio. I plan to setup a sip server cluster, Does someone can give me some suggestions if I can use kamailio as front server, which handle sip message and bypass rtp media message to backendserver, this mean the kamailio handle only sip message, the rtp packets are sent directed to backend server. The sip sequences is 1.softswitch send invite to kamailio 2.kamailio send invite to backend server. 3.backend server return 200 ok to kamailio 4.kamailio return 200 ok to softswitch, the ip and port in sip is from the backend server's msg, this make the softswitch send rtp direct to backend server. 5.rtp packets are transfered between softswitch and backend server. .... 6.backend server send bye to kamailio 7.kamailio send bye to softswitch. Any help is appreciated. Regards, Ali Taher

4 5

forcing socket doesn't work for ACK
by David Villasmil 03 May '19

03 May '19

Hello guys, I have public and private IPs, and i need to force the sending socket replying to internal out externals endpoint, so i'm using this: function to check the destination (i tried using $sndto(ip) but it always returns NULL): route[CHECK_DEST_NET] { if ( $du=~"sip:172\..*" ) { setflag(FLAG_TO_PRIVATE); xlog("L_ERR", "[CHECK_SOURCE] Packet going to PRIVATE -> [$du]\n" ); } else { setflag(FLAG_TO_PUBLIC); xlog("L_ERR", "[CHECK_SOURCE] Packet going to PUBLIC -> [$du]\n" ); } return; } on my relay: route(CHECK_DEST_NET); if (isflagset(FLAG_TO_PRIVATE)) { xlog("L_ERR", "[RELAY] forcing socket to PRIVATE NET\n" ); force_send_socket(LISTEN_INSIDE_IF:LISTEN_INSIDE_PORT); } else { xlog("L_ERR", "[RELAY] forcing socket to PUBLIC NET\n" ); force_send_socket(LISTEN_OUTSIDE_IF:LISTEN_OUTSIDE_PORT); } This works nicely, except for ACKs and potentially other packets sent statelessly? Anyone knows how to fix this? Regards, David Villasmil email: david.villasmil.work(a)gmail.com phone: +34669448337

6 26

run some extra things before relying message
by Mojtaba 02 May '19

02 May '19

Hello, I have encountered with problem in Kamailio. At first glance it looks simple. Considering the Data Lump feature in Kamailio, All changes in SIP body, does not apply quickly. So if we are using RTPEngine or RTPProxy, How we can get body message (Actually IP and port from SDP after rtpengine_manage function) before relaying message? Suppose i want get some information and run some extra things before relying message? I just added my extra things in t_on_reply block, but it's strange why it doesn't work before relaying! -Mojtaba Esfandiari.S

2 2

Problem with topoh
by Phillman25 Kyriacou 02 May '19

02 May '19

Dear List I have an issue with topoh module. Specifically for in-dialog requests, if the encoded uri is altered i.e. initial encoded contact uri is Contact: <sip:X.X.X.X;line=sr-huAWi7oPBYsF.cC0L2lWOUlPwbSWOUl6wURTw24W> and UAS sends an in-dialog INVITE like this adding tgrp and user=phone: INVITE sip:X.X.X.X;line=sr-huAWi7oPBYsF.cC0L2lWOUlPwbSWOUl6wURTw24W;tgrp=1069912311;user=phone Kamailio cant seem to match/decode this and responds "404 Not Found" I have also set: modparam("topoh", "uri_prefix_checks", 0) As specified here: https://www.kamailio.org/docs/modules/4.4.x/modules/topoh.html#idp37582868 But still doesn't work. Is there a bug with this module? # ==================================================== # ================ TOPOLOGY HIDING =================== # ==================================================== modparam("topoh", "mask_key", "secret") modparam("topoh", "mask_ip", "X.X.X.X") modparam("topoh", "mask_callid", 0) modparam("topoh", "uparam_name", "line") modparam("topoh", "uparam_prefix", "sr-") modparam("topoh", "vparam_name", "branch") modparam("topoh", "vparam_prefix", "z9hG4bKsr-") modparam("topoh", "uri_prefix_checks", 0) Thanks in advance for your support Phillip

2 4

Stack smash error when using auth_ephemeral with KEMI
by Grant Bagdasarian 02 May '19

02 May '19

Hello, I was trying out the auth_ephemeral module inside the xhttp event_route in Python KEMI, and discovered a possible bug. https://pastebin.com/4Ghumfis The following will result in the stack smash error. Whenever I leave out the unixtimestamp the module will complain about not being able to convert to an int, which make sense, but doesn't lead to a stack smash error and a complete crash of Kamailio. KSR.auth_ephemeral.autheph_authenticate("1576734089:grant", "1234"). According to the documentation this module can only be used in REQUEST_ROUTE, but I found a presentation online which also used this module and that particular function in event_route, which is what I need for WebSocket authentication. Hope this helps. Please let me know if you need more information. Regards, Grant

2 1

Kamailio 5.2.2 IMS authorization failed by the SCSCF
by Woscek, Martin W. 02 May '19

02 May '19

Hi, We are getting a SIP 401 Unauthorized -Challenging the UE error originating by the SCSCF. It looks to be related to the nonce/cnonce. Is there something we have misconfigured in our SCSCF module? Log output: May 1 14:01:45 imskamailio /usr/local/sbin/kamailio[18489]: DEBUG: ims_auth [authorize.c:786]: authenticate(): Nonce or response missing: nonce len [-108158976], response16 len[1873606560] May 1 14:01:45 imskamailio /usr/local/sbin/kamailio[18492]: DEBUG: ims_auth [utils.c:168]: get_nonce_response(): Calling find_credentials with realm [ims522.irisims.org] May 1 14:01:45 imskamailio /usr/local/sbin/kamailio[18492]: DEBUG: ims_auth [utils.c:195]: get_nonce_response(): Found nonce response May 1 14:01:45 imskamailio /usr/local/sbin/kamailio[18492]: INFO: ims_auth [authorize.c:827]: authenticate(): uri=sip:irisims.org nonce=9863c63855c8dd888c5c18e79fc61156 response=ce7ce73872b92aff2defa76dd1aff1ac qop=auth-int nc=00000001 cnonce=4fe4daacd69fa3d609c8b396d331eae6 hbody=d41d8cd98f00b204e9800998ecf8427e May 1 14:01:45 imskamailio /usr/local/sbin/kamailio[18492]: DEBUG: ims_auth [rfc2617.c:135]: calc_response(): calc_response(_ha1=7a1b479a0513914e71bcd6d005b3e17d, _nonce=9863c63855c8dd888c5c18e79fc61156, _nc=00000001,_cnonce=4fe4daacd69fa3d609c8b396d331eae6, _qop=auth-int, _auth_int=1,_method=REGISTER,_uri=sip:irisims.org,_hentity=d41d8cd98f00b204e9800998ecf8427e) Thanks, Martin

2 1

New voisonics.com - Kamailio related products and services
by David Cunningham 02 May '19

02 May '19

Hello, Usually it's our client's VoIP technology being updated. Fortunately we found a little spare time to completely revamp the Voisonics website as well! https://voisonics.com/ Voisonics provides products and services in the commercial VoIP and hosted PBX sector; in particular relating to Kamailio, Asterisk, and Enswitch. The business has been specialising in this area for almost 10 years. Please feel free to contact me off-list with any questions. Kind regards, -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 New Zealand: +64 (0)28 2558 3782

1 0

Support for JWT token authentication?
by David Dean 01 May '19

01 May '19

I came across this thread from Jan 2015 discussing the addition of JWT token authentication to Kamailio: https://github.com/kamailio/kamailio/issues/29 Was JWT authentication ever added? Or has anyone else on this list got JWT working somehow?

1 0

CSeq not incrementing - app_ruby
by Andrew White 01 May '19

01 May '19

Hi all, I’m still building with app_ruby and loving it - for the most part! I’m having an issue with one of my providers responding with a 482 on auth invite. Researching, it appears that my CSeq isn’t incrementing and this is the reason for the issue. I already have the relevant flag set in my kamailio.cfg however: modparam("dialog", "track_cseq_updates", 1) During my uac_auth, I’ve tried manually setting the diff, as well as running msg_iflag_reset (as suggested by Daniel - https://github.com/kamailio/kamailio/issues/1359 <https://github.com/kamailio/kamailio/issues/1359> - unfortunately the function isn’t exported in KEMI): if KSR::UAC.uac_auth() then KSR.info("UAC authed, relaying") #KSR::COREX.msg_iflag_reset("UAC_AUTH") KSR::PV.sets("$dlg_var(cseq_diff)", "1") KSR.info("CSeq diff: #{KSR::PV.gete("$dlg_var(cseq_diff)")}") KSR::TM.t_relay() Unfortunately in both cases the actual CSeq doesn’t increment in the second INVITE: INVITE 1 (unauthenticated): > CSeq: 102 INVITE INVITE 2 (with Authorization header): > CSeq: 102 INVITE I’m unsure if I’ve missed something silly around the track_cseq_updates flag, or if app_ruby somehow isn’t interacting with the dialog module when running uac_auth to trigger the increment? Thanks! Kind regards, Andrew

3 6

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

sr-users May 2019