Well, reopening that thread seaking for some help again :(
The solution is working pretty nice, and my config looks like that
                # authenticate requests
                if has_credentials("****"){
                        $var(y) = @msg.header.Authorization;
                        xlog("$var(y)");
                        exec_avp("/etc/kamailio/login.py '$var(y)' '$rm'", "$avp(s:test)");
                        xlog("$avp(s:test)");
                }

                if ($avp(s:test) != "1") {
                        www_challenge(****", "1");
                        exit;
                }

login.py returns 1 if creds are OK and 0 if no.
Now I'm seeking help with such question - as I understand, currently anyone can register or auth his requests by using same Authorization header for all purposes. So, I mean, someone can grab Auth header from the user's packet and just use it to dig in the server.
How to avoid that? As I understood it's implemented in Kamailio. Can you please tell me? Or give a link to RFC/doc where this is described? As I understood, I'll need to implement that in my script, or maybe I can use some built-it functions?

2015-11-13 19:52 GMT+02:00 Alexandru Covalschi <568691@gmail.com>:
Many thanks for you help Sebastian!

2015-11-13 19:13 GMT+02:00 Sebastian Damm <damm@sipgate.de>:

On Fri, Nov 13, 2015 at 3:43 PM, Alexandru Covalschi <568691@gmail.com> wrote:
What if I don't need a plaintext password on Kamailio? I mean, I don't want to user pv_www_authenticate or other auth functions again - I need to fully control AUTH on API. Is it ok to just send 200 OK to client if API tells me that password is ok?

You don't need to use pv_*_authenticate. This is just an internal function which tells you, whether your user supplied correct credentials or not. You can replace it by checking the return code or output of the script and then continue in your dialplan. You could then call save() from the registrar module, which automatically sends a 200 OK to your user (unless you explicitly prevent it from doing so).

Sebastian

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users




--
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/



--
Alexandru Covalschi
ABRISS-Solutions
VoIP engineer and system administrator
phone: +37367398493
web: http://abs-telecom.com/