Hello,

I migrated from Kamailio 3.0.3 to Kamailio 5.1.4. and have two questions about the execution sequence of the Request_Route.
The following condition trys to authenticate the first INVITE or REGISTER request which normally does not have the Authorization Header:
route (auth)
..
..
..
route[auth]{
if ( !proxy_authorize("myrealm", "subscriber") ) {
                proxy_challenge("myrealm", "0");
                sl_reply_error();
                exit;
         };
return;
}

For sure the Return Code of "proxy_authorize" will not be one (1) at the beginneing, so the proxy_challenge() will generate the "407 Proxy Authentication Required" request and the agent will send the INVITE or the REGISTER again with the Authorization-Header and the call or the registration attempt succeeds. During my observation to the new returned codes (values) of both proxy_authorize() and proxy_challenge() in Kamailio 5.1.4, I noticed the following differnet execution sequence of this "Request_Route".

at Kamailio 3.0.3, and exactly after the proxy_challenge("myrealm", "0") command was executed, no more commands were excuted as if it jumped out of the if statement, and the proxy was wating for the new INVITE or REGISTER. Hence the sl_reply_error() did not send any error reply. I wrote several logging commad before and after the proxy_challenge("myrealm", "0"), so I am pretty sure that the proxy_challenge("myrealm", "0") is last excuted command to be excuted here.

at Kamailio 5.1.4, the behaviour was more logical and the proxy executes commands which come under the proxy_challenge("myrealm", "0") like logging commands or sl_reply_error() which generates usually the error reply " 500 I'm terribly sorry, server error occurred".

My first question is: May somebody explain this different behavior?

My second Question: assume that the agent will send a wrong credentials and response, does the proxy_challenge("myrealm", "0") function terminate this dialouge with 401 Unauthorized Error or I must add the following "if condition" afterwards:

if ( !proxy_authorize("myrealm", "subscriber") ) {
                proxy_challenge("myrealm", "0");
                if (!$rc){
                          sl_reply_error(); '#### or I will be more specific sl_send_reply (code, reason)
                }
                exit;
};

Thanks and best regards
Abdulaziz Alghosh