Is there anyway to authenticate just the sip username in the from header? -----Original Message----- From: Jiri Kuthan [mailto:jiri@iptel.org] Sent: Saturday, March 27, 2004 7:05 AM To: daniel(a)iptel.org; Raymond Chen Cc: serdev(a)lists.iptel.org; serusers(a)lists.iptel.org Subject: Re: [Serusers] RE: [Serdev] check_from the problem is the cisco gateway is not capable of supporting digest

(not ver good indeed). You are left with authentication by source IP

-jiri At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote: >No idea about it. You can watch the network traffic (using ngrep on ser >machine: ngrep port 5060) and see if the realm from a 401/407 reply >matches with the one from next request. > >.Daniel > >On 03/26/04 16:46, Raymond Chen wrote: > > > >>I use AS5300 as UA. >> >> >> >>-----Original Message----- >>From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] >>Sent: Friday, March 26, 2004 11:04 PM >>To: Raymond Chen >>Cc: serdev(a)lists.iptel.org; serusers(a)lists.iptel.org >>Subject: Re: [Serusers] RE: [Serdev] check_from >> >>What client do you use? It does not use the realm from challenge -- it >>is a MSN Messenger specific bug, but it might be present in other sip >>clients. You must set the realm from challenge as the host part of the >>sip id. >> >>.Daniel >> >>On 03/26/04 15:46, Raymond Chen wrote: >> >> >> >> >> >>>Danial, >>> >>>www_authorize fail to authorize without password >>> >>>0(3283) lookup(): '85234230599(a)218.20.229.53' Not found in usrloc >>>0(3283) parse_headers: flags=4096 >>>0(3283) pre_auth(): Credentials with given realm not found >>>0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org", >>>nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8" >>>' >>> >>>Regards >>> >>>Raymond >>> >>>-----Original Message----- >>>From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] >>>Sent: Friday, March 26, 2004 8:04 PM >>>To: Raymond Chen >>>Subject: Re: [Serusers] RE: [Serdev] check_from >>> >>> >>>Try something like this: >>> >>>if (method=="INVITE") >>>{ >>> if (!www_authorize("xxx.org", "subscriber")) { >>> www_challenge("xxx.org", "0"); >>> break; >>> }; >>> if (!check_from()) { >>> sl_send_reply("403", "Only registered users are allowed"); >>> break; >>> }; >>> >>>}; >>> >>>.Daniel >>> >>>On 03/26/04 12:48, Raymond Chen wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Now we understand what the what the message means after reading the >>>> >>>> >>>> >>>> >>message >> >> >> >> >>>>a few times. We are trying to do PSTN(as5300) ---> ser -----> pstn >>>>(AS5300), and to authorize the calling number (callerid) in the >>>> >>>>

>>>>message against URI table. But check_from command needs to call >>>>proxy_authorize, which it requires username and password. we setup the >>>>configuration like this >>>> >>>>if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber") >>>> if (!check_from()) { >>>> sl_send_reply("403", "Only registered users are >>>> >>>>

>>>> break; >>>> } >>>>} >>>> >>>>Because cisco does not have sip password setting, so we have >>>> >>>>0(3173) check_username(): No authorized credentials found (error in >>>> >>>> >>>> >>>> >>>> >>>> >>>scripts) >>> >>> >>> >>> >>> >>> >>>>0(3173) check_username(): Call {www,proxy}_authorize before calling >>>> >>>> >>>> >>>> >>>> >>>> >>>check_* >>> >>> >>> >>> >>> >>> >>>>function ! >>>> >>>>Does anyone has a solution? >>>> >>>>Regards >>>> >>>> >>>>-----Original Message----- >>>>From: Daniel-Constantin Mierla [mailto:daniel@iptel.org] >>>>Sent: Friday, March 26, 2004 6:18 PM >>>>To: Raymond Chen >>>>Cc: serdev(a)lists.iptel.org >>>>Subject: Re: [Serdev] check_from >>>> >>>>Hello, >>>>the last error message is self explanatory. You need to call either >>>>www_authorize() or proxy_authorize() before calling check_from() >>>> >>>>

>>>>this method compares the data from From header with what is in >>>>credentials (response to a authentication challenge). >>>> >>>>.Daniel >>>> >>>>On 03/26/04 04:35, Raymond Chen wrote: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>Dear all, >>>>> >>>>>We have configured Ser to check from username field to authorize user >>>>>??°unknown???? >>>>> >>>>>if (!check_from()) { >>>>> >>>>>sl_send_reply("403", "Only registered users are allowed"); >>>>> >>>>>break; >>>>> >>>>>}; >>>>> >>>>>We have error message >>>>> >>>>>0(2568) check_username(): No authorized credentials found (error in >>>>>scripts) >>>>> >>>>>0(2568) check_username(): Call {www,proxy}_authorize before calling >>>>>check_* function ! >>>>> >>>>>We have ??°unknown???? username entry in uri table. >>>>> >>>>>Regards >>>>> >>>>> >>>>> >>>>----------------------------------------------------------------------- >>>> >>>>

-- Jiri Kuthan http://iptel.org/~jiri/ _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers