12 Nov
2018
12 Nov
'18
7:32 p.m.
Hello,
I migrated from Kamailio 3.0.3 to Kamailio 5.1.4. and have two questions
about the execution sequence of the Request_Route.
The following condition trys to authenticate the first INVITE or REGISTER
request which normally does not have the Authorization Header:
route (auth)
..
..
..
route[auth]{
if ( !proxy_authorize("myrealm", "subscriber") ) {
proxy_challenge("myrealm", "0");
sl_reply_error();
exit;
};
return;
}
For sure the Return Code of "proxy_authorize" will not be one (1) at the
beginneing, so the proxy_challenge() will generate the "407 Proxy
Authentication Required" request and the agent will send the INVITE or the
REGISTER again with the Authorization-Header and the call or the
registration attempt succeeds. During my observation to the new returned
codes (values) of both proxy_authorize() and proxy_challenge() in Kamailio
5.1.4, I noticed the following differnet execution sequence of this
"Request_Route".
at Kamailio 3.0.3, and exactly after the proxy_challenge("myrealm",
"0")
command was executed, no more commands were excuted as if it jumped out of
the if statement, and the proxy was wating for the new INVITE or REGISTER.
Hence the sl_reply_error() did not send any error reply. I wrote several
logging commad before and after the proxy_challenge("myrealm", "0"),
so I
am pretty sure that the proxy_challenge("myrealm", "0") is last
excuted
command to be excuted here.
at Kamailio 5.1.4, the behaviour was more logical and the proxy executes
commands which come under the proxy_challenge("myrealm", "0") like
logging
commands or sl_reply_error() which generates usually the error reply " 500
I'm terribly sorry, server error occurred".
My first question is: May somebody explain this different behavior?
My second Question: assume that the agent will send a wrong credentials and
response, does the proxy_challenge("myrealm", "0") function terminate
this
dialouge with 401 Unauthorized Error or I must add the following "if
condition" afterwards:
if ( !proxy_authorize("myrealm", "subscriber") ) {
proxy_challenge("myrealm", "0");
if (!$rc){
sl_reply_error(); '#### or I will be more
specific sl_send_reply (code, reason)
}
exit;
};
Thanks and best regards
Abdulaziz Alghosh
13 Nov
13 Nov
10:34 a.m.
Hello,
the 3.0.x was the first release after merging kamailio and ser source
code trees and there were two variants of many functions, and depending
on which proxy_authorize() you use the behaviour might have been
different that what's now in 5.x.
If you want to send an error response if proxy_authorize() fails (very
unlikely because of in memory only operations), then yes, add an if
condition.
Cheers,
Daniel
On 12.11.18 17:32, Abdulaziz Alghosh wrote:
Hello,
I migrated from Kamailio 3.0.3 to Kamailio 5.1.4. and have two
questions about the execution sequence of the Request_Route.
The following condition trys to authenticate the first INVITE or
REGISTER request which normally does not have the Authorization Header:
route (auth)
..
..
..
route[auth]{
if ( !proxy_authorize("myrealm", "subscriber") ) {
proxy_challenge("myrealm", "0");
sl_reply_error();
exit;
};
return;
}
For sure the Return Code of "proxy_authorize" will not be one (1) at
the beginneing, so the proxy_challenge() will generate the "407 Proxy
Authentication Required" request and the agent will send the INVITE or
the REGISTER again with the Authorization-Header and the call or the
registration attempt succeeds. During my observation to the new
returned codes (values) of both proxy_authorize() and
proxy_challenge() in Kamailio 5.1.4, I noticed the following differnet
execution sequence of this "Request_Route".
at Kamailio 3.0.3, and exactly after the proxy_challenge("myrealm",
"0") command was executed, no more commands were excuted as if it
jumped out of the if statement, and the proxy was wating for the new
INVITE or REGISTER. Hence the sl_reply_error() did not send any error
reply. I wrote several logging commad before and after the
proxy_challenge("myrealm", "0"), so I am pretty sure that the
proxy_challenge("myrealm", "0") is last excuted command to be
excuted
here.
at Kamailio 5.1.4, the behaviour was more logical and the proxy
executes commands which come under the proxy_challenge("myrealm",
"0")
like logging commands or sl_reply_error() which generates usually the
error reply " 500 I'm terribly sorry, server error occurred".
My first question is: May somebody explain this different behavior?
My second Question: assume that the agent will send a wrong
credentials and response, does the proxy_challenge("myrealm", "0")
function terminate this dialouge with 401 Unauthorized Error or I must
add the following "if condition" afterwards:
if ( !proxy_authorize("myrealm", "subscriber") ) {
proxy_challenge("myrealm", "0");
if (!$rc){
sl_reply_error(); '#### or I will be more
specific sl_send_reply (code, reason)
}
exit;
};
Thanks and best regards
Abdulaziz Alghosh
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference -- www.kamailioworld.com
Kamailio Advanced Training, Nov 12-14, 2018, in Berlin -- www.asipto.com
2201
days inactive
2202
days old
1 comments
2 participants
participants (2)
-
Abdulaziz Alghosh -
Daniel-Constantin Mierla