My full config (I redacted some parts like IPs and domains), with the
minimal routing blocks to reproduce and the logs.
If you don't mind checking it, it would be great :)
Cheers,
Cyril
Le jeu. 3 févr. 2022 à 11:39, Federico Cabiddu <
federico.cabiddu(a)gmail.com> a écrit :
I have to admit that even looking at the debug
logs I cannot understand
what's going on in your case.
As said I'm running an authentication scenario very similar to yours,
being the challenge the only difference.
What I can suggest to further digging is to reduce your configuration
as much as possible (e.g. I see that you are using topoh) and see if we can
understand better what is causing the issue.
Cheers,
Federico
On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson <oej(a)edvina.net>
wrote:
>
>
> On 2 Feb 2022, at 23:58, Cyril Ramière <cyril.ramiere(a)gmail.com>
> wrote:
>
> Hi Karsten,
>
> Thanks for the clue, unfortunately I can't use this module because the
> clients are "dumb" sip phones.
>
> The goal of my implementation is to use our application API to handle
> the login.
>
> The plan was that a sip phone sends a REGISTER, I ask the API endpoint
> if this user/password is ok to connect and allow/deny based on the reply
> and informations provided by the API.
>
> Everything is relying on the fact that I can make my HTTP call when
> handling the REGISTER, sadly for me, it doesn't work and I still can't
> figure why.
>
> Try http_client. I’ve used it a lot of time for authentication. It
> will block your thread while waiting for response, but you can handle some
> of those issues by caching secrets for a short time with htable.
>
> /O
>
>
> Cheers,
>
> Cyril
>
> Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann <khorsmann(a)gmail.com>
> a écrit :
>
>> Hi Cyril,
>>
>> This Kamailio module could imho do the same
>>
>>
>>
https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
>>
>>
>> Cyril Ramière <cyril.ramiere(a)gmail.com> schrieb am Do., 27. Jan.
>> 2022, 08:04:
>>
>>> Hi there,
>>>
>>> I have a weird issue with kamailio (latest docker
>>> image kamailio-ci:5.5.2-alpine) and http_async_client.
>>>
>>> Before posting a lot of logs, let me describe what I want to achieve.
>>>
>>> I have a Kamailio and a SIP Phone.
>>>
>>> The SIP phone sends a REGISTER to kamailio, then in my routing
>>> block, I check if I have an Authorization header.
>>>
>>> Since I don't have an Authorization (first message), I
>>> use "www_challenge()".
>>> This replies to the SIP phone, and then the SIP phone sends a new
>>> REGISTER with the correct Authorization header.
>>>
>>> So far so good.
>>>
>>> Now, when I get the REGISTER with Authorization header, I want to
>>> ask an HTTP endpoint if this user is allowed to connect and check the
>>> password using http_async_query().
>>>
>>> The problem is that when the transaction resumes, the tmx module is
>>> unhappy and throws this error :
>>>
>>> 30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no
>>> picked branch (-1) for a final response in MODE_ONFAILURE
>>>
>>> And a 500 error is sent back to the sip phone.
>>> The AUTH_REPLY route is still called and I can use the $http* values.
>>>
>>> Do you see something that I am doing wrong or missing in my logic?
>>> Is pausing/resuming to use the async http client is allowed if I'm
>>> handling a REGISTER transaction?
>>>
>>> Here's a simplified version of my routing block (not far from
>>> reality):
>>>
>>> ##### SNIP
>>>
>>> request_route{
>>>
>>> route(AUTH);
>>>
>>>
>>> route[AUTH]{
>>>
>>> if (is_method("REGISTER"){
>>>
>>> if(no_auth_header){
>>>
>>> www_challenge("$td","1");
>>>
>>> exit;
>>>
>>> }
>>>
>>> else{
>>>
>>> t_newtran();
>>>
>>>
http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar",
"AUTH_REPLY");
>>>
>>> }
>>>
>>> }
>>>
>>> }
>>>
>>>
>>> route[AUTH_REPLY]{
>>>
>>> xlog("L_INFO", "route[HTTP_REPLY]: status
$http_rs\n");
>>>
>>> }
>>>
>>>
>>> }
>>>
>>> ##### END SNIP
>>>
>>>
>>> Best regards!
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>> * sr-users(a)lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply
>>> only to the sender!
>>> Edit mailing list options or unsubscribe:
>>> *
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users(a)lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only
>> to the sender!
>> Edit mailing list options or unsubscribe:
>> *
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users(a)lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only
> to the sender!
> Edit mailing list options or unsubscribe:
> *
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users(a)lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only
> to the sender!
> Edit mailing list options or unsubscribe:
> *
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only
to the sender!
Edit mailing list options or unsubscribe:
*
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
*