[SR-Users] authenticated INVITE badly managed when topos is activated
frédéric Gaisnon
frederic.gaisnon at gmail.com
Mon Feb 8 17:19:41 CET 2021
Hi,
If topos is activated and kamailio responds with a 407 "proxy
authentication required" to an initial INVITE, INVITE received after with
credentials (MD5 response in Proxy-Authorization header) is badly managed.
Credentials are never validated and Kamailio responds 407 again. If topoh
is used instead topos all works fine and credentials are validated.
call flow is:
Phone sends INVITE to kamailio SBC
kamailio respond 407 "proxy authentication required" because SBC wants to
authenticate caller
Phone resends INVITE with Proxy-Authorization header with all valid
information
kamailio responds 407 again instead forwarding INVITE.
My code:
if (!pv_auth_check("$fd", "$sht(auth_cache=>$var(key))", "0", "1")) {
auth_challenge("$fd", “1”);
exit;
}
# user authenticated - remove auth header
consume_credentials();
So if topos is used, pv_auth_check always returns false even if the phone
sets valid information.
If topoh is activated, pv_auth_check always returns true (same phone and
same kamailio SBC versioning)
I made my tests with kamailio 5.4.3 on centos 7.
Regards,
Frédéric Gaisnon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20210208/cdda17a2/attachment.htm>
More information about the sr-users
mailing list