[SR-Users] auth_challenge() and async

[Alex Balashov]

> On Dec 13, 2022, at 3:14 AM, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> 
> change of cseq results in a different transaction, there should be two
> at the same time for a short interval. Try to see if debug=3 offers any
> hints.

Makes sense. What I'm wondering is why the ACK for the negative reply (407) isn't processed and doesn't seem to result in immediate termination of the first transaction.

This doesn't happen if I only suspend once. There is no problem in that scenario.

> For clarification: do you need to do authentication two times? Second
> time with pv function?

No, the process is basically that I don't know whether I need to do digest authentication until a preliminary routing query happens (async) first, and if I do, then I return a 407 challenge from that transaction. I then receive a new INVITE with digest credentials, and I (async) query for the credentials-info (HA1 of password), and then I auth_check() the received digest credentials against the info. If not valid, I issue another auth challenge, and if valid, I continue with route processing (again async).

This sounds like a mess that Kamailio's async stuff wasn't really intended to support, maybe. I'm wondering if the simplest thing to seed the credentials-info into Kamailio somehow, e.g. via JSONRPC+htable, so that an async query is not required in order to obtain it dynamically. I was hoping to avoid that, but maybe there's not another way to do it? 

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/