<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
REGISTER should have Authorization header.<br>
<br>
Can you paste the headers of such PUBLISH?<br>
<br>
The log message you pasted in a previous email shows that the realm
was not matching:<br>
<br>
Apr 24 14:30:58 bptrnddmzserver kamailio[30886]: DEBUG: auth
[api.c:86]: pre_auth(): auth:pre_auth: Credentials with realm
'myhome2.xip.bpt.com' not found<br>
<br>
Maybe it is different than From header domain.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="moz-cite-prefix">On 28/04/15 09:13, Tomas Zanet wrote:<br>
</div>
<blockquote
cite="mid:CA44A4830985A140A30A1E55D8CDFEEF956EF0BB@CG003SERVER.camegroup.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"Preformattato HTML Carattere";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.StileMessaggioDiPostaElettronica17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.PreformattatoHTMLCarattere
{mso-style-name:"Preformattato HTML Carattere";
mso-style-priority:99;
mso-style-link:"Preformattato HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.StileMessaggioDiPostaElettronica22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.StileMessaggioDiPostaElettronica23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 2.0cm 2.0cm 2.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Hello,
yes it is.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">The
real parameter in Proxy-Authorization header is the same for
PUBLISH and REGISTER and INVIATE as well.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I’m
doing authentication in this way:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">
if (!auth_check("$fd", "subscriber", "1")) {<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">
auth_challenge("$fd", "0");<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">
exit;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">
}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">T.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:IT">Da:</span></b><span
style="color:windowtext;mso-fareast-language:IT">
Daniel-Constantin Mierla [<a class="moz-txt-link-freetext" href="mailto:miconda@gmail.com">mailto:miconda@gmail.com</a>]
<br>
<b>Inviato:</b> lunedì 27 aprile 2015 17:56<br>
<b>A:</b> Kamailio (SER) - Users Mailing List; Tomas
Zanet<br>
<b>Oggetto:</b> Re: [SR-Users] publish authentication
problem<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hello,<br>
<br>
can you check what is the value of the realm parameter in
Proxy-Authorization header of PUBLISH? Is it
myhome2.xip.bpt.com?<br>
<br>
Cheers,<br>
Daniel<span style="font-size:12.0pt;mso-fareast-language:IT"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 24/04/15 15:31, Tomas Zanet wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello everyone,<o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I’ve been working on a
project where I would like to implement RFC6035</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"><a
moz-do-not-send="true"
href="https://tools.ietf.org/html/rfc6035">https://tools.ietf.org/html/rfc6035</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Basically, after the
end of the call, our SIP UAC sends a SIP PUBLISH to
Kamailio where there are some useful information about
media quality (packet loss, mos, etc..)</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">This information is
stored by Kamailio with sql_query command…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">To achieve this, I
implemented a custom route function inside Kamailio cfg
file, which handles PUBLISH request, check vq-rtcpxr body
and store that information into a database.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Here is a snippet
code:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"># AVPF report
route
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">route[AVPF] {</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">
if(!is_method("PUBLISH"))</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">
return;</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> if
(has_body("application/vq-rtcpxr"))</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> {</span><o:p></o:p></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
lang="EN-US">$var(x) = "INSERT INTO
quality_reporting_raw(body) VALUES (\"" +
$(rb{s.escape.common}) + "\");";</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">
sql_query("cb", "$(var(x))");</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> ……
reply 200 ok and so on….</span><o:p></o:p></p>
<p class="MsoNormal" style="text-indent:35.4pt"><span
lang="EN-US">exit(0)</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> }</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">}</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Everything works fine
(almost fine, because the report is stored twice…) if I do
the route(AVPF) before authentication, like this…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">(main route):</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> # handle AVPF
reports</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> route(AVPF);</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> #
authentication</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> route(AUTH);</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Instead if I swap
these two functions, doing the authentication before
publish processing, I have some problems about publish
authentication….not for the other requests (INVITE and
REGISTER)</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">As far as I know From,
To and Request-URI must match the authentication user, in
the PUBLISH REQUEST as described here</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"><a
moz-do-not-send="true"
href="http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#auth_db.f.auth_check">http://kamailio.org/docs/modules/4.2.x/modules/auth_db.html#auth_db.f.auth_check</a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">I confirm that…I’m
sending the SIP PUBLISH from user 101 to user 101, which
is currently registered.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">My problem is that
Kamailio is continuously answering with 407 to the SIP
PUBLISH, even if the PUBLISH request has the right
Proxy-Authorization header…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Digging into the log
file, I found this :</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Apr 24 14:30:58
bptrnddmzserver kamailio[30886]: DEBUG: auth_db
[authorize.c:486]: auth_check(): realm
[myhome2.xip.bpt.com] table [subscriber] flags [1]</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Apr 24 14:30:58
bptrnddmzserver kamailio[30886]: DEBUG: auth [api.c:86]:
pre_auth():
<b>auth:pre_auth: Credentials with realm
'myhome2.xip.bpt.com' not found</b></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Apr 24 14:30:58
bptrnddmzserver kamailio[30886]: DEBUG: auth_db
[authorize.c:252]:
<b>digest_authenticate_hdr(): no credentials</b></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Just for your better
understanding I’m doing authorization with db, using
subscriber table where there are all the users with
'myhome2.xip.bpt.com' domain…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">In fact, all INVITEs
and REGISTERs are correctly authenticated…</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Would you mind address
me to find out the problem? Maybe, there’s something wrong
in my cfg file.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">Thanks in advance</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">T,</span></p>
</blockquote>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-freetext" href="http://twitter.com/#!/miconda">http://twitter.com/#!/miconda</a> - <a class="moz-txt-link-freetext" href="http://www.linkedin.com/in/miconda">http://www.linkedin.com/in/miconda</a>
Kamailio World Conference, May 27-29, 2015
Berlin, Germany - <a class="moz-txt-link-freetext" href="http://www.kamailioworld.com">http://www.kamailioworld.com</a></pre>
</body>
</html>