Authentication problem with softphone X-Lite

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Authentication problem with softphone X-Lite

mmarzuola

I want that all INVITE created by a local subscriber should be authenticated by my proxy.
I have installed more softphones in the same machine and the port number is automatically assigned (5060/5061/5062).
Sniffing the traffic I have realized that only some INVITE are authenticated.
By analyzing the headers of the INVITE not authenticated, I have noticed that the softphone X-Lite inserts in the From the number of port in addition to URI (sip:[hidden email]:port).
In the opensips.cfg the lines that allow authentication of these messages are in the main route:

if (!(method=="REGISTER") && from_uri==myself)
               {
               if (!proxy_authorize("", "subscriber")) {
                       proxy_challenge("", "0");
                       exit;
               }
               if (!check_from()) {
                      sl_send_reply("403","Forbidden auth ID");
                      exit;
               }

               consume_credentials();
                # caller authenticated
               }

Obviously the control "from_uri==myself" does not work for INVITE that have the from URI with the port number.
I tried to use the uac_replace_from(uri) function of the uac module to change the uri of the From by removing the port:

if(is_method("INVITE") && $(fu{s.select,2,:})!="") {
           $avp(s:fromURI)="sip:"+$(fu{s.select,1,:});
           uac_replace_from("$avp(s:fromURI)");
}

if (!(method=="REGISTER") && from_uri==myself) {
**
**
**

But in this way only the from uri of the INVITE ranging from proxy to an end-system have changed the uri while those departing from softphone remain unchanged.
Is a limitation of the uac module or I make a configuration error?

I also tried to make the comparison between the avp variable created and myself, but I get the error syslog:

CRITICAL:core:comp_scriptvar: invalid operation 20/11
opensips-lab /usr/local/sbin/opensips[2655]: WARNING:core:do_action: error in expression (l=296)

I tried to replace == with =~ but I get a syntax error.
"myself" allow to make the comparison with a string or is there a way to make this comparison?

Thank you in advance.

Marzuola Matteo.


----------------------------------------------------------------------------
Vuoi essere presente online?
Vuoi dare voce alla tua attivita`?
Acquista un dominio su domini.interfree.it.
A partire da 18,59 euro
----------------------------------------------------------------------------


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Authentication problem with softphone X-Lite

Iñaki Baz Castillo
2008/12/11  <[hidden email]>:
>
> I want that all INVITE created by a local subscriber should be authenticated by my proxy.
> I have installed more softphones in the same machine and the port number is automatically assigned (5060/5061/5062).
> Sniffing the traffic I have realized that only some INVITE are authenticated.
> By analyzing the headers of the INVITE not authenticated, I have noticed that the softphone X-Lite inserts in the From the number of port in addition to URI (sip:[hidden email]:port).

This shouldn't occur at all. The From URI never depends on the local
port of the phone. You should fix it instead of changing your OpenSIPS
script.
How are you configuring your phone?

--
Iñaki Baz Castillo
<[hidden email]>
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Authentication problem with softphone X-Lite

mmarzuola
In reply to this post by mmarzuola


I know that the port should not be present in the from uri because this information is not used by anyone.
The configuration of the softphone X-Lite is the following:

SIP PROXY-->[Default]:mysip.com--> Enabled: yes
                                   Display Name: X-Lite User
                                   User: 1001
                                   Authorization User: 1001
                                   Password: ****
                                   Domain/Realm: mysip.com
                                   Sip Proxy: 10.10.45.146
                                   Out Bound Proxy:
                                   Use Out Bound Proxy: Default
                                   Send Internal Ip: Default
                                   Register: Default

Thanks.

Marzuola Matteo


----------------------------------------------------------------------------
Vuoi essere presente online?
Vuoi dare voce alla tua attivita`?
Acquista un dominio su domini.interfree.it.
A partire da 18,59 euro
----------------------------------------------------------------------------


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Authentication problem with softphone X-Lite

mmarzuola
In reply to this post by mmarzuola

If the port 5060 is assigned to the X-Lite softphone the from uri is correct while if the port number is different from 5060 the uri becomes: sip:[hidden email]:5061
Softphones and proxy are in the same domain.
 
Marzuola Matteo



----------------------------------------------------------------------------
Vuoi essere presente online?
Vuoi dare voce alla tua attivita`?
Acquista un dominio su domini.interfree.it.
A partire da 18,59 euro
----------------------------------------------------------------------------


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Authentication problem with softphone X-Lite

Iñaki Baz Castillo
2008/12/11  <[hidden email]>:
>
> If the port 5060 is assigned to the X-Lite softphone the from uri is correct while if the port number is different from 5060 the uri becomes: sip:[hidden email]:5061
> Softphones and proxy are in the same domain.

Ok, very estrange anyway.

I'm not sure about if "myself" also matches the port, I 'd say that it
doesn't do it, but if you say...

Instead of:
  if ( from_uri==myself )

Use:
  if ( $rd == DOMAIN )

Of course, this is just valid if you have just few domains:
  if ( $rd == DOMAIN_1 || $rd == DOMAIN_2 )

If not, you can use "domain" module that uses a DB table to store all
the domains and provide simple functions to match the RURI or From
domain against existing domains in the table.


--
Iñaki Baz Castillo
<[hidden email]>
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Authentication problem with softphone X-Lite

mmarzuola
In reply to this post by mmarzuola

Hi.
I have solved using the function is_uri_host_local () of the domain module.

Thanks.

Marzuola Matteo

>
> If the port 5060 is assigned to the X-Lite softphone the from uri >is correct while if the port number is different from 5060 the uri >becomes: sip:[hidden email]:5061
> Softphones and proxy are in the same domain.

>Ok, very estrange anyway.

>I'm not sure about if "myself" also matches the port, I 'd say that
>it doesn't do it, but if you say...

>Instead of:
> if ( from_uri==myself )

>Use:
>if ( $rd == DOMAIN )

>Of course, this is just valid if you have just few domains:
>if ( $rd == DOMAIN_1 || $rd == DOMAIN_2 )

>If not, you can use "domain" module that uses a DB table to store >all
>the domains and provide simple functions to match the RURI or From
>domain against existing domains in the table.


--
Iaki Baz Castillo

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



----------------------------------------------------------------------------
Vuoi essere presente online?
Vuoi dare voce alla tua attivita`?
Acquista un dominio su domini.interfree.it.
A partire da 18,59 euro
----------------------------------------------------------------------------


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users