example kamailio config with cgrates and AUTH done in MySQL?
815 views
Skip to first unread message
Peter Villeneuve
Nov 30, 2015, 12:16:35 PM11/30/15
to CGRateS
Hi again,
I'm trying to adapt the kamailio tutorial files to work with a scenario where the users are not hardcoded in the config but instead they are looked up using the more traditional kamailio approach with MySQL.
Before I spend an afternoon hacking away at the code, I was wondering if anyone already has a basic kamailio.cfg with cgrates integration and authentication in MySQL instead of htable?
Much appreciated if someone could share their kamailio.cfg,
Peter
DanB
Nov 30, 2015, 12:43:37 PM11/30/15
to cgr...@googlegroups.com
Hi Peter,
We use for example redis to retrieve auth data and place it in avps. Once it is there it will be the same thing as using the evapi tutorial.
This is a sample of auth done with data out of redis:
"""
if strempty($avp(s:authType)) {
if !strempty($au) { #Check pwd auth
if ( !redis_cmd("srv1", "HMGET sipendpoint:$td:$au SipPassword Disabled", "ep") ) {
xlog("WARNING: REDIS querying on endpoint auth pwd failed!");
sl_send_reply("503","Storage error");
exit;
} else if ( $redis(ep=>size)==0 ) { #Query returned empty result, there should be no record found
sl_send_reply("403","Invalid credentials");
exit;
} else if ( !strempty($redis(ep=>value[1])) ) {
sl_send_reply("403","Disabled endpoint");
exit;
} else if strempty($redis(ep=>value[0])) {
sl_send_reply("403","Invalid credentials");
exit;
}
}
if (is_method("REGISTER")) {
if ( strempty($au) || !pv_www_authenticate("$td", "$redis(ep=>value[0])", "0") ) {
www_challenge("$td", "0");
exit;
}
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
} else { # All other methods here
if ( strempty($au) || !pv_proxy_authenticate("$td", "$redis(ep=>value[0])", "0") ) {
proxy_challenge("$td", "0");
exit;
}
if (is_method("PUBLISH")) {
if ($au!=$fU || $au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
if ($au!=$rU) {
sl_send_reply("403","Forbidden R-URI");
exit;
}
if ($fd!=$rd) {
sl_send_reply("403","Forbidden R-URI domain");
exit;
}
#} else {
# if ($au!=$fU) {
# sl_send_reply("403","Forbidden auth ID");
# exit;
# }
}
}
$avp(s:authEndpoint) = $au;
consume_credentials();
}
"""
Hope this helps.
DanB
We use for example redis to retrieve auth data and place it in avps. Once it is there it will be the same thing as using the evapi tutorial.
This is a sample of auth done with data out of redis:
"""
if strempty($avp(s:authType)) {
if !strempty($au) { #Check pwd auth
if ( !redis_cmd("srv1", "HMGET sipendpoint:$td:$au SipPassword Disabled", "ep") ) {
xlog("WARNING: REDIS querying on endpoint auth pwd failed!");
sl_send_reply("503","Storage error");
exit;
} else if ( $redis(ep=>size)==0 ) { #Query returned empty result, there should be no record found
sl_send_reply("403","Invalid credentials");
exit;
} else if ( !strempty($redis(ep=>value[1])) ) {
sl_send_reply("403","Disabled endpoint");
exit;
} else if strempty($redis(ep=>value[0])) {
sl_send_reply("403","Invalid credentials");
exit;
}
}
if (is_method("REGISTER")) {
if ( strempty($au) || !pv_www_authenticate("$td", "$redis(ep=>value[0])", "0") ) {
www_challenge("$td", "0");
exit;
}
if ($au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
} else { # All other methods here
if ( strempty($au) || !pv_proxy_authenticate("$td", "$redis(ep=>value[0])", "0") ) {
proxy_challenge("$td", "0");
exit;
}
if (is_method("PUBLISH")) {
if ($au!=$fU || $au!=$tU) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
if ($au!=$rU) {
sl_send_reply("403","Forbidden R-URI");
exit;
}
if ($fd!=$rd) {
sl_send_reply("403","Forbidden R-URI domain");
exit;
}
#} else {
# if ($au!=$fU) {
# sl_send_reply("403","Forbidden auth ID");
# exit;
# }
}
}
$avp(s:authEndpoint) = $au;
consume_credentials();
}
"""
Hope this helps.
DanB
--
You received this message because you are subscribed to the Google Groups "CGRateS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cgrates+u...@googlegroups.com.
To post to this group, send email to cgr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cgrates/956577d6-e441-45da-8fb5-d9feae462b43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Peter Villeneuve
Nov 30, 2015, 1:04:34 PM11/30/15
to CGRateS
Hi Dan,
Much appreciated! I usually use MySQL since it integrates well with kamailio and siremis, but I'll take a look at redis.
Cheers,
Peter
malvern chamisa
Aug 15, 2017, 4:23:20 AM8/15/17
to CGRateS, pete...@gmail.com
Hie need to have the same setup as Peter.Did it work?
Malvern
Malvern
DanB
Aug 15, 2017, 7:11:51 AM8/15/17
to cgr...@googlegroups.com
Hi Malvern,
It should work from our point of view.
DanB
> msgid/cgrates/d1595fb4-f508-46d6-b474-53e9248e0e56%40googlegroups.com
> .
It should work from our point of view.
DanB
> .
malvern chamisa
Aug 16, 2017, 4:41:43 AM8/16/17
to CGRateS
Hie DanB
Maybe my question was not clear. kamailio has users registered in mysql but we want to configure it to communicate with cgrates. eg user 1001 registered in kamailio mysql how does it communicate with cgrates.
OR
how do we consume users from mysql db or any any other db not in htable as shown in tutorial.
if possible sample config file would help
Maybe my question was not clear. kamailio has users registered in mysql but we want to configure it to communicate with cgrates. eg user 1001 registered in kamailio mysql how does it communicate with cgrates.
OR
how do we consume users from mysql db or any any other db not in htable as shown in tutorial.
if possible sample config file would help
DanB
Aug 16, 2017, 6:38:53 AM8/16/17
to cgr...@googlegroups.com
Hi Malvern,
You need to understand the concepts of the CGRateS first I guess.
CGRateS is for you like a "database". The user data is retrieved via
queries, so you need to create the same users which you have in
Kamailio also on CGRateS side. If you want to unify them, you could do
it via CGR-UserS module.
Coming back to original topic, CGRateS does not have anything to do
with what you configure in your kamailio authorization table. You do
the kamailio authorization normally, once you want to ask CGRateS about
it's authorization, simply add queries to CGRateS (done via evapi) in
your kamailio.cfg. You should have samples for that in the tutorial we
have exemplified for Kamailio integration. Here it is worth to mention
that the users you have in CGRateS does not really need to match 1-1
with what you have in Kamailio (although it is also OK to do so), since
all CGRateS receives are strings which you send from kamailio script.
Hope it helps.
DanB
> msgid/cgrates/cd5998f3-6a89-4b0a-a323-140b59ef8112%40googlegroups.com
You need to understand the concepts of the CGRateS first I guess.
CGRateS is for you like a "database". The user data is retrieved via
queries, so you need to create the same users which you have in
Kamailio also on CGRateS side. If you want to unify them, you could do
it via CGR-UserS module.
Coming back to original topic, CGRateS does not have anything to do
with what you configure in your kamailio authorization table. You do
the kamailio authorization normally, once you want to ask CGRateS about
it's authorization, simply add queries to CGRateS (done via evapi) in
your kamailio.cfg. You should have samples for that in the tutorial we
have exemplified for Kamailio integration. Here it is worth to mention
that the users you have in CGRateS does not really need to match 1-1
with what you have in Kamailio (although it is also OK to do so), since
all CGRateS receives are strings which you send from kamailio script.
Hope it helps.
DanB
Reply all
Reply to author
Forward
0 new messages