Summary:ASTERISK-10872: [patch] serving multiple Realms with one Asterisk
Reporter:Dmytro Mishchenko (arkadia)Labels:
Date Opened:2007-11-23 16:05:50.000-0600Date Closed:2009-09-24 09:34:40
Versions:Frequency of
Environment:Attachments:( 0) sip_realm_mnich_to_added_2.patch
( 1) sip_realm_mnick_to_added.patch
( 2) sip_realm_rminpvt.patch
( 3) sip_realm_wsopt.patch
( 4) sip_realm.patch
( 5) sip-domainsasrealm-mnicholson1.diff
Description:When the call comes to Asterisk it responds with authorization request
using specified realm (realm in config, global_realm in code).

OpenSER for this case has possibility to auto generate realm based on
"From" header:

if (!proxy_authorize("", "subscriber)) {
       proxy_challenge("", "1");  # Realm will be autogenerated

proxy_authorize(realm, table)
   * realm - Realm is a opaque string that the user agent
      should present to the user so he can decide what username
      and password to use. Usually this is domain of the host
      the server is running on.
      If an empty string "" is used then the server will
      generate it from the request. From header field domain
      will be used as realm.
      The string may contain pseudo variables.

This patch provides the same possibility for Asterisk. It is not user/peer based.


domain=... list was used for simplicity for not to introduce another realm list. In general they should work well together.

I'm thinking about adding another config option which will activate usage of domain list as a realm list for those who are using domains but want to live with default realm only.
Comments:By: Olle Johansson (oej) 2007-11-24 03:11:08.000-0600

You need to have a configuration option to enable this behaviour, as I said earlier :-)

By: Dmytro Mishchenko (arkadia) 2007-11-26 03:06:18.000-0600

sip_realm_wsopt.patch - added possibility to enable this feature as requested

By: Olle Johansson (oej) 2007-11-27 08:52:45.000-0600

The name of the global variable has to start with global_ like the rest of the globals.

the getdomain function seems to do a bit too much before it finds the @ sign - any reason?

I think the realm should be saved in the PVT so we don't have to do this many times during a dialog.

By: Dmytro Mishchenko (arkadia) 2007-11-28 11:26:50.000-0600

sip_realm_rminpvt.patch - new update according your advises
- option renamed to start with global_
- store realm in pvt. I'm using already existing realm field. It seems it doesn't interact with its current usage.

About get_domain. What exactly do you think is not required?
before "@": port should be stripped, params probably too. "sip:" too.

It'll be great is somebody with experience of SIP header parsing wrote or specified some generic functions which will allow to extract parts from SIP header. Some combination of get_in_brackets + parse_uri. Course the code like I'm adding in get_domain() is all over the SIP channel with minor modifications.

By: Leif Madsen (lmadsen) 2008-10-07 13:07:56

This has been sitting here for quite some time. Can we get an update on this?

By: Dmytro Mishchenko (arkadia) 2008-10-08 02:36:23

I'll be able to update patches to match Asterisk trunk if there is a plan to accept it into the main tree.

By: Leif Madsen (lmadsen) 2008-10-08 07:39:22

I'm changing this to assigned in the hopes someone will look at this, comment on any changes necessary, perform a code review, and let us know whether this will get merged into trunk. If it will, then the developer will update it. Thanks!

By: Leif Madsen (lmadsen) 2009-06-16 14:00:12

Setting this status back to new.

arkadia:  do you still have interest in updating this to trunk so we can move this forward? I will continue monitoring this issue to try and get this to a resolution (whatever that resolution may be :))


By: Dmytro Mishchenko (arkadia) 2009-06-17 02:12:25

No problem to update it in case Olle has plans to accept it in the main tree.
Please let me know.
We are successfully using this patch in production several years already.

By: Olle Johansson (oej) 2009-06-17 04:20:27

Are my latest comments handled in the latest patch? If not, please update the patch and I'll review again.

By: Dmytro Mishchenko (arkadia) 2009-06-17 05:10:02

Yes, in sip_realm_rminpvt.patch.

Also see my note
arkadia (reporter) 2007-11-28 11:26

By: Leif Madsen (lmadsen) 2009-06-22 08:48:57

Changed to 'Ready for Review' as this appears to be working for the reporter; just need someone to review it and determine if this is ready to be merged.

By: Matthew Nicholson (mnicholson) 2009-07-31 15:59:28

Please test the updated patch I just created against SVN trunk.  If it works correctly for you, I will go ahead and commit it.

By: Dmytro Mishchenko (arkadia) 2009-08-04 06:15:43

Ok. I let you know

By: Dmytro Mishchenko (arkadia) 2009-08-06 12:23:17

I've tested your patch for the trunk and it works fine.
I've modified it a little bit:

1. Comment for DEFAULT_DOMAINSASREALM clarified.

2. If realm wasn't found in From field we try to extract it from 'To' field.
This addition was added some time ago to my production servers course some clients user their our domain in from field. E.g. Linphone.
And in this case proper real is stored in 'To'.

Tested patch uploaded

By: Leif Madsen (lmadsen) 2009-08-07 08:44:22

Marked ready for review now that we have a tester with positive results. Thanks!

By: Matthew Nicholson (mnicholson) 2009-08-11 09:57:55

I the get_realm function, the following changes should be made.

  1. Only one of the the fromdomain and todomain variables are needed (it could just be called 'domain').

  2. ast_string_field_set(p, realm, ...) can be called from where 'r' is set and followed by 'return', thus r and rset are not needed.

  3. The return at the end of the function is not necessary.

By: Dmytro Mishchenko (arkadia) 2009-08-12 09:47:50

Fixed according your notes

By: Digium Subversion (svnbot) 2009-08-12 17:18:34

Repository: asterisk
Revision: 211947

U   trunk/channels/chan_sip.c
U   trunk/configs/sip.conf.sample

r211947 | mnicholson | 2009-08-12 17:18:34 -0500 (Wed, 12 Aug 2009) | 8 lines

This patch adds support for choosing a realm based on the domain in the From or To header in the incoming request.  Eligible domains are taken from the domains list in the config file.  This functionality is enabled when domainsasrealm is enabled in the config file.

(closes issue ASTERISK-10872)
Reported by: arkadia
     sip_realm_mnich_to_added_2.patch uploaded by arkadia (license 233)
Tested by: arkadia