VoIP Mailing List Archives

[ChristianDamianidis at...]

Trying to achieve dynamic binding of user directory. In short: It’s not doing the authorization properly. I can use curl in the command line and it works perfectly, specifying BASIC auth.. however with the freeswitch module it returns HTTP 401.

So I’ve taken a close look at the network packets being sent and there are some issues.

This is between the <bindings></bindings> tags in my xml_curl.conf.xml (1.2.3.4 represents my webserver’s IP)

<binding name="users">
<param name="gateway-url" value="http://1.2.3.4:2000/users.aspx" bindings="directory"/>
<param name="gateway-credentials" value="username:password"/>
</binding>

When I run “curl –basic –u username http://1.2.3.4:2000/users.aspx” it asks me for a password and returns the correct thing. I use tshark to monitor, and it sends a GET request, with the correct authorization credentials in the header. I receive an HTTP 200 OK packet and the xml follows.

When I startup freeswitch, I guess the xml curl module gets to run, and it makes the request. However this time it’s a POST, and oddly DOES NOT include the Authorization: Basic <encodedstring> line in the packet. I get back two HTTP 401 Unauthorized responses, and then freeswitch sends out another POST, this time includes the authorization line, and I get back an OK with the xml.
My user directory is updated and we’re all good.

The inconsistent POST request sent by the module causes freeswitch to hang for 1-2 minutes during start-up.

Has anyone else had this issue? Is this a bug or intended functionality (ping the server before making a real request?). I’d love to sort this out, otherwise getting an updated directory isn’t real-time, thus defeating the purpose.
Thanks,

Christian

[brian at freeswitch.org]

Are you using something other than apache?

/b

On Oct 5, 2009, at 1:25 PM, Christian Damianidis wrote:

[ChristianDamianidis at...]

This web request goes to a server running IIS on Windows Server 2003.

From: Brian West [mailto:brian@freeswitch.org]
Sent: Monday, October 05, 2009 5:43 PM
To: freeswitch-users@lists.freeswitch.org
Subject: Re: [Freeswitch-users] mod_xml_curl http POST is inconsistent/bug



Are you using something other than apache?


/b


On Oct 5, 2009, at 1:25 PM, Christian Damianidis wrote:






The inconsistent POST request sent by the module causes freeswitch to hang for 1-2 minutes during start-up.

[anthony.minessale at g...]

My guess is that we configure the curl to support the full range of http auth methods.
Some of them like Digest require a challenge and realm etc so it's probably asking without auth header because it cannot create one until it gets that data.  In the case of Basic you can send the login and pass right away but it does not know in advance that it will be basic.

Here is a snippet from the libcurl api docs:
-------------------------------------------------------------------------------------------------------------------------------------------------------------

Both these options allow you to set multiple types (by ORing them together), to make libcurl pick the most secure one out of the types the server/proxy claims to support. This method does however add a round-trip since libcurl must first ask the server what it supports:
 curl_easy_setopt(easyhandle, CURLOPT_HTTPAUTH,  CURLAUTH_DIGEST|CURLAUTH_BASIC); -------------------------------------------------------------------------------------------------------------------------------------------------------------

So my guess is that if we set it to only support basic, then it would work how you expect so if you want to test it for me I can make it into a parameter.

edit: /usr/src/freeswitch.trunk/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c line 220
change

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

to

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);


If this works i'll think about exposing the auth methods so you can choose them in the config.


On Tue, Oct 6, 2009 at 9:39 AM, Christian Damianidis <ChristianDamianidis@globalive.com (ChristianDamianidis@globalive.com)> wrote:

[ChristianDamianidis at...]

I’ve tested this and making the change from ANY to BASIC worked. Thanks for the help.
It no longer sends the initial post without auth.
From: Anthony Minessale [mailto:anthony.minessale@gmail.com]
Sent: Tuesday, October 06, 2009 11:02 AM
To: freeswitch-users@lists.freeswitch.org
Subject: Re: [Freeswitch-users] mod_xml_curl http POST is inconsistent/bug


My guess is that we configure the curl to support the full range of http auth methods.
Some of them like Digest require a challenge and realm etc so it's probably asking without auth header because it cannot create one until it gets that data. In the case of Basic you can send the login and pass right away but it does not know in advance that it will be basic.

Here is a snippet from the libcurl api docs:
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Both these options allow you to set multiple types (by ORing them together), to make libcurl pick the most secure one out of the types the server/proxy claims to support. This method does however add a round-trip since libcurl must first ask the server what it supports:
curl_easy_setopt(easyhandle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST|CURLAUTH_BASIC);
-------------------------------------------------------------------------------------------------------------------------------------------------------------

So my guess is that if we set it to only support basic, then it would work how you expect so if you want to test it for me I can make it into a parameter.

edit: /usr/src/freeswitch.trunk/src/mod/xml_int/mod_xml_curl/mod_xml_curl.c line 220
change

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

to

curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);


If this works i'll think about exposing the auth methods so you can choose them in the config.


On Tue, Oct 6, 2009 at 9:39 AM, Christian Damianidis <ChristianDamianidis@globalive.com (ChristianDamianidis@globalive.com)> wrote:
This web request goes to a server running IIS on Windows Server 2003.

From: Brian West [mailto:brian@freeswitch.org (brian@freeswitch.org)]
Sent: Monday, October 05, 2009 5:43 PM
To: freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)
Subject: Re: [Freeswitch-users] mod_xml_curl http POST is inconsistent/bug



Are you using something other than apache?


/b


On Oct 5, 2009, at 1:25 PM, Christian Damianidis wrote:




The inconsistent POST request sent by the module causes freeswitch to hang for 1-2 minutes during start-up.









_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



--
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale@hotmail.com ([email]MSN%3Aanthony_minessale@hotmail.com[/email])
GTALK/JABBER/PAYPAL:anthony.minessale@gmail.com ([email]PAYPAL%3Aanthony.minessale@gmail.com[/email])
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888@conference.freeswitch.org ([email]sip%3A888@conference.freeswitch.org[/email])
iax:guest@conference.freeswitch.org/888
googletalk:conf+888@conference.freeswitch.org ([email]googletalk%3Aconf%2B888@conference.freeswitch.org[/email])
pstn:213-799-1400

[mike at jerris.com]

Could you open a bug on jira.freeswitch.org as a feature request to make this a configurable param. (patches that do it even better)

Mike

On Oct 6, 2009, at 12:55 PM, Christian Damianidis wrote: