1 Dec
2004
1 Dec
'04
3:16 p.m.
Bruno Lopes F. Cabral wrote:
If users have to proxy_authenticate() when calling, there's no problem
with accounting.
Explicitely blocked users can be handled with groups, so you can differ
between incoming-blocked and outgoing-blocked, e.a.:
# proxy_authenticate() here, then:
if(method == "INVITE")
{
if(!check_from())
{
# spoofed From-URI, send 403 here
break;
}
if(is_user_in("credentials", "outblocked"))
{
# outgoing call attempt of blocked user, deflect to announcement
# or send 403 here
break;
}
if(does_uri_exist() && is_user_in("Request-URI",
"inblocked"))
{
# incoming call to local blocked user, see above
break;
}
}
and use serctl for blocking users: "serctl acl grant <user> outblocked"
So still no need to register.
But why do you
want to force users to register?
perhaps because all calls must be payed, or to prevent non-registered
(i.e. blocked) users to place calls to outside... but it would also prevent outside calls to registered
(local) users to be placed, am I right?
Only if the caller can't proxy_authenticate(). If there are for example
PSTN gateways which don't authenticate, you've to create some kind of
"trusted network", e.a.:
if(method == "INVITE")
{
if(!(src_ip==gw1.your.domain || src_ip==gw2.your.domain))
{
if(!proxy_authenticate(...))
{
# untrusted caller failed to authenticate
proxy_challenge(...);
break;
}
}
else
{
# trusted sources don't have to authenticate
}
}
Hope this helps,
Andy