H i,

Thanks for your answer.
I see in my logs that both %$registered_host  and %si are same but
if (!avp_equals_xl("$registered_host", "%si"))

fails !

I also tried :
if (!avp_equals_xl("%$registered_host", "%si"))

But it also failed.

Any idea why ?

Could it be that they are different types of variables ? IP address and text ?

Thanks,
ilker

-----Original Message-----
From: Miklos Tirpak [mailto:miklos@iptel.org <mailto:miklos@iptel.org> ]
Sent: Wednesday, July 12, 2006 6:45 PM
To: İlker Aktuna (Koç.net)
Cc: serusers@iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing

İlker Aktuna (Koç.net) wrote:
>
>
>
> Thanks,
>
> That configuration is accepted but now my "registered" client is
> denied at both following lines:
>
> if (!lookup_user("From")) {

check if the From HF is the same in the INVITE as the To HF in the REGISTER, and check the uri table in your database

> if ((!avp_equals_xl("$registered_host", "%si") ||
> !avp_equals_xl("$registered_port", "%sp"))) {
>
> How can I print $registered_host to log ?

xlog("L_ERR", "registered_host = %$registered_host \n");

> I can print %si with xlog().

I guess
xlog("L_ERR", "src ip = %si \n");

Miklos

>
> Thanks,
> ilker
>
>
> -----Original Message-----
> From: Miklos Tirpak [mailto:miklos@iptel.org <mailto:miklos@iptel.org> ]
> Sent: Wednesday, July 12, 2006 4:01 PM
> To: İlker Aktuna (Koç.net)
> Cc: serusers@iptel.org
> Subject: Re: [Serusers] prevent INVITE without REGISTERing
>
> İlker Aktuna (Koç.net) wrote:
>  >
>  >
>  > Thanks Miklos,
>  >
>  > I think this is just what I'm looking for.
>  > But I get some errors for this line:
>  > if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
>
> You can access src_ip and src_port via xl_lib:
>
> $registered_host = @ruri.host;
> $registered_port = @ruri.port;
>
> if ((!avp_equals_xl("$registered_host", "%si"))
> || (!avp_equals_xl("$registered_port", "%sp"))) {
> ...
>
> Miklos
>
>  >
>  >  0(30074) parse error (175,16-17): syntax error  >  0(30074) parse
> error (175,16-17): ip address or hostname expected  >  0(30074) parse
> error (175,16-17): bad command  >  0(30074) parse error (175,21-22):
> bad command  >  0(30074) parse error (175,21-22): bad command  >
> 0(30074) parse error (175,26-27): bad command  >  0(30074) parse error
> (175,26-27): bad command  >  0(30074) parse error (175,28-30): bad
> command  >  0(30074) parse error (175,31-32): bad command  >  0(30074)
> parse error (175,32-40): bad command  >  0(30074) parse error
> (175,41-43): bad command  >  0(30074) parse error (175,44-45): bad
> command  >  0(30074) parse error (175,49-50): bad command  >  0(30074)
> parse error (175,49-50): bad command  >  0(30074) parse error
> (175,54-55): bad command  >  0(30074) parse error (175,54-55): bad
> command  >  0(30074) parse error (175,55-56): bad command  >  0(30074)
> parse error (175,57-58): bad command  >  > Any idea why ?
>  >
>  > Thanks,
>  > ilker
>  >
>  > -----Original Message-----
>  > From: Miklos Tirpak [mailto:miklos@iptel.org <mailto:miklos@iptel.org> ]  > Sent: Wednesday,
> July 12, 2006 11:58 AM  > To: İlker Aktuna (Koç.net)  > Cc:
> serusers@iptel.org  > Subject: Re: [Serusers] prevent INVITE without
> REGISTERing  >  > Hi Ilker,  >  > just my first idea, not tested:
>  >
>  >
>  > 1. lookup the From HF
>  >
>  > if (!lookup_user("From")) {
>  >         # reject the INVITE
>  >         ...
>  > }
>  >
>  > 2. save original To UID and Request URI  >  > $orig_to_uid =
> $tu.uid;  > $orig_req_uri = @ruri;  >  > 3. set To UID -- registrar
> module will use this in the lookup  >  > $tu.uid = $fu.uid;  >  > 4.
> lookup >From HF and compare the source address of the INVITE with  >
> the source address of the REGISTER message  >  > if
> (lookup("location")) {
>  >         if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
>  >                 # reject the INVITE
>  >                 ...
>  >         }
>  >         # restore original To UID and Request URI
>  >         $tu.uid = $orig_to_uid;
>  >         attr2uri("$orig_req_uri");
>  > } else {
>  >         # reject the INVITE
>  >         ...
>  > }
>  >
>  > Note, that the above solution is a bit ugly, you can get into
> troubles  > when the user registers multiple contact addresses. It is
> better to  > disable branches (see append_branches parameter in
> registrar module),  > but you loose some functionality.
>  >
>  > Regards,
>  > Miklos
>  >
>  > İlker Aktuna (Koç.net) wrote:
>  >  >
>  >  > Hi everyone,
>  >  >
>  >  > I am still trying to find a solution to this problem. (but
> couldn't  > > find  > yet)  > Victor was trying to help me but I think
> he's not  > able to reply these days.
>  >  >
>  >  > Is there any idea to achieve what I need.
>  >  >
>  >  > Thanks,
>  >  > ilker
>  >  >
>  >  >
>  >
> ----------------------------------------------------------------------
>  >  > --
>  >  > *From:* serusers-bounces@lists.iptel.org  >  >
> [mailto:serusers-bounces@lists.iptel.org <mailto:serusers-bounces@lists.iptel.org> ] *On Behalf Of *İlker Aktuna
> > > (Koç.net)  > *Sent:* Tuesday, July 11, 2006 1:41 PM  > *To:*
> Victor  > Stanescu  > *Cc:* serusers@iptel.org  > *Subject:* RE:
> [Serusers]  > prevent INVITE without REGISTERing  >  > Hi,  >  > What
> if my proxy  > does not handle authenticating INVITE messages ?
>  >  >
>  >  > In that case I think the best way is to lookup location table
> for  > the  > source URI.
>  >  > If the source URI location matches the location in that table
> then  > we  > must permit INVITE message.
>  >  > How can I configure this ?
>  >  >
>  >  > Thanks,
>  >  > ilker
>  >  >
>  >  > -----Original Message-----
>  >  > From: serusers-bounces@lists.iptel.org  >  >
> [mailto:serusers-bounces@lists.iptel.org <mailto:serusers-bounces@lists.iptel.org> ] On Behalf Of Victor Stanescu
> > > Sent: Monday, July 10, 2006 1:49 PM  > Cc: serusers@iptel.org  >
> > Subject: Re: [Serusers] prevent INVITE without REGISTERing  >  >  >
> Please read "domain" instead of "gtstelecom.ro":
>  >  > www_authorize("domain",
>  >  > "subscriber") and proxy_authorize("domain", "subscriber"),  >
> otherwise  > the code fragment will not be correct. I forgot to  >
> replace with a generic name.
>  >  >
>  >  > Victor Stanescu wrote:
>  >  >  > I think it is easier to force him to authenticate the INVITE.
> If  > he  > is  > able to authenticate the INVITE, why do you care if
> he is  > > registered  > or not?
>  >  >  >
>  >  >  > if (method=="REGISTER") {
>  >  >  >     if(!src_ip=="other") {
>  >  >  >         if (!www_authorize("gtstelecom.ro", "subscriber")) {
>  >  >  >             www_challenge("domain", "0");
>  >  >  >             break;
>  >  >  >         };
>  >  >  >         save("location");
>  >  >  >         log("Replicating REGISTER\n");
>  >  >  >         t_replicate("other", "5060");
>  >  >  >     } else {
>  >  >  >         save("location");
>  >  >  >     };
>  >  >  >     break;
>  >  >  > } else {
>  >  >  >     # this is an INVITE
>  >  >  >     if (!proxy_authorize("gtstelecom.ro", "subscriber")) {
>  >  >  >         proxy_challenge("domain", "1");
>  >  >  >         break;
>  >  >  >     };
>  >  >  >     # route the call
>  >  >  >     ...
>  >  >  > };
>  >  >  >
>  >  >  > İlker Aktuna (Koç.net) wrote:
>  >  >  >>
>  >  >  >> Hi all,
>  >  >  >>
>  >  >  >> Is it possible to prevent any user calling without registering ?
>  >  > What  >> is the best way to do this ?
>  >  >  >> I guess I'll have to check if the source URI exists in
> location  > table.
>  >  >  >> What is the easiest way to do this ?
>  >  >  >>
>  >  >  >> If there is a more robust way to do it, please suggest...
>  >  >  >>
>  >  >  >> Thanks,
>  >  >  >> ilker
>  >  >  >>
>  >  >  >>
>  >  >
>  >  >
>  >  >