How can I check if caller user has valid credentials on my sip server?
I have to use www_authorize on INVITE message or in route to pstn segment ?
All calls on my server must be payed, so I have to check if the caller is valid on my realm, if I setup my ata186 to not do SIPregon and use a inexistent user, I can make a call.
On Wed, 01 Dec 2004 15:16:03 +0100, Andreas Granig a.granig@inode.at wrote:
Bruno Lopes F. Cabral wrote:
But why do you want to force users to register?
perhaps because all calls must be payed, or to prevent non-registered (i.e. blocked) users to place calls to outside...
If users have to proxy_authenticate() when calling, there's no problem with accounting.
Explicitely blocked users can be handled with groups, so you can differ between incoming-blocked and outgoing-blocked, e.a.:
# proxy_authenticate() here, then:
if(method == "INVITE") { if(!check_from()) { # spoofed From-URI, send 403 here break; }
if(is_user_in("credentials", "outblocked")) { # outgoing call attempt of blocked user, deflect to announcement # or send 403 here break; } if(does_uri_exist() && is_user_in("Request-URI", "inblocked")) { # incoming call to local blocked user, see above break; }}
and use serctl for blocking users: "serctl acl grant <user> outblocked"
So still no need to register.
but it would also prevent outside calls to registered (local) users to be placed, am I right?
Only if the caller can't proxy_authenticate(). If there are for example PSTN gateways which don't authenticate, you've to create some kind of "trusted network", e.a.:
if(method == "INVITE") { if(!(src_ip==gw1.your.domain || src_ip==gw2.your.domain)) { if(!proxy_authenticate(...)) { # untrusted caller failed to authenticate proxy_challenge(...); break; } } else { # trusted sources don't have to authenticate } }
Hope this helps, Andy
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers