How can I check if caller user has valid credentials on my sip server?
I have to use www_authorize on INVITE message or in route to pstn segment ?
All calls on my server must be payed, so I have to check if the caller
is valid on my realm, if I setup my ata186 to not do SIPregon and use
a inexistent user, I can make a call.
On Wed, 01 Dec 2004 15:16:03 +0100, Andreas Granig <a.granig(a)inode.at> wrote:
Bruno Lopes F. Cabral wrote:
But why
do you want to force users to register?
perhaps because all calls must be payed, or to prevent non-registered
(i.e. blocked) users to place calls to outside...
If users have to proxy_authenticate() when calling, there's no problem
with accounting.
Explicitely blocked users can be handled with groups, so you can differ
between incoming-blocked and outgoing-blocked, e.a.:
# proxy_authenticate() here, then:
if(method == "INVITE")
{
if(!check_from())
{
# spoofed From-URI, send 403 here
break;
}
if(is_user_in("credentials", "outblocked"))
{
# outgoing call attempt of blocked user, deflect to announcement
# or send 403 here
break;
}
if(does_uri_exist() && is_user_in("Request-URI",
"inblocked"))
{
# incoming call to local blocked user, see above
break;
}
}
and use serctl for blocking users: "serctl acl grant <user> outblocked"
So still no need to register.
but it would also prevent outside calls to
registered
(local) users to be placed, am I right?
Only if the caller can't proxy_authenticate(). If there are for example
PSTN gateways which don't authenticate, you've to create some kind of
"trusted network", e.a.:
if(method == "INVITE")
{
if(!(src_ip==gw1.your.domain || src_ip==gw2.your.domain))
{
if(!proxy_authenticate(...))
{
# untrusted caller failed to authenticate
proxy_challenge(...);
break;
}
}
else
{
# trusted sources don't have to authenticate
}
}
Hope this helps,
Andy
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers