Re: [SR-Users] Session authorization just before initiate it

5 Jul 2011

On 07/04/2011 01:55 PM, Klaus Darilion wrote:
...

 Am 04.07.2011 12:38, schrieb Roberto Fichera:
  On 07/01/2011 11:32 PM, Klaus Darilion wrote:
  Hi Roberto!  Hi Klaus,

  The best location of applying such a
"policy" function depends on
 several things:

 First, you need to have all the data you are requiring. E.g. if you want
 to check if a certain user is allowed to call a certain phone number you
 usually need to do first:
 - authenticate the user
 - normalize destination (e.g. bring phone number into E164 format or
 apply alias lookups).  Basically any user should authenticate as usual, than before
two
 user can talk together, kamailio must authorize the conversation
 through a SQL lookup

  Then, before proceeding any further, you might
check the policy using a
 SQL query. Be sure to SQL escape the date you provide for the SQL lookup
 to prevent SQL injection (see "transfomations").

 In above case, the SQL query should be before calling lookup().  So, digging in the
code you mean something like:

 # USER location service
 route[LOCATION] {

        <SQL lookup code goes here>

 #!ifdef WITH_ALIASDB
         # search in DB-based aliases
         alias_db_lookup("dbaliases");
 #!endif

         if (!lookup("location")) {
                 switch ($rc) {
                         case -1:
                         case -3:
                                 t_newtran();
                                 t_reply("404", "Not Found");
                                 exit;
                         case -2:
                                 sl_send_reply("405", "Method Not
Allowed");
                                 exit;
                 }
         }

         # when routing via usrloc, log the missed calls also
         if (is_method("INVITE"))
         {
                 setflag(FLT_ACCMISSED);
         }
 } 
 No. 
Ok! I'll try it!

...
  # USER location service
 route[LOCATION] {

 #!ifdef WITH_ALIASDB
         # search in DB-based aliases
         alias_db_lookup("dbaliases");
 #!endif

        <SQL lookup code goes here>

         if (!lookup("location")) {
                 switch ($rc) {
                         case -1:
                         case -3:
                                 t_newtran();
                                 t_reply("404", "Not Found");
                                 exit;
                         case -2:
                                 sl_send_reply("405", "Method Not
Allowed");
                                 exit;
                 }
         }

         # when routing via usrloc, log the missed calls also
         if (is_method("INVITE"))
         {
                 setflag(FLT_ACCMISSED);
         }
 }

 _______________________________________________
 SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
 sr-users(a)lists.sip-router.org
 http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] Session authorization just before initiate it