22 Apr
2005
22 Apr
'05
5:08 a.m.
I have a working 0.9.1 config to which I would like add server side
features such as call forward all (cfwdall). I have a pretty good idea
how to handle cfwdall using avp_ops however I'm stuck on the
authentication.
If a subscriber has local calling permissions (acl=local) and cfwdall
their phone to a long distance number I need to respond with an
informative response.
In the INVITE processing in my config I have statements such as:
if (is_user_in("credentials", "ld")) {
setflag(11);
};
These checks fail with the following errors:
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking From gateway caller
Apr 21 18:31:53 ser[498]: check_username(): No authorized credentials
found (error in scripts)
Apr 21 18:31:53 ser[498]: check_username(): Call {www,proxy}_authorize
before calling
check_* function !
Apr 21 18:31:53 ser[498]: [SER]: Flag for UMVM redirect successful.
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking credentials
Apr 21 18:31:53 ser[498]: is_user_in(): No authorized credentials
found (error in scripts)
I thought adding proxy_authorize("", "subscriber")), check_to and
check_from calls prior
to the is_user_in check would address these errors but that hasn't
worked either.
If I want to set a flag if the caller is an authorized subscriber,
the callee is an
authorized subscriber and then use "is_user_in" to determine if the
called party has
a particular credential what am I missing?
Thanks,Steve
22 Apr
22 Apr
4:35 p.m.
On 21-04 21:08, Steve Blair wrote:
I have a working 0.9.1 config to which I would like add server side
features such as call forward all (cfwdall). I have a pretty good idea
how to handle cfwdall using avp_ops however I'm stuck on the
authentication.
If a subscriber has local calling permissions (acl=local) and cfwdall
their phone to a long distance number I need to respond with an
informative response.
In the INVITE processing in my config I have statements such as:
if (is_user_in("credentials", "ld")) {
setflag(11);
};
These checks fail with the following errors:
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking From gateway caller
Apr 21 18:31:53 ser[498]: check_username(): No authorized credentials
found (error in scripts)
Apr 21 18:31:53 ser[498]: check_username(): Call {www,proxy}_authorize
before calling
check_* function !
Apr 21 18:31:53 ser[498]: [SER]: Flag for UMVM redirect successful.
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking credentials
Apr 21 18:31:53 ser[498]: is_user_in(): No authorized credentials
found (error in scripts)
Checking the username without authentication does not make much sense
because the user could fake the contents of the header field. That's
why check_* functions require authorized credentials to be present.
I thought adding proxy_authorize("",
"subscriber")), check_to and
check_from calls prior
to the is_user_in check would address these errors but that hasn't
worked either.
If I want to set a flag if the caller is an authorized subscriber,
the callee is an
authorized subscriber and then use "is_user_in" to determine if the
called party has
a particular credential what am I missing?
I am not sure I understand "the callee is an authorized subscriber".
Digest authentication can only be performed for the caller, not the
callee, because there is no way of challenging the callee.
Jan.
6:16 p.m.
Jan Janak wrote:
On 21-04 21:08, Steve Blair wrote:
Perhaps I am missing the obvious. That is why I posted this message.
When I wrote I was
thinking: Suppose someone calling in from the PSTN via a gateway calls
a subscriber that has
setup call forwarding all to a PSTN number.
I need to know that this subscriber can indeed place calls to the PSTN
(either local, long distance
or international) before rewriting the called address and allowing the
call to proceed. I was assuming
is_user_in was appropriate for this type of checking but that fails.
I have a working 0.9.1 config to which I would
like add server side
features such as call forward all (cfwdall). I have a pretty good idea
how to handle cfwdall using avp_ops however I'm stuck on the
authentication.
If a subscriber has local calling permissions (acl=local) and cfwdall
their phone to a long distance number I need to respond with an
informative response.
In the INVITE processing in my config I have statements such as:
if (is_user_in("credentials", "ld")) {
setflag(11);
};
These checks fail with the following errors:
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking From gateway caller
Apr 21 18:31:53 ser[498]: check_username(): No authorized credentials
found (error in scripts)
Apr 21 18:31:53 ser[498]: check_username(): Call {www,proxy}_authorize
before calling
check_* function !
Apr 21 18:31:53 ser[498]: [SER]: Flag for UMVM redirect successful.
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking credentials
Apr 21 18:31:53 ser[498]: is_user_in(): No authorized credentials
found (error in scripts)
Checking the username without authentication does not make much sense
because the user could fake the contents of the header field. That's
why check_* functions require authorized credentials to be present.
I thought adding proxy_authorize("",
"subscriber")), check_to and
check_from calls prior
to the is_user_in check would address these errors but that hasn't
worked either.
If I want to set a flag if the caller is an authorized subscriber,
the callee is an
authorized subscriber and then use "is_user_in" to determine if the
called party has
a particular credential what am I missing?
I am not sure I understand "the callee is an authorized subscriber".
Digest authentication can only be performed for the caller, not the
callee, because there is no way of challenging the callee.
Jan.
6:57 p.m.
On 04/22/05 16:16, Steve Blair wrote:
Jan Janak wrote:
you can use avpops module for this. Keep an AVP per user that is used to
check if that user can call to PSTN. Load the AVP and check it before
allowing the call to proceed. Something like:
modparam("avpops","avp_aliases","allow_pstn=i:500")
...
route {
...
if(!avp_db_load("$ruri", "$allow_pstn"))
{
log("allow pstn AVP does not exist -- deny the call\n");
sl_send_reply("404", "Not found");
break;
};
if(!avp_check("$allow_pstn", "eq/i:1"))
{
log("allow pstn AVP is not set to TRUE -- deny the call\n");
sl_send_reply("404", "Not found");
break;
};
# delete AVP from memory -- no longer needed
avp_delete("$allow_pstn/g");
# forward the call to PSTN
...
}
In your usr_preferences table you should have records like:
(uuid,username,domain,attribute,value,type) = ("", "username",
"domain",
"500", "1", 3)
for users that are allowed to call to PSTN and:
(uuid,username,domain,attribute,value,type) = ("", "username",
"domain",
"500", "0", 3)
or no AVP for the others.
Daniel
On 21-04 21:08, Steve Blair wrote:
Perhaps I am missing the obvious. That is why I posted this message.
When I wrote I was
thinking: Suppose someone calling in from the PSTN via a gateway
calls a subscriber that has
setup call forwarding all to a PSTN number.
I need to know that this subscriber can indeed place calls to the
PSTN (either local, long distance
or international) before rewriting the called address and allowing the
call to proceed. I was assuming
is_user_in was appropriate for this type of checking but that fails. I have a working 0.9.1 config to which I would
like add server side
features such as call forward all (cfwdall). I have a pretty good idea
how to handle cfwdall using avp_ops however I'm stuck on the
authentication.
If a subscriber has local calling permissions (acl=local) and cfwdall
their phone to a long distance number I need to respond with an
informative response.
In the INVITE processing in my config I have statements such as:
if (is_user_in("credentials", "ld")) {
setflag(11);
};
These checks fail with the following errors:
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking From gateway caller
Apr 21 18:31:53 ser[498]: check_username(): No authorized
credentials found (error in scripts)
Apr 21 18:31:53 ser[498]: check_username(): Call
{www,proxy}_authorize before calling
check_* function !
Apr 21 18:31:53 ser[498]: [SER]: Flag for UMVM redirect successful.
Apr 21 18:31:53 ser[498]: [SER]: AVP: Checking credentials
Apr 21 18:31:53 ser[498]: is_user_in(): No authorized credentials
found (error in scripts)
Checking the username without authentication does not make much sense
because the user could fake the contents of the header field. That's
why check_* functions require authorized credentials to be present.
I thought adding proxy_authorize("",
"subscriber")), check_to and
check_from calls prior
to the is_user_in check would address these errors but that hasn't
worked either.
If I want to set a flag if the caller is an authorized subscriber,
the callee is an
authorized subscriber and then use "is_user_in" to determine if the
called party has
a particular credential what am I missing?
I am not sure I understand "the callee is an authorized subscriber".
Digest authentication can only be performed for the caller, not the
callee, because there is no way of challenging the callee.
Jan.
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7144
days inactive
7144
days old
3 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Jan Janak -
Steve Blair