[Devel] uac_auth - set credentials from avpops

Thomas Gelf thomas at gelf.net
Thu Jan 19 14:10:57 CET 2006


Hi all,

I have been charged to develop a VoIP environment for an ISP in northern
Italy and so I started working with SER (0.9.x, then switched to OpenSER
last week) something like 3-4 months ago. After reading hundreds of mails
on (open)ser mailinglists from the last years, forum posts, example configs
and doing LOTS of testing now I believe to have done a not-so-bad job in
setting up a really nice VoIP environment (currently running fine with
something like 1000 test users).

- OpenSER (1.0.0) is running fine, MySQL-based, driven by a self-written
  Webapp (based on Horde)
- Voicemail, conferences etc are handled by Asterisk - running fine
- we are able to handle most NAT/FW issues by using STUN and mediaproxy

While currently offering nothing but ip2ip calls (we wanted to learn how
things will behave by just putting hands on) we are now more or less ready
to release a "stable" version of our product offering also calls to pstn.

This is where trouble starts:

As the main goal is not to earn lots of money but to offer rock-solid VoIP
calls free of charge and cheap calls to pstn our budget is limited and we
are not going to set up our own pstn hardware but we will relay on one of
the largest Italian VoIP providers.

Because of new strict anti-terrorism laws and upcoming security concerns
regarding SIP I cannot just create a trust releationship between our SIP
proxys but have to use my "uplink provider's" credentials to rewrite each
SIP sessions packets with the appropriate credentials for every single
user.

After removing qop checks from uac/auth_hdr.c my uac_auth() is running fine,
but it doesn't allow me to set credentials by avpops - I'm allowed to set
only one user/pass couple by realm using modparam.

And here my question: how could I resolve this issue? I have a very urgent
need to assign one uplink providers user/pass pair to each of my users (and
I'm sure others would really like to do so too - at least once the qop
"barrier" will be removed).

Sorry for writing such a long description (it's my first post to this
list) thanks a lot for your attention :-)

Best regards,
Thomas Gelf

PS: DB upgrade from SER to OpenSER is a mess - I used half a day to fix
    openser_mysql.sh. The main problem is that the SQL queries exported
    from "old" DB will not fit the new DB structure.

    After lots of little patches / workarounds I realized that this
    would'nt help as I have also made lots of little extensions to SER's
    DB structure to fit my personal needs - so I finished manually
    changing SER's table structures.

    As this will be an issue for lots of people here a proposal on how
    such upgrades could happen "smoother":

    - every single change to db structre should require a single upgrade
      script
    - as there is already a nice "version" table we could use that infor-
      mation to allow the main upgrade script to choose which of the
      single upgrade steps should be executed (in the right order of
      course)

-- 
Thomas Gelf <thomas at gelf.net>





More information about the Devel mailing list