[Devel] uac_auth - set credentials with avpops

Matt Schulte mschulte at netlogic.net
Thu Jan 19 15:13:24 CET 2006


unsubscribe 

-----Original Message-----
From: devel-bounces at openser.org [mailto:devel-bounces at openser.org] On
Behalf Of Thomas Gelf
Sent: Thursday, January 19, 2006 8:32 AM
To: devel at openser.org
Subject: [Devel] uac_auth - set credentials with avpops

Hi all,

I have been charged to develop a VoIP environment for an ISP in northern
Italy and so I started working with SER (0.9.x, then switched to OpenSER
last week) something like 3-4 months ago. After reading hundreds of
mails on (open)ser mailinglists from the last years, forum posts,
example configs and doing LOTS of testing now I believe to have done a
not-so-bad job in setting up a really nice VoIP environment (currently
running fine with something like 1000 test users).

- OpenSER (1.0.0) is running fine, MySQL-based, driven by a self-written
  Webapp (based on Horde)
- Voicemail, conferences etc are handled by Asterisk - running fine
- we are able to handle most NAT/FW issues by using STUN and mediaproxy

While currently offering nothing but ip2ip calls (we wanted to learn how
things will behave by just putting hands on) we are now more or less
ready to release a "stable" version of our product offering also calls
to pstn.

This is where trouble starts:

As the main goal is not to earn lots of money but to offer rock-solid
VoIP calls free of charge and cheap calls to pstn our budget is limited
and we are not going to set up our own pstn hardware but we will relay
on one of the largest Italian VoIP providers.

Because of new strict anti-terrorism laws and upcoming security concerns
regarding SIP I cannot just create a trust releationship between our SIP
proxys but have to use my "uplink provider's" credentials to rewrite
each SIP sessions packets with the appropriate credentials for every
single user.

After removing qop checks from uac/auth_hdr.c my uac_auth() is running
fine, but it doesn't allow me to set credentials by avpops - I'm allowed
to set only one user/pass couple by realm using modparam.

And here my question: how could I resolve this issue? I have a very
urgent need to assign one uplink providers user/pass pair to each of my
users (and I'm sure others would really like to do so too - at least
once the qop "barrier" will be removed).

Sorry for writing such a long description (it's my first post to this
list) thanks a lot for your attention :-)

Best regards,
Thomas Gelf

PS: DB upgrade from SER to OpenSER is a mess - I used half a day to fix
   openser_mysql.sh. The main problem is that the SQL queries exported
   from "old" DB will not fit the new DB structure.

   After lots of little patches / workarounds I realized that this
   would'nt help as I have also made lots of little extensions to SER's
   DB structure to fit my personal needs - so I finished manually
   changing SER's table structures.

   As this will be an issue for lots of people here a proposal on how
   such upgrades could happen "smoother":

   - every single change to db structre should require a single upgrade
     script
   - as there is already a nice "version" table we could use that infor-
     mation to allow the main upgrade script to choose which of the
     single upgrade steps should be executed (in the right order of
     course)
--
Thomas Gelf <thomas at gelf.net>






_______________________________________________
Devel mailing list
Devel at openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel






More information about the Devel mailing list