[Serusers] Preventing unregistered users from calling

Jiri Kuthan jiri at iptel.org
Fri Jan 10 01:21:04 CET 2003


yes, that's it. 

'if (method=="REGISTER") { ... if method=="INVITE"' will never be executed.

a possible script fragment is attached -- it challenges all INVITEs.
Note that it may or may not be what you want to do -- if your network
is not closed, you may want other people from other networks
(like new business partners) to call you. That would be impossible
if you requested authentication from them.

So how the script you need should look like depends primarily on your 
desired network policy. You may want to authenticate INVITEs to PSTN,
or INVITEs claiming your domain name in From, etc.

Tell me a policy, I will tell the script :-)

-Jiri


      if (method=="INVITE") {
             if (!proxy_authorize("<my_ip>", "subscriber")) {
                   proxy_challenge("<my_ip>", "0");
                   break;
             };
      };

      if (uri==myself) {
              if (method=="REGISTER") {
                      if (!www_authorize("<my_ip>", "subscriber")) {
                              www_challenge("<my_ip>", "0");
                              break;
                      };
                      save("location");
                      break;
               };
               lookup...
      };
      t_relay();


At 09:14 PM 1/9/2003, Maxim Sobolev wrote:
>On Thu, Jan 09, 2003 at 05:56:35PM -0200, Claudio Thorell dos Santos wrote:
>> Hello,
>> 
>> I wanted to configure ser so that only registered user are allowed to make calls. I have set up digest authentication but still unregistered users can make calls. I wonder if I'm missing something on my config file (as attached below).
>> 
>> Could someone please tell me what am I doing wrong, or provide me some configuration example on solving this issue?
>
>Try to move `if (method=="INVITE")' check outside of `if (method=="REGISTER")'
>check, because otherwise it is never executed, as the method could not be
>REGISTER and INVITE at the same time, i.e.:
>
>if (method=="REGISTER") {
>        if (!www_authorize("<my_ip>", "subscriber")) {
>                www_challenge("<my_ip>", "0");
>                break;
>        };
>        save("location");
>        break;
>}
>if (method=="INVITE" & !check_from()) {
>        sl_send_reply("403","Forbidden");
>        break;
>}
>
>-Maxim
>
>> 
>> Thanks and regards,
>> Claudio
>> 
>> ###########
>> ser.conf
>> ###########
>> 
>> route{
>> 
>> 
>>         # Do strict routing if pre-loaded route headers present
>>         rewriteFromRoute();
>> 
>>         if (uri==myself) {
>> 
>>                 if (method=="REGISTER") {
>> 
>>                         if (!www_authorize("<my_ip>", "subscriber")) {
>>                                 www_challenge("<my_ip>", "0");
>>                                 break;
>>                         };
>> 
>>                         if (method=="INVITE" & !check_from()) {
>>                                 sl_send_reply("403","Forbidden");
>>                                 break;
>>                         };
>> 
>>                         save("location");
>>                         break;
>>                 };
>> 
>>                 # native SIP destinations are handled using our USRLOC DB
>>                 if (!lookup("location")) {
>>                         sl_send_reply("404", "Not Found");
>>                         break;
>>                 };
>>         };
>>         # forward to current uri now
>>         if (!t_relay()) {
>>                 sl_reply_error();
>>         };
>> 
>> }
>> 
>> ##########
>> 
>> 
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers 

--
Jiri Kuthan            http://iptel.org/~jiri/ 




More information about the sr-users mailing list