[Serusers] Proxy_authorize, www_authorize
Lasse Jansson
lasse at solstiernan.nu
Tue Mar 4 22:43:19 CET 2003
Thanks for your answer !
I guess then that the following lines (based on the default script) would work
to implement all of Michael's example ?
Lasse
if (uri=~mydomain.com) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("mydomain.com", "subscriber")) {
www_challenge("mydomain.com", "1");
break;
};
save("location");
break;
};
# For authenticating requests with methods other than REGISTER
if (search("(f|From).*mydomain\.com")) {
if (!proxy_authorize("mydomain.com", "subscriber")) {
proxy_challenge("mydomain.com", "1");
break;
};
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
} else {
# For authenticating requests to other domains, any method
if (search("(f|From).*mydomain\.com")) {
if (!proxy_authorize("mydomain.com", "subscriber")) {
proxy_challenge("mydomain.com", "1");
break;
};
};
};
# forward to current uri now
if (!t_relay()) {
sl_reply_error();
};
On Tuesday 04 March 2003 19.05, Jiri Kuthan wrote:
> At 12:11 AM 3/3/2003, Lasse Jansson wrote:
> >Hi Michael,
> >
> >This is exactly what I would like to achieve.
> >
> >I understand the meaning of your pseudo code below, but alas I have not
> > enough knowledge and skills to transform your pseudo code below into a
> > working script.
> >
> >Could you please provide a real example ?
>
> You may want to look at the default script and add the "if (to me)"
> condition. The "if (to me)" condition can be implemented with 0_8_10 as a
> brute regexp search: if (search("(From|f).*mydomain\.com"))
>
> The upcoming release will have specific support to address this issues.
>
> -Jiri
>
> >Lasse
> >
> >Michael_Graff at isc.org wrote:
> >> Nils Ohlmeier <nils at ohlmeier.de> writes:
> >> > A proxy can challenge Invites and Byes, but should not do this with
> >> > external Invites to your local user. Otherwise your your user
> >> > wouldn't be reachable from outside.
> >>
> >> I implemented something much like this:
> >>
> >> if (to me):
> >> if register
> >>
> >> www_authorize or fail if not a valid register
> >>
> >> done
> >>
> >> if claiming to be "From" one of the domains I accept
> >> registrations for
> >>
> >> proxy_authorize
> >>
> >> done
> >>
> >> if not to me (I'm relaying for a local phone to an external address)
> >>
> >> proxy_authorize (once again, based on from address)
> >>
> >> done
> >>
> >> --Michael
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan http://iptel.org/~jiri/
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list