[Serusers] Proxy_authorize, www_authorize

Lasse Jansson lasse at solstiernan.nu
Tue Mar 4 22:43:19 CET 2003


Thanks for your answer !

I guess then that the following lines (based on the default script) would work 
to implement all of Michael's example ?

Lasse

	if (uri=~mydomain.com) {

		if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication
			if (!www_authorize("mydomain.com", "subscriber")) {
				www_challenge("mydomain.com", "1");
				break;
			};

			save("location");
			break;
		};

		# For authenticating requests with methods other than REGISTER
		if (search("(f|From).*mydomain\.com")) {
			if (!proxy_authorize("mydomain.com", "subscriber")) {
				proxy_challenge("mydomain.com", "1");
				break;
			};
		};
		# native SIP destinations are handled using our USRLOC DB
		if (!lookup("location")) {
			sl_send_reply("404", "Not Found");
			break;
		};
	} else {
		# For authenticating requests to other domains, any method
		if (search("(f|From).*mydomain\.com")) {
			if (!proxy_authorize("mydomain.com", "subscriber")) {
				proxy_challenge("mydomain.com", "1");
				break;
			};
		};
	};
	# forward to current uri now
	if (!t_relay()) {
		sl_reply_error();
	};

On Tuesday 04 March 2003 19.05, Jiri Kuthan wrote:
> At 12:11 AM 3/3/2003, Lasse Jansson wrote:
> >Hi Michael,
> >
> >This is exactly what I would like to achieve.
> >
> >I understand the meaning of your pseudo code below, but alas I have not
> > enough knowledge and skills to transform your pseudo code below into a
> > working script.
> >
> >Could you please provide a real example ?
>
> You may want to look at the default script and add the "if (to me)"
> condition. The "if (to me)" condition can be implemented with 0_8_10 as a
> brute regexp search: if (search("(From|f).*mydomain\.com"))
>
> The upcoming release will have specific support to address this issues.
>
> -Jiri
>
> >Lasse
> >
> >Michael_Graff at isc.org wrote:
> >> Nils Ohlmeier <nils at ohlmeier.de> writes:
> >> > A proxy can challenge Invites and Byes, but should not do this with
> >> > external Invites to your local user. Otherwise your your user
> >> > wouldn't be reachable  from outside.
> >>
> >> I implemented something much like this:
> >>
> >> if (to me):
> >>         if register
> >>
> >>                 www_authorize or fail if not a valid register
> >>
> >>                 done
> >>
> >>         if claiming to be "From" one of the domains I accept
> >>         registrations for
> >>
> >>                 proxy_authorize
> >>
> >>                 done
> >>
> >> if not to me (I'm relaying for a local phone to an external address)
> >>
> >>         proxy_authorize (once again, based on from address)
> >>
> >>         done
> >>
> >> --Michael
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan            http://iptel.org/~jiri/
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list