[Serusers] Accept invite only for registered users

E. Versaevel erik at infopact.nl
Wed Dec 1 14:45:14 CET 2004 

You are only checking here if the user has SIP REGISTERED a UserAgent to
your server, not if the user had a valid username/password.
You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
Authorization required message) and only if it is an outbound request
(domain not served by your proxy, otherwise your users can't be called).

So your code would become something like:

# check if it's an outbound request for a domain not on this proxy
if (method=="INVITE" && uri !=myself) 
{

	#check to see if there are usercredentials (and if they are OK)
	If(!proxy_authorize("yourdomain", "subscriber"))
	{
		#no or wrong credentials, challenge the user
		Proxy_challenge("yourdomain","0");
		Break;
	}
# accept call and goto route 3
route(3);
}


Kind regards,

E. Versaevel






Well, what I really want is something like:

if (method=="INVITE") {
# check if from_user 'caller' are successfully registered in my proxy
 if (!lookup('%from_user% in location table')) {

     sl_send_reply(404,"Not authorized - You must bu registered to use
this proxy");
     break;
 }
# accept call
route(3);
}

Well 'ALL CALLS' in my proxy, must to be authenticated...

I don't if this test must to be done on 'invite' or maybe in route(3)
subroutine.

Regards.


On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com> wrote:
> sendman wrote:
> 
> 
> 
> >Hi folks!
> >
> >I have setup my ser.cfg to request www_authentication on INVITE
> >messages, well, I'm not sure if this is the best solution for allow
> >ONLY registered users to make calls on my proxy.
> >
> >Does anybody knows the right way to do this configuration?
> >
> >
> >
> This is the right way to make sure that only authenticated users make
> calls on your proxy.  I'm guessing that you want to allow
> unauthenticated inbound calls unless you have a way to assign
> username/passwords to anyone who might want to call one of your
> registered users.
> 
> I do not think that there are adequate mechanisms implemented for
> interdomain authentication of callers.  If you do want to authenticate
> callers who are not registered on your proxy (to prevent SIP spam) these
> two internet drafts might be of interest:
>   http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
>
http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> 
> Hope this helps,
> Jamey
> 
>

_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list