[Serusers] Accept invite only for registered users
Andreas Granig
a.granig at inode.at
Wed Dec 1 15:16:03 CET 2004
Bruno Lopes F. Cabral wrote:
>> But why do you want to force users to register?
>
> perhaps because all calls must be payed, or to prevent non-registered
> (i.e. blocked) users to place calls to outside...
If users have to proxy_authenticate() when calling, there's no problem
with accounting.
Explicitely blocked users can be handled with groups, so you can differ
between incoming-blocked and outgoing-blocked, e.a.:
# proxy_authenticate() here, then:
if(method == "INVITE")
{
if(!check_from())
{
# spoofed From-URI, send 403 here
break;
}
if(is_user_in("credentials", "outblocked"))
{
# outgoing call attempt of blocked user, deflect to announcement
# or send 403 here
break;
}
if(does_uri_exist() && is_user_in("Request-URI", "inblocked"))
{
# incoming call to local blocked user, see above
break;
}
}
and use serctl for blocking users: "serctl acl grant <user> outblocked"
So still no need to register.
> but it would also prevent outside calls to registered
> (local) users to be placed, am I right?
Only if the caller can't proxy_authenticate(). If there are for example
PSTN gateways which don't authenticate, you've to create some kind of
"trusted network", e.a.:
if(method == "INVITE")
{
if(!(src_ip==gw1.your.domain || src_ip==gw2.your.domain))
{
if(!proxy_authenticate(...))
{
# untrusted caller failed to authenticate
proxy_challenge(...);
break;
}
}
else
{
# trusted sources don't have to authenticate
}
}
Hope this helps,
Andy
More information about the sr-users
mailing list