[Serusers] Accept invite only for registered users
sendman
sendman at gmail.com
Wed Dec 1 15:58:04 CET 2004
How can I check if caller user has valid credentials on my sip server?
I have to use www_authorize on INVITE message or in route to pstn segment ?
All calls on my server must be payed, so I have to check if the caller
is valid on my realm, if I setup my ata186 to not do SIPregon and use
a inexistent user, I can make a call.
On Wed, 01 Dec 2004 15:16:03 +0100, Andreas Granig <a.granig at inode.at> wrote:
> Bruno Lopes F. Cabral wrote:
> >> But why do you want to force users to register?
> >
> > perhaps because all calls must be payed, or to prevent non-registered
> > (i.e. blocked) users to place calls to outside...
>
> If users have to proxy_authenticate() when calling, there's no problem
> with accounting.
>
> Explicitely blocked users can be handled with groups, so you can differ
> between incoming-blocked and outgoing-blocked, e.a.:
>
> # proxy_authenticate() here, then:
>
> if(method == "INVITE")
> {
> if(!check_from())
> {
> # spoofed From-URI, send 403 here
> break;
> }
>
> if(is_user_in("credentials", "outblocked"))
> {
> # outgoing call attempt of blocked user, deflect to announcement
> # or send 403 here
> break;
> }
>
> if(does_uri_exist() && is_user_in("Request-URI", "inblocked"))
> {
> # incoming call to local blocked user, see above
> break;
> }
> }
>
> and use serctl for blocking users: "serctl acl grant <user> outblocked"
>
> So still no need to register.
>
> > but it would also prevent outside calls to registered
> > (local) users to be placed, am I right?
>
> Only if the caller can't proxy_authenticate(). If there are for example
> PSTN gateways which don't authenticate, you've to create some kind of
> "trusted network", e.a.:
>
> if(method == "INVITE")
> {
> if(!(src_ip==gw1.your.domain || src_ip==gw2.your.domain))
> {
> if(!proxy_authenticate(...))
> {
> # untrusted caller failed to authenticate
> proxy_challenge(...);
> break;
> }
> }
> else
> {
> # trusted sources don't have to authenticate
> }
> }
>
> Hope this helps,
> Andy
>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list