[Serusers] Accept invite only for registered users
Marian Dumitru
marian.dumitru at voice-sistem.ro
Wed Dec 1 16:07:15 CET 2004
Hi all,
The solution can be more simplified and strengthen like this:
if (method=="INVITE" && from_uri==myself)
{
#check to see if there are user credentials (and if they are OK)
if(!proxy_authorize("yourdomain", "subscriber"))
{
#no or wrong credentials, challenge the user
proxy_challenge("yourdomain","0");
break;
}
}
# caller authenticated
......
Of course, you will authenticate only user pretending to belong to your
domain.
NOTE: from_uri works only in cvs head, otherwise you can use something
like search("(F|From):.*@my_domain")
Best regards,
Marian
E. Versaevel wrote:
> You are only checking here if the user has SIP REGISTERED a UserAgent to
> your server, not if the user had a valid username/password.
> You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> Authorization required message) and only if it is an outbound request
> (domain not served by your proxy, otherwise your users can't be called).
>
> So your code would become something like:
>
> # check if it's an outbound request for a domain not on this proxy
> if (method=="INVITE" && uri !=myself)
> {
>
> #check to see if there are usercredentials (and if they are OK)
> If(!proxy_authorize("yourdomain", "subscriber"))
> {
> #no or wrong credentials, challenge the user
> Proxy_challenge("yourdomain","0");
> Break;
> }
> # accept call and goto route 3
> route(3);
> }
>
>
> Kind regards,
>
> E. Versaevel
>
>
>
>
>
>
> Well, what I really want is something like:
>
> if (method=="INVITE") {
> # check if from_user 'caller' are successfully registered in my proxy
> if (!lookup('%from_user% in location table')) {
>
> sl_send_reply(404,"Not authorized - You must bu registered to use
> this proxy");
> break;
> }
> # accept call
> route(3);
> }
>
> Well 'ALL CALLS' in my proxy, must to be authenticated...
>
> I don't if this test must to be done on 'invite' or maybe in route(3)
> subroutine.
>
> Regards.
>
>
> On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com> wrote:
>
>>sendman wrote:
>>
>>
>>
>>
>>>Hi folks!
>>>
>>>I have setup my ser.cfg to request www_authentication on INVITE
>>>messages, well, I'm not sure if this is the best solution for allow
>>>ONLY registered users to make calls on my proxy.
>>>
>>>Does anybody knows the right way to do this configuration?
>>>
>>>
>>>
>>
>>This is the right way to make sure that only authenticated users make
>>calls on your proxy. I'm guessing that you want to allow
>>unauthenticated inbound calls unless you have a way to assign
>>username/passwords to anyone who might want to call one of your
>>registered users.
>>
>>I do not think that there are adequate mechanisms implemented for
>>interdomain authentication of callers. If you do want to authenticate
>>callers who are not registered on your proxy (to prevent SIP spam) these
>>two internet drafts might be of interest:
>> http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
>>
>
> http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
>
>>Hope this helps,
>>Jamey
>>
>>
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
--
Voice Sistem
http://www.voice-sistem.ro
More information about the sr-users
mailing list