[Serusers] Accept invite only for registered users

Marian Dumitru marian.dumitru at voice-sistem.ro
Wed Dec 1 16:07:15 CET 2004 

Hi all,

The solution can be more simplified and strengthen like this:

  if (method=="INVITE" && from_uri==myself)
  {
  	#check to see if there are user credentials (and if they are OK)
  	if(!proxy_authorize("yourdomain", "subscriber"))
  	{
  		#no or wrong credentials, challenge the user
  		proxy_challenge("yourdomain","0");
  		break;
  	}
  }
  # caller authenticated
  ......

Of course, you will authenticate only user pretending to belong to your 
domain.
NOTE: from_uri works only in cvs head, otherwise you can use something 
like search("(F|From):.*@my_domain")

Best regards,
Marian

E. Versaevel wrote:
> You are only checking here if the user has SIP REGISTERED a UserAgent to
> your server, not if the user had a valid username/password.
> You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> Authorization required message) and only if it is an outbound request
> (domain not served by your proxy, otherwise your users can't be called).
> 
> So your code would become something like:
> 
> # check if it's an outbound request for a domain not on this proxy
> if (method=="INVITE" && uri !=myself) 
> {
> 
> 	#check to see if there are usercredentials (and if they are OK)
> 	If(!proxy_authorize("yourdomain", "subscriber"))
> 	{
> 		#no or wrong credentials, challenge the user
> 		Proxy_challenge("yourdomain","0");
> 		Break;
> 	}
> # accept call and goto route 3
> route(3);
> }
> 
> 
> Kind regards,
> 
> E. Versaevel
> 
> 
> 
> 
> 
> 
> Well, what I really want is something like:
> 
> if (method=="INVITE") {
> # check if from_user 'caller' are successfully registered in my proxy
>  if (!lookup('%from_user% in location table')) {
> 
>      sl_send_reply(404,"Not authorized - You must bu registered to use
> this proxy");
>      break;
>  }
> # accept call
> route(3);
> }
> 
> Well 'ALL CALLS' in my proxy, must to be authenticated...
> 
> I don't if this test must to be done on 'invite' or maybe in route(3)
> subroutine.
> 
> Regards.
> 
> 
> On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com> wrote:
> 
>>sendman wrote:
>>
>>
>>
>>
>>>Hi folks!
>>>
>>>I have setup my ser.cfg to request www_authentication on INVITE
>>>messages, well, I'm not sure if this is the best solution for allow
>>>ONLY registered users to make calls on my proxy.
>>>
>>>Does anybody knows the right way to do this configuration?
>>>
>>>
>>>
>>
>>This is the right way to make sure that only authenticated users make
>>calls on your proxy.  I'm guessing that you want to allow
>>unauthenticated inbound calls unless you have a way to assign
>>username/passwords to anyone who might want to call one of your
>>registered users.
>>
>>I do not think that there are adequate mechanisms implemented for
>>interdomain authentication of callers.  If you do want to authenticate
>>callers who are not registered on your proxy (to prevent SIP spam) these
>>two internet drafts might be of interest:
>>  http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
>>
> 
> http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> 
>>Hope this helps,
>>Jamey
>>
>>
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 

-- 
Voice Sistem
http://www.voice-sistem.ro

More information about the sr-users mailing list