[Serusers] Accept invite only for registered users

sendman sendman at gmail.com
Wed Dec 1 19:13:40 CET 2004 

well Now I'm getting segfault when I use proxy_authorize on scripts!

If I comment the proxy_authorize line everything works fine, but when
I comment out get segfault !

2(5662) ERROR: fifo_server fgets failed: Illegal seek
2(5662) INFO: signal 15 received
1(5661) INFO: signal 15 received

This is the part on my script I comment:
      if(!proxy_authorize("mydomain", "subscriber"))       {
              #no or wrong credentials, challenge the user
             proxy_challenge("mydomain","0");
             break;
- Hide quoted text -
      }


On Wed, 1 Dec 2004 14:45:14 +0100, E. Versaevel <erik at infopact.nl> wrote:
> You are only checking here if the user has SIP REGISTERED a UserAgent to
> your server, not if the user had a valid username/password.
> You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> Authorization required message) and only if it is an outbound request
> (domain not served by your proxy, otherwise your users can't be called).
> 
> So your code would become something like:
> 
> # check if it's an outbound request for a domain not on this proxy
> if (method=="INVITE" && uri !=myself)
> {
> 
>         #check to see if there are usercredentials (and if they are OK)
>         If(!proxy_authorize("yourdomain", "subscriber"))
>         {
>                 #no or wrong credentials, challenge the user
>                 Proxy_challenge("yourdomain","0");
>                 Break;
>         }
> # accept call and goto route 3
> route(3);
> }
> 
> Kind regards,
> 
> E. Versaevel
> 
> 
> 
> 
> Well, what I really want is something like:
> 
> if (method=="INVITE") {
> # check if from_user 'caller' are successfully registered in my proxy
>  if (!lookup('%from_user% in location table')) {
> 
>      sl_send_reply(404,"Not authorized - You must bu registered to use
> this proxy");
>      break;
>  }
> # accept call
> route(3);
> }
> 
> Well 'ALL CALLS' in my proxy, must to be authenticated...
> 
> I don't if this test must to be done on 'invite' or maybe in route(3)
> subroutine.
> 
> Regards.
> 
> On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com> wrote:
> > sendman wrote:
> >
> >
> >
> > >Hi folks!
> > >
> > >I have setup my ser.cfg to request www_authentication on INVITE
> > >messages, well, I'm not sure if this is the best solution for allow
> > >ONLY registered users to make calls on my proxy.
> > >
> > >Does anybody knows the right way to do this configuration?
> > >
> > >
> > >
> > This is the right way to make sure that only authenticated users make
> > calls on your proxy.  I'm guessing that you want to allow
> > unauthenticated inbound calls unless you have a way to assign
> > username/passwords to anyone who might want to call one of your
> > registered users.
> >
> > I do not think that there are adequate mechanisms implemented for
> > interdomain authentication of callers.  If you do want to authenticate
> > callers who are not registered on your proxy (to prevent SIP spam) these
> > two internet drafts might be of interest:
> >   http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
> >
> http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> >
> > Hope this helps,
> > Jamey
> >
> >
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list