[Serusers] Accept invite only for registered users
sendman
sendman at gmail.com
Wed Dec 1 19:13:40 CET 2004
well Now I'm getting segfault when I use proxy_authorize on scripts!
If I comment the proxy_authorize line everything works fine, but when
I comment out get segfault !
2(5662) ERROR: fifo_server fgets failed: Illegal seek
2(5662) INFO: signal 15 received
1(5661) INFO: signal 15 received
This is the part on my script I comment:
if(!proxy_authorize("mydomain", "subscriber")) {
#no or wrong credentials, challenge the user
proxy_challenge("mydomain","0");
break;
- Hide quoted text -
}
On Wed, 1 Dec 2004 14:45:14 +0100, E. Versaevel <erik at infopact.nl> wrote:
> You are only checking here if the user has SIP REGISTERED a UserAgent to
> your server, not if the user had a valid username/password.
> You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> Authorization required message) and only if it is an outbound request
> (domain not served by your proxy, otherwise your users can't be called).
>
> So your code would become something like:
>
> # check if it's an outbound request for a domain not on this proxy
> if (method=="INVITE" && uri !=myself)
> {
>
> #check to see if there are usercredentials (and if they are OK)
> If(!proxy_authorize("yourdomain", "subscriber"))
> {
> #no or wrong credentials, challenge the user
> Proxy_challenge("yourdomain","0");
> Break;
> }
> # accept call and goto route 3
> route(3);
> }
>
> Kind regards,
>
> E. Versaevel
>
>
>
>
> Well, what I really want is something like:
>
> if (method=="INVITE") {
> # check if from_user 'caller' are successfully registered in my proxy
> if (!lookup('%from_user% in location table')) {
>
> sl_send_reply(404,"Not authorized - You must bu registered to use
> this proxy");
> break;
> }
> # accept call
> route(3);
> }
>
> Well 'ALL CALLS' in my proxy, must to be authenticated...
>
> I don't if this test must to be done on 'invite' or maybe in route(3)
> subroutine.
>
> Regards.
>
> On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com> wrote:
> > sendman wrote:
> >
> >
> >
> > >Hi folks!
> > >
> > >I have setup my ser.cfg to request www_authentication on INVITE
> > >messages, well, I'm not sure if this is the best solution for allow
> > >ONLY registered users to make calls on my proxy.
> > >
> > >Does anybody knows the right way to do this configuration?
> > >
> > >
> > >
> > This is the right way to make sure that only authenticated users make
> > calls on your proxy. I'm guessing that you want to allow
> > unauthenticated inbound calls unless you have a way to assign
> > username/passwords to anyone who might want to call one of your
> > registered users.
> >
> > I do not think that there are adequate mechanisms implemented for
> > interdomain authentication of callers. If you do want to authenticate
> > callers who are not registered on your proxy (to prevent SIP spam) these
> > two internet drafts might be of interest:
> > http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
> >
> http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> >
> > Hope this helps,
> > Jamey
> >
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list