[Serusers] Accept invite only for registered users

sendman sendman at gmail.com
Thu Dec 2 12:02:55 CET 2004


Sure! I was...
And eveyrhing is fine with auth_db module!


On Thu, 2 Dec 2004 09:25:12 +0100, E. Versaevel <erik at infopact.nl> wrote:
> Did you change mydomain to your own realm? And have you correctly setup the
> auth_db module?
> 
> -----Oorspronkelijk bericht-----
> Van: sendman [mailto:sendman at gmail.com]
> Verzonden: woensdag 1 december 2004 19:14
> Aan: E. Versaevel
> CC: Jamey Hicks; serusers at lists.iptel.org
> Onderwerp: Re: [Serusers] Accept invite only for registered users
> 
> 
> 
> well Now I'm getting segfault when I use proxy_authorize on scripts!
> 
> If I comment the proxy_authorize line everything works fine, but when
> I comment out get segfault !
> 
> 2(5662) ERROR: fifo_server fgets failed: Illegal seek
> 2(5662) INFO: signal 15 received
> 1(5661) INFO: signal 15 received
> 
> This is the part on my script I comment:
>       if(!proxy_authorize("mydomain", "subscriber"))       {
>               #no or wrong credentials, challenge the user
>              proxy_challenge("mydomain","0");
>              break;
> - Hide quoted text -
>       }
> 
> On Wed, 1 Dec 2004 14:45:14 +0100, E. Versaevel <erik at infopact.nl> wrote:
> > You are only checking here if the user has SIP REGISTERED a UserAgent to
> > your server, not if the user had a valid username/password.
> > You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> > Authorization required message) and only if it is an outbound request
> > (domain not served by your proxy, otherwise your users can't be called).
> >
> > So your code would become something like:
> >
> > # check if it's an outbound request for a domain not on this proxy
> > if (method=="INVITE" && uri !=myself)
> > {
> >
> >         #check to see if there are usercredentials (and if they are OK)
> >         If(!proxy_authorize("yourdomain", "subscriber"))
> >         {
> >                 #no or wrong credentials, challenge the user
> >                 Proxy_challenge("yourdomain","0");
> >                 Break;
> >         }
> > # accept call and goto route 3
> > route(3);
> > }
> >
> > Kind regards,
> >
> > E. Versaevel
> >
> >
> >
> >
> > Well, what I really want is something like:
> >
> > if (method=="INVITE") {
> > # check if from_user 'caller' are successfully registered in my proxy
> >  if (!lookup('%from_user% in location table')) {
> >
> >      sl_send_reply(404,"Not authorized - You must bu registered to use
> > this proxy");
> >      break;
> >  }
> > # accept call
> > route(3);
> > }
> >
> > Well 'ALL CALLS' in my proxy, must to be authenticated...
> >
> > I don't if this test must to be done on 'invite' or maybe in route(3)
> > subroutine.
> >
> > Regards.
> >
> > On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com>
> wrote:
> > > sendman wrote:
> > >
> > >
> > >
> > > >Hi folks!
> > > >
> > > >I have setup my ser.cfg to request www_authentication on INVITE
> > > >messages, well, I'm not sure if this is the best solution for allow
> > > >ONLY registered users to make calls on my proxy.
> > > >
> > > >Does anybody knows the right way to do this configuration?
> > > >
> > > >
> > > >
> > > This is the right way to make sure that only authenticated users make
> > > calls on your proxy.  I'm guessing that you want to allow
> > > unauthenticated inbound calls unless you have a way to assign
> > > username/passwords to anyone who might want to call one of your
> > > registered users.
> > >
> > > I do not think that there are adequate mechanisms implemented for
> > > interdomain authentication of callers.  If you do want to authenticate
> > > callers who are not registered on your proxy (to prevent SIP spam) these
> > > two internet drafts might be of interest:
> > >   http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
> > >
> > http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> > >
> > > Hope this helps,
> > > Jamey
> > >
> > >
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> 
>




More information about the sr-users mailing list