[Serusers] Accept invite only for registered users
sendman
sendman at gmail.com
Thu Dec 2 12:02:55 CET 2004
Sure! I was...
And eveyrhing is fine with auth_db module!
On Thu, 2 Dec 2004 09:25:12 +0100, E. Versaevel <erik at infopact.nl> wrote:
> Did you change mydomain to your own realm? And have you correctly setup the
> auth_db module?
>
> -----Oorspronkelijk bericht-----
> Van: sendman [mailto:sendman at gmail.com]
> Verzonden: woensdag 1 december 2004 19:14
> Aan: E. Versaevel
> CC: Jamey Hicks; serusers at lists.iptel.org
> Onderwerp: Re: [Serusers] Accept invite only for registered users
>
>
>
> well Now I'm getting segfault when I use proxy_authorize on scripts!
>
> If I comment the proxy_authorize line everything works fine, but when
> I comment out get segfault !
>
> 2(5662) ERROR: fifo_server fgets failed: Illegal seek
> 2(5662) INFO: signal 15 received
> 1(5661) INFO: signal 15 received
>
> This is the part on my script I comment:
> if(!proxy_authorize("mydomain", "subscriber")) {
> #no or wrong credentials, challenge the user
> proxy_challenge("mydomain","0");
> break;
> - Hide quoted text -
> }
>
> On Wed, 1 Dec 2004 14:45:14 +0100, E. Versaevel <erik at infopact.nl> wrote:
> > You are only checking here if the user has SIP REGISTERED a UserAgent to
> > your server, not if the user had a valid username/password.
> > You should check with proxy_challenge (which generates a SIP/2.0 407 Proxy
> > Authorization required message) and only if it is an outbound request
> > (domain not served by your proxy, otherwise your users can't be called).
> >
> > So your code would become something like:
> >
> > # check if it's an outbound request for a domain not on this proxy
> > if (method=="INVITE" && uri !=myself)
> > {
> >
> > #check to see if there are usercredentials (and if they are OK)
> > If(!proxy_authorize("yourdomain", "subscriber"))
> > {
> > #no or wrong credentials, challenge the user
> > Proxy_challenge("yourdomain","0");
> > Break;
> > }
> > # accept call and goto route 3
> > route(3);
> > }
> >
> > Kind regards,
> >
> > E. Versaevel
> >
> >
> >
> >
> > Well, what I really want is something like:
> >
> > if (method=="INVITE") {
> > # check if from_user 'caller' are successfully registered in my proxy
> > if (!lookup('%from_user% in location table')) {
> >
> > sl_send_reply(404,"Not authorized - You must bu registered to use
> > this proxy");
> > break;
> > }
> > # accept call
> > route(3);
> > }
> >
> > Well 'ALL CALLS' in my proxy, must to be authenticated...
> >
> > I don't if this test must to be done on 'invite' or maybe in route(3)
> > subroutine.
> >
> > Regards.
> >
> > On Wed, 01 Dec 2004 08:14:42 -0500, Jamey Hicks <jamey.hicks at hp.com>
> wrote:
> > > sendman wrote:
> > >
> > >
> > >
> > > >Hi folks!
> > > >
> > > >I have setup my ser.cfg to request www_authentication on INVITE
> > > >messages, well, I'm not sure if this is the best solution for allow
> > > >ONLY registered users to make calls on my proxy.
> > > >
> > > >Does anybody knows the right way to do this configuration?
> > > >
> > > >
> > > >
> > > This is the right way to make sure that only authenticated users make
> > > calls on your proxy. I'm guessing that you want to allow
> > > unauthenticated inbound calls unless you have a way to assign
> > > username/passwords to anyone who might want to call one of your
> > > registered users.
> > >
> > > I do not think that there are adequate mechanisms implemented for
> > > interdomain authentication of callers. If you do want to authenticate
> > > callers who are not registered on your proxy (to prevent SIP spam) these
> > > two internet drafts might be of interest:
> > > http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-03.txt
> > >
> > http://www.ietf.org/internet-drafts/draft-peterson-message-identity-00.txt
> > >
> > > Hope this helps,
> > > Jamey
> > >
> > >
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
>
>
More information about the sr-users
mailing list