[Serusers] RE: [Serdev] check_from

Raymond Chen rchen at cityabove.net
Mon Mar 29 22:48:28 CEST 2004


I am able to get the scenario work using is_user_in command.  But run into
other problems with acc to mysql, we only record the INVITE message, nothing
else. So can perform calculation for call duration, any idea?

Raymond

-----Original Message-----
From: Jan Janak [mailto:jan at iptel.org] 
Sent: Monday, March 29, 2004 2:44 AM
To: Raymond Chen
Cc: 'Jiri Kuthan'; daniel at iptel.org; serdev at lists.iptel.org; serusers at lists.iptel.org
Subject: Re: [Serusers] RE: [Serdev] check_from

What do you mean by authenticate ? You can only check the username for a
certain value or compare it with another part of the message (like
digest username).

  Jan.

On 27-03 11:37, Raymond Chen wrote:
> Is there anyway to authenticate just the sip username in the from header?
> 
> 
> 
> -----Original Message-----
> From: Jiri Kuthan [mailto:jiri at iptel.org] 
> Sent: Saturday, March 27, 2004 7:05 AM
> To: daniel at iptel.org; Raymond Chen
> Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
> Subject: Re: [Serusers] RE: [Serdev] check_from
> 
> the problem is the cisco gateway is not capable of supporting digest
authetnication.
> (not ver good indeed). You are left with authentication by source IP
address.
> 
> -jiri
> 
> At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote:
> >No idea about it. You can watch the network traffic (using ngrep on ser
> >machine: ngrep port 5060) and see if the realm from a 401/407 reply
> >matches with the one from next request.
> >
> >.Daniel
> >
> >On 03/26/04 16:46, Raymond Chen wrote:
> >
> >>I use AS5300 as UA.
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
> >>Sent: Friday, March 26, 2004 11:04 PM
> >>To: Raymond Chen
> >>Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
> >>Subject: Re: [Serusers] RE: [Serdev] check_from
> >>
> >>What client do you use? It does not use the realm from challenge -- it
> >>is a MSN Messenger specific bug, but it might be present in other sip
> >>clients. You must set the realm from challenge as the host part of the
> >>sip id.
> >>
> >>.Daniel
> >>
> >>On 03/26/04 15:46, Raymond Chen wrote:
> >>
> >>  
> >>
> >>>Danial,
> >>>
> >>>www_authorize fail to authorize without password
> >>>
> >>>0(3283) lookup(): '85234230599 at 218.20.229.53' Not found in usrloc
> >>>0(3283) parse_headers: flags=4096
> >>>0(3283) pre_auth(): Credentials with given realm not found
> >>>0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org",
> >>>nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8"
> >>>'
> >>>
> >>>Regards
> >>>
> >>>Raymond
> >>>
> >>>-----Original Message-----
> >>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
> >>>Sent: Friday, March 26, 2004 8:04 PM
> >>>To: Raymond Chen
> >>>Subject: Re: [Serusers] RE: [Serdev] check_from
> >>>
> >>>
> >>>Try something like this:
> >>>
> >>>if (method=="INVITE")
> >>>{
> >>>  if (!www_authorize("xxx.org", "subscriber")) {
> >>>      www_challenge("xxx.org", "0");
> >>>      break;
> >>>  };
> >>>  if (!check_from()) {
> >>>      sl_send_reply("403", "Only registered users are allowed");
> >>>      break;
> >>>  };
> >>>
> >>>};
> >>>
> >>>.Daniel
> >>>
> >>>On 03/26/04 12:48, Raymond Chen wrote:
> >>>
> >>> 
> >>>
> >>>    
> >>>
> >>>>Now we understand what the what the message means after reading the
> >>>>      
> >>>>
> >>message
> >>  
> >>
> >>>>a few times.  We are trying to do PSTN(as5300)  ---> ser  -----> pstn
> >>>>(AS5300),  and to authorize the calling number (callerid) in the
INVITE
> >>>>message against URI table.  But check_from command needs to call
> >>>>proxy_authorize, which it requires username and password. we setup the
> >>>>configuration like this
> >>>>
> >>>>if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber")
> >>>>     if (!check_from()) {
> >>>>             sl_send_reply("403", "Only registered users are
allowed");
> >>>>     break;
> >>>>     }
> >>>>}
> >>>>
> >>>>Because cisco does not have sip password setting, so we have 
> >>>>
> >>>>0(3173) check_username(): No authorized credentials found (error in
> >>>>   
> >>>>
> >>>>      
> >>>>
> >>>scripts)
> >>> 
> >>>
> >>>    
> >>>
> >>>>0(3173) check_username(): Call {www,proxy}_authorize before calling
> >>>>   
> >>>>
> >>>>      
> >>>>
> >>>check_*
> >>> 
> >>>
> >>>    
> >>>
> >>>>function !
> >>>>
> >>>>Does anyone has a solution?
> >>>>
> >>>>Regards 
> >>>>
> >>>>
> >>>>-----Original Message-----
> >>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org] 
> >>>>Sent: Friday, March 26, 2004 6:18 PM
> >>>>To: Raymond Chen
> >>>>Cc: serdev at lists.iptel.org
> >>>>Subject: Re: [Serdev] check_from
> >>>>
> >>>>Hello,
> >>>>the last error message is self explanatory. You need to call either
> >>>>www_authorize() or proxy_authorize() before calling check_from()
because
> >>>>this method compares the data from From header with what is in
> >>>>credentials (response to a authentication challenge).
> >>>>
> >>>>.Daniel
> >>>>
> >>>>On 03/26/04 04:35, Raymond Chen wrote:
> >>>>
> >>>>
> >>>>
> >>>>   
> >>>>
> >>>>      
> >>>>
> >>>>>Dear all,
> >>>>>
> >>>>>We have configured Ser to check from username field to authorize user
> >>>>>??°unknown????
> >>>>>
> >>>>>if (!check_from()) {
> >>>>>
> >>>>>sl_send_reply("403", "Only registered users are allowed");
> >>>>>
> >>>>>break;
> >>>>>
> >>>>>};
> >>>>>
> >>>>>We have error message
> >>>>>
> >>>>>0(2568) check_username(): No authorized credentials found (error in
> >>>>>scripts)
> >>>>>
> >>>>>0(2568) check_username(): Call {www,proxy}_authorize before calling
> >>>>>check_* function !
> >>>>>
> >>>>>We have ??°unknown???? username entry in uri table.
> >>>>>
> >>>>>Regards
> >>>>>
>
>>>>>-----------------------------------------------------------------------
-
> >>>>>
> >>>>>_______________________________________________
> >>>>>Serdev mailing list
> >>>>>serdev at lists.iptel.org
> >>>>>http://lists.iptel.org/mailman/listinfo/serdev
> >>>>>
> >>>>>
> >>>>>  
> >>>>>
> >>>>>     
> >>>>>
> >>>>>        
> >>>>>
> >>>>_______________________________________________
> >>>>Serusers mailing list
> >>>>serusers at lists.iptel.org
> >>>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>>
> >>>>
> >>>>
> >>>>   
> >>>>
> >>>>      
> >>>>
> >>>_______________________________________________
> >>>Serdev mailing list
> >>>serdev at lists.iptel.org
> >>>http://lists.iptel.org/mailman/listinfo/serdev
> >>>
> >>> 
> >>>
> >>>    
> >>>
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers at lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>  
> >>
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> 
> --
> Jiri Kuthan            http://iptel.org/~jiri/ 
> 
> 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers





More information about the sr-users mailing list