[Serusers] RE: [Serdev] check_from
Daniel-Constantin Mierla
daniel at iptel.org
Tue Mar 30 11:10:07 CEST 2004
Looks likely you haven't set the proper flag for all requests you want
to account (e.g., BYEs). Check
http://lists.iptel.org/pipermail/serusers/2003-October/002950.html and
see if it is your case, too.
.Daniel
On 03/29/04 22:48, Raymond Chen wrote:
>I am able to get the scenario work using is_user_in command. But run into
>other problems with acc to mysql, we only record the INVITE message, nothing
>else. So can perform calculation for call duration, any idea?
>
>Raymond
>
>-----Original Message-----
>From: Jan Janak [mailto:jan at iptel.org]
>Sent: Monday, March 29, 2004 2:44 AM
>To: Raymond Chen
>Cc: 'Jiri Kuthan'; daniel at iptel.org; serdev at lists.iptel.org; serusers at lists.iptel.org
>Subject: Re: [Serusers] RE: [Serdev] check_from
>
>What do you mean by authenticate ? You can only check the username for a
>certain value or compare it with another part of the message (like
>digest username).
>
> Jan.
>
>On 27-03 11:37, Raymond Chen wrote:
>
>
>>Is there anyway to authenticate just the sip username in the from header?
>>
>>
>>
>>-----Original Message-----
>>From: Jiri Kuthan [mailto:jiri at iptel.org]
>>Sent: Saturday, March 27, 2004 7:05 AM
>>To: daniel at iptel.org; Raymond Chen
>>Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>
>>the problem is the cisco gateway is not capable of supporting digest
>>
>>
>authetnication.
>
>
>>(not ver good indeed). You are left with authentication by source IP
>>
>>
>address.
>
>
>>-jiri
>>
>>At 04:56 PM 3/26/2004, Daniel-Constantin Mierla wrote:
>>
>>
>>>No idea about it. You can watch the network traffic (using ngrep on ser
>>>machine: ngrep port 5060) and see if the realm from a 401/407 reply
>>>matches with the one from next request.
>>>
>>>.Daniel
>>>
>>>On 03/26/04 16:46, Raymond Chen wrote:
>>>
>>>
>>>
>>>>I use AS5300 as UA.
>>>>
>>>>
>>>>
>>>>-----Original Message-----
>>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org]
>>>>Sent: Friday, March 26, 2004 11:04 PM
>>>>To: Raymond Chen
>>>>Cc: serdev at lists.iptel.org; serusers at lists.iptel.org
>>>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>>>
>>>>What client do you use? It does not use the realm from challenge -- it
>>>>is a MSN Messenger specific bug, but it might be present in other sip
>>>>clients. You must set the realm from challenge as the host part of the
>>>>sip id.
>>>>
>>>>.Daniel
>>>>
>>>>On 03/26/04 15:46, Raymond Chen wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>Danial,
>>>>>
>>>>>www_authorize fail to authorize without password
>>>>>
>>>>>0(3283) lookup(): '85234230599 at 218.20.229.53' Not found in usrloc
>>>>>0(3283) parse_headers: flags=4096
>>>>>0(3283) pre_auth(): Credentials with given realm not found
>>>>>0(3283) build_auth_hf(): 'WWW-Authenticate: Digest realm="xxx.org",
>>>>>nonce="40644192d74bf39b0ebb5d141cb2073a6c09daf8"
>>>>>'
>>>>>
>>>>>Regards
>>>>>
>>>>>Raymond
>>>>>
>>>>>-----Original Message-----
>>>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org]
>>>>>Sent: Friday, March 26, 2004 8:04 PM
>>>>>To: Raymond Chen
>>>>>Subject: Re: [Serusers] RE: [Serdev] check_from
>>>>>
>>>>>
>>>>>Try something like this:
>>>>>
>>>>>if (method=="INVITE")
>>>>>{
>>>>> if (!www_authorize("xxx.org", "subscriber")) {
>>>>> www_challenge("xxx.org", "0");
>>>>> break;
>>>>> };
>>>>> if (!check_from()) {
>>>>> sl_send_reply("403", "Only registered users are allowed");
>>>>> break;
>>>>> };
>>>>>
>>>>>};
>>>>>
>>>>>.Daniel
>>>>>
>>>>>On 03/26/04 12:48, Raymond Chen wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Now we understand what the what the message means after reading the
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>message
>>>>
>>>>
>>>>
>>>>
>>>>>>a few times. We are trying to do PSTN(as5300) ---> ser -----> pstn
>>>>>>(AS5300), and to authorize the calling number (callerid) in the
>>>>>>
>>>>>>
>INVITE
>
>
>>>>>>message against URI table. But check_from command needs to call
>>>>>>proxy_authorize, which it requires username and password. we setup the
>>>>>>configuration like this
>>>>>>
>>>>>>if (method=="INVITE" & proxy_authorize("xxx.org", "subscriber")
>>>>>> if (!check_from()) {
>>>>>> sl_send_reply("403", "Only registered users are
>>>>>>
>>>>>>
>allowed");
>
>
>>>>>> break;
>>>>>> }
>>>>>>}
>>>>>>
>>>>>>Because cisco does not have sip password setting, so we have
>>>>>>
>>>>>>0(3173) check_username(): No authorized credentials found (error in
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>scripts)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>0(3173) check_username(): Call {www,proxy}_authorize before calling
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>check_*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>function !
>>>>>>
>>>>>>Does anyone has a solution?
>>>>>>
>>>>>>Regards
>>>>>>
>>>>>>
>>>>>>-----Original Message-----
>>>>>>From: Daniel-Constantin Mierla [mailto:daniel at iptel.org]
>>>>>>Sent: Friday, March 26, 2004 6:18 PM
>>>>>>To: Raymond Chen
>>>>>>Cc: serdev at lists.iptel.org
>>>>>>Subject: Re: [Serdev] check_from
>>>>>>
>>>>>>Hello,
>>>>>>the last error message is self explanatory. You need to call either
>>>>>>www_authorize() or proxy_authorize() before calling check_from()
>>>>>>
>>>>>>
>because
>
>
>>>>>>this method compares the data from From header with what is in
>>>>>>credentials (response to a authentication challenge).
>>>>>>
>>>>>>.Daniel
>>>>>>
>>>>>>On 03/26/04 04:35, Raymond Chen wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Dear all,
>>>>>>>
>>>>>>>We have configured Ser to check from username field to authorize user
>>>>>>>??°unknown????
>>>>>>>
>>>>>>>if (!check_from()) {
>>>>>>>
>>>>>>>sl_send_reply("403", "Only registered users are allowed");
>>>>>>>
>>>>>>>break;
>>>>>>>
>>>>>>>};
>>>>>>>
>>>>>>>We have error message
>>>>>>>
>>>>>>>0(2568) check_username(): No authorized credentials found (error in
>>>>>>>scripts)
>>>>>>>
>>>>>>>0(2568) check_username(): Call {www,proxy}_authorize before calling
>>>>>>>check_* function !
>>>>>>>
>>>>>>>We have ??°unknown???? username entry in uri table.
>>>>>>>
>>>>>>>Regards
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>-----------------------------------------------------------------------
>>>>>>
>>>>>>
>-
>
>
>>>>>>>_______________________________________________
>>>>>>>Serdev mailing list
>>>>>>>serdev at lists.iptel.org
>>>>>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>_______________________________________________
>>>>>>Serusers mailing list
>>>>>>serusers at lists.iptel.org
>>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>_______________________________________________
>>>>>Serdev mailing list
>>>>>serdev at lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serdev
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>--
>>Jiri Kuthan http://iptel.org/~jiri/
>>
>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
>
>_______________________________________________
>Serdev mailing list
>serdev at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serdev
>
>
>
More information about the sr-users
mailing list