[Serusers] authentication (or lack there of)

Ashling O'Driscoll ashling.odriscoll at cit.ie
Mon Nov 1 10:32:56 CET 2004 

Hi,

Even though the mysql database is working fine (i.e. I can add users
etc) and I've uncommented the authentication lines in the ser.cfg
file, my ser still allows any UA to register. I have included my
config file below. Any ideas?

Really appreciate the help Im getting from this list,
Aisling.

# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ 
# 
# simple quick-start config script 
# 

# ----------- global configuration parameters
------------------------ 

#debug=3         # debug level (cmd line: -dddddddddd) 
#fork=yes 
#log_stderror=no     # (cmd line: -E) 

alias=172.16.3.12 
#alias=10.10.10.12 
#alias=10.0.1.4 
#alias=192.168.3.77 
#alias=cit.ie 

/* Uncomment these lines to enter debugging mode  
debug=7 
fork=no 
log_stderror=yes 
*/ 

check_via=no     # (cmd. line: -v) 
dns=no           # (cmd. line: -r) 
rev_dns=no      # (cmd. line: -R) 
port=5060 
#children=4 
fifo="/tmp/ser_fifo" 

# ------------------ module loading
---------------------------------- 

# Uncomment this if you want to use SQL database 
loadmodule  "/usr/local/lib/ser/modules/mysql.so" 

loadmodule  "/usr/local/lib/ser/modules/sl.so" 
loadmodule  "/usr/local/lib/ser/modules/tm.so" 
loadmodule  "/usr/local/lib/ser/modules/rr.so" 
loadmodule  "/usr/local/lib/ser/modules/maxfwd.so" 
loadmodule  "/usr/local/lib/ser/modules/usrloc.so" 
loadmodule  "/usr/local/lib/ser/modules/registrar.so" 

# Uncomment this if you want digest authentication 
# mysql.so must be loaded ! 
loadmodule  "/usr/local/lib/ser/modules/auth.so" 
loadmodule  "/usr/local/lib/ser/modules/auth_db.so" 

# ----------------- setting module-specific parameters
--------------- 

# -- usrloc params -- 

modparam("usrloc",  "db_mode",   0) 

# Uncomment this if you want to use SQL database  
# for persistent storage and comment the previous line 
modparam("usrloc",  "db_mode", 2) 

# -- auth params -- 
# Uncomment if you are using auth module 
# 
modparam("auth_db",  "calculate_ha1", yes) 
# 
# If you set  "calculate_ha1" parameter to yes (which true in this
config),  
# uncomment also the following parameter) 
# 
modparam("auth_db",  "password_column",  "password" 

# -- rr params -- 
# add value to ;lr param to make some broken UAs happy 
modparam("rr",  "enable_full_lr", 1) 

# -------------------------  request routing logic
------------------- 

# main routing logic 

route{ 

    # initial sanity checks -- messages with 
    # max_forwards==0, or excessively long requests 
    if (!mf_process_maxfwd_header("10")) { 
         sl_send_reply("483","Too Many Hops"); 
         break; 
    }; 
    if ( msg:len  > max_len ) { 
         sl_send_reply("513",  "Message too big"); 
         break; 
    }; 

    # we record-route all messages -- to make sure that 
    # subsequent messages will go through our proxy; that's 
    # particularly good if upstream and downstream entities 
    # use different transport protocol 
    record_route();      
    # loose-route processing 
    if (loose_route()) { 
         t_relay(); 
         break; 
    }; 

    # if the request is for other domain use UsrLoc 
    # (in case, it does not work, use the following command 
    # with proper names and addresses in it) 
    if (uri==myself) { 

         if (method=="REGISTER" { 

# Uncomment this if you want to use digest authentication 
              if (!www_authorize("172.16.3.12",  "subscriber")) { 
                   www_challenge("172.16.3.12",  "0"); 
                   break; 
              }; 

              save("location"); 
              break; 
         }; 

         # native SIP destinations are handled using our USRLOC DB 
         if (!lookup("location")) { 
              sl_send_reply("404",  "Not Found"); 
              break; 
         }; 
    }; 

    #inserted by klaus 
    if (method=="INVITE"){ 
         record_route(); 
         force_rtp_proxy(); 
         /* set up reply processing */ 
         t_on_reply("1"); 
    }; 

    # forward to current uri now; use stateful forwarding; that 
    # works reliably even if we forward from TCP to UDP 
    if (!t_relay()) { 
         sl_reply_error(); 
    }; 

} 

# inserted by klaus 
#all incoming replies for t_onrepli-ed transactions enter here 
onreply-route[1]{ 
    if(status=~"[12][0-9][0-9]" 
         force_rtp_proxy(); 
} 






-------------------Legal  Disclaimer---------------------------------------

The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt.

----------------------------------------------------------------------------------------

More information about the sr-users mailing list