[Serusers] Blocking calls from unregistered users
Pavol Segec
pavol.segec at kis.fri.utc.sk
Wed Aug 31 12:19:12 CEST 2005
Hi,
If I understand well, you just need to put authorization challenge into your
ser.cfg file where INVITE messages are handled, as follows:
if(!proxy_authorize("your.domain","subscriber")){
proxy_challenge("your.domain","0");
sl_send_reply("403","Forbidden");
break;
};
pavol
Citát Dave <ddx66 at yahoo.com>:
> You can't as far as I know. You must use a USer Agent
> that does not allow a user to make a calls unless the
> UA is registered.
>
> --- rpagquil at philonline.com wrote:
>
>
> ---------------------------------
> Hi, I'm setting up ser so that unregistered users
> can't make any calls to anybody. I have configured to
> allow all other domains to make a call to my local
> users. But when my local user that is unregistered it
> can still make calls to other local users. How would I
> do to block him totally? here is my ser.cfg: debug=3
> fork=yes log_stderror=yes listen=202.84.24.107
> port=5060 children=4 dns=no rev_dns=no
> fifo="/tmp/ser_fifo"
> fifo_db_url="mysql://ser:heslo@localhost/ser"
> alias=sip.philonline.com #load module part
> loadmodule "/usr/local/lib/ser/modules/mysql.so"
> loadmodule "/usr/local/lib/ser/modules/domain.so"
> loadmodule "/usr/local/lib/ser/modules/sl.so"
> loadmodule "/usr/local/lib/ser/modules/tm.so"
> loadmodule "/usr/local/lib/ser/modules/rr.so"
> loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
> loadmodule "/usr/local/lib/ser/modules/usrloc.so"
> loadmodule "/usr/local/lib/ser/modules/registrar.so"
> loadmodule "/usr/local/lib/ser/modules/auth.so"
> loadmodule "/usr/local/lib/ser/modules/auth_db.so"
> loadmodule "/usr/local/lib/ser/modules/uri.so"
> loadmodule "/usr/local/lib/ser/modules/uri_db.so"
> loadmodule "/usr/local/lib/ser/modules/mediaproxy.so"
> loadmodule "/usr/local/lib/ser/modules/nathelper.so"
> loadmodule "/usr/local/lib/ser/modules/textops.so"
> loadmodule "/usr/local/lib/ser/modules/acc.so"
> loadmodule "/usr/local/lib/ser/modules/permissions.so"
> #module parameter setup modparam("rr",
> "enable_full_lr", 1)
> modparam("auth_db|uri_db|usrloc|domain|permissions",
> "db_url", "mysql://ser:heslo@localhost/ser")
> modparam("auth_db", "calculate_ha1", 1)
> modparam("auth_db", "password_column", "password")
> modparam("usrloc", "db_mode", 2)
> modparam("nathelper", "rtpproxy_disable", 1)
> modparam("nathelper", "natping_interval", 0)
> modparam("mediaproxy", "natping_interval", 30)
> modparam("mediaproxy", "mediaproxy_socket",
> "/var/run/mediaproxy.sock") modparam("mediaproxy",
> "sip_asymmetrics", "/usr/local/etc/ser/sip-clients")
> modparam("mediaproxy", "rtp_asymmetrics",
> "/usr/local/etc/ser/rtp-clients")
> modparam("registrar", "nat_flag", 6) modparam("acc",
> "log_level", 2) modparam("acc", "log_fmt",
> "cdfimorstup") modparam("acc", "report_ack", 1)
> #modparam("acc", "failed_transactions", 1)
> modparam("acc", "log_flag", 1) #modparam("acc",
> "report_cancels", 1) modparam("acc", "db_flag", 1)
> modparam("acc", "db_missed_flag", 3) modparam("acc",
> "db_url", "mysql://ser:heslo@localhost/ser")
> modparam("uri_db", "uri_table", "uri")
> modparam("uri_db", "uri_user_column", "username")
> modparam("uri_db", "uri_domain_column", "domain")
> modparam("domain", "db_mode", 1) modparam("domain",
> "domain_table", "domain") modparam("domain",
> "domain_col", "domain") modparam("permissions",
> "default_allow_file",
> "/usr/local/etc/ser/allow.permissions")
> modparam("permissions", "default_deny_file",
> "/usr/local/etc/ser/deny.permissions") #our routing
> logic route { if
> (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483", "Too many hops");
> break; }; if (msg:len > max_len) {
> sl_send_reply("513", "Message overflow");
> break; }; ###record
> route#### if (method=="INVITE" &&
> client_nat_test("3")) {
> record_route_preset("202.84.24.107:5060;nat=yes");
> } else if (method!="REGISTER") {
> record_route(); }; ###call tear down
> section### if (method=="BYE" ||
> method=="CANCEL") {
> end_media_session(); }; ###accounting###
> if ((!has_totag() && (method=="INVITE" ||
> method=="ACK")) || (method=="BYE")) {
> setflag(1); }; ###loose route### if
> (loose_route()) { if (has_totag() &&
> (method=="INVITE" || method=="ACK")) {
> if (client_nat_test("3") ||
> search("^Route:.*;nat=yes")) {
> setflag(6);
> use_media_proxy(); };
> }; route(1);
> break; }; ###call type processing###
> if (uri!=myself) { route(1);
> break; }; if (uri==myself) {
> if (method=="CANCEL") {
> route(3); break;
> } else if (method=="INVITE") {
> route(3); break;
> } else if (method=="REGISTER") {
> route(2);
> break; };
> lookup("aliases"); if (uri!=myself) {
> route(1);
> break; }; if
> (!lookup("location")) {
> sl_send_reply("404", "User not found");
> break; }; };
> route(1); } ##Default message handler## route[1] {
> t_on_reply("1"); if (!t_relay()) {
> if (method=="INVITE" || method=="ACK") {
> end_media_session();
> }; sl_reply_error(); }; }
> ##Register message handler## route[2] {
> sl_send_reply("100", "Trying"); if
> (!search("^Contact:\ +\*") && client_nat_test("7")) {
> setflag(6);
> fix_nated_register(); force_rport();
> }; if
> (!www_authorize("sip.philonline.com","subscriber")) {
>
> www_challenge("sip.philonline.com","0");
> break; }; if (!check_to()) {
> sl_send_reply("401", "You are Unauthorized");
> break; };
> consume_credentials(); if (!save("location"))
> { sl_reply_error(); }; }
> ##INVITE message Handler## route[3] {
> if (client_nat_test("3")) {
> setflag(7); force_rport();
> fix_nated_contact(); }; if
> (!search("To: .*@sip.philonline.com")) { if
> (!proxy_authorize("","subscriber")) {
> proxy_challenge("", "0"); break;
> }; if (!check_from() && method=="INVITE")
> { sl_send_reply("403", "User
> From=ID"); break; };
> }; lookup("aliases"); if
> (uri!=myself) { route(1);
> break; }; if (!lookup("location"))
> { sl_send_reply("404", "User not
> found"); break; }; if
> (method=="CANCEL") { route(1);
> break; };
> consume_credentials(); if (isflagset(6) ||
> isflagset(7)) { use_media_proxy();
> }; route(1); } onreply_route[1] {
> if (isflagset(6) || isflagset(7) &&
> (status=~"(180)|(183)|2[0-9][0-9]")) {
> if (!search("^Content-Length:\ +0")) {
> use_media_proxy(); };
> }; if (client_nat_test("1")) {
> fix_nated_contact(); }; } Thanks,
> --ryanRyan PagquilInfodyne Inc.
> (www.philonline.com)Tel. (632)-6870715>
> _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
More information about the sr-users
mailing list