[Serusers] RE: Test
harry gaillac
gaillacharry at yahoo.fr
Wed Jul 6 14:49:43 CEST 2005
its's one conditonnal block if +
harry
> if (method=="INVITE" && !allow_trusted()) {
>
> if (!proxy_authorize("","subscriber")) {
> proxy_challenge("","0");
> sl_send_reply("407", "Proxy Authentication
>Required");
> break;
> };
>
> };
--- Steve Blair <blairs at isc.upenn.edu> a écrit :
>
> If he is getting a proxy authenticate error as his
> message suggested
> then your
> ser.cfg has to be modified to allow calls from
> outside your domain without
> those calls being authenticated first.
>
>
> harry gaillac wrote:
>
> >Thanks Ryan,
> >
> >Many people can't call me !?
> >
> >Harry
> >
> >look at my ser.cfg:
> ># $Id: ser.cfg,v 1.27 2005/03/10 14:16:25 Exp $
> >#
> >#
> >
> ># ----------- global configuration parameters
> >------------------------
> >
> >debug=3 # debug level (cmd line:
> -dddddddddd)
> >fork=yes
> >log_stderror=no # (cmd line: -E)
> >#memlog=5 # memory debug log level
> >#log_facility=LOG_LOCAL0 # sets the facility used
> for
> >logging (see syslog(3))
> >
> >/* Uncomment these lines to enter debugging mode
> >#fork=no
> >#log_stderror=yes
> >*/
> >
> >check_via=no # (cmd. line: -v)
> >dns=no # (cmd. line: -r)
> >rev_dns=no # (cmd. line: -R)
> >port=5060
> >children=4
> >fifo="/tmp/ser_fifo"
>
>fifo_db_url="mysql://ser:heslo@serveur1.home.net/ser"
> >user=root
> >group=ser
> >fifo_user=root # owner of the ser fifo
> >fifo_group=ser
> >fifo_mode=0660 # fifo's permissions
> >#disable_core=yes #disables core dumping
> >#open_fd_limit=1024 # sets the open file
> descriptors
> >limit
> >#mhomed=yes # usefull for multihomed hosts, small
> >performance penalty
> >#disable_tcp=yes
> >#tcp_accept_aliases=yes # accepts the tcp alias via
> >option (see NEWS)
> >listen=80.119.9.7
> >#
> >
> ># ------------------ module loading
> >----------------------------------
> >
> >loadmodule "/usr/lib/ser/modules/mysql.so"
> >loadmodule "/usr/lib/ser/modules/sl.so"
> >loadmodule "/usr/lib/ser/modules/tm.so"
> >loadmodule "/usr/lib/ser/modules/rr.so"
> >loadmodule "/usr/lib/ser/modules/maxfwd.so"
> >loadmodule "/usr/lib/ser/modules/usrloc.so"
> >loadmodule "/usr/lib/ser/modules/registrar.so"
> >loadmodule "/usr/lib/ser/modules/uri.so"
> >loadmodule "/usr/lib/ser/modules/uri_db.so"
> >loadmodule "/usr/lib/ser/modules/nathelper.so"
> >loadmodule "/usr/lib/ser/modules/mediaproxy.so"
> >loadmodule "/usr/lib/ser/modules/auth.so"
> >loadmodule "/usr/lib/ser/modules/auth_db.so"
> >loadmodule "/usr/lib/ser/modules/textops.so"
> >loadmodule "/usr/lib/ser/modules/permissions.so"
> >loadmodule "/usr/lib/ser/modules/domain.so"
> >loadmodule "/usr/lib/ser/modules/group.so"
> >loadmodule "/usr/lib/ser/modules/avpops.so"
> >
> ># ----------------- setting module-specific
> parameters
> >---------------
> >
> ># -- usrloc params--
> >modparam("usrloc", "db_mode", 2)
> >
> ># -- autdb_params--
> >modparam("auth_db", "calculate_ha1", yes)
> >modparam("auth_db", "password_column", "password")
> >
> ># -- rr params --
> ># add value to ;lr param to make some broken UAs
> happy
> >modparam("rr", "enable_full_lr", 1)
> >
> ># -- nathelper params --
> >modparam("nathelper", "ping_nated_only", 0)
> >modparam("nathelper", "rtpproxy_disable", 1)
> >
> ># mediaproxy params --
> >modparam("mediaproxy", "natping_interval", 30)
> >modparam("mediaproxy", "mediaproxy_socket",
> >"var/run/mediaproxy.sock")
> >
> ># -- registrar params --
> >modparam("registrar", "nat_flag", 4)
> >
> ># -- tm params --
> >modparam("tm", "fr_inv_timer", 27)
> >modparam("tm", "fr_inv_timer_avp", "inv_timeout")
> >
> ># --domain params --
> >modparam("domain", "db_url",
> >"mysql://ser:heslo@serveur1.home.net/ser")
> >modparam("domain", "domain_table", "domain")
> >modparam("domain", "db_mode", 1) # Use caching
> >
> ># -- permissions params --
> >modparam("permissions", "db_url",
> >"mysql://ser:heslo@serveur1.home.net/ser")
> >modparam("permissions", "db_mode", 1)
> >modparam("permissions", "trusted_table", "trusted")
> >modparam("permissions", "default_deny_file",
> >"/etc/ser/permissions.deny")
> >modparam("permissions", "default_allow_file",
> >"/etc/ser/permissions.allow")
> >
> ># ------------------------- request routing logic
> >-------------------
> >
> >
> ># main routing logic
> >
> >route{
> >
> > # initial sanity checks -- messages with
> > # max_forwards==0, or excessively long requests
> > if (!mf_process_maxfwd_header("10")) {
> > sl_send_reply("483","Too Many Hops");
> > break;
> > };
> > if (msg:len >= max_len ) {
> > sl_send_reply("513", "Message too big");
> > break;
> > };
> >
> > # we record-route all messages -- to make sure
> that
> > # subsequent messages will go through our proxy;
> >that's
> > # particularly good if upstream and downstream
> >entities
> > # use different transport protocol
> > if (!method=="REGISTER") {
> > record_route();
> > };
> >
> >
> > if (method=="CANCEL" || method=="BYE") {
> > end_media_session();
> > };
> >
> > # subsequent messages withing a dialog should take
> >the
> > # path determined by record-routing
> > if (loose_route()) {
> > if (has_totag() && method=="INVITE" ||
> >method=="ACK") {
> > if (client_nat_test("3")) {
> > setflag(4);
> > force_rport();
> > fix_contact();
> > };
> > use_media_proxy();
> > };
> > route(1);
> > break;
> > };
> >
> > # Requests to others domains
> > if (!is_uri_host_local()) {
> >
> > # Checking Authorization
> > if (!proxy_authorize("","subscriber")) {
> > proxy_challenge("","0");
> > sl_send_reply("407", "Proxy Authentication
> >Required");
> > break;
> > };
> >
> > if (client_nat_test("3")) {
> > setflag(4);
> > };
> >
> > if (isflagset(4)) {
>
=== message truncated ===
___________________________________________________________________________
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
Téléchargez cette version sur http://fr.messenger.yahoo.com
More information about the sr-users
mailing list