[Serusers] Check if user is already authenticated or registered

Cesc cesc.santa at gmail.com
Wed Jun 1 14:02:16 CEST 2005


Hi,

Ok ... so your ser receives the invite and you will only forward to
pstn if user is authenticated. So, what you want is to authorize the
invites with proxy_authorize() and if they fail, use proxy_challenge()
Once authorization is ok, you can use check_from.
(you have this part of code commented in your config file).
What you get with this is low security, but at least you now that
whoever is sending the messages is in your "subscribers" database.

Of course the registered("location") returns always false ... it
checks the request uri, not the from uri! The request uri contains the
pstn number.
And by the way, in the config you sent ... you always hit the else
because you do:
if( ! registered( ... ) ) 
     rewrite ...
else ...

it should be if( registered () ) ... but i guess you were tired of
hitting the else and you made this change on purpose :)

On the other hand ... why don't you try instead of rewriting the
request uri, to use something like: t_relay_to_udp(ip, port), or
t_relay_to_tcp(ip, port) or forward(ip, port) ...

One last comment ... if this invite that arrives to you comes not
directly from a phone, but from another proxy ... and supposing all
proxies are controlled by you ... you may want to be able to reuse the
same Proxy-Auth header data for all. This way, only the first proxy
will challenge the phone asking for the credentials, then just forward
the INV (without consuming the auth header data) to the next proxy. 
For this, you need to set the "secret" parameter in the "auth" mode to
be equal in all proxies.
modparam("auth", "secret", "this_is_not_a_secret_anymore")

Regards,

C.

On 6/1/05, Bastian Schern <ml01 at in-bln.de> wrote:
> Hi,
> 
> I attached my complete ser.cfg.
> I tested with "serctl ul show" and the User is registered. But I think
> it is the wrong function.
> I want to prohibit unregistered users to make PSTN calls without
> reauthentication.
> 
> Is that possible?
> 
> Cesc schrieb:
> > Hi,
> >
> > Well, this piece of code looks correct, but it is out of context. It
> > may be the way your config file is that makes you always hit the else.
> > Other than that ... have you checked the obvious? is the user really
> > registered (check with >serctl ul show)? the function checks the
> > request uri, is that what you want? do you modify the request uri
> > before this point?
> > What version of ser are you running?
> 
> I'm running ser-0.8.14.
> 
> 
> >
> > One question ... why do you rewrite host and port? if the user is
> > already registered, just doing a lookup("location") would be enough to
> > for the uri to be rewritten to the contact and then you can t_relay it
> > ... no need to do the localhost:5061
> 
> Is it not correct? I forward the authorized calls to the PSTN gateway.
> 
> Regards
>         Bastian
> 
>




More information about the sr-users mailing list