[Serusers] Restrict registration to one user per login

Java Rockx javarockx at gmail.com
Wed Mar 23 15:14:42 CET 2005 

IMHO setting max_contacts is very dangerous because if you reboot your
SIP UA and your NAT device gives you a new port assignment, the you
will __fail__ to register if your previous contact AOR has not
expired.

I think this is the hardest part of implementing a "per-seat"
configuration. You just don't know when a NAT will assign a new port
to a SIP UA.

I gave up on this for this very reason. Our solution is to lock down
the SIP UAs and never let a customer get in to the settings (except
for the LAN/WAN settings).

Regards,
Paul


On Wed, 23 Mar 2005 08:58:09 -0500, Dana Olson <rickaster at gmail.com> wrote:
> avpops is only in CVS, right? CVS also has max_contacts for the
> registrar module, which kinda does the same thing. Stable has no such
> option to my knowledge.
> --
> Dana
> 
> 
> On Wed, 23 Mar 2005 14:09:22 +0100, Marian Dumitru
> <marian.dumitru at voice-sistem.ro> wrote:
> > Hi Paul,
> >
> > You are right - maybe a better approach will be to use the registered()
> > function - it returns true if the AOR in the Request-URI is registered.
> > To do the trick for REGISTER requests, use avpops so copy the From or To
> > uri into RURI before checking - then you can to revert_uri() to restore
> > to original value,
> >
> > I haven't tried it , it's just an idea.
> >
> > Best regards,
> > Marian
> >
> > Java Rockx wrote:
> > > FYI, exec_msg is highly not recommended because it is "expensive" in
> > > terms of processing.
> > >
> > > Regards,
> > > Paul
> > >
> > >
> > > On Tue, 22 Mar 2005 10:37:58 +0100, Jffdsaklj dsjk <jjjaime at gmail.com> wrote:
> > >
> > >>Finally I found a solution. I've attached the block I included in the
> > >>SER cfg file.
> > >>The problem (big problem) is that after a day (more or less), there
> > >>are defunct processes. I think it's a problem of the exec_msg
> > >>sentence, but I'm not sure. With these defunct processes, SER crashed.
> > >>:(
> > >>
> > >>  ######################################################################
> > >>  # This block of code controls the user registration
> > >>  if (method=="REGISTER") {
> > >>
> > >>   # Enable authentication
> > >>   if (!www_authorize("galeno.hi.inet","subscriber")) {
> > >>    www_challenge("galeno.hi.inet","0");
> > >>    break;
> > >>   };
> > >>
> > >>   ####
> > >>   # This block prevents a user from registering with a login
> > >>previously registered from another machine
> > >>   #
> > >>   # Verify it's not a deregistration message
> > >>   if (!search("Expires: 0")) {
> > >>     # It's a registration message
> > >>     # Verify that there's no register in the table location with the
> > >>same user but from a differente machine
> > >>     if (
> > >>          !exec_msg('
> > >>               USUARIO=`echo $SIP_HF_FROM | sed -n "s/<sip:\(.*\)@.*/\1/p"`;
> > >>               QUERY="select username from location where
> > >>username=\"$USUARIO\" and contact not like \"sip:$SIP_SRCIP:%\"";
> > >>               RESULT=`mysql -uXXX -pXXX -e "$QUERY" ser`;
> > >>               if [ -z "$RESULT" ]; then exit 0; else echo "The user
> > >>$USUARIO is already registered" >> /var/log/serprueba.log; exit 1;
> > >>fi;')
> > >>     ) {
> > >>       # The user is already registered
> > >>       sl_send_reply("404", "Not Found");
> > >>       break;
> > >>     };
> > >>   }
> > >>   ####
> > >>
> > >>   save("location");
> > >>   break;
> > >>  };
> > >>  #####################################################################
> > >>
> > >>On Wed, 16 Mar 2005 17:11:01 +0100, Klaus Darilion
> > >><klaus.mailinglists at pernau.at> wrote:
> > >>
> > >>>Hi Jffdsaklj! (must be a hard life living with such a name)
> > >>>
> > >>>And how will you distinguish between an invalid registration and a valid
> > >>>re-registration from a new IP address?
> > >>>
> > >>>regards,
> > >>>klaus
> > >>>
> > >>>Jffdsaklj dsjk wrote:
> > >>>
> > >>>>How can we restrict the registration to only one user per login?.
> > >>>>Currently, you can register with the same login/password in different
> > >>>>machines at the same time. But what we require is that only the first
> > >>>>registration is valid and the rest ones are invalidated by the SER.
> > >>>>Thanks
> >
> > --
> > Voice System
> > http://www.voice-system.ro
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>

More information about the sr-users mailing list