Re: [Serusers] Can´t CANCEL PSTN calls when using credentials

Rafael J. Risco G.V. rafael.risco at gmail.com
Sun Mar 27 03:29:42 CEST 2005 

Marian
thanks a lot again, it works with uri "from" instead of "credentials"
, I also changed my script to challenge all non-register messages just
to ensure CANCELs and INVITEs follow the same path, its that correct?
(...according to Jan "auth module will never challenge ACKs and
CANCELs, it will always return that the authentication was sucessful),
by the way, is there any security disadvantage in to use "from"
instead of credentials?

best regards
rafael

PS: thats my new register and non-register auth method:

                if (method == "REGISTER") {
                        log(1, "ANALYZING REGISTER REQUEST\n");
                        	if (is_user_in("Request-URI", "deactivated")) {
                                sl_send_reply("402", "Su cuenta fue
desactivada");
                                break;
                        };
	### digest authentication
                        if (!www_authorize("mydomain.com.pe", "subscriber")) {
                                www_challenge("mydomain.com.pe", "0");
                                break;
                        };

                        if (!save("location")) {
                                sl_reply_error();
                        };
                        break;
                };

                if (!method == "REGISTER" && src_ip!=GW_AS5350_IP) {
                        log(1, "ANALYZING INVITE||CANCEL... REQUESTs\n");
                        if (!proxy_authorize("mydomain.com.pe", "subscriber")) {
                                proxy_challenge("mydomain.com.pe", "1");
                                break;
                        };

                /* ***************** Dial out to Local and PSTN logic
****************** */

                # forward n digit requests to gateway AS5350 (Celulares)
                if(uri=~"^sip:9"){
                        log(1," digit expression match - Celulares");
                        if (!is_user_in("from", "mobile")) {
                                sl_send_reply("403", "No permission
for mobile calls");
                                break;
                        };
                        rewritehostport("GW_AS5350_IP:5060");
                        route(1); ##Nathelper
                        break;
                };

	};
......
.
.
.





On Sat, 26 Mar 2005 23:55:28 +0100, Marian Dumitru
<marian.dumitru at voice-sistem.ro> wrote:
> Hi Rafael,
> 
> the cancelling doesn't work because you process the INVITEs and CANCELs
> in different way and because of this the CANCEL cannot follow the same
> path as the INVITE.
> As CANCEL is not authenticate (and it should not be), the
> is_user_in("credentials", "mobile") will fail for CANCELs and you will
> reply with "403 No permission for mobile calls".
> Either replace "credential" with "from", either skip this test for CANCELS.
> 
> Best regards,
> Marian
> 
> Rafael J. Risco G.V. wrote:
> > HI
> > I have this problem when I made a call from a registered endpoint to a
> > PSTN number through a GW AS5350 I can´t cancel this call and
> > destination keeps ringing until timeout occur;
> >
> > this happen only when I use "is_user_in" function before to forward the call.
> >
> > some idea???
> >
> > ser.cfg<:::
> > ....
> >        if (uri==myself) {
> >
> >                 if (method == "REGISTER") {
> >                         log(1, "ANALYZING REGISTER REQUEST\n");
> >                         # to use digest authentication
> >                         if (!www_authorize("mydomain.com.pe", "subscriber")) {
> >                                 www_challenge("mydomain.com.pe", "0");
> >                                 break;
> >                         };
> >                         if (!save("location")) {
> >                                 sl_reply_error();
> >                         };
> >                         break;
> >                 };
> >
> >                 if (method == "INVITE" && src_ip!=GW_AS5350_IP) {
> >                         log(1, "ANALYZING INVITE REQUEST\n");
> >                         if (!proxy_authorize("mydomain.com.pe", "subscriber")) {
> >                                 proxy_challenge("mydomain.com.pe", "0");
> >                                 break;
> >                         } else if (is_user_in("credentials", "deactivated")) {
> >                                         sl_send_reply("402", "Su
> > cuenta fue desactivada");
> >                                         break;
> >                                 };
> >                 };
> >
> >                 /* ***************** Dial out to Local and PSTN logic
> > ****************** */
> >
> >                 # forward n digit requests to gateway AS5350 (Celulares)
> >                 if(uri=~"^sip:9"){
> >                         log(1," digit expression match - Celulares");
> >                         if (!is_user_in("credentials", "mobile")) {
> >                                 sl_send_reply("403", "No permission
> > for mobile calls");
> >                                 break;
> >                         };
> >                         rewritehostport("GW_AS5350_IP:5060");
> >                         route(1); ## to NatHelper l...
> >                         break;
> >                 };
> >
> >
> >                 # Forward calls to 6607+ to Asterisk OH323 Module gk´s
> >                 if(uri=~"^sip:6607[0-9][0-9][0-9]*@(mydomain\.com\.pe)"){
> >                         rewritehostport("Asterisk-IP:5060");
> >                         log(1,"digit expression match - Local (oH323)");
> >                         route(2);
> >                         break;
> >                 };
> > .....
> > .
> > .
> > .
> >
> >
> >
> 
> --
> Voice System
> http://www.voice-system.ro
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 


-- 

rrgv

More information about the sr-users mailing list