Re: [Serusers] Can´t CANCEL PSTN calls when using credentials

Rafael J. Risco G.V. rafael.risco at gmail.com
Mon Mar 28 16:46:58 CEST 2005 

that´s great, below you can see the changes that works perfect using
check_to and check_from... now I am planning to do all this security
issues using radius modules and I found 2 problems:

1.- I have been able to authenticate and register users but when use
radius_is_user_in I don´t known what attribute to use for Request-URI
to verify if it belongs to a group "deactivated" in Register process
or verify if user is in "voicemail" group, same problem checking
"from" or "credentials"

...This is an example in freeradius user file:

6609876 at 10.0.1.22   Auth-Type := Digest, User-Password == "9876"


2.- There is no "check_to" or "check_from" functions in uri_radius
module... Is there any other way to do this using radius?
 
regards
Rafael

PS: config:

                if (method == "REGISTER") {
                        log(1, "ANALYZING REGISTER REQUEST\n");
                        # to use digest authentication
                        if (is_user_in("Request-URI", "deactivated")) {
                                sl_send_reply("402", "Su cuenta fue
desactivada");
                                break;
                        };

                        if (!www_authorize("mydomain.com.pe", "subscriber")) {
                                www_challenge("mydomain.com.pe", "0");
                                break;
                        };

                        # only registered users are allowed 
                        if (!check_to()) {
                                log(1, "LOG: Hijack!!!--> unregistered
user registration attempt\n");
                                sl_send_reply("403", "hijack
attempt!!!! Only registered users are allowed");
                                break;
                        };
                        log(1,"      Registered!!! \n");
                        if (!save("location")) {
                                sl_reply_error();
                        };
                        break;
                };

                if (method == "INVITE" || method== "CANCEL" ||
method== "ACK" && src_ip!=GW_IP ) {
                        log(1, "ANALYZING INVITE||CANCEL REQUESTs\n");
                        if (!proxy_authorize("mydomain.com.pe", "subscriber")) {
                                proxy_challenge("mydomain.com.pe", "1");
                                break;
                        } else {
                        if (method == "INVITE" && !check_from()) {
                                sl_send_reply("403", "Only registered
users are allowed");
                                break;
                        };
                        };


                        /* *********** Dial out to Local and PSTN
logic ********* */

                # Forward n digit requests to gateway AS5350 (Celulares)
                        if(uri=~"^sip:9" ){
                                log(1," digit expression match - Celulares\n");
                                if (!is_user_in("from", "mobile")) {
                                        sl_send_reply("403", "No
permission for mobile calls");
                                        break;
                                }; 
                                rewritehostport("GW_IP:5060");
                                route(1);  ## to nathelper...
                                break;    
                        };
	};


Rafael J. Risco G.V.

More information about the sr-users mailing list