[Serusers] bugs on alias or save location
Samuel Osorio Calvo
samuel.osorio at nl.thalesgroup.com
Tue May 17 13:46:13 CEST 2005
Hi,
the "normal" mechanism is to have two table, aliases and location. In the first one you have a "permament" binding between a an alias and the user name (AoR). In the latter, you update the binding between the username (AoR) and the current location treating the incoming REGISTER with save("location").
In your attached config file there is save("location"), which will update the location table:
> if (method=="REGISTER") {
>
># Uncomment this if you want to use digest
>authentication
> if
>(!www_authorize("justser.com", "subscriber")) {
>
>www_challenge("justser.com", "0");
> break;
> };
>
> save("location");
> break;
> };
, so you would have:
ALIASES LOCATION
900--->test test--->UA'sIP
When you do lookup("location") in
> # native SIP destinations are handled
>using our USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not
>Found");
> break;
> };
> };
you will rewrite the Req-URI to the binding existing in the location table, that's why they can reach the user with the username. And you sohuld do it because the user's UA will recognise requests with test in the Req-URI as targeted to itself but not requests with 900 in the Req-URI.
That's why you should make something like
lookup("aliases");
lookup("location");
in the config file to handle aliases.
If you don't want other people to reach the user with the AoR (I'm wondering you would like suche feature...): you should make somehting like (it's just a possible approach from many differents and don't know if it will work always....just experiment):
if( lookup("aliases") ){
if( ! lookup("location") ){
sl_send_reply("404", "Not Found");
break;
}
}
Hope it's clearer.....
Samuel
Unclassified.
>>> "Edgardo O. Gonzales II" <edgardo.g at pacific.net.ph> 05/17/05 01:20PM >>>
Hi!
I have a little problem with regards to alias and my routing table because
as I understand the logic of logging and authorization, client can login using
a username and password assigned by the administrator.
For example, I have the following information
username : test
password : test123
extension / alias : 900
By enabling radius support, for aaa, I was able to login using my username
and password.
Other parties can also call my extension / alias number which is 900 but I
wonder why they can
also call my username which is test. I have save("alias") on my config.
why is this happening.
thanks,
ed
At 03:24 AM 5/17/2005, Jose Bertuzzi wrote:
>Hello guys; I have everything in place to acc into
>mysql. I am already logging some BYEs, INVITEs and
>ACKs.
>
>Where do I have to place the setflag statement to
>properly log messages from and/to gw 66.166.166.66
>only?
>
>My ser.cfg is as follows:
>
>
># $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei
>Exp $
>#
># simple quick-start config script
>#
>
># ----------- global configuration parameters
>------------------------
>
>#debug=3 # debug level (cmd line: -dddddddddd)
>#fork=yes
>#log_stderror=no # (cmd line: -E)
>
>/* Uncomment these lines to enter debugging mode
>debug=7
>fork=no
>log_stderror=yes
>*/
>
>check_via=no # (cmd. line: -v)
>dns=no # (cmd. line: -r)
>rev_dns=no # (cmd. line: -R)
>#port=5060
>#children=4
>fifo="/tmp/ser_fifo"
>#fifo_mode=0666
>
>
># ------------------ module loading
>----------------------------------
>
># Uncomment this if you want to use SQL database
>loadmodule "/usr/local/lib/ser/modules/mysql.so"
>
>loadmodule "/usr/local/lib/ser/modules/sl.so"
>loadmodule "/usr/local/lib/ser/modules/tm.so"
>loadmodule "/usr/local/lib/ser/modules/rr.so"
>loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
>loadmodule "/usr/local/lib/ser/modules/usrloc.so"
>loadmodule "/usr/local/lib/ser/modules/registrar.so"
>loadmodule "/usr/local/lib/ser/modules/acc.so"
>#loadmodule "/usr/local/lib/ser/modules/group.so"
>
>
># Uncomment this if you want digest authentication
># mysql.so must be loaded !
>loadmodule "/usr/local/lib/ser/modules/auth.so"
>loadmodule "/usr/local/lib/ser/modules/auth_db.so"
>
># ----------------- setting module-specific parameters
>---------------
>
># -- usrloc params --
>
>#modparam("usrloc", "db_mode", 0)
>
># Uncomment this if you want to use SQL database
># for persistent storage and comment the previous line
>modparam("usrloc", "db_mode", 2)
>
># -- auth params --
># Uncomment if you are using auth module
>#
>modparam("auth_db", "calculate_ha1", yes)
>#
># If you set "calculate_ha1" parameter to yes (which
>true in this config),
># uncomment also the following parameter)
>#
>modparam("auth_db", "password_column", "password")
>
># -- rr params --
># add value to ;lr param to make some broken UAs happy
>modparam("rr", "enable_full_lr", 1)
>
>
># -- acc params --
>
>modparam("acc", "db_url",
>"mysql://ser:heslo@localhost/ser")
>#modparam("acc", "log_level", 1)
>#modparam("acc", "log_flag", 1)
>modparam("acc", "db_flag", 1)
>
>
>
># ------------------------- request routing logic
>-------------------
>
># main routing logic
>
>route{
>
> # initial sanity checks -- messages with
> # max_forwards==0, or excessively long
>requests
> if (!mf_process_maxfwd_header("10")) {
> sl_send_reply("483","Too Many Hops");
> break;
> };
> if ( msg:len > max_len ) {
> sl_send_reply("513", "Message too
>big");
> break;
> };
>
> # we record-route all messages -- to make sure
>that
> # subsequent messages will go through our
>proxy; that's
> # particularly good if upstream and downstream
>entities
> # use different transport protocol
> record_route();
> # loose-route processing
> if (loose_route()) {
> t_relay();
> break;
> };
>
> # if the request is for other domain use
>UsrLoc
> # (in case, it does not work, use the
>following command
> # with proper names and addresses in it)
> if (uri=~"justser.com") {
>
> if (src_ip==66.166.166.66 and
>method=="INVITE") { ## Llamadas desde PSTN
> forward(uri:host, uri:port);
> ##
> break;
> ##
> };
> ##
>
>
> if (method=="REGISTER") {
>
># Uncomment this if you want to use digest
>authentication
> if
>(!www_authorize("justser.com", "subscriber")) {
>
>www_challenge("justser.com", "0");
> break;
> };
>
> save("location");
> break;
> };
>
>
>
> if
>(uri=~"^sip:1305[0-9]*@justser.com") { ##
> prefix("3000#");
> ##
>
>rewritehostport("66.166.166.66:5060"); ##
>TERMINATION
> forward(uri:host, uri:port);
> ## AREA CODE 305
> #setflag(1); ##
> break;
> ##
> };
> ##
>
>
> if
>(uri=~"^sip:1786[0-9]*@justser.com") { ##
> prefix("3000#");
> ##
>
>rewritehostport("66.166.166.66:5060"); ##
>TERMINATION
> forward(uri:host, uri:port);
> ## AREA CODE 786
> break;
> ##
> };
> ##
>
>
>
>
> # native SIP destinations are handled
>using our USRLOC DB
> if (!lookup("location")) {
> sl_send_reply("404", "Not
>Found");
> break;
> };
> };
> # forward to current uri now; use stateful
>forwarding; that
> # works reliably even if we forward from TCP
>to UDP
>
> setflag(1);
>
> if (!t_relay()) {
> sl_reply_error();
> };
>
>}
>
>
>
>
>Yahoo! Mail
>Stay connected, organized, and protected. Take the tour:
>http://tour.mail.yahoo.com/mailtour.html
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list