[Serusers] prevent INVITE without REGISTERing
Miklos Tirpak
miklos at iptel.org
Wed Jul 12 15:01:23 CEST 2006
İlker Aktuna (Koç.net) wrote:
>
>
> Thanks Miklos,
>
> I think this is just what I'm looking for.
> But I get some errors for this line:
> if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
You can access src_ip and src_port via xl_lib:
$registered_host = @ruri.host;
$registered_port = @ruri.port;
if ((!avp_equals_xl("$registered_host", "%si"))
|| (!avp_equals_xl("$registered_port", "%sp"))) {
...
Miklos
>
> 0(30074) parse error (175,16-17): syntax error
> 0(30074) parse error (175,16-17): ip address or hostname expected
> 0(30074) parse error (175,16-17): bad command
> 0(30074) parse error (175,21-22): bad command
> 0(30074) parse error (175,21-22): bad command
> 0(30074) parse error (175,26-27): bad command
> 0(30074) parse error (175,26-27): bad command
> 0(30074) parse error (175,28-30): bad command
> 0(30074) parse error (175,31-32): bad command
> 0(30074) parse error (175,32-40): bad command
> 0(30074) parse error (175,41-43): bad command
> 0(30074) parse error (175,44-45): bad command
> 0(30074) parse error (175,49-50): bad command
> 0(30074) parse error (175,49-50): bad command
> 0(30074) parse error (175,54-55): bad command
> 0(30074) parse error (175,54-55): bad command
> 0(30074) parse error (175,55-56): bad command
> 0(30074) parse error (175,57-58): bad command
>
> Any idea why ?
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: Miklos Tirpak [mailto:miklos at iptel.org]
> Sent: Wednesday, July 12, 2006 11:58 AM
> To: İlker Aktuna (Koç.net)
> Cc: serusers at iptel.org
> Subject: Re: [Serusers] prevent INVITE without REGISTERing
>
> Hi Ilker,
>
> just my first idea, not tested:
>
>
> 1. lookup the From HF
>
> if (!lookup_user("From")) {
> # reject the INVITE
> ...
> }
>
> 2. save original To UID and Request URI
>
> $orig_to_uid = $tu.uid;
> $orig_req_uri = @ruri;
>
> 3. set To UID -- registrar module will use this in the lookup
>
> $tu.uid = $fu.uid;
>
> 4. lookup From HF and compare the source address of the INVITE with the
> source address of the REGISTER message
>
> if (lookup("location")) {
> if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
> # reject the INVITE
> ...
> }
> # restore original To UID and Request URI
> $tu.uid = $orig_to_uid;
> attr2uri("$orig_req_uri");
> } else {
> # reject the INVITE
> ...
> }
>
> Note, that the above solution is a bit ugly, you can get into troubles
> when the user registers multiple contact addresses. It is better to
> disable branches (see append_branches parameter in registrar module),
> but you loose some functionality.
>
> Regards,
> Miklos
>
> İlker Aktuna (Koç.net) wrote:
> >
> > Hi everyone,
> >
> > I am still trying to find a solution to this problem. (but couldn't
> > find
> > yet)
> > Victor was trying to help me but I think he's not able to reply these
> days.
> >
> > Is there any idea to achieve what I need.
> >
> > Thanks,
> > ilker
> >
> > ----------------------------------------------------------------------
> > --
> > *From:* serusers-bounces at lists.iptel.org
> > [mailto:serusers-bounces at lists.iptel.org] *On Behalf Of *İlker Aktuna
> > (Koç.net)
> > *Sent:* Tuesday, July 11, 2006 1:41 PM
> > *To:* Victor Stanescu
> > *Cc:* serusers at iptel.org
> > *Subject:* RE: [Serusers] prevent INVITE without REGISTERing
> >
> > Hi,
> >
> > What if my proxy does not handle authenticating INVITE messages ?
> >
> > In that case I think the best way is to lookup location table for the
> > source URI.
> > If the source URI location matches the location in that table then we
> > must permit INVITE message.
> > How can I configure this ?
> >
> > Thanks,
> > ilker
> >
> > -----Original Message-----
> > From: serusers-bounces at lists.iptel.org
> > [mailto:serusers-bounces at lists.iptel.org] On Behalf Of Victor Stanescu
> > Sent: Monday, July 10, 2006 1:49 PM
> > Cc: serusers at iptel.org
> > Subject: Re: [Serusers] prevent INVITE without REGISTERing
> >
> > Please read "domain" instead of "gtstelecom.ro":
> > www_authorize("domain",
> > "subscriber") and proxy_authorize("domain", "subscriber"), otherwise
> > the code fragment will not be correct. I forgot to replace with a
> generic name.
> >
> > Victor Stanescu wrote:
> > > I think it is easier to force him to authenticate the INVITE. If he
> > is > able to authenticate the INVITE, why do you care if he is
> > registered > or not?
> > >
> > > if (method=="REGISTER") {
> > > if(!src_ip=="other") {
> > > if (!www_authorize("gtstelecom.ro", "subscriber")) {
> > > www_challenge("domain", "0");
> > > break;
> > > };
> > > save("location");
> > > log("Replicating REGISTER\n");
> > > t_replicate("other", "5060");
> > > } else {
> > > save("location");
> > > };
> > > break;
> > > } else {
> > > # this is an INVITE
> > > if (!proxy_authorize("gtstelecom.ro", "subscriber")) {
> > > proxy_challenge("domain", "1");
> > > break;
> > > };
> > > # route the call
> > > ...
> > > };
> > >
> > > İlker Aktuna (Koç.net) wrote:
> > >>
> > >> Hi all,
> > >>
> > >> Is it possible to prevent any user calling without registering ?
> > What >> is the best way to do this ?
> > >> I guess I'll have to check if the source URI exists in location
> table.
> > >> What is the easiest way to do this ?
> > >>
> > >> If there is a more robust way to do it, please suggest...
> > >>
> > >> Thanks,
> > >> ilker
> > >>
> > >>
> >
> >
> >
> > <http://387555.sigclick.mailinfo.com/sigclick/07090204/04064D07/070105
> > 4D/0364151131.jpg>
> > ______________________________________________________________________
> > ______________________________________________________________________
> > _ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> > olabilir.
> > Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir
> > sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
> > e-posta mesajini kullaniciya hemen geri gonderiniz ve tum
> > kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir
> > sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para
> karsiligi satilamaz.
> > Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan
> > taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
> > sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
> > etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
> > kabul etmez.
> > This message is intended solely for the use of the individual or
> > entity to whom it is addressed , and may contain confidential
> > information. If you are not the intended recipient of this message or
> > you receive this mail in error, you should refrain from making any use
> > of the contents and from opening any attachment. In that case, please
> > notify the sender immediately and return the message to the sender,
> > then, delete and destroy all copies. This e-mail message, can not be
> > copied, published or sold for any reason. This e-mail message has been
> > swept by anti-virus systems for the presence of computer viruses. In
> > doing so, however, sender cannot warrant that virus or other forms of
> > data corruption may not be present and do not take any responsibility
> in any occurrence.
> > ______________________________________________________________________
> > ______________________________________________________________________
> > _
> >
> >
> > ----------------------------------------------------------------------
> > --
> >
> > _______________________________________________
> > Serusers mailing list
> > Serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
> <http://387555.sigclick.mailinfo.com/sigclick/060A030C/040D4D00/06020645/0315249181.jpg>
> _____________________________________________________________________________________________________________________________________________
> Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.
> Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
> e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini
> mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi
> bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.
> Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan
> taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
> sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
> etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
> kabul etmez.
> This message is intended solely for the use of the individual or entity
> to whom it is addressed , and may contain confidential information. If
> you are not the intended recipient of this message or you receive this
> mail in error, you should refrain from making any use of the contents
> and from opening any attachment. In that case, please notify the sender
> immediately and return the message to the sender, then, delete and
> destroy all copies. This e-mail message, can not be copied, published or
> sold for any reason. This e-mail message has been swept by anti-virus
> systems for the presence of computer viruses. In doing so, however,
> sender cannot warrant that virus or other forms of data corruption may
> not be present and do not take any responsibility in any occurrence.
> _____________________________________________________________________________________________________________________________________________
More information about the sr-users
mailing list