[SR-Users] Session authorization just before initiate it

Roberto Fichera kernel at tekno-soft.it
Mon Jul 4 12:38:02 CEST 2011 

On 07/01/2011 11:32 PM, Klaus Darilion wrote:
> Hi Roberto!

Hi Klaus,

> The best location of applying such a "policy" function depends on
> several things:
>
> First, you need to have all the data you are requiring. E.g. if you want
> to check if a certain user is allowed to call a certain phone number you
> usually need to do first:
> - authenticate the user
> - normalize destination (e.g. bring phone number into E164 format or
> apply alias lookups).

Basically any user should authenticate as usual, than before two
user can talk together, kamailio must authorize the conversation
through a SQL lookup

> Then, before proceeding any further, you might check the policy using a
> SQL query. Be sure to SQL escape the date you provide for the SQL lookup
> to prevent SQL injection (see "transfomations").
>
> In above case, the SQL query should be before calling lookup().

So, digging in the code you mean something like:

# USER location service
route[LOCATION] {

       <SQL lookup code goes here>

#!ifdef WITH_ALIASDB
        # search in DB-based aliases
        alias_db_lookup("dbaliases");
#!endif

        if (!lookup("location")) {
                switch ($rc) {
                        case -1:
                        case -3:
                                t_newtran();
                                t_reply("404", "Not Found");
                                exit;
                        case -2:
                                sl_send_reply("405", "Method Not Allowed");
                                exit;
                }
        }

        # when routing via usrloc, log the missed calls also
        if (is_method("INVITE"))
        {
                setflag(FLT_ACCMISSED);
        }
}

Furthermore, I'm also evaluating the possibility to have a Click&Dial web page
so that both parties might be bridged together.

> In case of presence functions you should apply policies before handling
> the presence requests.

I wouldn't apply any policy rule for the presence requests, I need policy rules
only for establishing any conversation.

P.S. Do you have any suggestion about a good voip client supporting
also video chat and presence for android devices?

> regards
> klaus
>
> Am 01.07.2011 19:23, schrieb Roberto Fichera:
>> Hi All in the list,
>>
>> I'm new to Kamailio but I'm actually able to quickly setup a server, including
>> also the SIP presence, looking at the example I found at
>>
>> http://kb.asipto.com/kamailio:presence:k31-made-simple
>>
>> which explain very well how to do it. I also made some changes in the final
>> setup and everything seems working well, I can have audio/video/chat session
>> including the presence status of any user.
>>
>> Now I would like to improve my testing setup so that for each
>> call request Kamailio receive, I would like to perform some SQL lookup for
>> deciding if the conversation might be established or not.
>> About the SQL lookup I read about the SQLOPS module, it seems really easy
>> to use, but I don't know where to put such check before the INVITE.
>>
>> Could someone give me some hints?
>>
>> P.S: Indeed, I need to read some good documentation about how to code a
>> Kamailio config file. Any URL to suggest?
>>
>> Thanks in advance,
>> Roberto Fichera.
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list