[SR-Users] Session authorization just before initiate it

Klaus Darilion klaus.mailinglists at pernau.at
Mon Jul 4 13:55:11 CEST 2011 


Am 04.07.2011 12:38, schrieb Roberto Fichera:
> On 07/01/2011 11:32 PM, Klaus Darilion wrote:
>> Hi Roberto!
> 
> Hi Klaus,
> 
>> The best location of applying such a "policy" function depends on
>> several things:
>>
>> First, you need to have all the data you are requiring. E.g. if you want
>> to check if a certain user is allowed to call a certain phone number you
>> usually need to do first:
>> - authenticate the user
>> - normalize destination (e.g. bring phone number into E164 format or
>> apply alias lookups).
> 
> Basically any user should authenticate as usual, than before two
> user can talk together, kamailio must authorize the conversation
> through a SQL lookup
> 
>> Then, before proceeding any further, you might check the policy using a
>> SQL query. Be sure to SQL escape the date you provide for the SQL lookup
>> to prevent SQL injection (see "transfomations").
>>
>> In above case, the SQL query should be before calling lookup().
> 
> So, digging in the code you mean something like:
> 
> # USER location service
> route[LOCATION] {
> 
>        <SQL lookup code goes here>
> 
> #!ifdef WITH_ALIASDB
>         # search in DB-based aliases
>         alias_db_lookup("dbaliases");
> #!endif
> 
>         if (!lookup("location")) {
>                 switch ($rc) {
>                         case -1:
>                         case -3:
>                                 t_newtran();
>                                 t_reply("404", "Not Found");
>                                 exit;
>                         case -2:
>                                 sl_send_reply("405", "Method Not Allowed");
>                                 exit;
>                 }
>         }
> 
>         # when routing via usrloc, log the missed calls also
>         if (is_method("INVITE"))
>         {
>                 setflag(FLT_ACCMISSED);
>         }
> }

No.

# USER location service
route[LOCATION] {

#!ifdef WITH_ALIASDB
        # search in DB-based aliases
        alias_db_lookup("dbaliases");
#!endif

       <SQL lookup code goes here>


        if (!lookup("location")) {
                switch ($rc) {
                        case -1:
                        case -3:
                                t_newtran();
                                t_reply("404", "Not Found");
                                exit;
                        case -2:
                                sl_send_reply("405", "Method Not Allowed");
                                exit;
                }
        }

        # when routing via usrloc, log the missed calls also
        if (is_method("INVITE"))
        {
                setflag(FLT_ACCMISSED);
        }
}

More information about the sr-users mailing list