[SR-Users] Session authorization just before initiate it

Roberto Fichera kernel at tekno-soft.it
Tue Jul 5 10:40:43 CEST 2011 

On 07/04/2011 01:55 PM, Klaus Darilion wrote:
>
> Am 04.07.2011 12:38, schrieb Roberto Fichera:
>> On 07/01/2011 11:32 PM, Klaus Darilion wrote:
>>> Hi Roberto!
>> Hi Klaus,
>>
>>> The best location of applying such a "policy" function depends on
>>> several things:
>>>
>>> First, you need to have all the data you are requiring. E.g. if you want
>>> to check if a certain user is allowed to call a certain phone number you
>>> usually need to do first:
>>> - authenticate the user
>>> - normalize destination (e.g. bring phone number into E164 format or
>>> apply alias lookups).
>> Basically any user should authenticate as usual, than before two
>> user can talk together, kamailio must authorize the conversation
>> through a SQL lookup
>>
>>> Then, before proceeding any further, you might check the policy using a
>>> SQL query. Be sure to SQL escape the date you provide for the SQL lookup
>>> to prevent SQL injection (see "transfomations").
>>>
>>> In above case, the SQL query should be before calling lookup().
>> So, digging in the code you mean something like:
>>
>> # USER location service
>> route[LOCATION] {
>>
>>        <SQL lookup code goes here>
>>
>> #!ifdef WITH_ALIASDB
>>         # search in DB-based aliases
>>         alias_db_lookup("dbaliases");
>> #!endif
>>
>>         if (!lookup("location")) {
>>                 switch ($rc) {
>>                         case -1:
>>                         case -3:
>>                                 t_newtran();
>>                                 t_reply("404", "Not Found");
>>                                 exit;
>>                         case -2:
>>                                 sl_send_reply("405", "Method Not Allowed");
>>                                 exit;
>>                 }
>>         }
>>
>>         # when routing via usrloc, log the missed calls also
>>         if (is_method("INVITE"))
>>         {
>>                 setflag(FLT_ACCMISSED);
>>         }
>> }
> No.

Ok! I'll try it!

> # USER location service
> route[LOCATION] {
>
> #!ifdef WITH_ALIASDB
>         # search in DB-based aliases
>         alias_db_lookup("dbaliases");
> #!endif
>
>        <SQL lookup code goes here>
>
>
>         if (!lookup("location")) {
>                 switch ($rc) {
>                         case -1:
>                         case -3:
>                                 t_newtran();
>                                 t_reply("404", "Not Found");
>                                 exit;
>                         case -2:
>                                 sl_send_reply("405", "Method Not Allowed");
>                                 exit;
>                 }
>         }
>
>         # when routing via usrloc, log the missed calls also
>         if (is_method("INVITE"))
>         {
>                 setflag(FLT_ACCMISSED);
>         }
> }
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list