I rewrote the entire script
if (uri=~"0*@DOM") {
if (!www_authorize("DOM", "subscriber")) {
www_challenge("DOM", "0");
break;
};
if (!is_user_in("credentials", "local")){
sl_send_reply("403", "No permission for
local calls");
break;
};
rewritehostport("IP:5090");
t_relay_to_udp("IP", "5090");
break;
};
It works but I have this problem,
if I hangup within my ip client the pstn number is ringed until answer/timeout
without
f (!is_user_in("credentials", "local")){
sl_send_reply("403", "No permission for
local calls");
break;
};
all works fine.
Any Idea ?
Tnx
Hi All,
We are using the CPL module by uploading the CPL scripts with the CPLed
tool.
But we are experiencing some problems (errors) when using the "lookup" and
the "otherwise" tags.
And what is the most strange is that the problem with the "lookup" tag is
happening in one PC and the "otherwise" problem in other PC and they are
both pointing to the same DTD location.
Anyone could help us with this issue? did someone used this tags together on
a successfuly uploaded script?
Best Regards,
Toni
Hey Guys,
Can anyone give me a quick answer on this?
I need to rewrite the incoming and outgoing URI's in SER.
For example. On incoming destination URI's, I need to be able to strip all 1's off of the first of the destination phone number. How would I do this?
Also, on some outgoing URI's I would need to add a 1 back onto the front of the destination number. I imagine that this would be done similar to stripping them.
Is there a function in a SER module that would allow me to do this?
Thanks!
Darren Nay - dnay(a)libertyisp.com
I'm getting mad, this script always gives "No permission for local calls"
even if caller has "local" permission, I checked also in database.
I'm missing something ?
if (uri=~"0*@DOMAINNAME") {
if (!is_user_in("credentials", "local")){
sl_send_reply("403", "No permission for local calls");
break;
} else {
rewritehostport("SERVERIP:5090");
t_relay_to_udp("SERVERIP", "5090");
break;
};
};
ser log:
is_user_in(): No authorized credentials found (error in scripts)
Tnx for any help !
HI,
I rewrote the pstn transfer script:
if (uri=~"0*@DOMAINNAME") {
if (!www_authorize("DOMAINNAME", "subscriber")) {
www_challenge("DOMAINNAME", "0");
break;
};
rewritehostport("IP:5090");
t_relay_to_udp("IP", "5090");
break;
};
now only call that are really coming from an user I have authorized are
trasfered to telco gw, right ?
But now ... how can I select this privilege just for some users ? I already
have assigned a "local" permission to some of them ....
Tnx !
Alessio Focardi
You can compare the username in To/From and the username in digest
credentials and refuse the message if they differ. See check_from and
check_to functions in uri module.
Jan.
On 10-02 11:09, wangji wrote:
> Hi all,
> My SER server use mysql for auth. These days I find a question.
> If an user have a accounts in mysql datebase of SER server, he can avoid system accounting.
> For a example, an user have ID: 123456 and he has the password.
> When he make a call, he send INVTE like this(just a sample):
> INVITE: sip:111111@iptel.org:5060 SIP/2.0
> From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
> To: <sip:111111@iptel.org>
> ............
> The Ser server reply 407 (authentication request)
> Then user reply: ack and send INVITE with authentication like
> INVITE: sip:111111@iptel.org:5060 SIP/2.0
> From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
> To: <sip:111111@iptel.org>
> Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="123456(a)iptel.org",reponse="............"
> (or Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="333333(a)iptel.org",reponse="............" )
> ............
> Then the user pass the authentication using his ID, and he make call using other ID
>
> When register to Ser server, he can use same way to help 401 auth.
>
> I try it on my Ser server and it passed! How to avoid it?
>
>
> Jimmy
> 2/9/04
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
Hi all,
My SER server use mysql for auth. These days I find a question.
If an user have a accounts in mysql datebase of SER server, he can avoid system accounting.
For a example, an user have ID: 123456 and he has the password.
When he make a call, he send INVTE like this(just a sample):
INVITE: sip:111111@iptel.org:5060 SIP/2.0
From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
To: <sip:111111@iptel.org>
............
The Ser server reply 407 (authentication request)
Then user reply: ack and send INVITE with authentication like
INVITE: sip:111111@iptel.org:5060 SIP/2.0
From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
To: <sip:111111@iptel.org>
Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="123456(a)iptel.org",reponse="............"
(or Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="333333(a)iptel.org",reponse="............" )
............
Then the user pass the authentication using his ID, and he make call using other ID
When register to Ser server, he can use same way to help 401 auth.
I try it on my Ser server and it passed! How to avoid it?
Jimmy
2/9/04
Hi all,
My SER server use mysql for auth. These days I find a question.
If an user have a accounts in mysql datebase of SER server, he can avoid system accounting.
For a example, an user have ID: 123456 and he has the password.
When he make a call, he send INVTE like this(just a sample):
INVITE: sip:111111@iptel.org:5060 SIP/2.0
From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
To: <sip:111111@iptel.org>
............
The Ser server reply 407 (authentication request)
Then user reply: ack and send INVITE with authentication like
INVITE: sip:111111@iptel.org:5060 SIP/2.0
From: "654321"<sip:654321@iptel.org>;tag=xxxxxxx
To: <sip:111111@iptel.org>
Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="123456(a)iptel.org",reponse="............"
(or Proxy-Authorization: Digest username="123456", realm="iptel.org",nonce="....",uri="333333(a)iptel.org",reponse="............" )
............
Then the user pass the authentication using his ID, and he make call using other ID
When register to Ser server, he can use same way to help 401 auth.
I try it on my Ser server and it passed! How to avoid it?
Jimmy
2/9/04
Maybe you have tried this. Are you sure any other application is
listening on udp 5060? (try with netstat -a on cmd).
UA shouldn't use 5061 (restricted) and use 5062 or ahead if 5060 is
used.
Bye
Curro
----- Mensaje Original -----
De: Annie Sasidar <asasidar(a)mail.unomaha.edu>
Fecha: Lunes, Febrero 9, 2004 1:54 am
Asunto: Re: [Serusers] udp vs. tcp traffic
>
>
>
>
> Hi,
> Yes the application is using TLS when the default transport is
> set to
> UDP. The client is a Windowsce.net application. Experts, please
> help me
> understand why i can register on ser using TCP but when i use the
> defaulttransport type (UDP), the application tries to send on port
> 5061. Is this
> something ser can fix or is the problem specific to the
> application. The
> client application is based on RFC2543 but i am able to register
> using TCP
> on ser. Please help.
>
> Thanks in advance.
> Annie
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
he he.. Been there done that :p
- Atle
* Steve Blair <blairs(a)isc.upenn.edu> [040210 14:35]:
>
> D'Oh. Thanks I've been out of the office and my brain has
> not re-started.
>
> Thanks, Steve
>
> Atle Samuelsen wrote:
>
> >tested gmake ?
> >
> >- Atle
> >
> >
> >:-)
> >
> >* Steve Blair <blairs(a)isc.upenn.edu> [040210 14:29]:
> >
> >
> >>After doing a cvs update on a FreeBSD 4.9/SER 0.8.12 system I
> >>can no longer build the server. Issuing any of the documented "make"
> >>commands results in the following error. Is this a known issue? If so
> >>what is the cause?
> >>
> >>Thanks,Steve
> >>
> >>"Makefile.sources", line 17: Missing dependency operator
> >>"Makefile.sources", line 19: Need an operator
> >>"Makefile", line 52: Missing dependency operator
> >>Error expanding embedded variable.
> >>
> >>--
> >>
> >>
> >>_______________________________________________
> >>Serusers mailing list
> >>serusers(a)lists.iptel.org
> >>http://lists.iptel.org/mailman/listinfo/serusers
> >>
> >>
> >>
>
> --
>
> ISC Network Engineering
> The University of Pennsylvania
> 3401 Walnut Street, Suite 221A
> Philadelphia, PA 19104
>
>
> voice: 215-573-8396
>
> 215-746-7903
>
> fax: 215-898-9348
>
> sip:blairs@upenn.edu
>
>
