Hi,
Ok ... so your ser receives the invite and you will only forward to pstn if user is authenticated. So, what you want is to authorize the invites with proxy_authorize() and if they fail, use proxy_challenge() Once authorization is ok, you can use check_from. (you have this part of code commented in your config file). What you get with this is low security, but at least you now that whoever is sending the messages is in your "subscribers" database.
Of course the registered("location") returns always false ... it checks the request uri, not the from uri! The request uri contains the pstn number. And by the way, in the config you sent ... you always hit the else because you do: if( ! registered( ... ) ) rewrite ... else ...
it should be if( registered () ) ... but i guess you were tired of hitting the else and you made this change on purpose :)
On the other hand ... why don't you try instead of rewriting the request uri, to use something like: t_relay_to_udp(ip, port), or t_relay_to_tcp(ip, port) or forward(ip, port) ...
One last comment ... if this invite that arrives to you comes not directly from a phone, but from another proxy ... and supposing all proxies are controlled by you ... you may want to be able to reuse the same Proxy-Auth header data for all. This way, only the first proxy will challenge the phone asking for the credentials, then just forward the INV (without consuming the auth header data) to the next proxy. For this, you need to set the "secret" parameter in the "auth" mode to be equal in all proxies. modparam("auth", "secret", "this_is_not_a_secret_anymore")
Regards,
C.
On 6/1/05, Bastian Schern ml01@in-bln.de wrote:
Hi,
I attached my complete ser.cfg. I tested with "serctl ul show" and the User is registered. But I think it is the wrong function. I want to prohibit unregistered users to make PSTN calls without reauthentication.
Is that possible?
Cesc schrieb:
Hi,
Well, this piece of code looks correct, but it is out of context. It may be the way your config file is that makes you always hit the else. Other than that ... have you checked the obvious? is the user really registered (check with >serctl ul show)? the function checks the request uri, is that what you want? do you modify the request uri before this point? What version of ser are you running?
I'm running ser-0.8.14.
One question ... why do you rewrite host and port? if the user is already registered, just doing a lookup("location") would be enough to for the uri to be rewritten to the contact and then you can t_relay it ... no need to do the localhost:5061
Is it not correct? I forward the authorized calls to the PSTN gateway.
Regards Bastian