Thanks Miklos,

I think this is just what I'm looking for.
But I get some errors for this line:
if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {

 0(30074) parse error (175,16-17): syntax error
 0(30074) parse error (175,16-17): ip address or hostname expected
 0(30074) parse error (175,16-17): bad command
 0(30074) parse error (175,21-22): bad command
 0(30074) parse error (175,21-22): bad command
 0(30074) parse error (175,26-27): bad command
 0(30074) parse error (175,26-27): bad command
 0(30074) parse error (175,28-30): bad command
 0(30074) parse error (175,31-32): bad command
 0(30074) parse error (175,32-40): bad command
 0(30074) parse error (175,41-43): bad command
 0(30074) parse error (175,44-45): bad command
 0(30074) parse error (175,49-50): bad command
 0(30074) parse error (175,49-50): bad command
 0(30074) parse error (175,54-55): bad command
 0(30074) parse error (175,54-55): bad command
 0(30074) parse error (175,55-56): bad command
 0(30074) parse error (175,57-58): bad command

Any idea why ?

Thanks,
ilker

-----Original Message-----
From: Miklos Tirpak [mailto:miklos@iptel.org]
Sent: Wednesday, July 12, 2006 11:58 AM
To: İlker Aktuna (Koç.net)
Cc: serusers@iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing

Hi Ilker,

just my first idea, not tested:


1. lookup the From HF

if (!lookup_user("From")) {
        # reject the INVITE
        ...
}

2. save original To UID and Request URI

$orig_to_uid = $tu.uid;
$orig_req_uri = @ruri;

3. set To UID -- registrar module will use this in the lookup

$tu.uid = $fu.uid;

4. lookup From HF and compare the source address of the INVITE with the source address of the REGISTER message

if (lookup("location")) {
        if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
                # reject the INVITE
                ...
        }
        # restore original To UID and Request URI
        $tu.uid = $orig_to_uid;
        attr2uri("$orig_req_uri");
} else {
        # reject the INVITE
        ...
}

Note, that the above solution is a bit ugly, you can get into troubles when the user registers multiple contact addresses. It is better to disable branches (see append_branches parameter in registrar module), but you loose some functionality.

Regards,
Miklos

İlker Aktuna (Koç.net) wrote:
>
> Hi everyone,
> 
> I am still trying to find a solution to this problem. (but couldn't
> find
> yet)
> Victor was trying to help me but I think he's not able to reply these days.
> 
> Is there any idea to achieve what I need.
> 
> Thanks,
> ilker
>
> ----------------------------------------------------------------------
> --
> *From:* serusers-bounces@lists.iptel.org
> [mailto:serusers-bounces@lists.iptel.org] *On Behalf Of *İlker Aktuna
> (Koç.net)
> *Sent:* Tuesday, July 11, 2006 1:41 PM
> *To:* Victor Stanescu
> *Cc:* serusers@iptel.org
> *Subject:* RE: [Serusers] prevent INVITE without REGISTERing
>
> Hi,
>
> What if my proxy does not handle authenticating INVITE messages ?
>
> In that case I think the best way is to lookup location table for the
> source URI.
> If the source URI location matches the location in that table then we
> must permit INVITE message.
> How can I configure this ?
>
> Thanks,
> ilker
>
> -----Original Message-----
> From: serusers-bounces@lists.iptel.org
> [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Victor Stanescu
> Sent: Monday, July 10, 2006 1:49 PM
> Cc: serusers@iptel.org
> Subject: Re: [Serusers] prevent INVITE without REGISTERing
>
> Please read "domain" instead of "gtstelecom.ro":
> www_authorize("domain",
> "subscriber") and proxy_authorize("domain", "subscriber"), otherwise
> the code fragment will not be correct. I forgot to replace with a generic name.
>
> Victor Stanescu wrote:
>  > I think it is easier to force him to authenticate the INVITE. If he
> is  > able to authenticate the INVITE, why do you care if he is
> registered  > or not?
>  >
>  > if (method=="REGISTER") {
>  >     if(!src_ip=="other") {
>  >         if (!www_authorize("gtstelecom.ro", "subscriber")) {
>  >             www_challenge("domain", "0");
>  >             break;
>  >         };
>  >         save("location");
>  >         log("Replicating REGISTER\n");
>  >         t_replicate("other", "5060");
>  >     } else {
>  >         save("location");
>  >     };
>  >     break;
>  > } else {
>  >     # this is an INVITE
>  >     if (!proxy_authorize("gtstelecom.ro", "subscriber")) {
>  >         proxy_challenge("domain", "1");
>  >         break;
>  >     };
>  >     # route the call
>  >     ...
>  > };
>  >
>  > İlker Aktuna (Koç.net) wrote:
>  >>
>  >> Hi all,
>  >>
>  >> Is it possible to prevent any user calling without registering ?
> What  >> is the best way to do this ?
>  >> I guess I'll have to check if the source URI exists in location table.
>  >> What is the easiest way to do this ?
>  >>
>  >> If there is a more robust way to do it, please suggest...
>  >>
>  >> Thanks,
>  >> ilker
>  >>
>  >>
>
>
>
> <http://387555.sigclick.mailinfo.com/sigclick/07090204/04064D07/070105
> 4D/0364151131.jpg>
> ______________________________________________________________________
> ______________________________________________________________________
> _ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
> olabilir.
> Eger bu e-posta mesaji size yanlislikla ulasmissa,  icerigini hic bir
> sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
> e-posta mesajini kullaniciya hemen geri gonderiniz  ve  tum
> kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir
> sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.
> Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan
> taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
> sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
> etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
> kabul etmez.
> This message is intended solely for the use of the individual or
> entity to whom it is addressed , and may contain confidential 
> information. If you are not the intended recipient of this message or
> you receive this mail in error, you should refrain from making any use
> of the contents and from opening any attachment. In that case, please
> notify the sender immediately and return the message to the sender,
> then, delete and destroy all copies. This e-mail message, can not be
> copied, published or sold for any reason. This e-mail message has been
> swept by anti-virus systems for the presence of computer viruses. In
> doing so, however, sender  cannot warrant that virus or other forms of
> data corruption may not be present and do not take any responsibility in any occurrence.
> ______________________________________________________________________
> ______________________________________________________________________
> _
>
>
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> Serusers mailing list
> Serusers@lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers