[Serusers] authentication (or lack there of)

1 Nov 2004

Hi,

Even though the mysql database is working fine (i.e. I can add users
etc) and I've uncommented the authentication lines in the ser.cfg
file, my ser still allows any UA to register. I have included my
config file below. Any ideas?

Really appreciate the help Im getting from this list,
Aisling.

# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ 
# 
# simple quick-start config script 
# 

# ----------- global configuration parameters
------------------------ 

#debug=3         # debug level (cmd line: -dddddddddd) 
#fork=yes 
#log_stderror=no     # (cmd line: -E) 

alias=172.16.3.12 
#alias=10.10.10.12 
#alias=10.0.1.4 
#alias=192.168.3.77 
#alias=cit.ie 

/* Uncomment these lines to enter debugging mode  
debug=7 
fork=no 
log_stderror=yes 
*/ 

check_via=no     # (cmd. line: -v) 
dns=no           # (cmd. line: -r) 
rev_dns=no      # (cmd. line: -R) 
port=5060 
#children=4 
fifo="/tmp/ser_fifo" 

# ------------------ module loading
---------------------------------- 

# Uncomment this if you want to use SQL database 
loadmodule  "/usr/local/lib/ser/modules/mysql.so" 

loadmodule  "/usr/local/lib/ser/modules/sl.so" 
loadmodule  "/usr/local/lib/ser/modules/tm.so" 
loadmodule  "/usr/local/lib/ser/modules/rr.so" 
loadmodule  "/usr/local/lib/ser/modules/maxfwd.so" 
loadmodule  "/usr/local/lib/ser/modules/usrloc.so" 
loadmodule  "/usr/local/lib/ser/modules/registrar.so" 

# Uncomment this if you want digest authentication 
# mysql.so must be loaded ! 
loadmodule  "/usr/local/lib/ser/modules/auth.so" 
loadmodule  "/usr/local/lib/ser/modules/auth_db.so" 

# ----------------- setting module-specific parameters
--------------- 

# -- usrloc params -- 

modparam("usrloc",  "db_mode",   0) 

# Uncomment this if you want to use SQL database  
# for persistent storage and comment the previous line 
modparam("usrloc",  "db_mode", 2) 

# -- auth params -- 
# Uncomment if you are using auth module 
# 
modparam("auth_db",  "calculate_ha1", yes) 
# 
# If you set  "calculate_ha1" parameter to yes (which true in this
config),  
# uncomment also the following parameter) 
# 
modparam("auth_db",  "password_column",  "password" 

# -- rr params -- 
# add value to ;lr param to make some broken UAs happy 
modparam("rr",  "enable_full_lr", 1) 

# -------------------------  request routing logic
------------------- 

# main routing logic 

route{ 

    # initial sanity checks -- messages with 
    # max_forwards==0, or excessively long requests 
    if (!mf_process_maxfwd_header("10")) { 
         sl_send_reply("483","Too Many Hops"); 
         break; 
    }; 
    if ( msg:len  > max_len ) { 
         sl_send_reply("513",  "Message too big"); 
         break; 
    }; 

    # we record-route all messages -- to make sure that 
    # subsequent messages will go through our proxy; that's 
    # particularly good if upstream and downstream entities 
    # use different transport protocol 
    record_route();      
    # loose-route processing 
    if (loose_route()) { 
         t_relay(); 
         break; 
    }; 

    # if the request is for other domain use UsrLoc 
    # (in case, it does not work, use the following command 
    # with proper names and addresses in it) 
    if (uri==myself) { 

         if (method=="REGISTER" { 

# Uncomment this if you want to use digest authentication 
              if (!www_authorize("172.16.3.12",  "subscriber")) { 
                   www_challenge("172.16.3.12",  "0"); 
                   break; 
              }; 

              save("location"); 
              break; 
         }; 

         # native SIP destinations are handled using our USRLOC DB 
         if (!lookup("location")) { 
              sl_send_reply("404",  "Not Found"); 
              break; 
         }; 
    }; 

    #inserted by klaus 
    if (method=="INVITE"){ 
         record_route(); 
         force_rtp_proxy(); 
         /* set up reply processing */ 
         t_on_reply("1"); 
    }; 

    # forward to current uri now; use stateful forwarding; that 
    # works reliably even if we forward from TCP to UDP 
    if (!t_relay()) { 
         sl_reply_error(); 
    }; 

} 

# inserted by klaus 
#all incoming replies for t_onrepli-ed transactions enter here 
onreply-route[1]{ 
    if(status=~"[12][0-9][0-9]" 
         force_rtp_proxy(); 
} 

-------------------Legal  Disclaimer---------------------------------------

The above electronic mail transmission is confidential and intended only for the person to
whom it is addressed. Its contents may be protected by legal and/or professional
privilege. Should it be received by you in error please contact the sender at the above
quoted email address. Any unauthorised form of reproduction of this message is strictly
prohibited. The Institute does not guarantee the security of any information
electronically transmitted and is not liable if the information contained in this
communication is not a proper and complete record of the message as transmitted by the
sender nor for any delay in its receipt.

----------------------------------------------------------------------------------------

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

[Serusers] authentication (or lack there of)