Hi I am using check_to() and check_from() for this issue, something like:
if (method == "REGISTER") {
log(1, "ANALYZING REGISTER REQUEST\n"); # to use digest authentication if (is_user_in("Request-URI", "deactivated")) { sl_send_reply("402", "Su cuenta fue desactivada"); break; };
if (!www_authorize("mydomain.com.pe http://mydomain.com.pe", "subscriber")) { log(1," ----- Fails to Register \n"); www_challenge("mydomain.com.pe http://mydomain.com.pe", "0"); break; };
# only signed users are allowed if (!check_to()) { log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n"); sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed"); break; }; log(1," Registered!!! \n"); if (!save("location")) { sl_reply_error(); }; break; };
# First check the source of the call #*********************************** # If the call comes from the gateways, no authentication is required. if (src_ip==200.x.x.x || src_ip==200.y.y.y) { log(1,"Call from pstn|*, no authentication is required. \n");
# If the call comes from B2BUA, no authentication is required. # The first leg of the call has already been authenticated. } else if (src_ip==200.z.z.z && src_port==5070) { log(1,"Call from B2BUA, no authentication is required. \n"); } else { # We check user credentials if ((method == "INVITE" || method== "CANCEL" || method== "BYE" || method== "ACK") && (!src_ip==200.z.z.z && !src_port==5070)){ log(1, "ANALYZING INVITE||CANCEL REQUESTs\n"); if (!proxy_authorize("mydomain.com.pe http://mydomain.com.pe", "subscriber")) { # log(1," ----- Fails to ...proxy_authorize \n"); proxy_challenge("mydomain.com.pe http://mydomain.com.pe", "0"); break; } else { if (method == "INVITE" && !check_from()) { sl_send_reply("403", "Only registered users are allowed"); log(1," ----> Only registered users are allowed \n"); break; }; };
....
slds.- Rafael Risco
On 9/5/05, Raymond Chen rchen@broadz.com wrote:
Dear all,
We want to prevent people dial out to PSTN without registering, how to check from header again location table?
Ray
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Rafael,
I would say your script allows call only from subscribed users and not from registered users - check_from looks into subscriber table, not in location.
regards, bogdan
Rafael R. GV wrote:
Hi I am using check_to() and check_from() for this issue, something like:
if (method == "REGISTER") { log(1, "ANALYZING REGISTER REQUEST\n"); # to use digest authentication if (is_user_in("Request-URI", "deactivated")) { sl_send_reply("402", "Su cuenta fuedesactivada"); break; };
if (!www_authorize("mydomain.com.pehttp://mydomain.com.pe", "subscriber")) { log(1," ----- Fails to Register \n"); www_challenge("mydomain.com.pe http://mydomain.com.pe", "0"); break; };
# only signed users are allowed if (!check_to()) { log(1, "LOG: Hijack!!!--> unsigneduser registration attempt\n"); sl_send_reply("403", "hijack attempt!!!! Only signed users are allowed"); break; }; log(1," Registered!!! \n"); if (!save("location")) { sl_reply_error(); }; break; };
# First check the source of the call #*********************************** # If the call comes from the gateways, no authentication isrequired. if (src_ip==200.x.x.x || src_ip==200.y.y.y) { log(1,"Call from pstn|*, no authentication is required. \n");
# If the call comes from B2BUA, no authentication is required. # The first leg of the call has already been authenticated. } else if (src_ip==200.z.z.z && src_port==5070) { log(1,"Call from B2BUA, no authentication isrequired. \n"); } else { # We check user credentials if ((method == "INVITE" || method== "CANCEL" || method== "BYE" || method== "ACK") && (!src_ip==200.z.z.z && !src_port==5070)){ log(1, "ANALYZING INVITE||CANCEL REQUESTs\n"); if (!proxy_authorize("mydomain.com.pe http://mydomain.com.pe", "subscriber")) { # log(1," ----- Fails to ...proxy_authorize \n"); proxy_challenge("mydomain.com.pe http://mydomain.com.pe", "0"); break; } else { if (method == "INVITE" && !check_from()) { sl_send_reply("403", "Only registered users are allowed"); log(1," ----> Only registered users are allowed \n"); break; }; };
....
slds.- Rafael Risco
On 9/5/05, *Raymond Chen* <rchen@broadz.com mailto:rchen@broadz.com> wrote:
Dear all, We want to prevent people dial out to PSTN without registering, how to check from header again location table? Ray _______________________________________________ Users mailing list Users@openser.org <mailto:Users@openser.org> http://openser.org/cgi-bin/mailman/listinfo/users--
rrgv
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Rafael R. GV