7 Sep
2005
7 Sep
'05
8:46 p.m.
Hi
I am using check_to() and check_from() for this issue, something like:
if (method == "REGISTER") {
log(1, "ANALYZING REGISTER REQUEST\n");
# to use digest authentication
if (is_user_in("Request-URI", "deactivated")) {
sl_send_reply("402", "Su cuenta fue desactivada");
break;
};
if (!www_authorize("mydomain.com.pe <http://mydomain.com.pe>",
"subscriber")) {
log(1," ----- Fails to Register \n");
www_challenge("mydomain.com.pe <http://mydomain.com.pe>", "0");
break;
};
# only signed users are allowed
if (!check_to()) {
log(1, "LOG: Hijack!!!--> unsigned user registration attempt\n");
sl_send_reply("403", "hijack attempt!!!! Only signed users are
allowed");
break;
};
log(1," Registered!!! \n");
if (!save("location")) {
sl_reply_error();
};
break;
};
# First check the source of the call
#***********************************
# If the call comes from the gateways, no authentication is required.
if (src_ip==200.x.x.x || src_ip==200.y.y.y) {
log(1,"Call from pstn|*, no authentication is required. \n");
# If the call comes from B2BUA, no authentication is required.
# The first leg of the call has already been authenticated.
} else if (src_ip==200.z.z.z && src_port==5070) {
log(1,"Call from B2BUA, no authentication is required. \n");
} else {
# We check user credentials
if ((method == "INVITE" || method== "CANCEL" || method==
"BYE" || method==
"ACK") && (!src_ip==200.z.z.z && !src_port==5070)){
log(1, "ANALYZING INVITE||CANCEL REQUESTs\n");
if (!proxy_authorize("mydomain.com.pe <http://mydomain.com.pe>",
"subscriber")) {
# log(1," ----- Fails to ...proxy_authorize \n");
proxy_challenge("mydomain.com.pe <http://mydomain.com.pe>",
"0");
break;
} else {
if (method == "INVITE" && !check_from()) {
sl_send_reply("403", "Only registered users are allowed");
log(1," ----> Only registered users are allowed \n");
break;
};
};
....
slds.-
Rafael Risco
On 9/5/05, Raymond Chen <rchen(a)broadz.com> wrote:
Dear all,
We want to prevent people dial out to PSTN without registering, how to
check from header again location table?
Ray
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
--
rrgv
7 Sep
7 Sep
9:14 p.m.
New subject: [Users] how to make sure the caller is registered before it can dial out to PSTN
Hi Rafael,
I would say your script allows call only from subscribed users and not
from registered users - check_from looks into subscriber table, not in
location.
regards,
bogdan
Rafael R. GV wrote:
Hi
I am using check_to() and check_from() for this issue, something like:
if (method == "REGISTER") {
log(1, "ANALYZING REGISTER REQUEST\n");
# to use digest authentication
if (is_user_in("Request-URI", "deactivated"))
{
sl_send_reply("402", "Su cuenta fue
desactivada");
break;
};
if (!www_authorize("mydomain.com.pe
<http://mydomain.com.pe>", "subscriber")) {
log(1," ----- Fails to Register
\n");
www_challenge("mydomain.com.pe
<http://mydomain.com.pe>", "0");
break;
};
# only signed users are allowed
if (!check_to()) {
log(1, "LOG: Hijack!!!--> unsigned
user registration attempt\n");
sl_send_reply("403", "hijack
attempt!!!! Only signed users are allowed");
break;
};
log(1," Registered!!! \n");
if (!save("location")) {
sl_reply_error();
};
break;
};
# First check the source of the call
#***********************************
# If the call comes from the gateways, no authentication is
required.
if (src_ip==200.x.x.x || src_ip==200.y.y.y) {
log(1,"Call from pstn|*, no authentication is
required. \n");
# If the call comes from B2BUA, no authentication is required.
# The first leg of the call has already been authenticated.
} else if (src_ip==200.z.z.z && src_port==5070) {
log(1,"Call from B2BUA, no authentication is
required. \n");
} else {
# We check user credentials
if ((method == "INVITE" || method== "CANCEL" ||
method== "BYE" || method== "ACK") && (!src_ip==200.z.z.z
&&
!src_port==5070)){
log(1, "ANALYZING INVITE||CANCEL REQUESTs\n");
if (!proxy_authorize("mydomain.com.pe
<http://mydomain.com.pe>", "subscriber")) {
# log(1," ----- Fails to
...proxy_authorize \n");
proxy_challenge("mydomain.com.pe
<http://mydomain.com.pe>", "0");
break;
} else {
if (method == "INVITE" && !check_from()) {
sl_send_reply("403", "Only registered
users are allowed");
log(1," ----> Only registered users
are allowed \n");
break;
};
};
....
slds.-
Rafael Risco
On 9/5/05, *Raymond Chen* <rchen(a)broadz.com <mailto:rchen@broadz.com>>
wrote:
Dear all,
We want to prevent people dial out to PSTN without registering,
how to check from header again location table?
Ray
_______________________________________________
Users mailing list
Users(a)openser.org <mailto:Users@openser.org>
http://openser.org/cgi-bin/mailman/listinfo/users
--
rrgv
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
7019
days inactive
7019
days old
1 comments
2 participants
participants (2)
-
Bogdan-Andrei Iancu -
Rafael R. GV