It looks like that I looked for, but it will not work on my SER: --- snip --- if( registered( "location" ) ) { rewritehostport( "localhost:5061" ); } else { log( 1, "ERR: <403> Unauthorized call\n" ); sl_send_reply( "403", "Unauthorized call" ); break; }; --- snap ---

It will always do the "else" condition. Did I made something wrong?

Regrds Bastian

Cesc schrieb:

Hi,

I think you are looking for the function registered("location")

Regards,

C.

On 5/31/05, Bastian Schern ml01@in-bln.de wrote:

...

Hello everybody,

is it possible to check if a user is already registered or authenticated?

I want to allow only registered users call to PSTN destinations.

Regards Bastian

Hi,

I attached my complete ser.cfg. I tested with "serctl ul show" and the User is registered. But I think it is the wrong function. I want to prohibit unregistered users to make PSTN calls without reauthentication.

Is that possible?

Cesc schrieb:

Hi,

Well, this piece of code looks correct, but it is out of context. It may be the way your config file is that makes you always hit the else. Other than that ... have you checked the obvious? is the user really registered (check with >serctl ul show)? the function checks the request uri, is that what you want? do you modify the request uri before this point? What version of ser are you running?

I'm running ser-0.8.14.

One question ... why do you rewrite host and port? if the user is already registered, just doing a lookup("location") would be enough to for the uri to be rewritten to the contact and then you can t_relay it ... no need to do the localhost:5061

Is it not correct? I forward the authorized calls to the PSTN gateway.

Regards Bastian

# ----------- global configuration parameters ------------------------

debug=3 # debug level (cmd line: -dddddddddd) fork=yes #children=4 log_stderror=no # (cmd line: -E) log_facility=LOG_LOCAL0

uid="ser" # user | uid - uid to be used by the server. gid="www" # group | gid - gid to be used by the server. fifo="/tmp/ser_fifo" #fifo_mode=0666

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R)

#listen=192.168.1.1 #port=5060

# ------------------ module loading ---------------------------------- loadmodule "/lib/ser/modules/sl.so" loadmodule "/lib/ser/modules/tm.so" loadmodule "/lib/ser/modules/rr.so" loadmodule "/lib/ser/modules/maxfwd.so" loadmodule "/lib/ser/modules/usrloc.so" #loadmodule "/lib/ser/modules/group.so" loadmodule "/lib/ser/modules/uri.so" loadmodule "/lib/ser/modules/domain.so" loadmodule "/lib/ser/modules/registrar.so" loadmodule "/lib/ser/modules/xlog.so" loadmodule "/lib/ser/modules/textops.so" loadmodule "/lib/ser/modules/auth.so" loadmodule "/lib/ser/modules/auth_db.so" loadmodule "/lib/ser/modules/mysql.so" loadmodule "/lib/ser/modules/acc.so" loadmodule "/lib/ser/modules/mediaproxy.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params -- # 2 enables write-back to persistent mysql storage for # speed, disable=0, write-through=1 modparam("usrloc", "db_mode", 2)

# minimize write back window - default is 60 seconds modparam("usrloc", "timer_interval", 10)

# database location modparam("usrloc", "db_url", "mysql://ser_rw_de1:12345678@dbserver1/ser") # --

# -- auth params -- # database location modparam("auth_db", "db_url", "mysql://ser_ro_de1:12345678@localhost/ser")

# don't allows clear text passwords in the mysql database modparam("auth_db", "calculate_ha1", no) #modparam("auth_db", "calculate_ha1", yes)

# name of password column in mysql database modparam("auth_db", "password_column", "ha1") #modparam("auth_db", "password_column", "password") # --

# -- uri params -- # database location modparam("uri", "db_url", "mysql://ser_ro_de1:12345678@localhost/ser") # --

# -- domain params --- modparam("domain", "db_url", "mysql://ser_ro_de1:12345678@localhost/ser") #modparam("domain", "db_mode", 1) # Use chaching # --

# -- acc params -- modparam("acc", "log_level", 1)

# database location modparam("acc", "db_url", "mysql://ser_rw_de1:12345678@dbserver1/ser")

# that is the flag for which we will account . don't forget to # set the same one :-) modparam("acc", "log_flag", 1 ) modparam("acc", "db_flag", 1 ) # --

# -- xlog params -- modparam("xlog", "buf_size", 81920) # --

# -- MediaProxy params -- modparam("mediaproxy", "mediaproxy_socket", "/var/run/proxydispatcher.sock") modparam("mediaproxy", "sip_asymmetrics", "/etc/ser/sip-asymmetrics-clients") modparam("mediaproxy", "rtp_asymmetrics", "/etc/ser/rtp-asymmetrics-clients") modparam("mediaproxy", "natping_interval", 20) #modparam("mediaproxy", "natping_interval", 60) modparam("registrar", "nat_flag", 5) # -- #

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1) # --

# # # ------------------------- request routing logic ------------------- # # # main routing logic

route{ # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if( !mf_process_maxfwd_header("10") ) { sl_send_reply( "483", "Too Many Hops" ); log( 1, "483 <Too many hops>\n" ); break; }; if( msg:len > max_len ) { sl_send_reply( "513", "Message too big" ); log( 1, "513 <Message too big>\n" ); break; };

# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol #if (!method=="REGISTER") record_route(); record_route();

if( client_nat_test("1") ) { log( 1, "NAT: Private IP requirement, fixed contact (in main routine).\n" ); setflag(5); force_rport(); fix_contact(); append_hf( "P-hint: fixed NAT contact for request\r\n" ); };

# loose-route processing if( loose_route() ) { log( 1, "RTG: loose_route()\n" ); if( isflagset(5) ) { if( method == "BYE" || method == "CANCEL" ) { log( 1, "NAT: BYE or CANCEL received, finishing the stocking sesion.\n" ); end_media_session(); # setflag(1); }; }; t_relay(); break; };

# starting accounting # setflag(1);

if( method == "REGISTER" ) { xlog( "L_INFO", "REG: <%fu> tries to register.\n" );

if( !www_authorize( "kundt.net", "subscriber" ) ) { www_challenge( "kundt.net", "0" ); break; };

if( !check_to() ) { log( 1, "ERR: <403> Username != Authorization User\n" ); sl_send_reply( "403", "Username != Authorization User" ); break; };

save( "location_de1" );

xlog( "L_INFO", "REG: location of <%fu> saved.\n" );

} else if( method == "INVITE" ) {

if( uri =~ "^sip:[1-9][0-9]+" || uri =~ "^sip:0[1-9][0-9]+" || uri =~ "^sip:00[1-9][0-9]+" || uri =~ "^sip:0.+[1-9]00[1-9][0-9]+" ) { log( 1, "FWD: Relaying PSTN call to Asterisk gateway!\n" );

# if( !proxy_authorize( "kundt.net", "subscriber" ) ) { # proxy_challenge( "kundt.net", "1" ); # break; # };

# if( !check_from() ) { # log( 1, "ERR: <403> Username != Authorization User\n" ); # sl_send_reply( "403", "Username != Authorization User" ); # break; # };

if( !registered( "location_de1" ) ) { rewritehostport( "localhost:5061" ); } else { log( 1, "ERR: <403> Unauthorized call\n" ); sl_send_reply( "403", "Unauthorized call" ); break; };

} else if( uri == myself ) {

# look now, if there is an alias in the "aliases" table; don't care # about return value: whether there is some or not, move ahead then #if( lookup( "aliases" ) ) { # xlog( "L_INFO", "LOC: <%ru> is an alias!\n" ); #}

if( uri =~ "^sip:*[0-9]+" ) { log( 1, "INT: removing leading *\n" ); strip(1); } else if( uri =~ "^sip:#[0-9]+" ) { log( 1, "INT: removing leading *\n" ); strip(1); } else if( uri =~ "^sip:000[0-9]+" ) { log( 1, "INT: removing leading 000\n" ); strip(3); };

xlog( "L_INFO", "LOC: try to locate <%ru> via datbase ...\n" ); if( lookup( "location_de1" ) ) { xlog( "L_INFO", "LOC: ... found <%ru> in database 'location_de1' !\n" ); } else if( lookup( "location_us1" ) ) { xlog( "L_INFO", "LOC: ... found <%ru> in database 'location_us1' !\n" ); rewritehostport( "sipbase.com:5060" ); } else { log( 1, "FWD: ... not found, forwarding to local Asterisk gateway!\n" ); prefix( "000" ); rewritehostport( "localhost:5061" ); #sl_send_reply("404", "Not found"); #log( 1, "404 <Not found>\n"); };

};

# Handle NATed calls if( isflagset(5) ) { route(1); };

} else if( method=="BYE" || method=="CANCEL" ) { if( isflagset(5) ) { log( 1, "NAT: BYE or CANCEL received, finishing the stocking sesion.\n" ); end_media_session(); # setflag(1); };

};

# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if( !t_relay() ) { log( 1, "RELAY ERROR\n" ); sl_reply_error(); }; }

route[1] { t_on_reply("1");

if( ( isflagset(5) ) && ( method=="INVITE" || method=="ACK" ) ) { log( 1, "NAT: INVITE received, enabling MediaProxy.\n" ); use_media_proxy(); append_hf( "P-hint: request forced to media proxy\r\n" ); };

append_hf( "P-hint: USRLOC\r\n" ); }

# ---------------------------- Begin On-Reply Routes -------------------------- onreply_route[1] { # If we've got here, it's because we've previously passed through a block # which handles NAT requests and has set a t_on_reply condition. DB 03-08-2004 if( status =~ "(183)|(2[0-9][0-9])" ) { # if( client_nat_test("1") || isflagset(5) ) { if( isflagset(5) ) { log( 1, "NAT: Reply from NAT'd client --> fixing contact (onreply_route)\n" ); fix_contact(); log( 1, "NAT: NAT'd transaction answered --> enabling media proxy (onreply_route)\n" ); use_media_proxy(); setflag(5); }; }; } # ------------------------------ End On-Reply Routes --------------------------