1 Jun
2005
1 Jun
'05
7:09 a.m.
Hello,
I'm new to SER and SIP as well so please forgive my
mistakes.
I'm trying to setup SER in order to forward calls to
a pool of pstn gateways. I want use digest authentication
for UAs but I cannot store userid and passwords on a db.
Basically I would like to do:
if (!www_authorize("mydomain.com", "subscriber")) {
www_challenge("mydomain.com", "0");
break;
};
getting userid and password from a text configuration file
which contains such infos. How can I do that?
I have written a ser cfg file and I would like someone tell me
if is ok. Is a mix of several different cfg files I have found
on the net. I'm sure is far to be ok :-)
Thank for your help.
Ciao
-------------------------------------------------------------------
# ----------- global configuration parameters ------------------------
#debug=3
debug=4
#fork=yes
fork=no
#log_stderror=no
log_stderror=yes
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
#uid=
#gid=
listen=192.168.1.114
# alias="mydomain.com"
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/mysql.so"
loadmodule "/usr/local/lib/ser/modules/auth_db.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"
loadmodule "/usr/local/lib/ser/modules/uri.so"
# ----------------- setting module-specific parameters ---------------
modparam("usrloc", "db_mode", 0)
# ------------------------- routing logic ---------------------------
route {
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
log("Too many hops\n");
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
log("Message too big\n");
sl_send_reply("513", "Message too big");
break;
};
# process requests for our domain (gws included)
if (uri=~"[@:]mydomain\.com([;:].*)*" |
uri=~"@192.168.1.171([;:].*)*" | #pstn gw1
uri=~"@192.168.1.172([;:].*)*" | #pstn gw2
uri=~"@192.168.1.173([;:].*)*" ) { #pstn gw3
log("Request is for mydomain.com\n");
# registers always MUST be authenticated to
# avoid stealing incoming calls
if (method=="REGISTER") {
log("Request is REGISTER\n");
if (!www_authorize("mydomain.com",
"subscriber")) {
log("REGISTER has no credentials, sending challenge\n");
www_challenge("mydomain.com", "0");
break;
};
# prohibit attempts to grab someone else's address
# using someone else's valid credentials
if (!check_to()) {
log("Cheating attempt\n");
sl_send_reply("401", "Unauthorized");
break;
};
# update user location database (it should be in mem)
log("REGISTER is authorized, saving location\n");
save("location");
break;
};
# now it's about PSTN destinations through our gateways
if (uri=~"sip:[0-9]+@.*") {
# all PSTN destinations only for authenticated users
# (GWs, which have no digest support, are authenticated
# by its IP address)
if (!(src_ip==192.168.1.171 | #pstn gw1
src_ip==192.168.1.172 | #pstn gw2
src_ip==192.168.1.173) & #pstn gw3
!(www_authorize("mydomain.com", "subscriber"))) {
www_challenge("mydomain.com", "0");
break;
};
# requests to gateways must be record-route because the GWs accept
# only requests coming from our proxy
if (method=="INVITE")
record_route();
# XXX: find the best gw using first part of telephone number and...
rewritehostport("192.168.1.171:5060"); #172 or 173
} else {
# native SIP destinations are handled using our USRLOC DB
# and are allowed only from gws
if (src_ip==192.168.1.171 | #pstn gw1
src_ip==192.168.1.172 | #pstn gw2
src_ip==192.168.1.173) { #pstn gw3
if (!lookup("location")) {
log("Unable to lookup contact, sending 404\n");
sl_send_reply("404", "Not Found");
break;
};
} else {
log("No native SIP destination allowed\n");
sl_send_reply("403", "Permission denied");
break;
};
};
} else {
# outbound requests are not allowed
log("No outbound requests allowed\n");
sl_send_reply("403", "Permission denied");
break;
};
# and finally.. forward to current uri; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if(!t_relay()) {
sl_reply_error();
};
}
1 Jun
1 Jun
7:21 a.m.
Hello there
a flat file (Berkeyley DB) auth module would do this
marvelously. I remember reading something about flat
files on the past few weeks of the list archive but
I must confess I'm waiting 0.9.0 to stabilize to
research on it (I'm still using 0.8.14 and it doesn't
seem to have the Berkeyley DB option)
hope this helps
!3runo
Francesco Fondelli wrote:
Hello,
I'm new to SER and SIP as well so please forgive my
mistakes.
I'm trying to setup SER in order to forward calls to
a pool of pstn gateways. I want use digest authentication
for UAs but I cannot store userid and passwords on a db.
Basically I would like to do:
if (!www_authorize("mydomain.com", "subscriber")) {
www_challenge("mydomain.com", "0");
break;
};
getting userid and password from a text configuration file
which contains such infos. How can I do that?
I have written a ser cfg file and I would like someone tell me
if is ok. Is a mix of several different cfg files I have found
on the net. I'm sure is far to be ok :-)
Thank for your help.
Ciao
10:50 a.m.
Hi Bruno,
have you took a look at dbtext module - implements a database support
via text files and can be used via same DB API as mysql or postgres
modules.
regards,
Marian
Bruno Lopes F. Cabral wrote:
Hello there
a flat file (Berkeyley DB) auth module would do this
marvelously. I remember reading something about flat
files on the past few weeks of the list archive but
I must confess I'm waiting 0.9.0 to stabilize to
research on it (I'm still using 0.8.14 and it doesn't
seem to have the Berkeyley DB option)
hope this helps
!3runo
Francesco Fondelli wrote:
> Hello,
>
> I'm new to SER and SIP as well so please forgive my
> mistakes.
> I'm trying to setup SER in order to forward calls to
> a pool of pstn gateways. I want use digest authentication
> for UAs but I cannot store userid and passwords on a db.
>
> Basically I would like to do:
>
> if (!www_authorize("mydomain.com", "subscriber")) {
> www_challenge("mydomain.com", "0");
> break;
> };
>
> getting userid and password from a text configuration file
> which contains such infos. How can I do that?
>
> I have written a ser cfg file and I would like someone tell me
> if is ok. Is a mix of several different cfg files I have found
> on the net. I'm sure is far to be ok :-)
>
> Thank for your help.
> Ciao
--
Voice System
http://www.voice-system.ro
2:28 p.m.
Hello
thanks for the tip but I was thinking more on interfacing
do Berkeley DB (db3 or db4). it binary tree the datakeys
and is very fast for this kind of usage. a text file with
thousands of lines seems unneficient to me (although it
can be cached, of course)
(here in my setup I don't do mysql in many servers. all of
them gets periodically its data from central mysql and fills
DB files. this way in case of mysql outage the services
would continue working until tech ppl fix it)
Cheers
!3runo
Marian Dumitru wrote:
Hi Bruno,
have you took a look at dbtext module - implements a database support
via text files and can be used via same DB API as mysql or postgres
modules.
regards,
Marian
2:52 p.m.
Hi Bruno,
dbtext works only in cached mode - at startup the file(s) are loaded
into memory and all changes are applied only in memory. The cache is
eventualy written back in file at shutdown ( normal one not at crash :) ).
So, I would say, fits a little but your demands.
Regards,
Marian
Bruno Lopes F. Cabral wrote:
Hello
thanks for the tip but I was thinking more on interfacing
do Berkeley DB (db3 or db4). it binary tree the datakeys
and is very fast for this kind of usage. a text file with
thousands of lines seems unneficient to me (although it
can be cached, of course)
(here in my setup I don't do mysql in many servers. all of
them gets periodically its data from central mysql and fills
DB files. this way in case of mysql outage the services
would continue working until tech ppl fix it)
Cheers
!3runo
Marian Dumitru wrote:
--
Voice System
http://www.voice-system.ro
Hi Bruno,
have you took a look at dbtext module - implements a database support
via text files and can be used via same DB API as mysql or postgres
modules.
regards,
Marian
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
2:59 p.m.
Hello there
well, that definitevely helps :-) I wonder if there is
any serctl command or SIG that one could give to ser
so it would reload the database without the need to
stop/restart the daemon
really appreciate the tip, thanks!
Cheers
!3runo
Marian Dumitru wrote:
Hi Bruno,
dbtext works only in cached mode - at startup the file(s) are loaded
into memory and all changes are applied only in memory. The cache is
eventualy written back in file at shutdown ( normal one not at crash :) ).
So, I would say, fits a little but your demands.
Regards,
Marian
Bruno Lopes F. Cabral wrote:
> Hello
>
> thanks for the tip but I was thinking more on interfacing
> do Berkeley DB (db3 or db4). it binary tree the datakeys
> and is very fast for this kind of usage. a text file with
> thousands of lines seems unneficient to me (although it
> can be cached, of course)
3:04 p.m.
Hi Bruno,
Daniel (see CC) is the most entitled person to reply to this question -
he is the author and maintainer of the module.
regards,
Marian
Bruno Lopes F. Cabral wrote:
Hello there
well, that definitevely helps :-) I wonder if there is
any serctl command or SIG that one could give to ser
so it would reload the database without the need to
stop/restart the daemon
really appreciate the tip, thanks!
Cheers
!3runo
Marian Dumitru wrote:
> Hi Bruno,
>
> dbtext works only in cached mode - at startup the file(s) are loaded
> into memory and all changes are applied only in memory. The cache is
> eventualy written back in file at shutdown ( normal one not at crash
> :) ).
> So, I would say, fits a little but your demands.
>
> Regards,
> Marian
>
> Bruno Lopes F. Cabral wrote:
>
>> Hello
>>
>> thanks for the tip but I was thinking more on interfacing
>> do Berkeley DB (db3 or db4). it binary tree the datakeys
>> and is very fast for this kind of usage. a text file with
>> thousands of lines seems unneficient to me (although it
>> can be cached, of course)
--
Voice System
http://www.voice-system.ro
3 Jun
3 Jun
3:14 a.m.
Thank you all for the tips,
I had a look at dbtext and I think it almost fits my
needs. I just have to change its 'subscriber' table
format to match my file format.
Ciao
FF
7200
days inactive
7202
days old
7 comments
3 participants
participants (3)
-
Bruno Lopes F. Cabral -
Francesco Fondelli -
Marian Dumitru