Hello,
I'm new to SER and SIP as well so please forgive my mistakes. I'm trying to setup SER in order to forward calls to a pool of pstn gateways. I want use digest authentication for UAs but I cannot store userid and passwords on a db.
Basically I would like to do:
if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); break; };
getting userid and password from a text configuration file which contains such infos. How can I do that?
I have written a ser cfg file and I would like someone tell me if is ok. Is a mix of several different cfg files I have found on the net. I'm sure is far to be ok :-)
Thank for your help. Ciao
------------------------------------------------------------------- # ----------- global configuration parameters ------------------------
#debug=3 debug=4 #fork=yes fork=no #log_stderror=no log_stderror=yes
check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060
#children=4 fifo="/tmp/ser_fifo"
#uid= #gid=
listen=192.168.1.114
# alias="mydomain.com"
loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so" loadmodule "/usr/local/lib/ser/modules/mysql.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so" loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/uri.so"
# ----------------- setting module-specific parameters ---------------
modparam("usrloc", "db_mode", 0)
# ------------------------- routing logic ---------------------------
route { # initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { log("Too many hops\n"); sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { log("Message too big\n"); sl_send_reply("513", "Message too big"); break; };
# process requests for our domain (gws included) if (uri=~"[@:]mydomain.com([;:].*)*" | uri=~"@192.168.1.171([;:].*)*" | #pstn gw1 uri=~"@192.168.1.172([;:].*)*" | #pstn gw2 uri=~"@192.168.1.173([;:].*)*" ) { #pstn gw3
log("Request is for mydomain.com\n");
# registers always MUST be authenticated to # avoid stealing incoming calls if (method=="REGISTER") {
log("Request is REGISTER\n");
if (!www_authorize("mydomain.com", "subscriber")) { log("REGISTER has no credentials, sending challenge\n"); www_challenge("mydomain.com", "0"); break; };
# prohibit attempts to grab someone else's address # using someone else's valid credentials if (!check_to()) { log("Cheating attempt\n"); sl_send_reply("401", "Unauthorized"); break; }; # update user location database (it should be in mem) log("REGISTER is authorized, saving location\n"); save("location"); break; };
# now it's about PSTN destinations through our gateways if (uri=~"sip:[0-9]+@.*") { # all PSTN destinations only for authenticated users # (GWs, which have no digest support, are authenticated # by its IP address)
if (!(src_ip==192.168.1.171 | #pstn gw1 src_ip==192.168.1.172 | #pstn gw2 src_ip==192.168.1.173) & #pstn gw3 !(www_authorize("mydomain.com", "subscriber"))) { www_challenge("mydomain.com", "0"); break; }; # requests to gateways must be record-route because the GWs accept # only requests coming from our proxy if (method=="INVITE") record_route();
# XXX: find the best gw using first part of telephone number and...
rewritehostport("192.168.1.171:5060"); #172 or 173 } else { # native SIP destinations are handled using our USRLOC DB # and are allowed only from gws if (src_ip==192.168.1.171 | #pstn gw1 src_ip==192.168.1.172 | #pstn gw2 src_ip==192.168.1.173) { #pstn gw3 if (!lookup("location")) { log("Unable to lookup contact, sending 404\n"); sl_send_reply("404", "Not Found"); break; }; } else { log("No native SIP destination allowed\n"); sl_send_reply("403", "Permission denied"); break; }; }; } else { # outbound requests are not allowed log("No outbound requests allowed\n"); sl_send_reply("403", "Permission denied"); break; };
# and finally.. forward to current uri; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if(!t_relay()) { sl_reply_error(); }; }
Hello there
a flat file (Berkeyley DB) auth module would do this marvelously. I remember reading something about flat files on the past few weeks of the list archive but I must confess I'm waiting 0.9.0 to stabilize to research on it (I'm still using 0.8.14 and it doesn't seem to have the Berkeyley DB option)
hope this helps !3runo
Francesco Fondelli wrote:
Hello,
I'm new to SER and SIP as well so please forgive my mistakes. I'm trying to setup SER in order to forward calls to a pool of pstn gateways. I want use digest authentication for UAs but I cannot store userid and passwords on a db.
Basically I would like to do:
if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); break; };getting userid and password from a text configuration file which contains such infos. How can I do that?
I have written a ser cfg file and I would like someone tell me if is ok. Is a mix of several different cfg files I have found on the net. I'm sure is far to be ok :-)
Thank for your help. Ciao
Hi Bruno,
have you took a look at dbtext module - implements a database support via text files and can be used via same DB API as mysql or postgres modules.
regards, Marian
Bruno Lopes F. Cabral wrote:
Hello there
a flat file (Berkeyley DB) auth module would do this marvelously. I remember reading something about flat files on the past few weeks of the list archive but I must confess I'm waiting 0.9.0 to stabilize to research on it (I'm still using 0.8.14 and it doesn't seem to have the Berkeyley DB option)
hope this helps !3runo
Francesco Fondelli wrote:
Hello,
I'm new to SER and SIP as well so please forgive my mistakes. I'm trying to setup SER in order to forward calls to a pool of pstn gateways. I want use digest authentication for UAs but I cannot store userid and passwords on a db.
Basically I would like to do:
if (!www_authorize("mydomain.com", "subscriber")) { www_challenge("mydomain.com", "0"); break; };getting userid and password from a text configuration file which contains such infos. How can I do that?
I have written a ser cfg file and I would like someone tell me if is ok. Is a mix of several different cfg files I have found on the net. I'm sure is far to be ok :-)
Thank for your help. Ciao
Hello
thanks for the tip but I was thinking more on interfacing do Berkeley DB (db3 or db4). it binary tree the datakeys and is very fast for this kind of usage. a text file with thousands of lines seems unneficient to me (although it can be cached, of course)
(here in my setup I don't do mysql in many servers. all of them gets periodically its data from central mysql and fills DB files. this way in case of mysql outage the services would continue working until tech ppl fix it)
Cheers !3runo
Marian Dumitru wrote:
Hi Bruno,
have you took a look at dbtext module - implements a database support via text files and can be used via same DB API as mysql or postgres modules.
regards, Marian
Hi Bruno,
dbtext works only in cached mode - at startup the file(s) are loaded into memory and all changes are applied only in memory. The cache is eventualy written back in file at shutdown ( normal one not at crash :) ). So, I would say, fits a little but your demands.
Regards, Marian
Bruno Lopes F. Cabral wrote:
Hello
thanks for the tip but I was thinking more on interfacing do Berkeley DB (db3 or db4). it binary tree the datakeys and is very fast for this kind of usage. a text file with thousands of lines seems unneficient to me (although it can be cached, of course)
(here in my setup I don't do mysql in many servers. all of them gets periodically its data from central mysql and fills DB files. this way in case of mysql outage the services would continue working until tech ppl fix it)
Cheers !3runo
Marian Dumitru wrote:
Hi Bruno,
have you took a look at dbtext module - implements a database support via text files and can be used via same DB API as mysql or postgres modules.
regards, Marian
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hello there
well, that definitevely helps :-) I wonder if there is any serctl command or SIG that one could give to ser so it would reload the database without the need to stop/restart the daemon
really appreciate the tip, thanks!
Cheers !3runo
Marian Dumitru wrote:
Hi Bruno,
dbtext works only in cached mode - at startup the file(s) are loaded into memory and all changes are applied only in memory. The cache is eventualy written back in file at shutdown ( normal one not at crash :) ). So, I would say, fits a little but your demands.
Regards, Marian
Bruno Lopes F. Cabral wrote:
Hello
thanks for the tip but I was thinking more on interfacing do Berkeley DB (db3 or db4). it binary tree the datakeys and is very fast for this kind of usage. a text file with thousands of lines seems unneficient to me (although it can be cached, of course)
Hi Bruno,
Daniel (see CC) is the most entitled person to reply to this question - he is the author and maintainer of the module.
regards, Marian
Bruno Lopes F. Cabral wrote:
Hello there
well, that definitevely helps :-) I wonder if there is any serctl command or SIG that one could give to ser so it would reload the database without the need to stop/restart the daemon
really appreciate the tip, thanks!
Cheers !3runo
Marian Dumitru wrote:
Hi Bruno,
dbtext works only in cached mode - at startup the file(s) are loaded into memory and all changes are applied only in memory. The cache is eventualy written back in file at shutdown ( normal one not at crash :) ). So, I would say, fits a little but your demands.
Regards, Marian
Bruno Lopes F. Cabral wrote:
Hello
thanks for the tip but I was thinking more on interfacing do Berkeley DB (db3 or db4). it binary tree the datakeys and is very fast for this kind of usage. a text file with thousands of lines seems unneficient to me (although it can be cached, of course)
Thank you all for the tips,
I had a look at dbtext and I think it almost fits my needs. I just have to change its 'subscriber' table format to match my file format.
Ciao FF
-
Bruno Lopes F. Cabral -
Francesco Fondelli -
Marian Dumitru