Hi!
I am new to SER, and have following question. How can I provide that:
1) Users can register only their sip addresses; 2) Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Hi Timur,
yes, you can do this by using the uri_db module: - enable the :use_uri_table" param (http://www.openser.org/docs/modules/0.9.x/uri_db.html#AEN159) - populate the URI table: username: auth_username domain: auth_realm uri_user: sip_username
regards, bogdan
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Thanks for replying!
To clarify my case, I want to add that I use auth_radius for authentication.
So, I have two options:
1) Stop using radius. Authenticate through DB. Use check_to & check_from from uri_db; 2) Make my sip and auth username match. But what to do then? It seems I can't use check_to & check_from without DB?
On 8/3/05, Bogdan-Andrei Iancu bogdan@voice-system.ro wrote:
Hi Timur,
yes, you can do this by using the uri_db module:
- enable the :use_uri_table" param
(http://www.openser.org/docs/modules/0.9.x/uri_db.html#AEN159)
- populate the URI table: username: auth_username domain: auth_realm uri_user: sip_username
regards, bogdan
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Timur Irmatov wrote:
Thanks for replying!
To clarify my case, I want to add that I use auth_radius for authentication.
So, I have two options:
- Stop using radius. Authenticate through DB. Use check_to &
check_from from uri_db;
You do not have to stop radius. Authentication is usually 2 steps:
1. verify auth-username and auth-password using the ..._authorize functions. Here you can use radius or db
2. verify that the auth-username corresponds with the from: username. This will be done by check_from, which may use a db for verification.
Thus, you will use radius for step 1 and DB for step 2.
regards klaus
- Make my sip and auth username match. But what to do then? It seems
I can't use check_to & check_from without DB?
On 8/3/05, Bogdan-Andrei Iancu bogdan@voice-system.ro wrote:
Hi Timur,
yes, you can do this by using the uri_db module:
- enable the :use_uri_table" param
(http://www.openser.org/docs/modules/0.9.x/uri_db.html#AEN159)
- populate the URI table: username: auth_username domain: auth_realm uri_user: sip_username
regards, bogdan
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
On 8/3/05, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Timur Irmatov wrote:
Thanks for replying!
To clarify my case, I want to add that I use auth_radius for authentication.
So, I have two options:
- Stop using radius. Authenticate through DB. Use check_to &
check_from from uri_db;
You do not have to stop radius. Authentication is usually 2 steps:
- verify auth-username and auth-password using the ..._authorize
functions. Here you can use radius or db
- verify that the auth-username corresponds with the from: username.
This will be done by check_from, which may use a db for verification.
Thus, you will use radius for step 1 and DB for step 2.
regards klaus
thanks!
i think i'll do it the way you suggested.
One more question..
What code and message should I use when I detect users not using their correct From?
My code looks like this, correct me if I'm wrong:
if (!check_from()) { sl_send_reply(XXX, "Some message"); }
Timur Irmatov wrote:
One more question..
What code and message should I use when I detect users not using their correct From?
My code looks like this, correct me if I'm wrong:
if (!check_from()) { sl_send_reply(XXX, "Some message"); }
I use sl_send_reply("403","username - auth-user mismatch");
klaus
Hi!
Solution 1: Change the usernames :-)
Solution 2: modify check_from to strip some characters
maybe solution 3: Maybe you find a way to verify using AVPs and avp_check.
@voice-systems team: Is there a reason why there are no pseude variables for the authentication username and realm?
regards, klaus
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Hello,
On 08/03/05 12:55, Klaus Darilion wrote:
Hi!
Solution 1: Change the usernames :-)
Solution 2: modify check_from to strip some characters
maybe solution 3: Maybe you find a way to verify using AVPs and avp_check.
@voice-systems team: Is there a reason why there are no pseude variables for the authentication username and realm?
there was no usage case until now, but they can be added easily. I will do it asap.
Regards, Daniel
regards, klaus
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hello,
On 08/03/05 13:15, Daniel-Constantin Mierla wrote:
Hello,
On 08/03/05 12:55, Klaus Darilion wrote:
Hi!
Solution 1: Change the usernames :-)
Solution 2: modify check_from to strip some characters
maybe solution 3: Maybe you find a way to verify using AVPs and avp_check.
@voice-systems team: Is there a reason why there are no pseude variables for the authentication username and realm?
there was no usage case until now, but they can be added easily. I will do it asap.
they are on cvs right now: - $au - auth username - $ar - auth realm
Please be aware that the first Authorization or Proxy-Authorization header is used -- in case there are more of them.
Daniel
Regards, Daniel
regards, klaus
Timur Irmatov wrote:
Hi!
I am new to SER, and have following question. How can I provide that:
- Users can register only their sip addresses;
- Users can use their username in sip From: field.
In my installation sip username and authentication usernames differ a little. For example, sip username could be 112233, but auth username is sip112233. So, I want to be sure that user that can successfully autheticate as sip112233 will not use 345678 username, and always will be using 112233 in From? I need something like check_from, but this function requires identical sip and auth usernames.
Is this thing doable? If so, I will be glad to hear how I should do this in openser.cfg or any hints/links that could point me in right direction.
Thanks!
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Daniel-Constantin Mierla -
Klaus Darilion -
Timur Irmatov