Finally I found a solution. I've attached the block I included in the SER cfg file. The problem (big problem) is that after a day (more or less), there are defunct processes. I think it's a problem of the exec_msg sentence, but I'm not sure. With these defunct processes, SER crashed. :(

###################################################################### # This block of code controls the user registration if (method=="REGISTER") {

# Enable authentication if (!www_authorize("galeno.hi.inet","subscriber")) { www_challenge("galeno.hi.inet","0"); break; };

#### # This block prevents a user from registering with a login previously registered from another machine # # Verify it's not a deregistration message if (!search("Expires: 0")) { # It's a registration message # Verify that there's no register in the table location with the same user but from a differente machine if ( !exec_msg(' USUARIO=`echo $SIP_HF_FROM | sed -n "s/<sip:(.*)@.*/\1/p"`; QUERY="select username from location where username="$USUARIO" and contact not like "sip:$SIP_SRCIP:%""; RESULT=`mysql -uXXX -pXXX -e "$QUERY" ser`; if [ -z "$RESULT" ]; then exit 0; else echo "The user $USUARIO is already registered" >> /var/log/serprueba.log; exit 1; fi;') ) { # The user is already registered sl_send_reply("404", "Not Found"); break; }; } ####

save("location"); break; }; #####################################################################

On Wed, 16 Mar 2005 17:11:01 +0100, Klaus Darilion klaus.mailinglists@pernau.at wrote:

Hi Jffdsaklj! (must be a hard life living with such a name)

And how will you distinguish between an invalid registration and a valid re-registration from a new IP address?

regards, klaus

Jffdsaklj dsjk wrote:

...

How can we restrict the registration to only one user per login?. Currently, you can register with the same login/password in different machines at the same time. But what we require is that only the first registration is valid and the rest ones are invalidated by the SER. Thanks

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

Right, but what alternative is there?

On Tue, 22 Mar 2005 06:49:08 -0500, Java Rockx javarockx@gmail.com wrote:

FYI, exec_msg is highly not recommended because it is "expensive" in terms of processing.

Regards, Paul

So, what do you recommend us to use instead of exec_msg?. What's the best alternative?.

On Tue, 22 Mar 2005 06:49:08 -0500, Java Rockx javarockx@gmail.com wrote:

FYI, exec_msg is highly not recommended because it is "expensive" in terms of processing.

Regards, Paul

On Tue, 22 Mar 2005 10:37:58 +0100, Jffdsaklj dsjk jjjaime@gmail.com wrote:

...

Finally I found a solution. I've attached the block I included in the SER cfg file. The problem (big problem) is that after a day (more or less), there are defunct processes. I think it's a problem of the exec_msg sentence, but I'm not sure. With these defunct processes, SER crashed. :(

###################################################################### # This block of code controls the user registration if (method=="REGISTER") {

# Enable authentication if (!www_authorize("galeno.hi.inet","subscriber")) { www_challenge("galeno.hi.inet","0"); break; };

#### # This block prevents a user from registering with a login previously registered from another machine # # Verify it's not a deregistration message if (!search("Expires: 0")) { # It's a registration message # Verify that there's no register in the table location with the same user but from a differente machine if ( !exec_msg(' USUARIO=`echo $SIP_HF_FROM | sed -n "s/<sip:(.*)@.*/\1/p"`; QUERY="select username from location where username="$USUARIO" and contact not like "sip:$SIP_SRCIP:%""; RESULT=`mysql -uXXX -pXXX -e "$QUERY" ser`; if [ -z "$RESULT" ]; then exit 0; else echo "The user $USUARIO is already registered" >> /var/log/serprueba.log; exit 1; fi;') ) { # The user is already registered sl_send_reply("404", "Not Found"); break; }; } ####

save("location"); break; }; #####################################################################

On Wed, 16 Mar 2005 17:11:01 +0100, Klaus Darilion klaus.mailinglists@pernau.at wrote:

...

Hi Jffdsaklj! (must be a hard life living with such a name)

And how will you distinguish between an invalid registration and a valid re-registration from a new IP address?

regards, klaus

Jffdsaklj dsjk wrote:

...

How can we restrict the registration to only one user per login?. Currently, you can register with the same login/password in different machines at the same time. But what we require is that only the first registration is valid and the rest ones are invalidated by the SER. Thanks

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

avpops is only in CVS, right? CVS also has max_contacts for the registrar module, which kinda does the same thing. Stable has no such option to my knowledge. -- Dana

On Wed, 23 Mar 2005 14:09:22 +0100, Marian Dumitru marian.dumitru@voice-sistem.ro wrote:

Hi Paul,

You are right - maybe a better approach will be to use the registered() function - it returns true if the AOR in the Request-URI is registered. To do the trick for REGISTER requests, use avpops so copy the From or To uri into RURI before checking - then you can to revert_uri() to restore to original value,

I haven't tried it , it's just an idea.

Best regards, Marian

Java Rockx wrote:

...

FYI, exec_msg is highly not recommended because it is "expensive" in terms of processing.

Regards, Paul

On Tue, 22 Mar 2005 10:37:58 +0100, Jffdsaklj dsjk jjjaime@gmail.com wrote:

...

Finally I found a solution. I've attached the block I included in the SER cfg file. The problem (big problem) is that after a day (more or less), there are defunct processes. I think it's a problem of the exec_msg sentence, but I'm not sure. With these defunct processes, SER crashed. :(

###################################################################### # This block of code controls the user registration if (method=="REGISTER") {

# Enable authentication if (!www_authorize("galeno.hi.inet","subscriber")) { www_challenge("galeno.hi.inet","0"); break; };

#### # This block prevents a user from registering with a login previously registered from another machine # # Verify it's not a deregistration message if (!search("Expires: 0")) { # It's a registration message # Verify that there's no register in the table location with the same user but from a differente machine if ( !exec_msg(' USUARIO=`echo $SIP_HF_FROM | sed -n "s/<sip:(.*)@.*/\1/p"`; QUERY="select username from location where username="$USUARIO" and contact not like "sip:$SIP_SRCIP:%""; RESULT=`mysql -uXXX -pXXX -e "$QUERY" ser`; if [ -z "$RESULT" ]; then exit 0; else echo "The user $USUARIO is already registered" >> /var/log/serprueba.log; exit 1; fi;') ) { # The user is already registered sl_send_reply("404", "Not Found"); break; }; } ####

save("location"); break; }; #####################################################################

On Wed, 16 Mar 2005 17:11:01 +0100, Klaus Darilion klaus.mailinglists@pernau.at wrote:

...

Hi Jffdsaklj! (must be a hard life living with such a name)

And how will you distinguish between an invalid registration and a valid re-registration from a new IP address?

regards, klaus

Jffdsaklj dsjk wrote:

...

How can we restrict the registration to only one user per login?. Currently, you can register with the same login/password in different machines at the same time. But what we require is that only the first registration is valid and the rest ones are invalidated by the SER. Thanks

-- Voice System http://www.voice-system.ro

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

On Wed, 23 Mar 2005 09:14:42 -0500, Java Rockx javarockx@gmail.com wrote:

IMHO setting max_contacts is very dangerous because if you reboot your SIP UA and your NAT device gives you a new port assignment, the you will __fail__ to register if your previous contact AOR has not expired.

I think this is the hardest part of implementing a "per-seat" configuration. You just don't know when a NAT will assign a new port to a SIP UA.

I gave up on this for this very reason. Our solution is to lock down the SIP UAs and never let a customer get in to the settings (except for the LAN/WAN settings).

Regards, Paul

Hey Paul, I hear you. I'm just saying that max_contacts is basically what we're attempting to accomplish, only in the stable banch of SER. And I've basically got it down to the point where the only time it locks me out is if A) someone is already logged in with that account, or B) my IP address changes. I also wrote a real quick CGI that will list all the users logged in, and if you click on any of them, it'll force them out of the location table, allowing someone else to login (or re-login, if the IP changed).

However, if my superiors find this to not be an acceptable solution, I'd like to know what you are using, and how did you lock it down? We tried with SJphone and had some success, but the quality just doesn't compare to eyeBeam. We managed to lockdown eyeBeam a bit, but users can still get into the settings. I'd appreciate your insight. -- Dana

Hi

I never tried max_contacts, but would it not be possible to logoff the previous contact b4 the new one registers, that way you wont have a locking issue.

This is the kind of thing I guess yahoo IM etc all do...kind of

Iqbal

PS is max contacts in CVS head, or in 0.9 also

On 3/23/2005, "Java Rockx" javarockx@gmail.com wrote:

We're shipping UTstarcom iAN-02EX ATAs and these are fully remote configurable as they query our Apache farm for their configuration upon bootup (based on their MAC address).

So we have full control of the customer IAD, and the customer doesn't.

For softphones --- this is bad. Xten (eyebeam) AFAIK, do not have a way to remotely configure them and therefore you have to give the SIP proxy UID and PWD to the customer and we decided under no circumstances will this be done on our network.

The solution for a softphone is to find one that will remotely configure like the UTstarcom IAD. We're not shipping softphones so I can't really help you there.

Regards, Paul

On Wed, 23 Mar 2005 10:05:26 -0500, Dana Olson rickaster@gmail.com wrote:

...

On Wed, 23 Mar 2005 09:14:42 -0500, Java Rockx javarockx@gmail.com wrote:

...

IMHO setting max_contacts is very dangerous because if you reboot your SIP UA and your NAT device gives you a new port assignment, the you will __fail__ to register if your previous contact AOR has not expired.

I think this is the hardest part of implementing a "per-seat" configuration. You just don't know when a NAT will assign a new port to a SIP UA.

I gave up on this for this very reason. Our solution is to lock down the SIP UAs and never let a customer get in to the settings (except for the LAN/WAN settings).

Regards, Paul

Hey Paul, I hear you. I'm just saying that max_contacts is basically what we're attempting to accomplish, only in the stable banch of SER. And I've basically got it down to the point where the only time it locks me out is if A) someone is already logged in with that account, or B) my IP address changes. I also wrote a real quick CGI that will list all the users logged in, and if you click on any of them, it'll force them out of the location table, allowing someone else to login (or re-login, if the IP changed).

However, if my superiors find this to not be an acceptable solution, I'd like to know what you are using, and how did you lock it down? We tried with SJphone and had some success, but the quality just doesn't compare to eyeBeam. We managed to lockdown eyeBeam a bit, but users can still get into the settings. I'd appreciate your insight. -- Dana

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

It would be really nice if somehow the SIP UA's MAC address could be discovered. If that were possible you could really do per-seat connections.

Regards, Paul

On Wed, 23 Mar 2005 14:29:37 -0500, Dana Olson rickaster@gmail.com wrote:

As far as I knew, 0.9.0 wasn't officially released as stable yet. Am I wrong?

And yes, what you said to prevent the locking issue is exactly correct. But my scripting does this on 0.8.14 as well. The only time it will lock is if an IP address changes and then a reregister request is sent without unregistering first. I don't even know if that is a possibility, but I assume it is.

Ideally, we would be able to know if it's the same phone re-registering, but you can't tell the difference if it's the same person with a new IP, or, for example, if you open up task manager, kill the softphone (which means its registration doesn't force expire/unregister), change IP addresses, and then log in again.

My script does this in its current state. It will only reject if the registration hasn't expired and a new IP address is trying to register. I'm not sure, but I assume, this is also what happens with max_contacts. -- Dana

On Wed, 23 Mar 2005 16:54:21 GMT, Iqbal iqbal@gigo.co.uk wrote:

...

Hi

I never tried max_contacts, but would it not be possible to logoff the previous contact b4 the new one registers, that way you wont have a locking issue.

This is the kind of thing I guess yahoo IM etc all do...kind of

Iqbal

PS is max contacts in CVS head, or in 0.9 also

On 3/23/2005, "Java Rockx" javarockx@gmail.com wrote:

...

We're shipping UTstarcom iAN-02EX ATAs and these are fully remote configurable as they query our Apache farm for their configuration upon bootup (based on their MAC address).

So we have full control of the customer IAD, and the customer doesn't.

For softphones --- this is bad. Xten (eyebeam) AFAIK, do not have a way to remotely configure them and therefore you have to give the SIP proxy UID and PWD to the customer and we decided under no circumstances will this be done on our network.

The solution for a softphone is to find one that will remotely configure like the UTstarcom IAD. We're not shipping softphones so I can't really help you there.

Regards, Paul

On Wed, 23 Mar 2005 10:05:26 -0500, Dana Olson rickaster@gmail.com wrote:

...

On Wed, 23 Mar 2005 09:14:42 -0500, Java Rockx javarockx@gmail.com wrote:

...

IMHO setting max_contacts is very dangerous because if you reboot your SIP UA and your NAT device gives you a new port assignment, the you will __fail__ to register if your previous contact AOR has not expired.

I think this is the hardest part of implementing a "per-seat" configuration. You just don't know when a NAT will assign a new port to a SIP UA.

I gave up on this for this very reason. Our solution is to lock down the SIP UAs and never let a customer get in to the settings (except for the LAN/WAN settings).

Regards, Paul

Hey Paul, I hear you. I'm just saying that max_contacts is basically what we're attempting to accomplish, only in the stable banch of SER. And I've basically got it down to the point where the only time it locks me out is if A) someone is already logged in with that account, or B) my IP address changes. I also wrote a real quick CGI that will list all the users logged in, and if you click on any of them, it'll force them out of the location table, allowing someone else to login (or re-login, if the IP changed).

However, if my superiors find this to not be an acceptable solution, I'd like to know what you are using, and how did you lock it down? We tried with SJphone and had some success, but the quality just doesn't compare to eyeBeam. We managed to lockdown eyeBeam a bit, but users can still get into the settings. I'd appreciate your insight. -- Dana

that would make life alot easier and more billable :-)

Iqbal

Java Rockx wrote:

It would be really nice if somehow the SIP UA's MAC address could be discovered. If that were possible you could really do per-seat connections.

Regards, Paul

On Wed, 23 Mar 2005 14:29:37 -0500, Dana Olson rickaster@gmail.com wrote:

...

As far as I knew, 0.9.0 wasn't officially released as stable yet. Am I wrong?

And yes, what you said to prevent the locking issue is exactly correct. But my scripting does this on 0.8.14 as well. The only time it will lock is if an IP address changes and then a reregister request is sent without unregistering first. I don't even know if that is a possibility, but I assume it is.

Ideally, we would be able to know if it's the same phone re-registering, but you can't tell the difference if it's the same person with a new IP, or, for example, if you open up task manager, kill the softphone (which means its registration doesn't force expire/unregister), change IP addresses, and then log in again.

My script does this in its current state. It will only reject if the registration hasn't expired and a new IP address is trying to register. I'm not sure, but I assume, this is also what happens with max_contacts. -- Dana

On Wed, 23 Mar 2005 16:54:21 GMT, Iqbal iqbal@gigo.co.uk wrote:

...

Hi

I never tried max_contacts, but would it not be possible to logoff the previous contact b4 the new one registers, that way you wont have a locking issue.

This is the kind of thing I guess yahoo IM etc all do...kind of

Iqbal

PS is max contacts in CVS head, or in 0.9 also

On 3/23/2005, "Java Rockx" javarockx@gmail.com wrote:

...

We're shipping UTstarcom iAN-02EX ATAs and these are fully remote configurable as they query our Apache farm for their configuration upon bootup (based on their MAC address).

So we have full control of the customer IAD, and the customer doesn't.

For softphones --- this is bad. Xten (eyebeam) AFAIK, do not have a way to remotely configure them and therefore you have to give the SIP proxy UID and PWD to the customer and we decided under no circumstances will this be done on our network.

The solution for a softphone is to find one that will remotely configure like the UTstarcom IAD. We're not shipping softphones so I can't really help you there.

Regards, Paul

On Wed, 23 Mar 2005 10:05:26 -0500, Dana Olson rickaster@gmail.com wrote:

...

On Wed, 23 Mar 2005 09:14:42 -0500, Java Rockx javarockx@gmail.com wrote:

...

IMHO setting max_contacts is very dangerous because if you reboot your SIP UA and your NAT device gives you a new port assignment, the you will __fail__ to register if your previous contact AOR has not expired.

I think this is the hardest part of implementing a "per-seat" configuration. You just don't know when a NAT will assign a new port to a SIP UA.

I gave up on this for this very reason. Our solution is to lock down the SIP UAs and never let a customer get in to the settings (except for the LAN/WAN settings).

Regards, Paul

Hey Paul, I hear you. I'm just saying that max_contacts is basically what we're attempting to accomplish, only in the stable banch of SER. And I've basically got it down to the point where the only time it locks me out is if A) someone is already logged in with that account, or B) my IP address changes. I also wrote a real quick CGI that will list all the users logged in, and if you click on any of them, it'll force them out of the location table, allowing someone else to login (or re-login, if the IP changed).

However, if my superiors find this to not be an acceptable solution, I'd like to know what you are using, and how did you lock it down? We tried with SJphone and had some success, but the quality just doesn't compare to eyeBeam. We managed to lockdown eyeBeam a bit, but users can still get into the settings. I'd appreciate your insight. -- Dana

.

I'm pretty sure that the default is this, and if not, you can certainly do it with stateless forwarding, which I am using. However, this is kinda defeating the goal I'm trying to achieve. If I'm logged into my account, and someone else logs in with my account after me, I stop receiving calls, and they go to the other person until they log out or I re-register. That's not good. I need to give the priority to the person who logged in first, and reject further registrations. I'm sure that someone can use your methodology though.

-- Dana

On Tue, 22 Mar 2005 10:40:41 -0300, Bruno Lopes F. Cabral bruno@openline.com.br wrote:

Hi there

isn't there a way on which a new registration would override the previous one? this way, the cases of re-registering (changed IPs) would be solved and anyone that wish to force two simultaenous registerings would have some hard time?

Cheers !3runo

hi everybody,

I am using ser with dbtext database

The code is working,

the authentification users is ok but when i add news users, i have a pb, they are not loaded in the suscriber.

My question is : can i add users in the suscriber table (dbtext) without restart ser Thank you.

# # $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $ # # simple quick-start config script #

# ----------- global configuration parameters ------------------------

debug=7 # debug level (cmd line: -dddddddddd) fork=yes log_stderror=yes

check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) #port=5060 #children=4 fifo="/tmp/ser_fifo"

# ------------------ module loading ----------------------------------

loadmodule "/usr/local/lib/ser/modules/dbtext.so" loadmodule "/usr/local/lib/ser/modules/sl.so" loadmodule "/usr/local/lib/ser/modules/tm.so" loadmodule "/usr/local/lib/ser/modules/rr.so" loadmodule "/usr/local/lib/ser/modules/maxfwd.so" loadmodule "/usr/local/lib/ser/modules/usrloc.so" loadmodule "/usr/local/lib/ser/modules/registrar.so"

# Uncomment this if you want digest authentication loadmodule "/usr/local/lib/ser/modules/auth.so" loadmodule "/usr/local/lib/ser/modules/auth_db.so"

# ----------------- setting module-specific parameters ---------------

# -- usrloc params -- ################################################################# modparam("usrloc", "db_mode",2) modparam("usrloc", "db_url", "/usr/local/etc/ser/dbtext")

# -- auth params -- #

modparam("auth_db", "db_url", "/usr/local/etc/ser/dbtext") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "password") ################################################################

# -- registrar params -- ########################################################## #modparam("registrar", "nat_flag", 6) #modparam("registrar", "max_expires", 1200) #modparam("registrar", "min_expires", 300) #modparam("registrar", "default_expires", 1200) #modparam("registrar", "use_domain", 1) #modparam("registrar","desc_time_order",1)

# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)

# ------------------------- request routing logic -------------------

# main routing logic

route{

# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); break; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); break; };

# we record-route all messages -- to make sure that # subsequent messages will go through our proxy; that's # particularly good if upstream and downstream entities # use different transport protocol record_route(); # loose-route processing if (loose_route()) { t_relay(); break; };

# if the request is for other domain use UsrLoc # (in case, it does not work, use the following command # with proper names and addresses in it) if (uri==myself) {

if (method=="REGISTER") {

# Uncomment this if you want to use digest authentication # if (!www_authorize("softiphone.net", "subscriber")) { # www_challenge("softiphone.net", "0"); # break; # };

if (!proxy_authorize("", "subscriber")) { proxy_challenge("", "0"); break; }

save("location"); break; };

# native SIP destinations are handled using our USRLOC DB if (!lookup("location")) { sl_send_reply("404", "Not Found"); break; }; }; # forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP if (!t_relay()) { sl_reply_error(); };

}

On Tue, 22 Mar 2005 11:34:30 -0300, Bruno Lopes F. Cabral bruno@openline.com.br wrote:

Hi

if you are 1 person only and your telefone is registered, supposedely no one else will have your id/password to try to register a second time. if they do so, you will complain (as you described) and the admin will know your id/password was stolen (and perhaps provide you a new one)

I suppose this is the desire of any admin wishing to limit SIP registrations to 1 user only, to avoid having two customers sharing a single account.

please note that, in second case, if you change IP and re-register, as you are only one person/account, the old register should expire imediately

my excuses if I didn't myself clearer early

Cheers !3runo

Dana Olson wrote:

...

I'm pretty sure that the default is this, and if not, you can certainly do it with stateless forwarding, which I am using. However, this is kinda defeating the goal I'm trying to achieve. If I'm logged into my account, and someone else logs in with my account after me, I stop receiving calls, and they go to the other person until they log out or I re-register. That's not good. I need to give the priority to the person who logged in first, and reject further registrations. I'm sure that someone can use your methodology though.

-- Dana

On Tue, 22 Mar 2005 10:40:41 -0300, Bruno Lopes F. Cabral wrote

...

isn't there a way on which a new registration would override the previous one? this way, the cases of re-registering (changed IPs) would be solved and anyone that wish to force two simultaenous registerings would have some hard time?

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers