12 Jul
2006
12 Jul
'06
2:23 p.m.
Thanks Miklos,
I think this is just what I'm looking for.
But I get some errors for this line:
if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
0(30074) parse error (175,16-17): syntax error
0(30074) parse error (175,16-17): ip address or hostname expected
0(30074) parse error (175,16-17): bad command
0(30074) parse error (175,21-22): bad command
0(30074) parse error (175,21-22): bad command
0(30074) parse error (175,26-27): bad command
0(30074) parse error (175,26-27): bad command
0(30074) parse error (175,28-30): bad command
0(30074) parse error (175,31-32): bad command
0(30074) parse error (175,32-40): bad command
0(30074) parse error (175,41-43): bad command
0(30074) parse error (175,44-45): bad command
0(30074) parse error (175,49-50): bad command
0(30074) parse error (175,49-50): bad command
0(30074) parse error (175,54-55): bad command
0(30074) parse error (175,54-55): bad command
0(30074) parse error (175,55-56): bad command
0(30074) parse error (175,57-58): bad command
Any idea why ?
Thanks,
ilker
-----Original Message-----
From: Miklos Tirpak [mailto:miklos@iptel.org]
Sent: Wednesday, July 12, 2006 11:58 AM
To: İlker Aktuna (Koç.net)
Cc: serusers(a)iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing
Hi Ilker,
just my first idea, not tested:
1. lookup the From HF
if (!lookup_user("From")) {
# reject the INVITE
...
}
2. save original To UID and Request URI
$orig_to_uid = $tu.uid;
$orig_req_uri = @ruri;
3. set To UID -- registrar module will use this in the lookup
$tu.uid = $fu.uid;
4. lookup From HF and compare the source address of the INVITE with the source address of
the REGISTER message
if (lookup("location")) {
if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
# reject the INVITE
...
}
# restore original To UID and Request URI
$tu.uid = $orig_to_uid;
attr2uri("$orig_req_uri");
} else {
# reject the INVITE
...
}
Note, that the above solution is a bit ugly, you can get into troubles when the user
registers multiple contact addresses. It is better to disable branches (see
append_branches parameter in registrar module), but you loose some functionality.
Regards,
Miklos
İlker Aktuna (Koç.net) wrote:
Hi everyone,
I am still trying to find a solution to this problem. (but couldn't
find
yet)
Victor was trying to help me but I think he's not able to reply these days.
Is there any idea to achieve what I need.
Thanks,
ilker
----------------------------------------------------------------------
--
*From:* serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] *On Behalf Of *İlker Aktuna
(Koç.net)
*Sent:* Tuesday, July 11, 2006 1:41 PM
*To:* Victor Stanescu
*Cc:* serusers(a)iptel.org
*Subject:* RE: [Serusers] prevent INVITE without REGISTERing
Hi,
What if my proxy does not handle authenticating INVITE messages ?
In that case I think the best way is to lookup location table for the
source URI.
If the source URI location matches the location in that table then we
must permit INVITE message.
How can I configure this ?
Thanks,
ilker
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Victor Stanescu
Sent: Monday, July 10, 2006 1:49 PM
Cc: serusers(a)iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing
Please read "domain" instead of "gtstelecom.ro":
www_authorize("domain",
"subscriber") and proxy_authorize("domain", "subscriber"),
otherwise
the code fragment will not be correct. I forgot to replace with a generic name.
Victor Stanescu wrote:
<http://387555.sigclick.mailinfo.com/sigclick/060A030C/040D4D00/06020645/0315249181.jpg>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta
mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli
dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz
ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi
bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji
viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta
mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini
garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez.
This message is intended solely for the use of the individual or entity to whom it is
addressed , and may contain confidential information. If you are not the intended
recipient of this message or you receive this mail in error, you should refrain from
making any use of the contents and from opening any attachment. In that case, please
notify the sender immediately and return the message to the sender, then, delete and
destroy all copies. This e-mail message, can not be copied, published or sold for any
reason. This e-mail message has been swept by anti-virus systems for the presence of
computer viruses. In doing so, however, sender cannot warrant that virus or other forms
of data corruption may not be present and do not take any responsibility in any
occurrence.
_____________________________________________________________________________________________________________________________________________
I think it is easier to force him to authenticate
the INVITE. If he
is > able to authenticate the INVITE, why do you care if he
is
registered > or not?
if (method=="REGISTER") {
if(!src_ip=="other") {
if (!www_authorize("gtstelecom.ro", "subscriber")) {
www_challenge("domain", "0");
break;
};
save("location");
log("Replicating REGISTER\n");
t_replicate("other", "5060");
} else {
save("location");
};
break;
} else {
# this is an INVITE
if (!proxy_authorize("gtstelecom.ro", "subscriber")) {
proxy_challenge("domain", "1");
break;
};
# route the call
...
};
İlker Aktuna (Koç.net) wrote:
>
> Hi all,
>
> Is it possible to prevent any user calling without registering ?
What
>> is the best way to do this ?
> I guess I'll have to check if the source
URI exists in location table.
> What is the easiest way to do this ?
>
> If there is a more robust way to do it, please suggest...
>
> Thanks,
> ilker
>
>
<http://387555.sigclick.mailinfo.com/sigclick/07090204/04064D07/070105
4D/0364151131.jpg>
______________________________________________________________________
______________________________________________________________________
_ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
olabilir.
Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir
sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
e-posta mesajini kullaniciya hemen geri gonderiniz ve tum
kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir
sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.
Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan
taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
kabul etmez.
This message is intended solely for the use of the individual or
entity to whom it is addressed , and may contain confidential
information. If you are not the intended recipient of this message or
you receive this mail in error, you should refrain from making any use
of the contents and from opening any attachment. In that case, please
notify the sender immediately and return the message to the sender,
then, delete and destroy all copies. This e-mail message, can not be
copied, published or sold for any reason. This e-mail message has been
swept by anti-virus systems for the presence of computer viruses. In
doing so, however, sender cannot warrant that virus or other forms of
data corruption may not be present and do not take any responsibility in any occurrence.
______________________________________________________________________
______________________________________________________________________
_
----------------------------------------------------------------------
--
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers 
12 Jul
12 Jul
4:01 p.m.
New subject: [Serusers] prevent INVITE without REGISTERing
İlker Aktuna (Koç.net) wrote:
Thanks Miklos,
I think this is just what I'm looking for.
But I get some errors for this line:
if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
You can access src_ip and src_port via xl_lib:
$registered_host = @ruri.host;
$registered_port = @ruri.port;
if ((!avp_equals_xl("$registered_host", "%si"))
|| (!avp_equals_xl("$registered_port", "%sp"))) {
...
Miklos
0(30074) parse error (175,16-17): syntax error
0(30074) parse error (175,16-17): ip address or hostname expected
0(30074) parse error (175,16-17): bad command
0(30074) parse error (175,21-22): bad command
0(30074) parse error (175,21-22): bad command
0(30074) parse error (175,26-27): bad command
0(30074) parse error (175,26-27): bad command
0(30074) parse error (175,28-30): bad command
0(30074) parse error (175,31-32): bad command
0(30074) parse error (175,32-40): bad command
0(30074) parse error (175,41-43): bad command
0(30074) parse error (175,44-45): bad command
0(30074) parse error (175,49-50): bad command
0(30074) parse error (175,49-50): bad command
0(30074) parse error (175,54-55): bad command
0(30074) parse error (175,54-55): bad command
0(30074) parse error (175,55-56): bad command
0(30074) parse error (175,57-58): bad command
Any idea why ?
Thanks,
ilker
-----Original Message-----
From: Miklos Tirpak [mailto:miklos@iptel.org]
Sent: Wednesday, July 12, 2006 11:58 AM
To: İlker Aktuna (Koç.net)
Cc: serusers(a)iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing
Hi Ilker,
just my first idea, not tested:
1. lookup the From HF
if (!lookup_user("From")) {
# reject the INVITE
...
}
2. save original To UID and Request URI
$orig_to_uid = $tu.uid;
$orig_req_uri = @ruri;
3. set To UID -- registrar module will use this in the lookup
$tu.uid = $fu.uid;
4. lookup From HF and compare the source address of the INVITE with the
source address of the REGISTER message
if (lookup("location")) {
if ((src_ip != @ruri.host) || (src_port != @ruri.port)) {
# reject the INVITE
...
}
# restore original To UID and Request URI
$tu.uid = $orig_to_uid;
attr2uri("$orig_req_uri");
} else {
# reject the INVITE
...
}
Note, that the above solution is a bit ugly, you can get into troubles
when the user registers multiple contact addresses. It is better to
disable branches (see append_branches parameter in registrar module),
but you loose some functionality.
Regards,
Miklos
İlker Aktuna (Koç.net) wrote:
karsiligi
satilamaz.
Hi everyone,
I am still trying to find a solution to this problem. (but couldn't
find
yet)
Victor was trying to help me but I think he's not able to reply these
days.
Is there any idea to achieve what I need.
Thanks,
ilker
----------------------------------------------------------------------
--
*From:* serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] *On Behalf Of *İlker Aktuna
(Koç.net)
*Sent:* Tuesday, July 11, 2006 1:41 PM
*To:* Victor Stanescu
*Cc:* serusers(a)iptel.org
*Subject:* RE: [Serusers] prevent INVITE without REGISTERing
Hi,
What if my proxy does not handle authenticating INVITE messages ?
In that case I think the best way is to lookup location table for the
source URI.
If the source URI location matches the location in that table then we
must permit INVITE message.
How can I configure this ?
Thanks,
ilker
-----Original Message-----
From: serusers-bounces(a)lists.iptel.org
[mailto:serusers-bounces@lists.iptel.org] On Behalf Of Victor Stanescu
Sent: Monday, July 10, 2006 1:49 PM
Cc: serusers(a)iptel.org
Subject: Re: [Serusers] prevent INVITE without REGISTERing
Please read "domain" instead of "gtstelecom.ro":
www_authorize("domain",
"subscriber") and proxy_authorize("domain", "subscriber"),
otherwise
the code fragment will not be correct. I forgot to replace with a
generic name.
Victor Stanescu wrote:
table.
I think it is easier to force him to authenticate
the INVITE. If he
is > able to authenticate the INVITE, why do you care if he
is
registered > or not?
if (method=="REGISTER") {
if(!src_ip=="other") {
if (!www_authorize("gtstelecom.ro", "subscriber")) {
www_challenge("domain", "0");
break;
};
save("location");
log("Replicating REGISTER\n");
t_replicate("other", "5060");
} else {
save("location");
};
break;
} else {
# this is an INVITE
if (!proxy_authorize("gtstelecom.ro", "subscriber")) {
proxy_challenge("domain", "1");
break;
};
# route the call
...
};
İlker Aktuna (Koç.net) wrote:
>
> Hi all,
>
> Is it possible to prevent any user calling without registering ?
What
>> is the best way to do this ?
>> I guess I'll have to check if the source URI exists in location > What
is the easiest way to do this ?
>
> If there is a more robust way to do it, please suggest...
>
> Thanks,
> ilker
>
>
<http://387555.sigclick.mailinfo.com/sigclick/07090204/04064D07/070105
4D/0364151131.jpg>
______________________________________________________________________
______________________________________________________________________
_ Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor
olabilir.
Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir
sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
e-posta mesajini kullaniciya hemen geri gonderiniz ve tum
kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir
sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para Bu e-posta mesaji viruslere karsi anti-virus
sistemleri tarafindan
taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
kabul etmez.
This message is intended solely for the use of the individual or
entity to whom it is addressed , and may contain confidential
information. If you are not the intended recipient of this message or
you receive this mail in error, you should refrain from making any use
of the contents and from opening any attachment. In that case, please
notify the sender immediately and return the message to the sender,
then, delete and destroy all copies. This e-mail message, can not be
copied, published or sold for any reason. This e-mail message has been
swept by anti-virus systems for the presence of computer viruses. In
doing so, however, sender cannot warrant that virus or other forms of
data corruption may not be present and do not take any responsibility
in any
occurrence.
______________________________________________________________________
______________________________________________________________________
_
----------------------------------------------------------------------
--
_______________________________________________
Serusers mailing list
Serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
<http://387555.sigclick.mailinfo.com/sigclick/060A030C/040D4D00/06020645/0315249181.jpg>
_____________________________________________________________________________________________________________________________________________
Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir.
Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir
sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen
e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini
mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi
bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz.
Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan
taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma
sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti
etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu
kabul etmez.
This message is intended solely for the use of the individual or entity
to whom it is addressed , and may contain confidential information. If
you are not the intended recipient of this message or you receive this
mail in error, you should refrain from making any use of the contents
and from opening any attachment. In that case, please notify the sender
immediately and return the message to the sender, then, delete and
destroy all copies. This e-mail message, can not be copied, published or
sold for any reason. This e-mail message has been swept by anti-virus
systems for the presence of computer viruses. In doing so, however,
sender cannot warrant that virus or other forms of data corruption may
not be present and do not take any responsibility in any occurrence.
_____________________________________________________________________________________________________________________________________________
6708
days inactive
6708
days old
1 comments
2 participants
participants (2)
-
İlker Aktuna (Koç.net) -
Miklos Tirpak