I'm getting mad, this script always gives "No permission for local calls" even if caller has "local" permission, I checked also in database.
I'm missing something ?
if (uri=~"0*@DOMAINNAME") {
if (!is_user_in("credentials", "local")){ sl_send_reply("403", "No permission for local calls"); break; } else { rewritehostport("SERVERIP:5090"); t_relay_to_udp("SERVERIP", "5090"); break; }; };
ser log:
is_user_in(): No authorized credentials found (error in scripts)
Tnx for any help !
This probably means you need to to a www_challenge() www_authorize()... if(!proxy_authorize("DOMAINNAME", "subscriber")) { proxy_challenge("DOMAINNAME", "0"); break; };
You can replace proxy_ with www_, however, I think the proxy_ is more correct? I've actually run across UAs that won't respond to www_...
The is_user_in() call looks in the credentials for the user_id, and that user_id is used for a lookup in the grp table for a grp with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially forged.
---greg
Alessio Focardi wrote:
I'm getting mad, this script always gives "No permission for local calls" even if caller has "local" permission, I checked also in database.
I'm missing something ?
if (uri=~"0*@DOMAINNAME") {
if (!is_user_in("credentials", "local")){ sl_send_reply("403", "No permission for local calls"); break; } else { rewritehostport("SERVERIP:5090"); t_relay_to_udp("SERVERIP", "5090"); break; }; };ser log:
is_user_in(): No authorized credentials found (error in scripts)
Tnx for any help !
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On 10-02 10:08, Greg Fausak wrote:
This probably means you need to to a www_challenge() www_authorize()... if(!proxy_authorize("DOMAINNAME", "subscriber")) { proxy_challenge("DOMAINNAME", "0"); break; };
You can replace proxy_ with www_, however, I think the proxy_ is more correct? I've actually run across UAs that won't respond to www_...
Actually www_* functions are more appropriate for the registrar, proxy_* are usually used when you forward the request (such as INVITE). A good implementation should be able to respond to both.
The is_user_in() call looks in the credentials for the user_id, and that user_id is used for a lookup in the grp table for a grp with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially forged.
Yes, exactly.
Jan.
The is_user_in() call looks in the credentials for the user_id, and that user_id is used for a lookup in the grp table for a grp with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially forged.
ok, is not safe, I know it .... but why is not working ?
is_user_in(): No authorized credentials found (error in scripts)
what script ?
Alessio Focardi wrote:
The is_user_in() call looks in the credentials for the user_id, and that user_id is used for a lookup in the grp table for a grp with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially forged.
ok, is not safe, I know it .... but why is not working ?
is_user_in uses the Authorization: credentials, not the From:!!!
is_user_in(): No authorized credentials found (error in scripts)
what script ?
The same script you have the is_user_in() call. Put www_authorize() above is_user_in() as I described.
---greg
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Alessio Focardi -
Greg Fausak -
Jan Janak