10 Feb
2004
10 Feb
'04
5:47 p.m.
I'm getting mad, this script always gives "No permission for local calls"
even if caller has "local" permission, I checked also in database.
I'm missing something ?
if (uri=~"0*@DOMAINNAME") {
if (!is_user_in("credentials", "local")){
sl_send_reply("403", "No permission for local calls");
break;
} else {
rewritehostport("SERVERIP:5090");
t_relay_to_udp("SERVERIP", "5090");
break;
};
};
ser log:
is_user_in(): No authorized credentials found (error in scripts)
Tnx for any help !
10 Feb
10 Feb
6:08 p.m.
This probably means you need to to a www_challenge() www_authorize()...
if(!proxy_authorize("DOMAINNAME", "subscriber"))
{
proxy_challenge("DOMAINNAME", "0");
break;
};
You can replace proxy_ with www_, however, I think the
proxy_ is more correct? I've actually run across UAs that
won't respond to www_...
The is_user_in() call looks in the credentials for the user_id,
and that user_id is used for a lookup in the grp table for a grp
with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially
forged.
---greg
Alessio Focardi wrote:
I'm getting mad, this script always gives "No
permission for local
calls" even if caller has "local" permission, I checked also in database.
I'm missing something ?
if (uri=~"0*@DOMAINNAME") {
if (!is_user_in("credentials", "local")){
sl_send_reply("403", "No permission for local
calls");
break;
} else {
rewritehostport("SERVERIP:5090");
t_relay_to_udp("SERVERIP", "5090");
break;
};
};
ser log:
is_user_in(): No authorized credentials found (error in scripts)
Tnx for any help !
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6:09 p.m.
On 10-02 10:08, Greg Fausak wrote:
This probably means you need to to a www_challenge()
www_authorize()...
if(!proxy_authorize("DOMAINNAME", "subscriber"))
{
proxy_challenge("DOMAINNAME", "0");
break;
};
You can replace proxy_ with www_, however, I think the
proxy_ is more correct? I've actually run across UAs that
won't respond to www_...
Actually www_* functions are more appropriate for the registrar, proxy_*
are usually used when you forward the request (such as INVITE). A good
implementation should be able to respond to both.
The is_user_in() call looks in the credentials for the
user_id,
and that user_id is used for a lookup in the grp table for a grp
with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially
forged.
Yes, exactly.
Jan.
6:14 p.m.
The is_user_in() call looks in the credentials for the user_id,
and that user_id is used for a lookup in the grp table for a grp
with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially
forged.
ok, is not safe, I know it .... but why is not working ?
is_user_in(): No authorized credentials found (error in
scripts)
what script ?
6:39 p.m.
Alessio Focardi wrote:
is_user_in uses the Authorization: credentials, not the From:!!!
The same script you have the is_user_in() call. Put www_authorize()
above is_user_in() as I described.
---greg
The is_user_in() call looks in the credentials for the user_id,
and that user_id is used for a lookup in the grp table for a grp
with a value of 'local', ie:
select * from grp where user_id = 'user_id' and grp = 'local';
The reason credentials are used is because the from can be trivially
forged.
ok, is not safe, I know it .... but why is not working ? is_user_in(): No authorized credentials found
(error in scripts)
what script ?
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7595
days inactive
7595
days old
4 comments
3 participants
participants (3)
-
Alessio Focardi -
Greg Fausak -
Jan Janak