[OpenSIPS-Users] URGENT - Check auth before INVITE
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Feb 24 17:51:21 CET 2015
Hi Satish,
As you see, the auth code is guarded by the "is_from_local()" condition
- this checks if the SIP domain advertised in the FROM header is a local
domain to OpenSIPS or not. If it is not, it will not get auth. The idea
is - auth only my own users.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 19.02.2015 22:33, Satish Patel wrote:
> Thanks Jeff, I do have Database and proxy_authorize setup and users
> are able to authenticate but some request i have seen directly sending
> INVITE and proxy_authorize() not sending 407 proxy challange, does it
> possible .
>
> If any non-REGISTER request will process by following snippet so if
> someone trying to send direct INVITE then it will process in following
> block and proxy_authorize will send 407 challenge. but i have seen
> some request directly going into INVITE snippet without going through
> proxy_authorize(). so i was thinking why not use one more check in
> INVITE snippet to make sure user is authenticated.
>
>
> if ( !(is_method("REGISTER") ) ) {
>
> if (is_from_local())
> {
>
> # authenticate if from local subscriber
> # authenticate all initial non-REGISTER
> request that pretend to be
> # generated by local subscriber (domain from
> FROM URI is local)
> if (!check_source_address("2")) {
> if (!proxy_authorize("", "subscriber")) {
> proxy_challenge("", "0");
> exit;
> }
> consume_credentials();
> # caller authenticated
> }
> } else {
> # if caller is not local, then called number
> must be local
>
> if (!is_uri_host_local()) {
> send_reply("403","Rely forbidden");
> exit;
> }
> }
>
>
> ...
> ...
>
> # To FreeSWITCH
> if (is_method("INVITE")) {
> if ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
> route("to_dispatcher");
> exit;
> };
> }
>
>
> On Thu, Feb 19, 2015 at 1:29 PM, Jeff Pyle <jpyle at fidelityvoice.com
> <mailto:jpyle at fidelityvoice.com>> wrote:
>
> Satish,
>
> There are many documented examples of how/when to authorize calls
> in OpenSIPS. Take a look at the pstn.cfg file included in the
> examples directory of the source. You'll see the
> proxy_authorize() function around line 96. That, with some module
> and database configuration, will get on the right path.
>
>
> - Jeff
>
>
> On Thu, Feb 19, 2015 at 12:08 PM, Satish Patel
> <satish.txt at gmail.com <mailto:satish.txt at gmail.com>> wrote:
>
> I am using opensips 1.11 but i have seen wired issue, How i
> can check auth before process INVITE packet?
>
> I have following code, I have seen if i send only INVITE
> packet using SIPP it is processing that call, I want it check
> AUTH before processing INVITE packet how can we do that?
>
> # To FreeSWITCH
> if (is_method("INVITE")) {
> if ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
> xlog("call with X-customer: $Au ===>
> Freeswitch\n");
> append_hf("X-customer: $Au\r\n");
> append_hf("X-SRIPP: $si:$sp\r\n");
> route("to_dispatcher");
> exit;
> };
> }
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150224/6e82f7fc/attachment.htm>
More information about the Users
mailing list