[OpenSIPS-Users] Registered trunks

Pat Burke pat at voxtelesys.com
Tue Jul 25 06:33:07 EDT 2017


Thanks for the response.  The PBX that is interfacing with us does not have that option.  And because of the varied nature of PBX's, I would like to
be as generic as possible.  

So to me it really come back to what is the exposure to not performing the "db_check_from"?

Pat Burke

Hello Pat,

I think that you can ask them to set the From Name as the callerid so
you can use transformation to take de information [1]


                xlog("FROM NAME: $(hdr(From){nameaddr.name})");
                xlog("FROM USER: $fU");


Result (on log):

l 24 22:06:51 opensipsHomolog2 /usr/local/sbin/opensips[7960]: FROM
NAME: "1016"
Jul 24 22:06:51 opensipsHomolog2 /usr/local/sbin/opensips[7960]: FROM
USER: 101600000393

After the authentication you can use the uac_replace_from[2] and change
the callerid that you send you carriers.

[1] - https://www.opensips.org/Documentation/Script-Tran-2-2
[2] - http://www.opensips.org/html/docs/modules/devel/uac.html#idp5265536

Em 24/07/17 21:32, Pat Burke escreveu:
> Hello,
> As a SIP Provider, we implementing the ability to provide SIP trunks
> to customers with a PBX or Dialer that require Registration.  With
> this in mind,
> the customer wants to be able to set the CallerID on at least on the
> basis of the devices connected tho them, but potentially on a per call
> basis.
> For the challenge-response to the non-Register methods, we have
> implemented the script as follows (seems to be a very standard way). 
> My question is
> for the case of the CallerID not being the same as the
> username/authorization name, how do we do this?  Because the "FROM"
> user is different from the
> authorized user, the db_check_from fails.  I don't believe all phone
> systems support P-Asserted-ID, so we can't really go that route.  So
> can we just remove
> the "db_check_from"?   What risk does that expose us to?
> if ( !(is_method("REGISTER")) ) {
>   if (is_from_local("$var(reg_domain_attr)")) { # from Registered device
>       $avp(callee_number_type) := "Registered";
>       # authenticate if from local subscriber
>       # authenticate all initial non-REGISTER request that pretend to be
>       # generated by local subscriber (domain from FROM URI is local)
>       if (!proxy_authorize("", "subscriber")) {
>          proxy_challenge("", "0");
>          exit;
>       }
>       if (!db_check_from()) {
>          sl_send_reply("403","Forbidden auth ID");
>          exit;
>       }
>       consume_credentials();
>       # caller authenticated
>    }
> }
> Regards,
> *Pat Burke*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170725/00ae75c2/attachment.html>

More information about the Users mailing list