Hi Satish,
As you see, the auth code is guarded by the "is_from_local()" condition
- this checks if the SIP domain advertised in the FROM header is a local
domain to OpenSIPS or not. If it is not, it will not get auth. The idea
is - auth only my own users.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 19.02.2015 22:33, Satish Patel wrote:
Thanks Jeff, I do have Database and proxy_authorize setup and users
are able to authenticate but some request i have seen directly sending
INVITE and proxy_authorize() not sending 407 proxy challange, does it
possible .
If any non-REGISTER request will process by following snippet so if
someone trying to send direct INVITE then it will process in following
block and proxy_authorize will send 407 challenge. but i have seen
some request directly going into INVITE snippet without going through
proxy_authorize(). so i was thinking why not use one more check in
INVITE snippet to make sure user is authenticated.
if ( !(is_method("REGISTER") ) ) {
if (is_from_local())
{
# authenticate if from local subscriber
# authenticate all initial non-REGISTER
request that pretend to be
# generated by local subscriber (domain from
FROM URI is local)
if (!check_source_address("2")) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
exit;
}
consume_credentials();
# caller authenticated
}
} else {
# if caller is not local, then called number
must be local
if (!is_uri_host_local()) {
send_reply("403","Rely forbidden");
exit;
}
}
...
...
# To FreeSWITCH
if (is_method("INVITE")) {
if ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
route("to_dispatcher");
exit;
};
}
On Thu, Feb 19, 2015 at 1:29 PM, Jeff Pyle <[email protected]
<mailto:[email protected]>> wrote:
Satish,
There are many documented examples of how/when to authorize calls
in OpenSIPS. Take a look at the pstn.cfg file included in the
examples directory of the source. You'll see the
proxy_authorize() function around line 96. That, with some module
and database configuration, will get on the right path.
- Jeff
On Thu, Feb 19, 2015 at 12:08 PM, Satish Patel
<[email protected] <mailto:[email protected]>> wrote:
I am using opensips 1.11 but i have seen wired issue, How i
can check auth before process INVITE packet?
I have following code, I have seen if i send only INVITE
packet using SIPP it is processing that call, I want it check
AUTH before processing INVITE packet how can we do that?
# To FreeSWITCH
if (is_method("INVITE")) {
if ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
xlog("call with X-customer: $Au ===>
Freeswitch\n");
append_hf("X-customer: $Au\r\n");
append_hf("X-SRIPP: $si:$sp\r\n");
route("to_dispatcher");
exit;
};
}
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
