[SR-Users] Session authorization just before initiate it
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Jul 4 13:55:11 CEST 2011
Am 04.07.2011 12:38, schrieb Roberto Fichera:
> On 07/01/2011 11:32 PM, Klaus Darilion wrote:
>> Hi Roberto!
>
> Hi Klaus,
>
>> The best location of applying such a "policy" function depends on
>> several things:
>>
>> First, you need to have all the data you are requiring. E.g. if you want
>> to check if a certain user is allowed to call a certain phone number you
>> usually need to do first:
>> - authenticate the user
>> - normalize destination (e.g. bring phone number into E164 format or
>> apply alias lookups).
>
> Basically any user should authenticate as usual, than before two
> user can talk together, kamailio must authorize the conversation
> through a SQL lookup
>
>> Then, before proceeding any further, you might check the policy using a
>> SQL query. Be sure to SQL escape the date you provide for the SQL lookup
>> to prevent SQL injection (see "transfomations").
>>
>> In above case, the SQL query should be before calling lookup().
>
> So, digging in the code you mean something like:
>
> # USER location service
> route[LOCATION] {
>
> <SQL lookup code goes here>
>
> #!ifdef WITH_ALIASDB
> # search in DB-based aliases
> alias_db_lookup("dbaliases");
> #!endif
>
> if (!lookup("location")) {
> switch ($rc) {
> case -1:
> case -3:
> t_newtran();
> t_reply("404", "Not Found");
> exit;
> case -2:
> sl_send_reply("405", "Method Not Allowed");
> exit;
> }
> }
>
> # when routing via usrloc, log the missed calls also
> if (is_method("INVITE"))
> {
> setflag(FLT_ACCMISSED);
> }
> }
No.
# USER location service
route[LOCATION] {
#!ifdef WITH_ALIASDB
# search in DB-based aliases
alias_db_lookup("dbaliases");
#!endif
<SQL lookup code goes here>
if (!lookup("location")) {
switch ($rc) {
case -1:
case -3:
t_newtran();
t_reply("404", "Not Found");
exit;
case -2:
sl_send_reply("405", "Method Not Allowed");
exit;
}
}
# when routing via usrloc, log the missed calls also
if (is_method("INVITE"))
{
setflag(FLT_ACCMISSED);
}
}
More information about the sr-users
mailing list