<HTML >
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-16">
<META HTTP-EQUIV="EXPIRES" CONTENT="0">
<META HTTP-EQUIV="EXPIRESABSOLUTE" CONTENT="Tue, 01 Jun 1999 12:00:00 GMT">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="PRIVATE">
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<TITLE></TITLE>
<META content="MSHTML 6.00.2900.2838" name=GENERATOR></HEAD>
<BODY >
<DIV><!-- Converted from text/plain format -->
<P><FONT size=2><BR>Thanks,<BR><BR>That configuration is accepted but now my
"registered" client is denied at both following lines:<BR><BR>if
(!lookup_user("From")) {<BR>if ((!avp_equals_xl("$registered_host", "%si") ||
!avp_equals_xl("$registered_port", "%sp"))) {<BR><BR>How can I print
$registered_host to log ?<BR>I can print %si with
xlog().<BR><BR>Thanks,<BR>ilker<BR><BR><BR>-----Original Message-----<BR>From:
Miklos Tirpak [<A
href="mailto:miklos@iptel.org">mailto:miklos@iptel.org</A>]<BR>Sent: Wednesday,
July 12, 2006 4:01 PM<BR>To: İlker Aktuna (Koç.net)<BR>Cc:
serusers@iptel.org<BR>Subject: Re: [Serusers] prevent INVITE without
REGISTERing<BR><BR>İlker Aktuna (Koç.net) wrote:<BR>><BR>><BR>> Thanks
Miklos,<BR>><BR>> I think this is just what I'm looking for.<BR>> But I
get some errors for this line:<BR>> if ((src_ip != @ruri.host) || (src_port
!= @ruri.port)) {<BR><BR>You can access src_ip and src_port via
xl_lib:<BR><BR>$registered_host = @ruri.host;<BR>$registered_port =
@ruri.port;<BR><BR>if ((!avp_equals_xl("$registered_host", "%si"))<BR>||
(!avp_equals_xl("$registered_port", "%sp")))
{<BR>...<BR><BR>Miklos<BR><BR>><BR>> 0(30074) parse error
(175,16-17): syntax error<BR>> 0(30074) parse error (175,16-17): ip
address or hostname expected<BR>> 0(30074) parse error (175,16-17): bad
command<BR>> 0(30074) parse error (175,21-22): bad
command<BR>> 0(30074) parse error (175,21-22): bad
command<BR>> 0(30074) parse error (175,26-27): bad
command<BR>> 0(30074) parse error (175,26-27): bad
command<BR>> 0(30074) parse error (175,28-30): bad
command<BR>> 0(30074) parse error (175,31-32): bad
command<BR>> 0(30074) parse error (175,32-40): bad
command<BR>> 0(30074) parse error (175,41-43): bad
command<BR>> 0(30074) parse error (175,44-45): bad
command<BR>> 0(30074) parse error (175,49-50): bad
command<BR>> 0(30074) parse error (175,49-50): bad
command<BR>> 0(30074) parse error (175,54-55): bad
command<BR>> 0(30074) parse error (175,54-55): bad
command<BR>> 0(30074) parse error (175,55-56): bad
command<BR>> 0(30074) parse error (175,57-58): bad
command<BR>><BR>> Any idea why ?<BR>><BR>> Thanks,<BR>>
ilker<BR>><BR>> -----Original Message-----<BR>> From: Miklos Tirpak [<A
href="mailto:miklos@iptel.org">mailto:miklos@iptel.org</A>]<BR>> Sent:
Wednesday, July 12, 2006 11:58 AM<BR>> To: İlker Aktuna (Koç.net)<BR>> Cc:
serusers@iptel.org<BR>> Subject: Re: [Serusers] prevent INVITE without
REGISTERing<BR>><BR>> Hi Ilker,<BR>><BR>> just my first idea, not
tested:<BR>><BR>><BR>> 1. lookup the From HF<BR>><BR>> if
(!lookup_user("From")) {<BR>>
# reject the INVITE<BR>>
...<BR>> }<BR>><BR>> 2. save original To UID and Request
URI<BR>><BR>> $orig_to_uid = $tu.uid;<BR>> $orig_req_uri =
@ruri;<BR>><BR>> 3. set To UID -- registrar module will use this in the
lookup<BR>><BR>> $tu.uid = $fu.uid;<BR>><BR>> 4. lookup >From HF and
compare the source address of the INVITE with<BR>> the source address of the
REGISTER message<BR>><BR>> if (lookup("location"))
{<BR>> if ((src_ip !=
@ruri.host) || (src_port != @ruri.port))
{<BR>>
# reject the
INVITE<BR>>
...<BR>>
}<BR>> # restore original To
UID and Request URI<BR>>
$tu.uid = $orig_to_uid;<BR>>
attr2uri("$orig_req_uri");<BR>> } else
{<BR>> # reject the
INVITE<BR>> ...<BR>>
}<BR>><BR>> Note, that the above solution is a bit ugly, you can get into
troubles<BR>> when the user registers multiple contact addresses. It is
better to<BR>> disable branches (see append_branches parameter in registrar
module),<BR>> but you loose some functionality.<BR>><BR>>
Regards,<BR>> Miklos<BR>><BR>> İlker Aktuna (Koç.net)
wrote:<BR>> ><BR>> > Hi everyone,<BR>>
><BR>> > I am still trying to find a solution to this problem.
(but couldn't <BR>> > find > yet) > Victor was
trying to help me but I think he's not<BR>> able to reply these
days.<BR>> ><BR>> > Is there any idea to achieve what I
need.<BR>> ><BR>> > Thanks,<BR>> >
ilker<BR>> ><BR>> ><BR>>
----------------------------------------------------------------------<BR>>
> --<BR>> > *From:* serusers-bounces@lists.iptel.org
><BR>> [<A
href="mailto:serusers-bounces@lists.iptel.org">mailto:serusers-bounces@lists.iptel.org</A>]
*On Behalf Of *İlker Aktuna <BR>> > (Koç.net) > *Sent:*
Tuesday, July 11, 2006 1:41 PM > *To:* Victor<BR>> Stanescu
> *Cc:* serusers@iptel.org > *Subject:* RE: [Serusers]<BR>>
prevent INVITE without REGISTERing > > Hi, >
> What if my proxy<BR>> does not handle authenticating INVITE messages
?<BR>> ><BR>> > In that case I think the best way is to
lookup location table for<BR>> the > source URI.<BR>> >
If the source URI location matches the location in that table then<BR>>
we > must permit INVITE message.<BR>> > How can I configure
this ?<BR>> ><BR>> > Thanks,<BR>> >
ilker<BR>> ><BR>> > -----Original
Message-----<BR>> > From: serusers-bounces@lists.iptel.org
><BR>> [<A
href="mailto:serusers-bounces@lists.iptel.org">mailto:serusers-bounces@lists.iptel.org</A>]
On Behalf Of Victor Stanescu <BR>> > Sent: Monday, July 10, 2006 1:49
PM > Cc: serusers@iptel.org ><BR>> Subject: Re: [Serusers]
prevent INVITE without REGISTERing > ><BR>> Please read
"domain" instead of "gtstelecom.ro":<BR>> >
www_authorize("domain",<BR>> > "subscriber") and
proxy_authorize("domain", "subscriber"),<BR>> otherwise > the code
fragment will not be correct. I forgot to<BR>> replace with a generic
name.<BR>> ><BR>> > Victor Stanescu wrote:<BR>>
> > I think it is easier to force him to authenticate the INVITE.
If<BR>> he > is > able to authenticate the INVITE, why do
you care if he is <BR>> > registered > or not?<BR>>
> ><BR>> > > if (method=="REGISTER")
{<BR>> > > if(!src_ip=="other")
{<BR>> > >
if (!www_authorize("gtstelecom.ro", "subscriber")) {<BR>> >
>
www_challenge("domain", "0");<BR>> >
>
break;<BR>> >
> };<BR>> >
>
save("location");<BR>> >
> log("Replicating
REGISTER\n");<BR>> >
> t_replicate("other",
"5060");<BR>> > > } else
{<BR>> > >
save("location");<BR>> > >
};<BR>> > > break;<BR>>
> > } else {<BR>> > > #
this is an INVITE<BR>> > > if
(!proxy_authorize("gtstelecom.ro", "subscriber")) {<BR>> >
> proxy_challenge("domain",
"1");<BR>> >
> break;<BR>>
> > };<BR>> >
> # route the call<BR>> >
> ...<BR>> > > };<BR>>
> ><BR>> > > İlker Aktuna (Koç.net)
wrote:<BR>> > >><BR>> > >> Hi
all,<BR>> > >><BR>> > >> Is it
possible to prevent any user calling without registering ?<BR>> >
What >> is the best way to do this ?<BR>> >
>> I guess I'll have to check if the source URI exists in location<BR>>
table.<BR>> > >> What is the easiest way to do this
?<BR>> > >><BR>> > >> If there
is a more robust way to do it, please suggest...<BR>> >
>><BR>> > >> Thanks,<BR>> >
>> ilker<BR>> > >><BR>> >
>><BR>> ><BR>> ><BR>>
><BR><BR></FONT></P>
<!--445D5241795C-->
<br><br><a href="http://387555.sigclick.mailinfo.com/sigclick/00090507/060D4E00/00010A4E/0113122382.jpg"><img src="http://387555.signature1.mailinfo.com/confirm2.6/00090507/060D4E00/00010A4E/0113122382.jpg" border="0" nosend="1"></a><!--445D5241795C//--></DIV>
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">_____________________________________________________________________________________________________________________________________________</DIV>
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">Bu e-posta mesaji kisiye ozel olup, gizli bilgiler iceriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, icerigini hic bir sekilde kullanmayiniz ve ekli dosyalari acmayiniz. Bu durumda lutfen e-posta mesajini kullaniciya hemen geri gonderiniz ve tum kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hic bir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji viruslere karsi anti-virus sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virus koruma sistemleri ile kontrol ediliyor olsa bile - virus icermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hicbir sorumlulugu kabul etmez. </DIV>
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">This message is intended solely for the use of the individual or entity to whom it is addressed , and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence.</DIV>
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana">_____________________________________________________________________________________________________________________________________________</DIV>
<DIV STYLE="FONT-SIZE: 7pt; COLOR: gray; FONT-FAMILY: verdana" ALIGN="justify">
</DIV>
</DIV>
</DIV></BODY></HTML>