[OpenSIPS-Users] src ip check on Register => Re: How to insert the IP address of user in radius request.
Uwe Kastens
kiste at kiste.org
Tue Jun 30 16:30:22 CEST 2009
Hi,
this is the script part, that is doing the job. ATM just only logging
loadmodule "avpops.so"
# ---- avpops
modparam("avpops", "db_url","mysql://xxxx:xxxx@abcd.domain.de/testdb")
if (method=="REGISTER") {
if (!radius_www_authorize("")) {
www_challenge("", "0");
exit;
};
avp_db_query("select ip from src_ip where number='$au'",
"$avp(s:srcip)");
if ($avp(s:srcip)!=$si){
xlog("$au should have SRC_IP $avp(s:srcip), but has $si");
}
save("location") ;
exit;
}
BR
Uwe
Uwe Kastens schrieb:
> Hi,
>
> I am facing a similar situation. We need to verify that a REGISTER comes
> from the same srcip we have configured in our database. I am thinking
> about doing this by making a select into an AVP and verfying the value
> of the AVP with the $si. If this is successfull the UA would be saved
> into the location and/or would be able to make a call.
>
> This should be possible with radius_avp as well.
>
> Looking at performance I would make the DIGEST Auth 1st and if this is
> succesfull check the IPs.
>
> BR
>
> uwe
>
>
> Tung Tran schrieb:
>> Hi Mr. Bogdan
>>
>> We need it for IP authorize besides DIGEST auth, that is not standard anyway
>> but business requirements.
>> We use MSSQL to do DIGEST authorize and we need an extra security layer
>> based on source IP, that is also a request by govements in my contry.
>>
>> So last but not lease, I would like someone can help me how to add this
>> feature as soon ass possible
>>
>> Thank you very much for your help
>>
>> Tung
>> ----- Original Message -----
>> From: "Bogdan-Andrei Iancu" <bogdan at voice-system.ro>
>> To: "Tung Tran" <tr.tung at gmail.com>
>> Cc: <users at lists.opensips.org>
>> Sent: Friday, June 26, 2009 2:24 AM
>> Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in radius
>> request.
>>
>>
>>> Hi Tung,
>>>
>>> I see the difference - unfortunately there is no way (at the moment) to
>>> add custom info to the RADIUS auth header, but it should be an extension
>>> that can be done - out of curiosity? why do you need this in the AUTH
>>> request, as this info is not used in the DIGEST auth.
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Tung Tran wrote:
>>>> Dear Mr. Bogdan,
>>>>
>>>> I know we can insert the source IP address in account request before
>>>> sending it to Radius, however can I insert it in AUTHORIZE request
>>>> instead?
>>>>
>>>> Thank you very much for your reply.
>>>> Tung
>>>>
>>>> ----- Original Message ----- From: "Bogdan-Andrei Iancu"
>>>> <bogdan at voice-system.ro>
>>>> To: "Tung Tran" <tr.tung at gmail.com>
>>>> Cc: <users at lists.opensips.org>
>>>> Sent: Tuesday, June 23, 2009 6:04 PM
>>>> Subject: Re: [OpenSIPS-Users] How to insert the IP address of user in
>>>> radius request.
>>>>
>>>>
>>>>> Hi Tung,
>>>>>
>>>>> First of all you should upgrade to 1.5 version (see
>>>>> http://www.opensips.org/Resources/Downloads).
>>>>>
>>>>> For your problem, use extra accounting - you can account whatever extra
>>>>> info you want. See:
>>>>>
>>>>> http://www.opensips.org/html/docs/modules/1.5.x/acc.html#ACC-extra-id
>>>>>
>>>>> To get the source IP, use the $si pseudo-variable (see
>>>>> http://www.opensips.org/Resources/DocsCoreVar15#toc71).
>>>>>
>>>>> Regards,
>>>>> Bogdan
>>>>>
>>>>> Tung Tran wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I get a request to insert the public IP address of the sip softphone or
>>>>>> IP Phone/ATA (end-point) in the Radius request sending to Radius
>>>>>> server.
>>>>>> I am thinking about to mod the auth_radius module to insert that IP in
>>>>>> SIP-URI-User field, likely this one:
>>>>>>
>>>>>> Original
>>>>>> Sip-Uri-User = "985512405"
>>>>>>
>>>>>> After mod:
>>>>>> Sip-Uri-User = 985512405 at 1.2.3.4
>>>>>>
>>>>>> Where 1.2.3.4 is the IP of SIP end-point, not the IP address of
>>>>>> Opensips/Opensers servers.
>>>>>>
>>>>>> But I dont know where I should play with.
>>>>>> Any one had done it before or know where we can edit, pls help me.
>>>>>>
>>>>>> BTW, I am using openser 1.2.2 version.
>>>>>> Thanks in advance
>>>>>> Tung
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
--
kiste lat: 54.322684, lon: 10.13586
More information about the Users
mailing list