[OpenSIPS-Users] Permissions and domains?

Toyima Dias toyimads at gmail.com
Thu Feb 24 18:15:37 CET 2011 

Hello,

Finally i did some changes on my script, and seems to work just fine:

        ### ACCESS CONTROL ###
        ### ONLY PERMIT CALLS FROM GW AND LOCAL CALLS ###
        if (!(method=="REGISTER")) /*multidomain version*/
        if (!check_source_address("0")) {
                if (is_from_local()) {
                        if (!proxy_authorize("", "subscriber")) {
                        proxy_challenge("","0");
                        exit;
                        }
                if (!db_check_from()) {
                sl_send_reply("403","Forbidden auth ID");
                exit;
                }
                consume_credentials();
        } else {
                xlog("L_WARN", "_WARN_ unknown user trying to access
$(Ri):$(Rp) from IP $si | =>403\n");
                        sl_send_reply("403","Your IP Not Allowed");
                        exit;
                        }
        }

With this script, i just process calls from local domains and also from IPs
from the address table (IPs from GWs...)



2011/2/24 Toyima Dias <toyimads at gmail.com>

> Hello,
>
> I have an Asterisk as a GW, i don't want to ask for authentication to
> incoming calls (coming from the Asterisk), so i did the following:
>
> Previously i added the IP of the Asterisk to the table "domain" so the
> function is_from_local could check the from domain in the domain table and
> get into the if bucle
>
> Now my doubt is why do i have to use check_source_addres after checking the
> is_from_local? does it make any sense? Also, adding the IP of the GW to the
> domain table will produce the mentioned ack bug here
> http://lists.opensips.org/pipermail/users/2011-February/016883.html (when
> UAC from Proxy calls to the GW)...Am i doing sometrhing wrong?
> if (!(method=="REGISTER") && is_from_local())  /*multidomain version*/
>         {
>                         if(!check_source_address("0")){
>                         if (!proxy_authorize("", "subscriber")) {
>                         proxy_challenge("", "0");
>                         exit;
>                 }
>                 if (!db_check_from()) {
>                         sl_send_reply("403","Forbidden auth ID");
>                         exit;
>                 }
>         ##
>                 consume_credentials();
>         ##      # caller authenticated
>         }
>         }
>
> .
> .
> .
> .
> .
>
>  if (!is_uri_host_local())
>         {
>                 if(is_from_local()) {
>                         route(1);
>                 } else {
>                         sl_send_reply("403","Not Here");
>                         }
>         }
> By the way, i'm opening a new thread beacuse answering to the mentioned
> gets a reject because of size of the message :S
>
> Any help would be appreciated!
>
> Best Regards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20110224/8cdd548b/attachment.htm>

More information about the Users mailing list