[OpenSIPS-Users] URGENT - Check auth before INVITE

Satish Patel satish.txt at gmail.com
Thu Feb 19 21:33:49 CET 2015 

Thanks Jeff,  I do have Database and proxy_authorize setup and users are
able to authenticate but some request i have seen directly sending INVITE
and proxy_authorize() not sending 407 proxy challange, does it possible .

If any non-REGISTER request will process by following snippet so if someone
trying to send direct INVITE then it will process in following block and
proxy_authorize will send 407 challenge. but i have seen some request
directly going into INVITE snippet without going through proxy_authorize().
so i was thinking why not use one more check in INVITE snippet to make sure
user is authenticated.


if ( !(is_method("REGISTER")  ) ) {


                if (is_from_local())
                {

                        # authenticate if from local subscriber
                        # authenticate all initial non-REGISTER request
that pretend to be
                        # generated by local subscriber (domain from FROM
URI is local)
                        if (!check_source_address("2")) {
                        if (!proxy_authorize("", "subscriber")) {
                                proxy_challenge("", "0");
                                exit;
                        }
                        consume_credentials();
                        # caller authenticated
                        }
                } else {
                        # if caller is not local, then called number must
be local

                        if (!is_uri_host_local()) {
                                send_reply("403","Rely forbidden");
                                exit;
                        }
                }


...
...

 # To FreeSWITCH
        if (is_method("INVITE")) {
        if  ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
                route("to_dispatcher");
                exit;
                };
        }


On Thu, Feb 19, 2015 at 1:29 PM, Jeff Pyle <jpyle at fidelityvoice.com> wrote:

> Satish,
>
> There are many documented examples of how/when to authorize calls in
> OpenSIPS.  Take a look at the pstn.cfg file included in the examples
> directory of the source.  You'll see the proxy_authorize() function around
> line 96.  That, with some module and database configuration, will get on
> the right path.
>
>
> - Jeff
>
>
> On Thu, Feb 19, 2015 at 12:08 PM, Satish Patel <satish.txt at gmail.com>
> wrote:
>
>> I am using opensips 1.11 but i have seen wired issue, How i can check
>> auth before process INVITE packet?
>>
>> I have following code, I have seen if i send only INVITE packet using
>> SIPP it is processing that call, I want it check AUTH before processing
>> INVITE packet how can we do that?
>>
>> # To FreeSWITCH
>>         if (is_method("INVITE")) {
>>         if  ( uri=~"^sip:[1-9][0-9]{10,15}@.*") {
>>                 xlog("call with X-customer: $Au  ===> Freeswitch\n");
>>                 append_hf("X-customer: $Au\r\n");
>>                 append_hf("X-SRIPP: $si:$sp\r\n");
>>                 route("to_dispatcher");
>>                 exit;
>>                 };
>>         }
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150219/b122dbfe/attachment-0001.htm>

More information about the Users mailing list