<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><tt>If you are strictly doing an
IP-based auth using the permissions module, you may define a
"Registration Disabled" flag (1/0) within the "context_info"
column of the address table.<br>
You can then extract this info in your script when calling
check_source_address() and drop REGISTERs if set to "1" [1].<br>
<br>
However, to me it seems like your feature is
subscriber-oriented. Since a subscriber may have multiple
entries in the address table,<br>
I would define the "Registration Disabled" flag as an additional
column in the subscriber table, and fetch it using the "load_credentials"
modparam.<br>
<br>
[1]:
<a class="moz-txt-link-freetext" href="http://www.opensips.org/html/docs/modules/2.1.x/permissions.html#id294950">http://www.opensips.org/html/docs/modules/2.1.x/permissions.html#id294950</a><br>
[2]:
<a class="moz-txt-link-freetext" href="http://www.opensips.org/html/docs/modules/2.1.x/auth_db.html#id293578">http://www.opensips.org/html/docs/modules/2.1.x/auth_db.html#id293578</a><br>
<br>
Best regards,<br>
</tt>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
On 02.01.2015 17:09, Satish Patel wrote:<br>
</div>
<blockquote
cite="mid:CAPgF-fr=QssXMqfMEDrq3Haa5rWxc1fWM9Y9mWmeMcG-9ukMYQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Lets say i have user "A" using IP base authentication
to send call outside using Opensips Proxy. ( Same user has
option to Username/Password to register and send calls). <br>
<br>
</div>
We have developed web GUI to give control control to
"customer" so they can enable/disable their registration
base method ( Reason we give that control to user because if
user has dedicated Public IP then he can disable
"Registration" base method so hacker can't exploit their
users accounts. <br>
<br>
</div>
So my Original question is, How or what i should use or
configure in Opensips so i can switch on/off user base
registration? ( We only allowing to send calls outside, no
inbound calls allowed)<br>
<br>
</div>
<div>Hope it helps you to understand my scenario, Let me know if
i am wrong anywhere in above scenario. <br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Dec 31, 2014 at 1:30 PM, Duane
Larson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:duane.larson@gmail.com" target="_blank">duane.larson@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">My logic
saves the user that is registering into the location table
without challenging them for a password or checking that the
user or domain is local to the OpenSIPs instance. If you
are looking for something more you might want to provide
more detail.
<div><br>
</div>
<div>This would allow fake accounts to register if they are
from a friendly IP.
<div>
<div class="h5"><span></span><br>
<br>
On Wednesday, December 31, 2014, Satish Patel <<a
moz-do-not-send="true"
href="mailto:satish.txt@gmail.com" target="_blank">satish.txt@gmail.com</a>>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">How it will help if i want to allow
only IP auth for specific user but not
registration auth? How your logic deal with User
level?
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Dec 31, 2014 at
12:22 PM, Duane Larson <span dir="ltr"><<a
moz-do-not-send="true">duane.larson@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0
0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">Would you not just do something
like this?
<div><br>
</div>
<div>If(FriendlyIP
&& is_method("REGISTER"))</div>
<div>{</div>
<div>
<div> if (t_newtran()) {</div>
<div>
save("location");</div>
<div> }</div>
<div><br>
</div>
<div> exit;</div>
</div>
<div>}</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div>On Wed, Dec 31, 2014 at 10:22 AM,
Satish Patel <span dir="ltr"><<a
moz-do-not-send="true">satish.txt@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>We have many users using both
registration method and IP auth
method to send calls but i wants
if they use IP Auth method then
we can disable registration
method ( just prevention from
hacking attack). </div>
<div><br>
</div>
<div>I believe registration is
only required for incoming calls
to find user location, right?
How do i tell opensips don't
accept user registration method
even opensips challenge for
proxy auth. any suggestion? </div>
</div>
<br>
</div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>