<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><tt>Hi Satish,<br>
<br>
As you see, the auth code is guarded by the "is_from_local()"
condition - this checks if the SIP domain advertised in the FROM
header is a local domain to OpenSIPS or not. If it is not, it
will not get auth. The idea is - auth only my own users. <br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
On 19.02.2015 22:33, Satish Patel wrote:<br>
</div>
<blockquote
cite="mid:CAPgF-foZgo_AJKrTvGZC75iDb+1xSSai+VfbPubtBifuunz6tg@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks Jeff, I do have Database and
proxy_authorize setup and users are able to authenticate but
some request i have seen directly sending INVITE and
proxy_authorize() not sending 407 proxy challange, does it
possible .
<div><br>
</div>
<div>If any non-REGISTER request will process by following
snippet so if someone trying to send direct INVITE then it
will process in following block and proxy_authorize will send
407 challenge. but i have seen some request directly going
into INVITE snippet without going through proxy_authorize().
so i was thinking why not use one more check in INVITE snippet
to make sure user is authenticated. <br>
<div><br>
</div>
<div><br>
</div>
<div>
<div>if ( !(is_method("REGISTER") ) ) {</div>
<div> </div>
<div><br>
</div>
<div> if (is_from_local())</div>
<div> {</div>
<div><br>
</div>
<div> # authenticate if from local
subscriber</div>
<div> # authenticate all initial
non-REGISTER request that pretend to be</div>
<div> # generated by local subscriber
(domain from FROM URI is local)</div>
<div> if (!check_source_address("2"))
{</div>
<div> if (!proxy_authorize("",
"subscriber")) {</div>
<div> proxy_challenge("",
"0");</div>
<div> exit;</div>
<div> }</div>
<div> consume_credentials();</div>
<div> # caller authenticated</div>
<div> }</div>
<div> } else {</div>
<div> # if caller is not local, then
called number must be local</div>
<div><br>
</div>
<div> if (!is_uri_host_local()) {</div>
<div> send_reply("403","Rely
forbidden");</div>
<div> exit;</div>
<div> }</div>
<div> }</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>...</div>
<div>...</div>
<div><br>
</div>
<div>
<div> # To FreeSWITCH</div>
<div> if (is_method("INVITE")) {</div>
<div> if ( uri=~<a class="moz-txt-link-rfc2396E" href="mailto:^sip:[1-9][0-9]{10,15}@.*">"^sip:[1-9][0-9]{10,15}@.*"</a>) {</div>
<div> route("to_dispatcher");<br>
</div>
<div> exit;</div>
<div> };</div>
<div> }</div>
</div>
<div><br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Feb 19, 2015 at 1:29 PM, Jeff
Pyle <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jpyle@fidelityvoice.com" target="_blank">jpyle@fidelityvoice.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Satish,
<div><br>
</div>
<div>There are many documented examples of how/when to
authorize calls in OpenSIPS. Take a look at the
pstn.cfg file included in the examples directory of the
source. You'll see the proxy_authorize() function
around line 96. That, with some module and database
configuration, will get on the right path.</div>
<div><br>
</div>
<div><br>
</div>
<div>- Jeff</div>
<div><br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">
<div>
<div class="h5">On Thu, Feb 19, 2015 at 12:08 PM,
Satish Patel <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:satish.txt@gmail.com"
target="_blank">satish.txt@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="h5">
<div dir="ltr">I am using opensips 1.11 but i
have seen wired issue, How i can check auth
before process INVITE packet?
<div><br>
</div>
<div>I have following code, I have seen if i
send only INVITE packet using SIPP it is
processing that call, I want it check AUTH
before processing INVITE packet how can we
do that?</div>
<div><br>
</div>
<div>
<div># To FreeSWITCH</div>
<div> if (is_method("INVITE")) {</div>
<div> if (
uri=~<a class="moz-txt-link-rfc2396E" href="mailto:^sip:[1-9][0-9]{10,15}@.*">"^sip:[1-9][0-9]{10,15}@.*"</a>) {</div>
<div> xlog("call with
X-customer: $Au ===> Freeswitch\n");</div>
<div> append_hf("X-customer:
$Au\r\n");</div>
<div> append_hf("X-SRIPP:
$si:$sp\r\n");</div>
<div> route("to_dispatcher");</div>
<div> exit;</div>
<div> };</div>
<div> }</div>
</div>
<div><br>
</div>
</div>
<br>
</div>
</div>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org"
target="_blank">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a moz-do-not-send="true"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>