Multi domain registration.

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Multi domain registration.

Chris Maciejewski
Hi,

What would be the best/easiest way of preventing registrations into
"wrong" domains?

For example:

subscriber table:
| username  |     domain      |  password
|    10000    |  sip1.domain  |     secret1
|    10001    |  sip2.domain  |     secret2

in my openser.cfg I got:

modparam("usrloc", "use_domain", 1)

yet still
"REGISTER [hidden email]"
and
"REGISTER [hidden email]"
are both allowed.

How can I restrict users to REGISTER only into their own domain?

Thanks
Chris

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

osiris123d
Can we see the code in your opensips.cfg file that is handling your Register requests?

 
Chris Maciejewski wrote
Hi,

What would be the best/easiest way of preventing registrations into
"wrong" domains?

For example:

subscriber table:
| username  |     domain      |  password
|    10000    |  sip1.domain  |     secret1
|    10001    |  sip2.domain  |     secret2

in my openser.cfg I got:

modparam("usrloc", "use_domain", 1)

yet still
"REGISTER 10000@sip2.domain"
and
"REGISTER 100001@sip1.domain"
are both allowed.

How can I restrict users to REGISTER only into their own domain?

Thanks
Chris

_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Chris Maciejewski
Sure, I should have also mention my OpenSIPs is 1.5.1.

REGISTER handling code:

if (!www_authorize("", "subscriber"))
{
  www_challenge("", "0");
  exit;
}

if (!check_to())
{
  sl_send_reply("403","Forbidden auth ID");
  exit;
}

if (!save("location"))
{
  sl_reply_error();
}
exit;


2009/9/9 osiris123d <[hidden email]>:

>
> Can we see the code in your opensips.cfg file that is handling your Register
> requests?
>
>
>
> Chris Maciejewski wrote:
>>
>> Hi,
>>
>> What would be the best/easiest way of preventing registrations into
>> "wrong" domains?
>>
>> For example:
>>
>> subscriber table:
>> | username  |     domain      |  password
>> |    10000    |  sip1.domain  |     secret1
>> |    10001    |  sip2.domain  |     secret2
>>
>> in my openser.cfg I got:
>>
>> modparam("usrloc", "use_domain", 1)
>>
>> yet still
>> "REGISTER [hidden email]"
>> and
>> "REGISTER [hidden email]"
>> are both allowed.
>>
>> How can I restrict users to REGISTER only into their own domain?
>>
>> Thanks
>> Chris
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> --
> View this message in context: http://n2.nabble.com/Multi-domain-registration-tp3611896p3612074.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Saúl Ibarra Corretgé-2
In reply to this post by Chris Maciejewski
When adding a user add the domain part:

Opensipsctl add [hidden email] password


2009/9/9, Chris Maciejewski <[hidden email]>:

> Hi,
>
> What would be the best/easiest way of preventing registrations into
> "wrong" domains?
>
> For example:
>
> subscriber table:
> | username  |     domain      |  password
> |    10000    |  sip1.domain  |     secret1
> |    10001    |  sip2.domain  |     secret2
>
> in my openser.cfg I got:
>
> modparam("usrloc", "use_domain", 1)
>
> yet still
> "REGISTER [hidden email]"
> and
> "REGISTER [hidden email]"
> are both allowed.
>
> How can I restrict users to REGISTER only into their own domain?
>
> Thanks
> Chris
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

--
Enviado desde mi dispositivo móvil

/Saúl
http://www.saghul.net | http://www.sipdoc.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Chris Maciejewski
Hi Saul, I don't use opensipsctl to insert users into subscriber
table, yet as shown in my first post 'domain' column is populated
correctly.

I tried now, to change my REGISTER block to:

if (!www_authorize("$td", "subscriber"))
{
  www_challenge("$td", "0");
  exit;
}

if (!check_to())
{
  sl_send_reply("403","Forbidden auth ID");
  exit;
}

if (!save("location"))
{
  sl_reply_error();
}

but this doesn't seem to work.

Any other ideas how to prevent users to REGISTER in a domain they
don't belong to?



2009/9/9 Saúl Ibarra <[hidden email]>:

> When adding a user add the domain part:
>
> Opensipsctl add [hidden email] password
>
>
> 2009/9/9, Chris Maciejewski <[hidden email]>:
>> Hi,
>>
>> What would be the best/easiest way of preventing registrations into
>> "wrong" domains?
>>
>> For example:
>>
>> subscriber table:
>> | username  |     domain      |  password
>> |    10000    |  sip1.domain  |     secret1
>> |    10001    |  sip2.domain  |     secret2
>>
>> in my openser.cfg I got:
>>
>> modparam("usrloc", "use_domain", 1)
>>
>> yet still
>> "REGISTER [hidden email]"
>> and
>> "REGISTER [hidden email]"
>> are both allowed.
>>
>> How can I restrict users to REGISTER only into their own domain?
>>
>> Thanks
>> Chris
>>
>> _______________________________________________
>> Users mailing list
>> [hidden email]
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> --
> Enviado desde mi dispositivo móvil
>
> /Saúl
> http://www.saghul.net | http://www.sipdoc.net
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Iñaki Baz Castillo
El Sábado, 12 de Septiembre de 2009, Chris Maciejewski escribió:
> if (!www_authorize("$td", "subscriber"))

Why the f*** do you do that????
Please, read the "www_authorize()" documentation instead of invent how to use
it and complain because it doesn't work.

--
Iñaki Baz Castillo <[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Chris Maciejewski
OK. Indeed www_authorize("$td", "subscriber") wasn't best idea :-(
as it is the same as  www_authorize("", "subscriber") anyway
(according to documentation).

What I am trying to achieve is:

with the following records in subscriber table:
| username  |     domain      |  password
|    10000    |  sip1.domain  |     secret1
|    10001    |  sip2.domain  |     secret2

at the moment user 10000 will successfully register sending the
following REGISTER:

      REGISTER sip:sip2.domain SIP/2.0.
      Via: SIP/2.0/UDP 10.10.10.1:5060;rport;branch=z9hG4bK-27485
      From: <sip:[hidden email]>;tag=1
      To: <sip:[hidden email]>
      Call-ID: 1234@10.10.10.1
      CSeq: 1 REGISTER
      Contact: <sip:10000@10.10.10.1:5060>

What I want, is to restrict user 10000 to domain sip1.domain only and
user 10001 to sip2.domain only.

So if user 10000 will send REGISTER to sip2.domain OpenSIPs will
always reply 401 Unauthorized,
and if user 10001 will send REGISTER to sip1.domain OpenSIPs will
always reply 401 Unauthorized.

Regards,
Chris


2009/9/12 Iñaki Baz Castillo <[hidden email]>:

> El Sábado, 12 de Septiembre de 2009, Chris Maciejewski escribió:
>> if (!www_authorize("$td", "subscriber"))
>
> Why the f*** do you do that????
> Please, read the "www_authorize()" documentation instead of invent how to use
> it and complain because it doesn't work.
>
> --
> Iñaki Baz Castillo <[hidden email]>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Saúl Ibarra Corretgé-2
Read this: http://www.opensips.org/html/docs/modules/1.4.x/auth.html#id228366
and http://www.opensips.org/html/docs/modules/1.4.x/auth_db.html#id228346

And try this code:

if (!www_authorize("", "subscriber")) {
          www_challenge("", "0");
          exit;
}

That way it should work if I'm not mistaken.


--
/Saúl
http://www.saghul.net | http://www.sipdoc.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Chris Maciejewski
Hi Saúl, thanks for suggestion, but this is exactly the code I currently use.
I posted it in my previous message in this thread:
http://lists.opensips.org/pipermail/users/2009-September/008034.html

...unfortunately it doesn't work the way I want.


2009/9/13 Saúl Ibarra <[hidden email]>:

> Read this: http://www.opensips.org/html/docs/modules/1.4.x/auth.html#id228366
> and http://www.opensips.org/html/docs/modules/1.4.x/auth_db.html#id228346
>
> And try this code:
>
> if (!www_authorize("", "subscriber")) {
>          www_challenge("", "0");
>          exit;
> }
>
> That way it should work if I'm not mistaken.
>
>
> --
> /Saúl
> http://www.saghul.net | http://www.sipdoc.net

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Raúl Alexis Betancor Santana
On Monday 14 September 2009 09:11:23 Chris Maciejewski wrote:
> Hi Saúl, thanks for suggestion, but this is exactly the code I currently
> use. I posted it in my previous message in this thread:
> http://lists.opensips.org/pipermail/users/2009-September/008034.html
>
> ...unfortunately it doesn't work the way I want.

It works, maybe you have not set some options of the modules that let it works
but It works, trust me  ;-)

--
Raúl Alexis Betancor Santana
Dimensión Virtual

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Multi domain registration.

Chris Maciejewski
Yes, it works. I am an idiot and just noticed my config is missing :-(

modparam("auth_db", "use_domain", 1)

once the above option is added, everything works as expected.

Regards,
Chris

PS.
Sorry for polluting mailing list with pointless messages.

2009/9/14 Raúl Alexis Betancor Santana <[hidden email]>:

> On Monday 14 September 2009 09:11:23 Chris Maciejewski wrote:
>> Hi Saúl, thanks for suggestion, but this is exactly the code I currently
>> use. I posted it in my previous message in this thread:
>> http://lists.opensips.org/pipermail/users/2009-September/008034.html
>>
>> ...unfortunately it doesn't work the way I want.
>
> It works, maybe you have not set some options of the modules that let it works
> but It works, trust me  ;-)
>
> --
> Raúl Alexis Betancor Santana
> Dimensión Virtual
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users