Registration permissions per username

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Registration permissions per username

OpenSIPS - Users mailing list
Hi list,

is it possible to filter REGISTER requests with permissions.so [1] module,
based on username?

It's written " Main purpose of the function is to prevent registration of
"prohibited" IP addresses. " When speaking about IP filtering,
I'd rather use check_address or check_source_address functions.

But now I'd like to filter by userame, because users may register from random
addresses.

I tried to create pairs of regexps in register.allow and register.deny files,
but no success. Maybe I've done something wrong.


[1]  https://opensips.org/html/docs/modules/3.0.x/permissions.html#sec-registration-permissions

-----------------------------------------------
BR, Alexey
http://alexeyka.zantsev.com/
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registration permissions per username

Pavel Eremin-3
Hello why not regexp not working for you. I give you my example that works fine.(but with 1.11)
to reload i use command opensipsctl fifo regex_reload

[config]
#### REGEX
loadmodule "regex.so"
modparam("regex", "file", "/usr/out_isp/etc/opensips/regex_groups")

...
if (pcre_match_group("$fU", "0")) {
}
...

[content regex_group file]
[0]

^1000
^1001
^1003
^50065
^anyname_from_start
anyname_in_anywhere of $fU




вт, 2 июл. 2019 г. в 10:33, Alexey Kazantsev via Users <[hidden email]>:
Hi list,

is it possible to filter REGISTER requests with permissions.so [1] module,
based on username?

It's written " Main purpose of the function is to prevent registration of
"prohibited" IP addresses. " When speaking about IP filtering,
I'd rather use check_address or check_source_address functions.

But now I'd like to filter by userame, because users may register from random
addresses.

I tried to create pairs of regexps in register.allow and register.deny files,
but no success. Maybe I've done something wrong.


[1]  https://opensips.org/html/docs/modules/3.0.x/permissions.html#sec-registration-permissions

-----------------------------------------------
BR, Alexey
http://alexeyka.zantsev.com/
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registration permissions per username

OpenSIPS - Users mailing list

Hello Pavel,

nice approach, never used regex module,
just read about it.

Thank you for an advice.

-----------------------------------------------
BR, Alexey
http://alexeyka.zantsev.com/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registration permissions per username

OpenSIPS - Users mailing list
The night brings counsel.

For "Deny all except ... " policy -


register.deny file contents:

ALL : ALL



register.allow file contents:

"^sip:user@alexeyka\.zantsev\.com$" : ALL


And the script:

if (is_method("REGISTER"))
{

        if(!allow_register("register")) {
                sl_send_reply(403, "Forbidden by permissions");
                exit;
        }
...


-----------------------------------------------
BR, Alexey
http://alexeyka.zantsev.com/
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registration permissions per username

OpenSIPS - Users mailing list
Being more accurate, it's worth mentioning the following:


* SIP-accounts:
--------------------------------------------
[hidden email]
[hidden email]
[hidden email]


* register.deny file contents:
--------------------------------------------
ALL : ALL

 

* register.allow file contents:
--------------------------------------------
# works and allows both lexus and lexus2 to REGISTER
"^sip:lexus[23]?@alexeyka.zantsev.com" : ALL

# DOESN'T work, though the regexp seems to be correct
"^sip:lexus[\d]?@alexeyka.zantsev.com" : ALL

 



-----------------------------------------------
BR, Alexey
http://alexeyka.zantsev.com/

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Registration permissions per username

Răzvan Crainea-2
Hi, Alexey!

Getting back to your question regarding doing this based using
permissions, you can use the `pattern` argument in the `check_address()`
function[1] to match against the `pattern` field in the database[2].
Hope this helps you.

[1]
https://opensips.org/html/docs/modules/2.4.x/permissions.html#func_check_address
[2]
https://www.opensips.org/Documentation/Install-DBSchema-2-4#GEN-DB-ADDRESS

Best regards,
Răzvan

On 7/2/19 12:10 PM, Alexey Kazantsev via Users wrote:

> Being more accurate, it's worth mentioning the following:
>
>
> * SIP-accounts:
> --------------------------------------------
> [hidden email]
> [hidden email]
> [hidden email]
>
>
> * register.deny file contents:
> --------------------------------------------
> ALL : ALL
>
> * register.allow file contents:
> --------------------------------------------
> # works and allows both lexus and lexus2 to REGISTER
> "^sip:lexus[23]?@alexeyka.zantsev.com" : ALL
>
> # DOESN'T work, though the regexp seems to be correct
> "^sip:lexus[\d]?@alexeyka.zantsev.com" : ALL
>
>
>
> -----------------------------------------------
> BR, Alexey
> http://alexeyka.zantsev.com/
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

--
Răzvan Crainea
OpenSIPS Core Developer
   http://www.opensips-solutions.com

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users