Retrieve callee auth username and realm

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Retrieve callee auth username and realm

Andreas Westermaier
Hi,

in one of our setups we want to have one authorization username per customer, which in turn got different sip accounts (user names). For each of its accounts the customer uses the same authorization user name and the same password, just the user name differs.

We want to enforce a inbound _and_ outbound channel limitations on a per customer basis, this means on the authorization user. A customer should just be able to receive/make two (the sum of incoming and outgoing) calls, where it doesn't matter which of its sip accounts the customer uses.

For outgoing channel limitation I currently achieve this by setting set_dialog_profile("xyz", "$au@$ar"), where I bind the profile to the auth user and realm. But for incoming calls, especially from our pstn gateway, I currently have only access to the "to-uri" and I'm not able to get the current amount of calls the callee currently has.

Is there a way to retrieve the corresponding auth-user and realm for a local callee from the "to-uri", already?

If not, where is the best place to start integrating this function? I thought of adding it to the uri_db module where the functions then could be called just like

- get_uri_authuser("$tu", "$avp(s:tu_au)") and
- get_uri_authrealm("$tu", "$avp(s:tu_ar)")

Auth user/realm will be returned in the given avp and the function returns success or no success (if no local user fort he given to-uri exists).

Please tell me if there's already such a possibility so I can start implementing it if it's not. I think such functions are essential in enforcing channel limits which affect inbound and outbound channels at the same time for one user with multiple sip accounts.

Comments appreciated. :-)


Regards,
Andreas


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Retrieve callee auth username and realm

Jeff Pyle
Andreas,

Instead of using the To URI, I think you'll need to relate the dialed number
back to the authorization user to be able to use the same profile values to
get your counts.  The uri table may help with this, as part of the uri_db
module and use_uri_table parameter.  This is a probably a lot of reworking
and rethinking your lookup logic.  But, this also adds the possibility of
using the check_from() function to restrict your customers' From users to be
their PSTN numbers.  I think.  I'd have to work through that one completely.

Another way may be to use AVP user preferences to relate both the
authorization user (for outbound calls) and PSTN numbers (for inbound calls)
back to the same SIP "account".  Then, use the uuid of the user preference
to key your profile values.

Hopefully something in here is helpful for you.


- Jeff



On 3/10/09 7:45 AM, "Andreas Westermaier" <[hidden email]>
wrote:

> Hi,
>
> in one of our setups we want to have one authorization username per customer,
> which in turn got different sip accounts (user names). For each of its
> accounts the customer uses the same authorization user name and the same
> password, just the user name differs.
>
> We want to enforce a inbound _and_ outbound channel limitations on a per
> customer basis, this means on the authorization user. A customer should just
> be able to receive/make two (the sum of incoming and outgoing) calls, where it
> doesn't matter which of its sip accounts the customer uses.
>
> For outgoing channel limitation I currently achieve this by setting
> set_dialog_profile("xyz", "$au@$ar"), where I bind the profile to the auth
> user and realm. But for incoming calls, especially from our pstn gateway, I
> currently have only access to the "to-uri" and I'm not able to get the current
> amount of calls the callee currently has.
>
> Is there a way to retrieve the corresponding auth-user and realm for a local
> callee from the "to-uri", already?
>
> If not, where is the best place to start integrating this function? I thought
> of adding it to the uri_db module where the functions then could be called
> just like
>
> - get_uri_authuser("$tu", "$avp(s:tu_au)") and
> - get_uri_authrealm("$tu", "$avp(s:tu_ar)")
>
> Auth user/realm will be returned in the given avp and the function returns
> success or no success (if no local user fort he given to-uri exists).
>
> Please tell me if there's already such a possibility so I can start
> implementing it if it's not. I think such functions are essential in enforcing
> channel limits which affect inbound and outbound channels at the same time for
> one user with multiple sip accounts.
>
> Comments appreciated. :-)
>
>
> Regards,
> Andreas


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Retrieve callee auth username and realm

Bogdan-Andrei Iancu
In reply to this post by Andreas Westermaier
Hi Andreas,

I guess you already use the uri_db module for checking with check_from()
the mapping between the SIP id and auth id (against DB).

If so, for the inbound part, the natural way will be to use the same
module (read : to extend the module) to allow you to retrieve the auth
Id from the table based on the SIP uri ($ru is better than $tu):
    get_auth_id("$tu", "$avp(s:auth_user)","$avp(s:auth_realm)");

Regards,
Bogdan

Andreas Westermaier wrote:

> Hi,
>
> in one of our setups we want to have one authorization username per customer, which in turn got different sip accounts (user names). For each of its accounts the customer uses the same authorization user name and the same password, just the user name differs.
>
> We want to enforce a inbound _and_ outbound channel limitations on a per customer basis, this means on the authorization user. A customer should just be able to receive/make two (the sum of incoming and outgoing) calls, where it doesn't matter which of its sip accounts the customer uses.
>
> For outgoing channel limitation I currently achieve this by setting set_dialog_profile("xyz", "$au@$ar"), where I bind the profile to the auth user and realm. But for incoming calls, especially from our pstn gateway, I currently have only access to the "to-uri" and I'm not able to get the current amount of calls the callee currently has.
>
> Is there a way to retrieve the corresponding auth-user and realm for a local callee from the "to-uri", already?
>
> If not, where is the best place to start integrating this function? I thought of adding it to the uri_db module where the functions then could be called just like
>
> - get_uri_authuser("$tu", "$avp(s:tu_au)") and
> - get_uri_authrealm("$tu", "$avp(s:tu_ar)")
>
> Auth user/realm will be returned in the given avp and the function returns success or no success (if no local user fort he given to-uri exists).
>
> Please tell me if there's already such a possibility so I can start implementing it if it's not. I think such functions are essential in enforcing channel limits which affect inbound and outbound channels at the same time for one user with multiple sip accounts.
>
> Comments appreciated. :-)
>
>
> Regards,
> Andreas
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Retrieve callee auth username and realm

Andreas Westermaier
In reply to this post by Jeff Pyle
Hi Jeff,

> Instead of using the To URI, I think you'll need to relate the dialed
> number back to the authorization user to be able to use the same profile
> values to get your counts.

The uri's of the users equals their associated pstn number. This is the to-uri for external calls from gateways coming in.

> The uri table may help with this, as part of the uri_db
> module and use_uri_table parameter.

Authorization is done via radius. The mapping between auth-user and uri is done in the uri-table.

> But, this also adds the possibility of
> using the check_from() function to restrict your customers' From users to
> be their PSTN numbers.  I think.  I'd have to work through that one
> completely.

So we already use check_from() to restrict the customers to only use uri's (pstn-numbers) which are associated to them.

> Another way may be to use AVP user preferences to relate both the
> authorization user (for outbound calls) and PSTN numbers (for inbound
> calls) back to the same SIP "account".  Then, use the uuid of the user
> preference to key your profile values

Ok, didn't think about that, yet. This should definitely work, but imposes using an additional table to maintain (the usr preferences) and duplicate user data storage.

My idea was to use the uri table also for this back-mapping of uri's to auth-name/realm by the two introduced additional functions.

Do you think this scenario to 'special' for extending the uri_db module?


Regards,
Andreas




-----Original Message-----
From: Jeff Pyle [mailto:[hidden email]]
Sent: Tuesday, March 10, 2009 12:55 PM
To: [hidden email]; [hidden email]
Subject: Re: [OpenSIPS-Users] Retrieve callee auth username and realm

Andreas,

Instead of using the To URI, I think you'll need to relate the dialed number
back to the authorization user to be able to use the same profile values to
get your counts.  The uri table may help with this, as part of the uri_db
module and use_uri_table parameter.  This is a probably a lot of reworking
and rethinking your lookup logic.  But, this also adds the possibility of
using the check_from() function to restrict your customers' From users to be
their PSTN numbers.  I think.  I'd have to work through that one completely.

Another way may be to use AVP user preferences to relate both the
authorization user (for outbound calls) and PSTN numbers (for inbound calls)
back to the same SIP "account".  Then, use the uuid of the user preference
to key your profile values.

Hopefully something in here is helpful for you.


- Jeff



On 3/10/09 7:45 AM, "Andreas Westermaier" <[hidden email]>
wrote:

> Hi,
>
> in one of our setups we want to have one authorization username per customer,
> which in turn got different sip accounts (user names). For each of its
> accounts the customer uses the same authorization user name and the same
> password, just the user name differs.
>
> We want to enforce a inbound _and_ outbound channel limitations on a per
> customer basis, this means on the authorization user. A customer should just
> be able to receive/make two (the sum of incoming and outgoing) calls, where it
> doesn't matter which of its sip accounts the customer uses.
>
> For outgoing channel limitation I currently achieve this by setting
> set_dialog_profile("xyz", "$au@$ar"), where I bind the profile to the auth
> user and realm. But for incoming calls, especially from our pstn gateway, I
> currently have only access to the "to-uri" and I'm not able to get the current
> amount of calls the callee currently has.
>
> Is there a way to retrieve the corresponding auth-user and realm for a local
> callee from the "to-uri", already?
>
> If not, where is the best place to start integrating this function? I thought
> of adding it to the uri_db module where the functions then could be called
> just like
>
> - get_uri_authuser("$tu", "$avp(s:tu_au)") and
> - get_uri_authrealm("$tu", "$avp(s:tu_ar)")
>
> Auth user/realm will be returned in the given avp and the function returns
> success or no success (if no local user fort he given to-uri exists).
>
> Please tell me if there's already such a possibility so I can start
> implementing it if it's not. I think such functions are essential in enforcing
> channel limits which affect inbound and outbound channels at the same time for
> one user with multiple sip accounts.
>
> Comments appreciated. :-)
>
>
> Regards,
> Andreas


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Retrieve callee auth username and realm

Jeff Pyle
Andreas,

On the usr preferences, you're right.  Not the cleanest approach.  Bogdan's
approach seemed quite elegant, and completely accommodated by the built-in
functions.  In other words, not special or custom.  That's almost always
better.


- Jeff



On 3/10/09 8:56 AM, "Andreas Westermaier" <[hidden email]>
wrote:

> Hi Jeff,
>
>> Instead of using the To URI, I think you'll need to relate the dialed
>> number back to the authorization user to be able to use the same profile
>> values to get your counts.
>
> The uri's of the users equals their associated pstn number. This is the to-uri
> for external calls from gateways coming in.
>
>> The uri table may help with this, as part of the uri_db
>> module and use_uri_table parameter.
>
> Authorization is done via radius. The mapping between auth-user and uri is
> done in the uri-table.
>
>> But, this also adds the possibility of
>> using the check_from() function to restrict your customers' From users to
>> be their PSTN numbers.  I think.  I'd have to work through that one
>> completely.
>
> So we already use check_from() to restrict the customers to only use uri's
> (pstn-numbers) which are associated to them.
>
>> Another way may be to use AVP user preferences to relate both the
>> authorization user (for outbound calls) and PSTN numbers (for inbound
>> calls) back to the same SIP "account".  Then, use the uuid of the user
>> preference to key your profile values
>
> Ok, didn't think about that, yet. This should definitely work, but imposes
> using an additional table to maintain (the usr preferences) and duplicate user
> data storage.
>
> My idea was to use the uri table also for this back-mapping of uri's to
> auth-name/realm by the two introduced additional functions.
>
> Do you think this scenario to 'special' for extending the uri_db module?
>
>
> Regards,
> Andreas
>
>
>
>
> -----Original Message-----
> From: Jeff Pyle [mailto:[hidden email]]
> Sent: Tuesday, March 10, 2009 12:55 PM
> To: [hidden email]; [hidden email]
> Subject: Re: [OpenSIPS-Users] Retrieve callee auth username and realm
>
> Andreas,
>
> Instead of using the To URI, I think you'll need to relate the dialed number
> back to the authorization user to be able to use the same profile values to
> get your counts.  The uri table may help with this, as part of the uri_db
> module and use_uri_table parameter.  This is a probably a lot of reworking
> and rethinking your lookup logic.  But, this also adds the possibility of
> using the check_from() function to restrict your customers' From users to be
> their PSTN numbers.  I think.  I'd have to work through that one completely.
>
> Another way may be to use AVP user preferences to relate both the
> authorization user (for outbound calls) and PSTN numbers (for inbound calls)
> back to the same SIP "account".  Then, use the uuid of the user preference
> to key your profile values.
>
> Hopefully something in here is helpful for you.
>
>
> - Jeff
>
>
>
> On 3/10/09 7:45 AM, "Andreas Westermaier" <[hidden email]>
> wrote:
>
>> Hi,
>>
>> in one of our setups we want to have one authorization username per customer,
>> which in turn got different sip accounts (user names). For each of its
>> accounts the customer uses the same authorization user name and the same
>> password, just the user name differs.
>>
>> We want to enforce a inbound _and_ outbound channel limitations on a per
>> customer basis, this means on the authorization user. A customer should just
>> be able to receive/make two (the sum of incoming and outgoing) calls, where
>> it
>> doesn't matter which of its sip accounts the customer uses.
>>
>> For outgoing channel limitation I currently achieve this by setting
>> set_dialog_profile("xyz", "$au@$ar"), where I bind the profile to the auth
>> user and realm. But for incoming calls, especially from our pstn gateway, I
>> currently have only access to the "to-uri" and I'm not able to get the
>> current
>> amount of calls the callee currently has.
>>
>> Is there a way to retrieve the corresponding auth-user and realm for a local
>> callee from the "to-uri", already?
>>
>> If not, where is the best place to start integrating this function? I thought
>> of adding it to the uri_db module where the functions then could be called
>> just like
>>
>> - get_uri_authuser("$tu", "$avp(s:tu_au)") and
>> - get_uri_authrealm("$tu", "$avp(s:tu_ar)")
>>
>> Auth user/realm will be returned in the given avp and the function returns
>> success or no success (if no local user fort he given to-uri exists).
>>
>> Please tell me if there's already such a possibility so I can start
>> implementing it if it's not. I think such functions are essential in
>> enforcing
>> channel limits which affect inbound and outbound channels at the same time
>> for
>> one user with multiple sip accounts.
>>
>> Comments appreciated. :-)
>>
>>
>> Regards,
>> Andreas
>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users