[Freeswitch-dev] mod_socket

Ali R. aroumie at yahoo.com
Tue Jul 5 11:53:18 MSD 2011 

Hello All,

Despite my best efforts, I am making no progress in getting channel 
authentication to work through mod_xml_curl. I would appreciate it so much if 
the community could help/guide me on this issue.  Here is a brief summary of the 
scenarios I tried with no success.

Scenario 1:
Created an ACL (acl1) to allow (0.0.0.0/0) with (apply-inbound-acl=acl1 and 
apply-register-acl=acl1) in the internal profile where I thought when an ACL 
authenticated channel hits the dialplan, mod_socket will give me a chance to 
re-authenticate based on the source IP where if the source IP is allowed, I 
continue on.  If the IP is not allowed, I would respond with “respond (407)” 

Now looking at fs_cli log and Wireshark monitoring, I noticed when I return 
“Respond” with 407 through socket to FS, mod_xml_curl  does not post back any 
directory request to my CGI to re-authenticate based on user/password and 
ultimately the new channel is destroyed.

Scenario 2:
I removed the ACL related settings (mentioned in scenario 1) I was able to 
achieve my goal but not 100%. For every single REGISTER / INVITE request, 
mod_xml_curl was happily posting to my CGI a directory request where I responded 
with the 

corresponding password for the user and in case my biz logic finds an authorized 
IP, I simply return empty string for the password.  It worked beautifully.  
However, when FS gets an INVITE request from a UA that is NOT registered 
already, mod_xml_curl does not post anything to my CGI and ultimately the sofia 
respond with “Proxy Authentication Required” and the channel is dead.
It seems like I needed to create 2 SIP profiles one for ACL authentication and 
another for user/password challenge so mod_xml_curl will post everything to my 
CGI.  I did not try this scenario due to the fact that this will not help me 
since adding new profile requires a new port to listen on which is something 
that breaks my project main requirements where I must keep SIP listening on 
standard port.

Your suggestion and guidance is really appreciated I had already done my 
homework with fs wiki, the book, and the dev-list but no luck….

Thanks
Ali R





----- Original Message ----
From: Ali R. <aroumie at yahoo.com>
To: freeswitch-dev at lists.freeswitch.org
Sent: Tue, March 29, 2011 9:44:03 AM
Subject: Re: [Freeswitch-dev] mod_socket

Thanks for taking the time to clarify it.  A dedicated web server would scale 
better but this will be a big dependency. I will write a multi-threading module 
just to respond to xml_curl to emulate a web server and see how things perform 
with stress testing....
Thanks Again.




----- Original Message ----
From: Anthony Minessale <anthony.minessale at gmail.com>
To: freeswitch-dev at lists.freeswitch.org
Sent: Tue, March 29, 2011 7:50:54 AM
Subject: Re: [Freeswitch-dev] mod_socket

You cannot manipulate the user directory over the socket since the
lookup itself is triggered by xml lookups when the phone registers, so
you would need to use xml_curl for this.

You should probably just make a CGI and use a real web server to handle it.



On Mon, Mar 28, 2011 at 11:43 PM, Ali R. <aroumie at yahoo.com> wrote:
> Your suggestion coupled with chapter 10 in the book -page 258-260, I will be
> able to achieve 100% of my goal .  With the "respond" app I can force the
> auth/challenge to take place based on biz logic (that's 50% of my problem 
>fixed)
> and mod_xml_curl  will hand the [user] back to me on a different socket in the
> form of HTTP request where I respond with the password from my biz logic. Now 
>my
> question is, is there a way to negotiate the user/password through mod_socket.
> I'm avoiding to have my app listening for inbound connection to respond to
> curl?.  While at it, FreeSwitch's slogan should be "FreeSwitch understands
> Security" I'm saying so because on page 260 of the FreeSwitch book, I found 
out
> that there is a way that you can pass back the password hashed instead of 
plain
> text which allow me to store it hashed in the database...small thing but 
really
> smart
>
> Regards,
>
>
>
> ----- Original Message ----
> From: Ali R. <aroumie at yahoo.com>
> To: freeswitch-dev at lists.freeswitch.org
> Sent: Mon, March 28, 2011 3:07:42 PM
> Subject: Re: [Freeswitch-dev] mod_socket
>
> Many thanks Anthony for the quick response; You are the hero.
> I will investigate and hope all goes well....
>
>
>
> ----- Original Message ----
> From: Anthony Minessale <anthony.minessale at gmail.com>
> To: freeswitch-dev at lists.freeswitch.org
> Sent: Mon, March 28, 2011 2:57:45 PM
> Subject: Re: [Freeswitch-dev] mod_socket
>
> execute the "respond" application with "407" as the arg
>
>
>
>
> On Mon, Mar 28, 2011 at 4:45 PM, Ali R. <aroumie at yahoo.com> wrote:
>> Hi everyone
>> I think my issue could be fixed with mod_xml_curl but I'm using FS purely
>> through sockets (inbound mode)
>> When I get the park event, I execute some biz logic.  Leg's A source IP plays
> a
>> role in this logic so based on the value of the IP (a big pool of allowed IP
>> addresses is generated dynamically and changes very fast so I have a logic to
>> query this pool) all good so far. However, if the incoming channel’s source 
IP
>> is not allowed I would still want to answer and continue on but I must
>>challenge
>> it with a user name and password that I have a logic to retrieve.  Any
> thoughts
>> on how should I go about doing the username/password challenge through the
>> socket without starting a new listening socket for mod_xml_curl requests .  I
>> really appreciate any thoughts on this issue
>>
>> Many Thanks,
>>
>>
>>
>>
>> _______________________________________________
>> FreeSWITCH-dev mailing list
>> FreeSWITCH-dev at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
>> http://www.freeswitch.org
>>
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
> Twitter: http://twitter.com/FreeSWITCH_wire
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> googletalk:conf+888 at conference.freeswitch.org
> pstn:+19193869900
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
>
>
>
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>
>
>
>
>
> _______________________________________________
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire

AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
googletalk:conf+888 at conference.freeswitch.org
pstn:+19193869900

_______________________________________________
FreeSWITCH-dev mailing list
FreeSWITCH-dev at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
http://www.freeswitch.org



      

_______________________________________________
FreeSWITCH-dev mailing list
FreeSWITCH-dev at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
http://www.freeswitch.org

More information about the FreeSWITCH-dev mailing list