[Freeswitch-users] How to distinguish between Authenticated sip and not authenticated users
Anton VG
anton.vazir at gmail.com
Thu Sep 29 00:55:33 MSD 2011
Brian have suggested on IRC to use dialplan auth via
<condition field="${sip_authorized}" expression="^true$" break="never">
<anti-action application="respond" data="407"/>
</condition>
seems it can do the trick.
2011/9/29 Anthony Minessale <anthony.minessale at gmail.com>:
> This seems odd....
>
> So you are making a global ACL to 0.0.0.0 which will let everyone in.
> This takes precedence over the auth calls because you are passing the
> ACL which is a means of authorization so you are never using the
> actual challenge based auth at all. Of course they will all appear
> as sip_authorized=true
>
> you do have the variable sip_acl_authed_by to tell which acl you passed.
>
> This has come up today in irc too, its daft to try to mix authed and
> non-auth calls on the same profile.
> Just make your authenticated users use a dedicated profile and the
> non-authenticated ones use another.
>
>
>
> On Wed, Sep 28, 2011 at 1:49 PM, Muhammad Naseer Bhatti
> <nbhatti at gmail.com> wrote:
>> Hello Anton,
>> I tried this before and ended up in the same situation. the event
>> variable_sip_authorized, for some reason always return true. What I
>> did in my cause, since I am using the variable_sip_auth_username to
>> match the username for my billing, this does the trick. I don't know
>> if this is a bug or something, but it works this way.
>>
>> Thanks
>>
>> On Wed, Sep 28, 2011 at 8:01 PM, Anton VG <anton.vazir at gmail.com> wrote:
>>> Guys,
>>>
>>> trying to distinguish between authenticated SIP user and not
>>> authenticated, still no luck
>>>
>>> I would like to allow anyone to call my FS users via SIP, so there are
>>> registered users and everyone else
>>>
>>> so I have allowed
>>>
>>> <param name="auth-calls" value="true"/>
>>> <param name="apply-inbound-acl" value="allow_all"/>
>>>
>>> acl.xml:
>>> <list name="allow_all" default="allow">
>>> <node type="allow" cidr="0.0.0.0/0"/>
>>> </list>
>>> Any call passes through, by always have
>>>
>>> [CHANNEL_CREATE] event
>>> variable_sip_authorized: true
>>>
>>> in event headers. But I would like to know if user is authorized or not.
>>>
>>> if I disable authentication by setting this to false
>>>
>>> <param name="auth-calls" value="false"/>
>>>
>>> all calls do not have any auth headers.
>>>
>>> Any clue?
>>>
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
> Twitter: http://twitter.com/FreeSWITCH_wire
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> googletalk:conf+888 at conference.freeswitch.org
> pstn:+19193869900
>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list