[Freeswitch-users] Playing with ACL and authenticate users

Elhodred elhodred at gmail.com
Tue Jun 4 14:04:22 MSD 2013 

Hi all,

I was playing around trying to have some users authenticated by IP and some users to be challenged for username/password auth.

The problem is that I don't get it all. If I configure 2 users in this way:

        <user id="6001" cidr="192.168.28.12/32">
          <params>
          </params>
          <variables>
            <variable name="accountcode" value="6001"/>
            <variable name="user_context" value="GOLDEN"/>
            <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
            <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
          </variables>
        </user>


        <user id="6002">
          <params>
            <param name="password" value="111111"/> 
          </params>
          <variables>
            <variable name="accountcode" value="6002"/>
            <variable name="user_context" value="GOLDEN"/>
            <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
            <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
          </variables>
        </user>

And I added in sofia.conf.xml

<param name="apply-inbound-acl" value="domains"/>

User 6001 can authenticate if it's using IP 192.168.28.12 and can place calls, but user 6002 is rejected by acl "domains"

Then I tried this:
        <user id="6001">
          <params>
             <param name="auth-acl" value="192.168.28.12/32"/>
          </params>
          <variables>
            <variable name="accountcode" value="6001"/>
            <variable name="user_context" value="GOLDEN"/>
            <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
            <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
          </variables>
        </user>


        <user id="6002">
          <params>
            <param name="password" value="111111"/> 
          </params>
          <variables>
            <variable name="accountcode" value="6002"/>
            <variable name="user_context" value="GOLDEN"/>
            <variable name="outbound_caller_id_name" value="$${outbound_caller_name}"/>
            <variable name="outbound_caller_id_number" value="$${outbound_caller_id}"/>
          </variables>
        </user>

And I deleted in sofia.conf.xml

<param name="apply-inbound-acl" value="domains"/>

and added

<param name="auth-calls" value="true"/>

Now user 6002 can place calls but for user 6001 I see in the log :

2013-05-23 18:15:27.222090 [WARNING] switch_core_state_machine.c:514 bed463c1-742e-4e24-829f-a6188a6667b3 sofia/GOLDEN/XXXXXXXX at XXX.XXX.XXX.XXX Abandoned
2013-05-23 18:15:27.222090 [NOTICE] switch_core_state_machine.c:517 Hangup sofia/GOLDEN/XXXXXXXX at XXX.XXX.XXX.XXX [CS_NEW] [WRONG_CALL_STATE]

This is my dial plan config:

          <context name="GOLDEN">

               <extension name="unloop">
                    <condition field="$${unroll_loops}" expression="^true$"/>
                    <condition field="$${sip_looped_call}" expression="^true$">
                         <action application="deflect" data="$${destination_number}"/>
                    </condition>
               </extension>

               <extension name="outside_call" continue="true">
                    <condition>
                         <action application="set" data="outside_call=true"/>
                    </condition>
               </extension>

               <extension name="hangup">
                    <condition field="destination_number" expression="^(hangup)$">
                         <action application="hangup"/>
                    </condition>
               </extension>


               <!-- START OF PREFIX STRIPPING -->

               <extension name="remove_prefix_2" continue="true">
                    <condition field="network_addr" expression="^XXX\.XXX\.XXX\.XXX$"/>
                    <condition field="destination_number" expression="^12345(\d+)$">
                              <action application="log" data="Removing leading digits"/>
                              <action application="set" data="destination_number=$1"/>
                    </condition>
               </extension>

               <extension name="distributor_TEST2_37360______">
                    <condition field="${sip_authorized}" expression="^true$" break="never"/>
                    <condition field="destination_number" expression="^(\d+)$">
                               <action application="log" data="Dialing User"/>
                               <action application="set" data="continue_on_fail=NORMAL_TEMPORARY_FAILURE,NO_ROUTE_DESTINATION,UNALLOCATED_NUMBER,407"/>
                               <action application="set" data="hangup_after_bridge=true"/>
                               <action application="bridge" data="user/$1 at XXX.XXX.XXX.XXX"/>
                      </condition>
                        </extension>

And now I'm lost. Please, can anybody point me where the issue can be?
Do I need to have different sofia profiles, one for IP authentication and one for username/password auth?

Regards,
Alfonso.

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list