Chapter 7. SER - Adding Authentication and MySQL
Prev   Next

Chapter 7. SER - Adding Authentication and MySQL

Table of Contents

MySQL ser.cfg Listing
Authenticating ser.cfg Analysis
Using the Authenticating ser.cfg Proxy

What this ser.cfg does:

  1. Adds authentication of IP phones by using credentials stored in MySQL

  2. Contact information is stored persistently in MySQL

Now that you have tested a basic SIP environment, we need to add more functionality. This section we talk about authentication.

In normal circumstances, we must restrict the use of the SIP server to those telephones (i.e., users) that we want. Authentication is about ensuring only those telephones that we have given a password to are allowed to use our sip services.

To support authentication, we need a way to store information that does not get lost when we stop the sip server. We need a database and the most popular is MySQL as it comes with all Linux configurations. Support is provided for other databases, such as PostgreSQL, but in this Quick Start guide we focus on MySQL.

To add support for MySQL you need to go back to the source code and modify a few parameters. In Chapter 11 - Supporting MySQL describes how to do this and re-install the binaries. Once you have updated your SER environment you need to modify your ser.cfg file as described below.

Figure 7.1. Reference Design Plus MySQL

Reference Design Plus MySQL

MySQL ser.cfg Listing

Listed below is the SIP proxy configuration to which builds upon subject matter covered in the Hello World section.

debug=3
fork=no
log_stderror=yes

listen=192.0.2.13   # INSERT YOUR IP ADDRESS HERE
port=5060
children=4

dns=no
rev_dns=no
fifo="/tmp/ser_fifo"
fifo_db_url="mysql://ser:heslo@localhost/ser"1

loadmodule "/usr/local/lib/ser/modules/mysql.so"2
loadmodule "/usr/local/lib/ser/modules/sl.so"
loadmodule "/usr/local/lib/ser/modules/tm.so"
loadmodule "/usr/local/lib/ser/modules/rr.so"
loadmodule "/usr/local/lib/ser/modules/maxfwd.so"
loadmodule "/usr/local/lib/ser/modules/usrloc.so"
loadmodule "/usr/local/lib/ser/modules/registrar.so"
loadmodule "/usr/local/lib/ser/modules/auth.so"3
loadmodule "/usr/local/lib/ser/modules/auth_db.so"4
loadmodule "/usr/local/lib/ser/modules/uri_db.so"5

modparam("auth_db|uri_db|usrloc", "db_url", "mysql://ser:heslo@localhost/ser")6
modparam("auth_db", "calculate_ha1", 1)7
modparam("auth_db", "password_column", "password")8
modparam("usrloc", "db_mode", 2)9
modparam("rr", "enable_full_lr", 1)

route {

  # -----------------------------------------------------------------
  # Sanity Check Section
  # -----------------------------------------------------------------
  if (!mf_process_maxfwd_header("10")) {
    sl_send_reply("483", "Too Many Hops");
    break;
  };

  if (msg:len > max_len) {
    sl_send_reply("513", "Message Overflow");
    break;
  };

  # -----------------------------------------------------------------
  # Record Route Section
  # -----------------------------------------------------------------
  if (method!="REGISTER") {
    record_route();
  };

  # -----------------------------------------------------------------
  # Loose Route Section
  # -----------------------------------------------------------------
  if (loose_route()) {
    route(1);
    break;
  };

  # -----------------------------------------------------------------
  # Call Type Processing Section
  # -----------------------------------------------------------------
  if (uri!=myself) {
    route(1);
    break;
  };

  if (method=="ACK") {
    route(1);
    break;
  } if (method=="INVITE") { 10
    route(3);(11)
    break;
  } else  if (method=="REGISTER") {
    route(2);
    break;
  };

  lookup("aliases");
  if (uri!=myself) {
    route(1);
    break;
  };

  if (!lookup("location")) {
    sl_send_reply("404", "User Not Found");
    break;
  };  

  route(1);
}

route[1] {

  # -----------------------------------------------------------------
  # Default Message Handler
  # -----------------------------------------------------------------
  if (!t_relay()) {
    sl_reply_error();
  };
}

route[2] {

  # -----------------------------------------------------------------
  # REGISTER Message Handler
  # ----------------------------------------------------------------
  sl_send_reply("100", "Trying");(12)
  
  if (!www_authorize("","subscriber")) { (13)
    www_challenge("","0");(14)
    break;(15)
  };

  if (!check_to()) { (16)
    sl_send_reply("401", "Unauthorized");(17)
    break;
  };

  consume_credentials();(18)

  if (!save("location")) { (19)
    sl_reply_error();
  };
}

(20)route[3] {
  # -----------------------------------------------------------------
  # INVITE Message Handler
  # -----------------------------------------------------------------
  if (!proxy_authorize("","subscriber")) { (21)
    proxy_challenge("","0");(22)
    break;
  } else if (!check_from()) { (23)
    sl_send_reply("403", "Use From=ID");(24)
    break;
  };

  consume_credentials();(25)

  (26)lookup("aliases");
  if (uri!=myself) {
    route(1);
    break;
  };

  (27)if (!lookup("location")) {
    sl_send_reply("404", "User Not Found");
    break;
  };

  route(1);(28)
}
Prev Up Next
Using The Hello World ser.cfg Configuration Home Authenticating ser.cfg Analysis