Re: Unregistered endpoints

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have modified gatekeeper source code and AcceptUnregisteredCalls=0 (under
[RoutedMode] section) also works if GKRouted=0 (with Direct Endpoint Call
Signalling). The modification is very easy, I only have added some code to
OnARQ method of H323RasSrv:

/* Admission Request */
BOOL H323RasSrv::OnARQ(const PIPSocket::Address & rx_addr, H225_RasMessage &
obj_arq, H225_RasMessage & obj_rpl)
{
 PTRACE(1, "GK\tARQ Received");

 H225_AdmissionRequest & obj_rr = obj_arq;

 BOOL bReject = FALSE;
 long callDurationLimit = -1;
 unsigned rejectReason = 0;
 unsigned rsn = H225_AdmissionRejectReason::e_securityDenial;

 // find the caller
 const endptr RequestingEP =
EndpointTable->FindByEndpointId(obj_rr.m_endpointIdentifier);


////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////
// BEGIN OF ADDED CODE
 if(obj_rr.m_answerCall && !AcceptUnregCalls)
 {
  PStringArray alias=H323GetAliasAddressStrings(obj_rr.m_srcInfo);
  H225_ArrayOf_AliasAddress EpAlias;
  EpAlias.SetSize(alias.GetSize());
  PINDEX i,at;
  for(i=0; i< alias.GetSize(); i++)
  {
   at = alias[i].Find('[');
   if(at!=P_MAX_INDEX)
    alias[i]=alias[i].Left(at);
   alias[i]=alias[i].Trim();
   H323SetAliasAddress(alias[i], EpAlias[i]);
  }
  const endptr caller = EndpointTable->FindByAliases(EpAlias);
  if(caller==NULL)
  {
   bReject=TRUE;
   rejectReason=H225_AdmissionRejectReason::e_callerNotRegistered;
  }
 }
// END OF ADDED CODE

////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////

 endptr CalledEP(0);
 PString calledPartyNumber;

 if (CallTbl->Size() >= callLimit && !obj_rr.m_answerCall) {
  bReject = TRUE;
  rejectReason = H225_AdmissionRejectReason::e_resourceUnavailable;
  PTRACE(1, "GK\tWarning: Exceed call limit!!");
 } else if (RequestingEP) { // Is the ARQ from a registered endpoint?
  bool bHasDestInfo =
(obj_rr.HasOptionalField(H225_AdmissionRequest::e_destinationInfo) &&
obj_rr.m_destinationInfo.GetSize() >= 1);
  if (bHasDestInfo) // apply rewriting rules
   Toolkit::Instance()->RewriteE164(obj_rr.m_destinationInfo[0]);

...

I don't know if this modification may cause problems...

Miguel Rodriguez.


----- Original Message ----- 
From: "Freddy Parra" <fparra@xxxxxxxxxx>
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, September 08, 2004 8:23 PM
Subject: RE:  Unregistered endpoints


The two sections [Gatekeeper::Auth] and [RasSrv::RRQAuth] show work for
direct mode which is for RAS messages only. Since these two sections
restrict access to which endpoints are allowed to register to the
Gatekeeper. It will authenticate based on H323 Alias and IP.

Freddy

-----Original Message-----
From: openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx
[mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Miguel
Rodríguez Álvarez
Sent: Wednesday, September 08, 2004 2:02 PM
To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Unregistered endpoints


Hi
AcceptUnregisteredCalls=0 only works if GKRouted=1 (also under [RoutedMode]
Section). But I would like to use Direct Endpoint Call Signalling
(GKRounted=0).

Miguel Rodriguez

----- Original Message ----- 
From: "Freddy Parra" <fparra@xxxxxxxxxx>
To: <openh323gk-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, September 08, 2004 6:40 PM
Subject: RE:  Unregistered endpoints


Your gatekeeper can reject calls from any unregistered endpoint by simply
having AcceptUnregisteredCalls=0 under [RoutedMode] Section.

This still will not protect your system since you can still have
unregistered endpoints register to your gatekeeper if you don't have the
following sections set.

Example:

;############################################################
;#Gatekeeper Authentication Section Defined.                #
;############################################################
[Gatekeeper::Auth]
AliasAuth=required;RRQ
default=allow

;############################################################
;#RRQ Authentication Section Defined.                       #
;############################################################
[RasSrv::RRQAuth]
ENDPOINT1=sigip:xxx.xxx.xxx.xxx:1720
ENDPOINT2=sigip:xxx.xxx.xxx.xxx:1720
ENDPOINT3=sigip:xxx.xxx.xxx.xxx:1720
ENDPOINT4=sigip:xxx.xxx.xxx.xxx:1720

Adding these two sections will make sure that only Endpoints 1 thru 4 coming
from the following IPs(xxx.xxx.xxx.xxx) can register
to your gatekeeper and therefore call other register endpoints. I hope this
helps.

Regards,

Freddy



-----Original Message-----
From: openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx
[mailto:openh323gk-users-admin@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of Miguel
Rodríguez Álvarez
Sent: Wednesday, September 08, 2004 12:08 PM
To: openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Subject:  Unregistered endpoints


Hi,
I would like that registered endpoints reject calls from unregistered
endpoints. What should I do?
I don't know what parameters must been changed in gatekeeper config file.
Could anyone help me?

Miguel Rodriguez.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49
Homepage: http://www.gnugk.org/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=ick

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id.49
Homepage: http://www.gnugk.org/



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click

_______________________________________________________

List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux