El Monday 23 July 2007 17:50:58 Klaus Darilion escribió:
> Iñaki Baz Castillo wrote:
> > Hi, I want to mantain independent domains in OpenSer. In my case I've a
> > OpenSer with a single DNS A record and various CNAME (I still don't want
> > to play with SRV and so).
> >
> > so:
> >
> > DNS A = openser.domain.org
> > CNAME = sip1.domain.org
> > CNAME = sip2.domain.org
> >
> >
> > And I want users of sip1.domain.org and sip2.domain.org, as independent
> > groups.
> >
> > I just want to avoid SIP interdomain messages, so [EMAIL PROTECTED]
> > CAN'T invite [EMAIL PROTECTED] even if he does authentication.
> >
> > I've loaded "domain" module and use "is_uri_host_local()"
> > and "is_from_local()" functions, but for now I only used one domain.
> >
> > My question is very general: for implement (or avoid) interdomain
> > comunication, do I need to use the "domainpolicy" [1] module?
>
> no
>
> > I've read its
> >
> > doc and know it's based in 3 drafts [2][3][4], but all of them seems to
> > be based in the complex NAPTR record and so. Is it the way?
>
> if you only want to prevent calls from sip1 to sip2 just compare the
> from domain with the domain in the ruri
>
> if ( $rd != $fd) {
> sl_send_reply("403","forbidden");
> exit;
> }
>
> > I think I could just compare the FROM domain with the TO domain in order
> > to avoid interdomain communication, but of course I'd like in the future
> > the possiblity of allowing some domains to contact some other domains. Is
> > then "domainpolicy" the solution I should learn?
>
> no. it would be easier to just put all the allowed domains into a table:
>
> A | B
> ---------------
> sip1 | sip2
> sip1 | sip3
> sip5 | sip6
>
>
> the code would be somehow like this (from the logic . I do not know the
> exact syntax by heart):
>
> if ( $rd != $fd) {
> # lookup table with raw_query from avp_ops module:
> ... SELECT count(*) from table WHERE ($rd=A and $fd=B) OR ($rd=B and
> $fd=A);
>
> if count == 0 {
> sl_send_reply("403","forbidden");
> exit;
> }
> }
Ok, very clear. Thanks a lot.
Regards.
--
Iñaki Baz Castillo
[EMAIL PROTECTED]
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
