Blocking File Transfers to Federated Users Using Lync MSPL Scripts

Once again my lack of programming skill has bitten me but luckily for me its not what you know but who you know. Keith from Got UC saved me once again with more scripting brilliance. MSPL scripts are probably one of the least talked about but most useful tools an admin has in Lync.

This is third time I have seen MSPL scripts used to extend functionality in Lync which shows just how flexible they are. Their ability to manipulate SIP messages is where their strength lies. From blocking calls to changing parameters within the SIP header they are really versatile and very useful.

Below is the script text along with a downloadable version underneath the text. The script blocks file transfers to any sipuri outside of the sip domain configured in Lync. So obviously there is a catch here in that it is only intended for a single SIP domain environment in its current format. The script is looking at the to and from header values and retrieving information on the domain from the invite. Some companies might be working with multiple SIP domains and this script could affect traffic that it wasn’t intended to, so use with some caution if that is your environment.

<?xml version="1.0"?>
<r:applicationManifest
r:appUri="http://www.gotuc.net/FileTransferBlock"
xmlns:r="http://schemas.microsoft.com/lcs/2006/05">
    <r:requestFilter methodNames="INVITE" strictRoute="true"/>
    <r:responseFilter reasonCodes="NONE"/>
       <r:scriptOnly/>
  <r:splScript><![CDATA[

/*++
Module Name:
       FileTransferBlock.am
--*/
       if (sipRequest)
       {
              //Check the content type. If the content type is QoE content type, process it; otherwise ignore it.          
              foreach(header in GetHeaderValues(StandardHeader.ContentType))
              {
                     if (IndexOfString(header, "multipart/", true) == 0)
                     {
                           Log("Debug", false, "Found multipart body. Content-Type:", header );
                           i = 0;
                           while(i < MultiPartItem.Count && BindMultiPartBodyItem(i))
                           {            
                                  if(ContainsString(MultiPartItem.ContentType, "application/ms-filetransfer+xml", true))
                                  {     
                                         //toHomeServer = QueryHomeServer(sipRequest.To);
                                         //fromHomeServer = QueryHomeServer(sipRequest.From);
                                         Log("Debugr", false, "***** We have a File Transfer request *****");
                                         //Log("Debugr", false, "***** Request.To home server ", toHomeServer);
                                         //Log("Debugr", false, "***** Request.From home server ", fromHomeServer);

                                         hostName = GetHostName(GetUri(sipRequest.To));
                                         local = ContainsString(FQDN, hostName, true);
                                         Log("Debugr", false, "***** Request.To: ", GetUri(sipRequest.To), " *****");
                                         Log("Debugr", false, "***** Request.To host name: ", hostName, " *****");

                                         if(local)
                                         {
                                                Log("Debugr", false, "***** Request.To is local. Transfer ok *****");
                                         }
                                         else
                                         {
                                                Log("Debugr", false, "***** Request.To is federated. Transfer cancelled *****");
                                                Respond(503, "Service Unavailable");
                                         }
                                   break;
                                  }
                                   i=i+1;
                           }               
                     break;
                     }   
              }
       }

       return;
         
]]></r:splScript>
</r:applicationManifest>

You can also download the script from here.

Again, thanks to Keith for putting the script together.

Update: For information on installing this script check here. This is a really good guide on how to do it. Also this script could be potentially installed on the Edge if desired. Check the guide on how to do that and also TechNet here.

Comments welcomed.

VoIPNorm

3 comments:

  1. Will this work on a OCS R2 edge? I need to block file transfers to federated users and have not upgraded our edge server to lync.

    ReplyDelete
    Replies
    1. I haven't tested on OCS but it should. Make sure to try it in a lab first if you can.

      Delete
  2. http://support.microsoft.com/kb/2621840

    ReplyDelete

Note: Only a member of this blog may post a comment.