6 Jun
2003
6 Jun
'03
5:54 p.m.
At 03:48 PM 6/6/2003, Greg Fausak wrote:
--snip--
My code looks like:
If(src_ip == my.pstn.gateway.address)
{
...
}
Else
{
if(!www_authorize())
{
www_challenge();
};
}
This means that calls can come from my gateway without
authentication. Later on in the script:
...
t_on_negative("9");
if(!t_relay())
{
sl_reply_error();
break;
};
}
reply_route[9]
{
log(1,"REPLY_ROUTE:");
revert_uri();
setuser("nextnumber");
t_relay();
}
-----
This logic only works if I get rid of
my authentication/challenge logic. Because the
T_relay() src_ip address is NOT the pstn.gateway
address after the reply_route executes!
? I'm puzzled -- does the script above somehow relate to the problem
you are describing? You only check src_ip in route{} which is called
only once, so why do you care about what happens after reply_route{}?
So, I tried putting a line in the reply_route that
did:
setflag(9);
And changed the beginning of my script:
If(src_ip == my.pstn.gateway.address | isflagset(9))
{
...
}
Else
{
if(!www_authorize())
{
www_challenge();
};
}
Why do you re-check authentication in reply_route? The authentication
has been already verified on the original request and it buys no
security to do it again with the same request later.
This doesn't work. I know the flag was set in the
reply_route, but
it is not recognized in the main script.
I guess neither src_ip nor flag were copied to reply_route context
in 8.10. That should have changed in 8.11, in case you need it.
a.