At 03:48 PM 6/6/2003, Greg Fausak wrote: --snip--
My code looks like:
If(src_ip == my.pstn.gateway.address) { ... } Else { if(!www_authorize()) { www_challenge(); }; }
This means that calls can come from my gateway without authentication. Later on in the script: ...
t_on_negative("9"); if(!t_relay()) { sl_reply_error(); break; };}
reply_route[9] { log(1,"REPLY_ROUTE:"); revert_uri();
setuser("nextnumber"); t_relay();}
This logic only works if I get rid of my authentication/challenge logic. Because the T_relay() src_ip address is NOT the pstn.gateway address after the reply_route executes!
? I'm puzzled -- does the script above somehow relate to the problem you are describing? You only check src_ip in route{} which is called only once, so why do you care about what happens after reply_route{}?
So, I tried putting a line in the reply_route that did:
setflag(9);
And changed the beginning of my script:
If(src_ip == my.pstn.gateway.address | isflagset(9)) { ... } Else { if(!www_authorize()) { www_challenge(); }; }
Why do you re-check authentication in reply_route? The authentication has been already verified on the original request and it buys no security to do it again with the same request later.
This doesn't work. I know the flag was set in the reply_route, but it is not recognized in the main script.
I guess neither src_ip nor flag were copied to reply_route context in 8.10. That should have changed in 8.11, in case you need it.
a.