-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Even there.. how to deny it with openser! Cirpack can do it, for example if I put another a contact name different of my auth name, it replies an error! It prevents another person to receive your calls!!
Look, you have in From and Contact header the user 105
From: sip:105@sd-7501.dedibox.fr:5060;user=phone;tag=c0a80101-38c0e7.
but my user is the 106 user
Authorization: Digest username="106", realm="sd-7501.dedibox.fr", nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", uri="sip:sd-7501.dedibox.fr", response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, cnonce="38c102", nc=00000001.
# U 82.127.0.79:1045 -> 88.191.45.91:5060 REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0. Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420. From: sip:105@sd-7501.dedibox.fr:5060;user=phone;tag=c0a80101-38c0e7. To: sip:105@sd-7501.dedibox.fr:5060;user=phone. Call-ID: 29eb6e9-c0a80101-5-17@192.168.95.70. CSeq: 90 REGISTER. Max-Forwards: 70. Expires: 3600. Contact: sip:105@82.127.0.79:1046;user=phone. Authorization: Digest username="106", realm="sd-7501.dedibox.fr", nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", uri="sip:sd-7501.dedibox.fr", response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, cnonce="38c102", nc=00000001. User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4. Allow-Events: refer,dialog,message-summary,check-sync,talk,hold. Content-Length: 0.
Carsten Bock a écrit :
Hi Marc,
The problem is not the contact, but the From-Header. The From-Header contains the username, which registers. The Contact Header (according to RFC 3261) must be a valid URI, that's all (e.g. some CPE's put sip:<ip-address>:line=xyz in contact).
Carsten
Am Donnerstag, den 06.09.2007, 12:01 +0200 schrieb Marc LEURENT: I have a security matter with my configuration (default one), it's possible to register using login/password and to set anything in the contact field. So if you have an account 106/password, it's possible to be 105 in the location database!
How is it possible to deny that kind of matter..? Thanks
Is it useful to use: method_filtering of the REGISTRAR module Or is it better to so something whith the values below and a compare function?? $ct - reference to body of contact header $ar - realm from Authorization or Proxy-Authorization header $au - username from Authorization or Proxy-Authorization header
if ($ct != $au@$ar) { sl_send_reply("403", "User and login must be the same"); };
Best Regards,
Marc LEURENT
# U 82.127.0.79:1045 -> 88.191.45.91:5060 REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0. Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420. From: sip:105@sd-7501.dedibox.fr:5060;user=phone;tag=c0a80101-38c0e7. To: sip:105@sd-7501.dedibox.fr:5060;user=phone. Call-ID: 29eb6e9-c0a80101-5-17@192.168.95.70. CSeq: 90 REGISTER. Max-Forwards: 70. Expires: 3600. Contact: sip:105@82.127.0.79:1046;user=phone. Authorization: Digest username="106", realm="sd-7501.dedibox.fr", nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", uri="sip:sd-7501.dedibox.fr", response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, cnonce="38c102", nc=00000001. User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4. Allow-Events: refer,dialog,message-summary,check-sync,talk,hold. Content-Length: 0. .
AOR:: 105 Contact:: sip:105@82.127.0.79:1046;user=phone Q= Expires:: 194 Callid:: 29eb6e9-c0a80101-5-17@192.168.95.70 Cseq:: 92 User-agent:: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4 Received:: sip:82.127.0.79:1045 State:: CS_SYNC Flags:: 0 Cflag:: 192 Socket:: udp:88.191.45.91:5060 Methods:: 4294967295
_______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users