[Devel] uri checks (check_from/to)
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Jan 12 16:32:35 CET 2007
Hi Klaus,
if you do auth before check_to/from, the domain is already checked
against the realm - auth does this; it gets the domain either from
script, either from To/From URI and looks only for credentials with
domain==realm.
regards,
bogdan
Klaus Darilion wrote:
> Hi!
>
> I think typical multidomain setups (at least mine) use identical
> username for authentication and the SIP Aor.
>
> e.g.
> SIP AoR: user1 at domain1
> auth user: user1
> realm: domain1
>
> SIP AoR: user2 at domain2
> auth user: user2
> realm: domain2
>
> Further, check_to/from is used to prevent registration hijacking. This
> works fine as long as user1 != user2. But if I have sip:office at domain1
> and sip:office at domain2 also the domain of the from/to header must be
> checked against the realm.
>
> Probably this can be done using pseudo variables and avpcheck but
> shouldn't it be done automatically in check_to/from (and expand the
> uri table to allow same auth user (username) for different realms)?
>
> regards
> klaus
>
More information about the Devel
mailing list