[Kamailio-Devel] [ openser-Bugs-2740437 ] PUBLISH authentication is wrong
jh at tutpro.com
Thu Apr 16 07:05:55 CEST 2009
> For PUBLISH requests, Authentication user should be checked against
> RURI. Thus, realm should be derived from RURI too.
> Can someone please review the patch - I am not sure if the usage of
> &(_m->parsed_uri) is correct in this situation.
i replied to this a couple of days ago, but it went to noreply address.
i'll try again. i reviewed the patch and i don't think it is correct.
if you want to take authentication user from ruri, there is no reason to
parse from uri.
i can take care of the patch, but i would like first to understand, why
publish authentication should be done based on request uri. is this
because of third party publish or what? normally the user itself (in
from header) sends the publish.
i personally check in my script that from uri of publish matches ruri
and thus to me it is irrelevant if authentication user is taken from
from uri or ruri.
More information about the Devel