[Serusers] Check_from()

Jiri Kuthan jiri at iptel.org
Fri Oct 10 04:27:54 CEST 2003


if use_uri_table is set, then the username/digest_id is checked
against a white-list of valid combinations in database. For
example user with id "mrpoliceman" can be allowed to have
"mrpoliceman" and "911" in URIs.

If unset, username is checked against digest_id. "mrpoliceman"
can only have "mrpoliceman" in URIs. No database lookep is carried
out.

At iptel, we deploy the latter simple policy: 

  if (method=="REGISTER") {
        if (!www_authorize("iptel.org", "subscriber")) {
            # challenge if none or invalid credentials
            www_challenge("iptel.org", "0");
            break;
        };
       if (!check_to()) {
            log("LOG: To Cheating attempt\n");
            sl_send_reply("403", "That is ugly -- use To=id in REGISTERs");
            break;
        };

(If you try to login at iptel  with Messenger and specify different URI
  from digest identity, you will get 403)


The table-driven policy is good if subscribers may have various 
appearances.

-jiri

At 04:13 AM 10/10/2003, Greg Fausak wrote:
>I've run into a problem (again) where I'm worried about the registration
>and invite identity.  I've got the appropriate check_from() which
>verifies
>that the from uri contains a user in the subscriber table.  
>
>The README in uri :
>-------
>1.4.3. check_from()
>
>   Check From username against URI table or digest credentials.
>--------
>I can't tell from the description if this means that *any* user
>will work?  Can the user in the from() field be different that the
>user in the digest credentials?  How can I be sure that the from
>matches the credentials?
>
>---greg
>
>
>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers

--
Jiri Kuthan            http://iptel.org/~jiri/ 




More information about the sr-users mailing list