[Serusers] Check_from()

Greg Fausak greg at august.net
Fri Oct 10 04:36:53 CEST 2003 

OK, so in the case of REGISTER I could
 do a check_to() and a check_from(), since they
 should all be equal.  In case of an INVITE, just a check_from(),
 right?

This makes sense why you do a check_to() after the www_authorize(),
 otherwise you wouldn't have the digest credentials.

Thanks !

---greg

> 
> if use_uri_table is set, then the username/digest_id is checked
> against a white-list of valid combinations in database. For
> example user with id "mrpoliceman" can be allowed to have
> "mrpoliceman" and "911" in URIs.
> 
> If unset, username is checked against digest_id. "mrpoliceman"
> can only have "mrpoliceman" in URIs. No database lookep is carried
> out.
> 
> At iptel, we deploy the latter simple policy: 
> 
>   if (method=="REGISTER") {
>         if (!www_authorize("iptel.org", "subscriber")) {
>             # challenge if none or invalid credentials
>             www_challenge("iptel.org", "0");
>             break;
>         };
>        if (!check_to()) {
>             log("LOG: To Cheating attempt\n");
>             sl_send_reply("403", "That is ugly -- use To=id 
> in REGISTERs");
>             break;
>         };
> 
> (If you try to login at iptel  with Messenger and specify 
> different URI
>   from digest identity, you will get 403)
> 
> 
> The table-driven policy is good if subscribers may have various 
> appearances.
> 
> -jiri
> 
> At 04:13 AM 10/10/2003, Greg Fausak wrote:
> >I've run into a problem (again) where I'm worried about the 
> registration
> >and invite identity.  I've got the appropriate check_from() which
> >verifies
> >that the from uri contains a user in the subscriber table.  
> >
> >The README in uri :
> >-------
> >1.4.3. check_from()
> >
> >   Check From username against URI table or digest credentials.
> >--------
> >I can't tell from the description if this means that *any* user
> >will work?  Can the user in the from() field be different that the
> >user in the digest credentials?  How can I be sure that the from
> >matches the credentials?
> >
> >---greg
> >
> >
> >
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> 
> --
> Jiri Kuthan            http://iptel.org/~jiri/ 
>

More information about the sr-users mailing list