[Serusers] hijack another account
Bruno Lopes F. Cabral
bruno at openline.com.br
Thu Dec 2 14:03:10 CET 2004
Hi there
how one would check if from!=authorized using RADIUS auth module?
Cheers
!3runo
Andreas Granig wrote:
>> This only checks the REGISTER method. I think we need something to
>> check the URI in the INVITE method whether it's fake or not. Just my
>> 2 cents.
>
> if(method == "INVITE" && proxy_authorize(...))
> {
> if(!check_from())
> {
> # from-user != authorized user
> }
> # proceed as usual here...
> }
>
> should do it.
> Andy
More information about the sr-users
mailing list