[Serusers] Strange behavior of Radius-Authentification with Usernames
Andrei Pelinescu-Onciul
pelinescu-onciul at fokus.fraunhofer.de
Thu Jul 8 13:45:34 CEST 2004
On Jul 08, 2004 at 13:20, Kai Militzer <km at westend.com> wrote:
> Hi list!
>
> I just came across something very strange when using the radius-modules
> and wonder if it is a wanted feature, a bug or simply me being stupid
> (which I guess will be the case).
>
> The thing is the following. My ser.cfg has the following in it when an
> UA registers:
>
> if (method=="REGISTER") {
>
> if (!radius_proxy_authorize("XXX.XXX.XXX.XXX"))
> {
> proxy_challenge("XXX.XXX.XXX.XXX", "0");
> break;
> };
> log(1,"Registered");
> save("location");
> break;
> };
>
>
> This works fine, means the user get's registered, if it is known to
> Radius and not registered in the opposite case.
>
> Now to the strange thing. In most UAs you can enter different user-parts
> of the URI and Authentication-Users. I used kphone for this test and
> entered a valid username as authentication username and some random
> number (or word, that doesn't matter) as "User part of SIP URL". What
> happens then is, that the user can register and gets a URI different
> from the authenticated username. With this behavior every user would be
> able to "hijack" connections from other user.
>
> How can I tell SER to not allow this? Has it something to do with the
> SIP-Rpid argument in Radius? Ser seems to ignore it.
Use check_to from the uri module.
Before save(...) add something like:
if (!check_to()){
/* error reply here */
break;
}
Andrei
More information about the sr-users
mailing list