[Users] determining if From==To
Daniel-Constantin Mierla
daniel at voice-system.ro
Fri Dec 15 12:15:46 CET 2006
On 12/14/06 19:42, Jiri Kuthan wrote:
> [...]
>>>> Hi,
>>>>
>>>> How would one determine if the From address equals the To address, or even
>>>> better, if the To address is either the same as or an alias of the From
>>>> address?
>>>>
>>> copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
>>>
>> should work without the need of copy
>>
>> avp_check("$fu","eq/$tu/i")
>> http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
>>
>
> Attached is an snipplet of SER/ottendorf authenticational policy, which does that
> in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it
> checks whether the user as identified in his digest credentials is allowed to
> use URI as in To header field, and it optionally checks From header field too.
>
Thanks for your input. 'users' mailing list is mainly for discussion
related stable releases, and avp_check("$fu","eq/$tu/i") is in OpenSER
stable since long time ago - pseudo-variables in OpenSER were introduced
in summer 2005 and become stable in October 2005, with version 1.0.0.
>
> # check if the authenticated user is the same as the target user
> if (!lookup_user("$t.uid", "@to.uri")) {
> sl_send_reply("404", "Unknown user in To");
> drop;
> }
>
> if ($f.uid != $t.uid) {
> sl_send_reply("403", "Authentication and To-Header mismatch");
> drop;
> }
>
> [...]
>
> Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEAD&content-type=text/vnd.viewcvs-markup
>
> Alas, it relies on ser/ottendorf and to my best knowledge the select feature on
> which this script is based, is not available in openser. We are actively considering
> contributing select from ser to openser to avoid too big mismatches in both
> projects' config files, but that unfortunately appears unlikely during this
> busy end of year.
>
We welcome any contribution, please follow the rules from OpenSER site:
http://www.openser.org/index.php?option=com_content&task=view&id=32&Itemid=46
OpenSER pseudo-variables were designed for extensibility, as scalable
and flexible framework, for a dynamic information access. There is a
well defined plan for its future development -- features will be added
as needed, the next release (see the roadmap for timelines) will bring a
lot here. In my opinion, having them in two stable releases by now,
proves the stability and maturity, introducing something from an
under-development system is not very much justified.
If you decide to contribute to openser pseudo-variables system, openser
is 'open' :-), patches can be directly submitted to:
http://sourceforge.net/tracker/?group_id=139143
Cheers,
Daniel
> -jiri
>
>
> --
> Jiri Kuthan http://iptel.org/~jiri/
>
>
>
More information about the sr-users
mailing list