[Users] determining if From==To

Daniel-Constantin Mierla daniel at voice-system.ro
Fri Dec 15 12:15:46 CET 2006 


On 12/14/06 19:42, Jiri Kuthan wrote:
> [...]
>>>> Hi,
>>>>
>>>> How would one determine if the From address equals the To address, or even
>>>> better, if the To address is either the same as or an alias of the From
>>>> address?
>>>>         
>>> copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
>>>       
>> should work without the need of copy
>>
>> avp_check("$fu","eq/$tu/i")
>> http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
>>     
>
> Attached is an snipplet of SER/ottendorf authenticational policy, which does that
> in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it
> checks whether the user as identified in his digest credentials is allowed to
> use URI as in To header field, and it optionally checks From header field too.
>   
Thanks for your input. 'users' mailing list is mainly for discussion 
related stable releases, and avp_check("$fu","eq/$tu/i") is in OpenSER 
stable since long time ago - pseudo-variables in OpenSER were introduced 
in summer 2005 and become stable in October 2005, with version 1.0.0.

>
>                 # check if the authenticated user is the same as the target user
>                 if (!lookup_user("$t.uid", "@to.uri")) {
>                         sl_send_reply("404", "Unknown user in To");
>                         drop;
>                 }
>
>                 if ($f.uid != $t.uid) {
>                         sl_send_reply("403", "Authentication and To-Header mismatch");
>                         drop;
>                 }
>
> [...]
>
> Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEAD&content-type=text/vnd.viewcvs-markup
>
> Alas, it relies on ser/ottendorf and to my best knowledge the select feature on
> which this script is based, is not available in openser. We are actively considering
> contributing select from ser to openser to avoid too big mismatches in both
> projects' config files, but that unfortunately appears unlikely during this
> busy end of year.
>   
We welcome any contribution, please follow the rules from OpenSER site:
http://www.openser.org/index.php?option=com_content&task=view&id=32&Itemid=46

OpenSER pseudo-variables were designed for extensibility, as scalable 
and flexible framework, for a dynamic information access. There is a 
well defined plan for its future development -- features will be added 
as needed, the next release (see the roadmap for timelines) will bring a 
lot here. In my opinion, having them in two stable releases by now, 
proves the stability and maturity, introducing something from an 
under-development system is not very much justified.

If you decide to contribute to openser pseudo-variables system, openser 
is 'open' :-), patches can be directly submitted to:
http://sourceforge.net/tracker/?group_id=139143

Cheers,
Daniel

> -jiri
>
>
> --
> Jiri Kuthan            http://iptel.org/~jiri/ 
>
>
>

More information about the sr-users mailing list