[Users] Aliases and attempts from UA's to register their aliases

Thu Feb 15 14:39:08 CET 2007

Hi,

Not sure about the registration, but for allowing calls with different 
CLI then the auth-user, you could maintain a list of allowed CLIs per 
user in usr_preferences. Let's assume you store them as integer-avp 345, 
then something like this could work for invites:

# authenticate, load usr_preferences, then:
if(!check_fom() && !avp_check("$fU", "eq/$avp(i:345/g")) {
   sl_send_reply("403", "Invalid CLI");
}

The check could be modified for registers as well, of course. And note 
that From is not the only way to transport CLIs, also check for 
P-Preferred/Asserted-Identity and Remote-Party-ID.

Andreas

Andreas Sikkema wrote:
> Hi,
> 
> I'm working on extending my OpenSER configuration to allow 
> a user account to have one or more aliases.
> 
> User A is reachable by calling A, but also using alias B or 
> C. I have this working for calls to the UA, but I'm having 
> problems with registration attempts from A and calls from 
> A to other UA's or PSTN where it wants to send B or C as 
> outgoing CLI.
> 
> For some reason, all UAs I've seen so far need to register 
> their aliases to be able to send an alias as outgoing CLI. 
> My OpenSER config uses the following to check authenticate 
> the user (from an old SER example:
> 
> if (!www_authorize("domain", "subscriber"))
> {
> 	www_challenge("domain", "0");
> 	exit;
> }
> 
> if (!check_to())
> {
> 	log("LOG: To Cheating attempt\n");
> 	sl_send_reply("403", "That is ugly -- use To=id in REGISTERs");
> 	exit;
> };
> 
> When a UA tries to register an alias the www_authorize() 
> succeeds, because the UA sends the correct authentication 
> data for A, but uses the alias B or C in the To and From 
> headers so check_to() fails with the error that B or C is 
> being spoofed.
> 
> I (OpenSER) know that B and C are aliases of A, but how do I 
> make this registration logic accept that and send a 200 OK message 
> back? (I also don't want to save the registered alias in the 
> location table, but that part I know how to do, I think).
> 
> The calls using outgoing CLI of the alias have I think the same 
> problem where the From header has an alias where check_from() 
> expects the data for A. I think the solution for this would be 
> something comparable to solving the registration problem, correct?
> 
> Thanks!
> 

This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Thank you for your cooperation.