[Users] User Registration Security on Openser
Howard Tang
howard615 at gmail.com
Wed Jan 17 23:49:31 CET 2007
Hi,
I realized some one is able to make call and registered to my sip
proxy while he/she is not in the subscriber table.
I couldn't find his/her username in the subscriber table, but i was
able to see him/her in the location table. I am able to see he/she
made 10 calls from my sip proxy.
Anyone have an idea on what i have done wrong? I have included the
authentication part of code here.
if (uri==myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest
authentication
if (!www_authorize("x.x.x.x", "subscriber")) {
www_challenge("x.x.x.x", "0");
exit;
};
consume_credentials();
save("location");
exit;
};
if (method=="INVITE") {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("x.x.x.x","0");
exit;
}
consume_credentials();
};
lookup("aliases");
if (!uri==myself) {
append_hf("P-hint: outbound alias\r\n");
route(1);
};
--
Howard Tang
More information about the sr-users
mailing list