[Users] User Registration Security on Openser

Howard Tang howard615 at gmail.com
Wed Jan 17 23:49:31 CET 2007


Hi,

I realized some one is able to make call and registered to my sip
proxy while he/she is not in the subscriber table.

I couldn't find his/her username in the subscriber table, but i was
able to see him/her in the location table. I am able to see he/she
made 10 calls from my sip proxy.

Anyone have an idea on what i have done wrong? I have included the
authentication part of code here.

     if (uri==myself) {
                if (method=="REGISTER") {
                        # Uncomment this if you want to use digest
authentication
                        if (!www_authorize("x.x.x.x", "subscriber")) {
                                www_challenge("x.x.x.x", "0");
                                exit;
                        };
                        consume_credentials();
                        save("location");
                        exit;
                };

                if (method=="INVITE") {
                        if (!proxy_authorize("","subscriber")) {
                                proxy_challenge("x.x.x.x","0");
                                exit;
                        }
                        consume_credentials();
                };

                lookup("aliases");
                if (!uri==myself) {
                        append_hf("P-hint: outbound alias\r\n");
                        route(1);
                };


-- 
Howard Tang




More information about the sr-users mailing list