[OpenSER-Users] Multidomain and in-dialog REFER auth issue

Iñaki Baz Castillo ibc at in.ilimit.es
Mon Oct 15 10:13:22 CEST 2007


El Monday 15 October 2007 09:58:36 Iñaki Baz Castillo escribió:
> How can my OpenSer know which domain this REFER goes? of course the "To"
> header is not valid at all.
>
> Could be a solution a SQL query to "location" table looking for the URI
> (sip:userB at 80.98.123.23:5060) and getting the username and domain of this?

Anyway this solution wouldn't be secure since userA at domainA.com could hack 
its "From" header in the REFER and appears as "@domainB.com".

So I think I need to store dialog info in a table (in the 200-OK), with those 
info:

- "From" header domain
- RURI domain
- fromtag
- totag
- "Call-ID" header

and query this table in REFER amtching fromtag, totag and Call-ID, and just 
allow the REFER is "From" header and RURI domain are the same.

"Dialog" module is not valid for me since it doesn't store RURI.

Any suggestion about it? Thanks a lot.

-- 
Iñaki Baz Castillo
ibc at in.ilimit.es




More information about the sr-users mailing list