[OpenSER-Users] Multidomain and in-dialog REFER auth issue
Iñaki Baz Castillo
ibc at in.ilimit.es
Mon Oct 15 13:44:25 CEST 2007
El Monday 15 October 2007 12:12:44 Klaus Darilion escribió:
> Iñaki Baz Castillo schrieb:
> > El Monday 15 October 2007 11:26:16 Klaus Darilion escribió:
> >> Authentication of in-dialog requests in SIP is broken - you can not rely
> >> on the From/To headers.
> >
> > I can rely on "From" since if I authenticate a caller and do
> > "check_from()" I can be sure there is not spoof.
> >
> > But I need to know the dialog original URI domain in order to allow or
> > not a REFER.
> >
> > Because of this issue I need to store dialog info with original URI.
>
> What exactly do you want to achieve? Do you want to allow REFER only
> intradomain?
Exactly.
- Imagine you admin a OpenSer that gives service to 2 independent companies
(domain_A and domain_B).
- Imagine a user_A of domain_A calls to a user_B of domain_B.
- During the call user_A does REFER.
- OpenSer requires auth por REFER, so user_A sends auth (it can since it's a
local user).
- So finally user_B is transferred by an external user. Of course this is not
tolerable.
So I need to allow a REFER just if the caller and called are in the same
domain, but REFER is in-dialog so there is not domain name in the URI.
That's the issue I try to solve.
Thanks.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the sr-users
mailing list