[SR-Users] consume_credentials not working on PRACK?
Benoit Panizzon
benoit.panizzon at imp.ch
Mon Oct 31 15:42:24 CET 2022
Hi List
I noticed, that one of our CPE copies the Proxy-Authorization HF in
almost all messages sent.
As PRACK were not authenticated, those headers were potentially sent on
to the destination disclosing the authentication username and realm.
So assuming, if credentials are present, the client wishes them to be
validated, I added:
if (has_credentials("$fd")) {
xlog("L_INFO", "$cfg(route): got $rm with credentials. Validate them!\n");
route(AUTH);
}
and in route[AUTH] I call:
pv_auth_check() which returns 1 thus success upon which I use:
if(!is_method("REGISTER|PUBLISH"))
consume_credentials();
If the method is INVITE:
Proxy-Authorization HF is removed by consume_credentials()
if the method is PRACK:
Proxy-Authorization HF is still present on the outbound leg.
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
More information about the sr-users
mailing list