[Users] SQL digest authentication

Fatih Cerit fatih at intersan.com.tr
Mon Jul 10 09:26:32 CEST 2006 

Hi  Daniel

Here is 2 sample output of cisco ata186. The diffrence of request 2 is
UseLoginID option marked at ata's config. If you check this option cisco
sends an other username. This make a security problem because I am not
authenticating UA with 1122334455 part of the request. This causes if a user
authenticated with username ip and realm she have a freedom of using any
alias at request 2. Is there any solution? Is it possible to add something
to the db_auth module like use_callers_alias and query like where
alias='1122334455' ?

Also callee's alias suits me to authenticate INVITEs.....

thanks
Cerit

Request 1
-----------------------------------------------------------------------------

REGISTER sip:10.0.0.12 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.14:5060
From: <sip:1122334455 at 10.0.0.12;user=phone>;tag=2427142844
To: <sip:1122334455 at 10.0.0.12;user=phone>
Call-ID: 1429834209 at 10.0.0.14
CSeq: 2 REGISTER
Contact:
<sip:1122334455 at 10.0.0.14:5060;user=phone;transport=udp>;expires=3600
User-Agent: Cisco ATA 186v2.16 ata18x (030509a)
Authorization: Digest
username="1122334455",realm="10.0.0.12",nonce="44afef73f2c473946f81d203b45c4dcd1a78e0ae",uri="sip:10.0.0.12",response="16e5d3bed2d73598203d3a407fe57009",qop=auth,nc=00000001,cnonce="35509adc"
Content-Length: 0


Request 2
-----------------------------------------------------------------------------
REGISTER sip:10.0.0.12 SIP/2.0
Via: SIP/2.0/UDP 10.0.0.14:5060
From: <sip:1122334455 at 10.0.0.12;user=phone>;tag=3900740504
To: <sip:1122334455 at 10.0.0.12;user=phone>
Call-ID: 935846403 at 10.0.0.14
CSeq: 2 REGISTER
Contact:
<sip:1122334455 at 10.0.0.14:5060;user=phone;transport=udp>;expires=3600
User-Agent: Cisco ATA 186v2.16 ata18x (030509a)
Authorization: Digest
username="tests",realm="10.0.0.12",nonce="44afefdb3ddf735d6092d6e037f764996c5f5bb4",uri="sip:10.0.0.12",response="5b75736c99cf2578b873370fb9a98885",qop=auth,nc=00000001,cnonce="e355c8b8"
Content-Length: 0



----- Original Message ----- 
From: "Daniel-Constantin Mierla" <daniel at voice-system.ro>
To: "Fatih Cerit" <fatih at intersan.com.tr>
Cc: <users at openser.org>
Sent: Friday, July 07, 2006 11:28 AM
Subject: Re: [Users] SQL digest authentication


> Hello,
>
> On 07/04/06 13:17, Fatih Cerit wrote:
>> Hi all
>> Is it possible to authenticate both username,realm,password and alias 
>> with module authdb. Is an option like use_domain ??
> the alias shows usually as callee address and you cannot authenticate the 
> callee. Maybe I haven't got properly your question, in this case, please 
> detail a bit what you need.
>
> Cheers,
> Daniel
>
>>
>> Thanks
>> cerit
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>

More information about the Users mailing list