[OpenSER-Users] Multidomain and in-dialog REFER auth issue

[Iñaki Baz Castillo]

El Monday 15 October 2007 22:35:34 Klaus Darilion escribió:
> Iñaki Baz Castillo wrote:
> > El Monday 15 October 2007 12:12:44 Klaus Darilion escribió:
> >> What exactly do you want to achieve? Do you want to allow REFER only
> >> intradomain?
> >
> > Exactly.
> > - Imagine you admin a OpenSer that gives service to 2 independent
> > companies (domain_A and domain_B).
> > - Imagine a user_A of domain_A calls to a user_B of domain_B.
> > - During the call user_A does REFER.
> > - OpenSer requires auth por REFER, so user_A sends auth (it can since
> > it's a local user).
> > - So finally user_B is transferred by an external user. Of course this is
> > not tolerable.
> >
> > So I need to allow a REFER just if the caller and called are in the same
> > domain, but REFER is in-dialog so there is not domain name in the URI.
>
> just an idea: check if $fd of REFER is identical to domain in REFER to
> header - if not -> reject it.

It's a great idea!
Of course I need to test it. For example:
What about if the "Refer-to" header just contains "sip:001234234234" with no 
@domain? maybe there are "broken" SIP devices which auto-complete this URI 
with their domain?




> Further, if B's phone send out the new INVITE, if $rd != $fd then do not
> send the call to the gateway.

Humm, it can't be, because in case of a forwarding (implemented in OpenSer) I 
do allow calls from others domain to PSTN gateway.


Thanks a lot for your suggest, it's a very good solution :)



-- 
Iñaki Baz Castillo
ibc at in.ilimit.es