[Freeswitch-users] SIP users
David Knell
dave at 3c.co.uk
Wed Dec 26 09:02:32 EST 2007
Hi all -
Got a bit of an issue with registering endpoints - these being phones -
with FS,
which is that the username used for authentication is not necessarily
the same as
the username used for call routing. This is fine if you can trust your
users
(and their endpoints) to set them to be the same, but I can't. To be
specific,
a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com
will call whoever has set their SIP username to be 2000, which might be
different
to who's authenticated using an authentication username of 2000.
Less wordily, any user can get any other user's calls by changing their
SIP username
to match that user's.
I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see
attached)
to allow the username for an endpoint to be forced to be something, in
the same
way as sip-force-contact allows the contact to be set. A directory
entry might now
look like:
<section name="directory">
<domain name="testing">
<user id="2000">
<params>
<param name="password" value="password" />
</params>
<variables>
<variable name="sip-force-user" value="2000" />
</variables>
</user>
</domain>
</section>
A couple of questions. Firstly, have I overlooked something blindingly
obvious
here and am I barking up completely the wrong tree? Assuming not, is
this the
right approach, or should we - instead of forcing the username to be
something -
verify that it is that something and refuse the registration if not?
Cheers --
Dave
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sofia_reg_c_patch.txt
Url: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071226/2121d52a/attachment.txt
More information about the Freeswitch-users
mailing list