[Freeswitch-users] SIP users

David Knell dave at 3c.co.uk
Wed Dec 26 09:02:32 EST 2007


Hi all -

Got a bit of an issue with registering endpoints - these being phones - 
with FS,
which is that the username used for authentication is not necessarily 
the same as
the username used for call routing.  This is fine if you can trust your 
users
(and their endpoints) to set them to be the same, but I can't.  To be 
specific,
a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com
will call whoever has set their SIP username to be 2000, which might be 
different
to who's authenticated using an authentication username of 2000.

Less wordily, any user can get any other user's calls by changing their 
SIP username
to match that user's.

I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see 
attached)
to allow the username for an endpoint to be forced to be something, in 
the same
way as sip-force-contact allows the contact to be set.  A directory 
entry might now
look like:

<section name="directory">
    <domain name="testing">
        <user id="2000">
            <params>
                <param name="password" value="password" />
            </params>
            <variables>
                <variable name="sip-force-user" value="2000" />
            </variables>
        </user>
    </domain>
</section>

A couple of questions.  Firstly, have I overlooked something blindingly 
obvious
here and am I barking up completely the wrong tree?  Assuming not, is 
this the
right approach, or should we - instead of forcing the username to be 
something -
verify that it is that something and refuse the registration if not?

Cheers --

Dave

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sofia_reg_c_patch.txt
Url: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071226/2121d52a/attachment.txt 


More information about the Freeswitch-users mailing list