[Freeswitch-users] SIP users

Anthony Minessale anthmct at yahoo.com
Wed Dec 26 18:29:09 EST 2007


That approach is pretty good since it gives you a way
to grant a certain extension to a certain user.

We could also add an option to the sofia profile to insist that 
all users must use the same vaule for the username and the auth
username. like 

<param name="inbound-reg-force-matching-username"/>

This is less flexible but easier to setup since it does not 
require modification of every user in the directory.



one or both of those solutions seem ok to me, let me know.



 


Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org
pstn:213-799-1400


----- Original Message ----
From: David Knell <dave at 3c.co.uk>
To: freeswitch-users at lists.freeswitch.org
Sent: Wednesday, December 26, 2007 8:02:32 AM
Subject: [Freeswitch-users] SIP users


Hi all -

Got a bit of an issue with registering endpoints - these being phones -
 
with FS,
which is that the username used for authentication is not necessarily 
the same as
the username used for call routing.  This is fine if you can trust your
 
users
(and their endpoints) to set them to be the same, but I can't.  To be 
specific,
a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com
will call whoever has set their SIP username to be 2000, which might be
 
different
to who's authenticated using an authentication username of 2000.

Less wordily, any user can get any other user's calls by changing their
 
SIP username
to match that user's.

I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see 
attached)
to allow the username for an endpoint to be forced to be something, in 
the same
way as sip-force-contact allows the contact to be set.  A directory 
entry might now
look like:

<section name="directory">
    <domain name="testing">
        <user id="2000">
            <params>
                <param name="password" value="password" />
            </params>
            <variables>
                <variable name="sip-force-user" value="2000" />
            </variables>
        </user>
    </domain>
</section>

A couple of questions.  Firstly, have I overlooked something blindingly
 
obvious
here and am I barking up completely the wrong tree?  Assuming not, is 
this the
right approach, or should we - instead of forcing the username to be 
something -
verify that it is that something and refuse the registration if not?

Cheers --

Dave



-----Inline Attachment Follows-----

*** 344,349 ****
--- 344,350 ----
        int network_port;
        int cd = 0;
        const char *call_id = NULL;
+       char *force_user;

        /* all callers must confirm that sip, sip->sip_request and
 sip->sip_contact are not NULL */
        switch_assert(sip != NULL && sip->sip_contact != NULL &&
 sip->sip_request != NULL);
***************
*** 419,424 ****
--- 420,433 ----
                        char *exp_var;

                        register_gateway =
 switch_event_get_header(*v_event, "sip-register-gateway");
+
+                       /* Allow us to force the SIP user to be
 something specific - needed if
+                        * we - for example - want to be able to ensure
 that the username a UA can
+                        * be contacted at is the same one that they
 used for authentication.
+                        */
+                       if ((force_user =
 switch_event_get_header(*v_event, "sip-force-user"))) {
+                               to_user = force_user;
+                       }

                        if ((v_contact_str =
 switch_event_get_header(*v_event, "sip-force-contact"))) {
                                if (!strcasecmp(v_contact_str,
 "nat-connectile-dysfunction") || !strcasecmp(v_contact_str,
 "NDLB-connectile-dysfunction")) {







      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071226/3a0f2610/attachment.html 


More information about the Freeswitch-users mailing list