[Freeswitch-users] SIP users
David Knell
dave at 3c.co.uk
Thu Dec 27 15:20:00 EST 2007
Hi Anthony,
That seems like a good plan, too. The attached set of diffs implement
both ways
of checking.
Cheers --
Dave
> That approach is pretty good since it gives you a way
> to grant a certain extension to a certain user.
>
> We could also add an option to the sofia profile to insist that
> all users must use the same vaule for the username and the auth
> username. like
>
> <param name="inbound-reg-force-matching-username"/>
>
> This is less flexible but easier to setup since it does not
> require modification of every user in the directory.
>
>
>
> one or both of those solutions seem ok to me, let me know.
>
>
>
>
>
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400
>
>
> ----- Original Message ----
> From: David Knell <dave at 3c.co.uk>
> To: freeswitch-users at lists.freeswitch.org
> Sent: Wednesday, December 26, 2007 8:02:32 AM
> Subject: [Freeswitch-users] SIP users
>
> Hi all -
>
> Got a bit of an issue with registering endpoints - these being phones -
> with FS,
> which is that the username used for authentication is not necessarily
> the same as
> the username used for call routing. This is fine if you can trust your
> users
> (and their endpoints) to set them to be the same, but I can't. To be
> specific,
> a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com
> will call whoever has set their SIP username to be 2000, which might be
> different
> to who's authenticated using an authentication username of 2000.
>
> Less wordily, any user can get any other user's calls by changing their
> SIP username
> to match that user's.
>
> I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see
> attached)
> to allow the username for an endpoint to be forced to be something, in
> the same
> way as sip-force-contact allows the contact to be set. A directory
> entry might now
> look like:
>
> <section name="directory">
> <domain name="testing">
> <user id="2000">
> <params>
> <param name="password" value="password" />
> </params>
> <variables>
> <variable name="sip-force-user" value="2000" />
> </variables>
> </user>
> </domain>
> </section>
>
> A couple of questions. Firstly, have I overlooked something blindingly
> obvious
> here and am I barking up completely the wrong tree? Assuming not, is
> this the
> right approach, or should we - instead of forcing the username to be
> something -
> verify that it is that something and refuse the registration if not?
>
> Cheers --
>
> Dave
>
>
>
> -----Inline Attachment Follows-----
>
> *** 344,349 ****
> --- 344,350 ----
> int network_port;
> int cd = 0;
> const char *call_id = NULL;
> + char *force_user;
>
> /* all callers must confirm that sip, sip->sip_request and
> sip->sip_contact are not NULL */
> switch_assert(sip != NULL && sip->sip_contact != NULL &&
> sip->sip_request != NULL);
> ***************
> *** 419,424 ****
> --- 420,433 ----
> char *exp_var;
>
> register_gateway =
> switch_event_get_header(*v_event, "sip-register-gateway");
> +
> + /* Allow us to force the SIP user to be
> something specific - needed if
> + * we - for example - want to be able to
> ensure that the username a UA can
> + * be contacted at is the same one that they
> used for authentication.
> + */
> + if ((force_user =
> switch_event_get_header(*v_event, "sip-force-user"))) {
> + to_user = force_user;
> + }
>
> if ((v_contact_str =
> switch_event_get_header(*v_event, "sip-force-contact"))) {
> if (!strcasecmp(v_contact_str,
> "nat-connectile-dysfunction") || !strcasecmp(v_contact_str,
> "NDLB-connectile-dysfunction")) {
>
>
> ------------------------------------------------------------------------
> Never miss a thing. Make Yahoo your homepage.
> <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
David Knell, Director, 3C Limited
T: 020 8114 8901 F: 020 8692 0677 M: 07773 800623
http://www.3c.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071227/76780f85/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch.txt
Url: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071227/76780f85/attachment.txt
More information about the Freeswitch-users
mailing list