[Freeswitch-users] SIP users

David Knell dave at 3c.co.uk
Thu Dec 27 12:20:00 PST 2007 

Hi Anthony,

That seems like a good plan, too.  The attached set of diffs implement 
both ways
of checking.

Cheers --

Dave

> That approach is pretty good since it gives you a way
> to grant a certain extension to a certain user.
>
> We could also add an option to the sofia profile to insist that
> all users must use the same vaule for the username and the auth
> username. like
>
> <param name="inbound-reg-force-matching-username"/>
>
> This is less flexible but easier to setup since it does not
> require modification of every user in the directory.
>
>
>
> one or both of those solutions seem ok to me, let me know.
>
>
>
>  
>
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> iax:guest at conference.freeswitch.org/888
> googletalk:conf+888 at conference.freeswitch.org
> pstn:213-799-1400
>
>
> ----- Original Message ----
> From: David Knell <dave at 3c.co.uk>
> To: freeswitch-users at lists.freeswitch.org
> Sent: Wednesday, December 26, 2007 8:02:32 AM
> Subject: [Freeswitch-users] SIP users
>
> Hi all -
>
> Got a bit of an issue with registering endpoints - these being phones -
> with FS,
> which is that the username used for authentication is not necessarily
> the same as
> the username used for call routing.  This is fine if you can trust your
> users
> (and their endpoints) to set them to be the same, but I can't.  To be
> specific,
> a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com
> will call whoever has set their SIP username to be 2000, which might be
> different
> to who's authenticated using an authentication username of 2000.
>
> Less wordily, any user can get any other user's calls by changing their
> SIP username
> to match that user's.
>
> I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see
> attached)
> to allow the username for an endpoint to be forced to be something, in
> the same
> way as sip-force-contact allows the contact to be set.  A directory
> entry might now
> look like:
>
> <section name="directory">
>     <domain name="testing">
>         <user id="2000">
>             <params>
>                 <param name="password" value="password" />
>             </params>
>             <variables>
>                 <variable name="sip-force-user" value="2000" />
>             </variables>
>         </user>
>     </domain>
> </section>
>
> A couple of questions.  Firstly, have I overlooked something blindingly
> obvious
> here and am I barking up completely the wrong tree?  Assuming not, is
> this the
> right approach, or should we - instead of forcing the username to be
> something -
> verify that it is that something and refuse the registration if not?
>
> Cheers --
>
> Dave
>
>
>
> -----Inline Attachment Follows-----
>
> *** 344,349 ****
> --- 344,350 ----
>         int network_port;
>         int cd = 0;
>         const char *call_id = NULL;
> +      char *force_user;
>
>         /* all callers must confirm that sip, sip->sip_request and 
> sip->sip_contact are not NULL */
>         switch_assert(sip != NULL && sip->sip_contact != NULL && 
> sip->sip_request != NULL);
> ***************
> *** 419,424 ****
> --- 420,433 ----
>                         char *exp_var;
>
>                         register_gateway = 
> switch_event_get_header(*v_event, "sip-register-gateway");
> +
> +                      /* Allow us to force the SIP user to be 
> something specific - needed if
> +                        * we - for example - want to be able to 
> ensure that the username a UA can
> +                        * be contacted at is the same one that they 
> used for authentication.
> +                        */
> +                      if ((force_user = 
> switch_event_get_header(*v_event, "sip-force-user"))) {
> +                              to_user = force_user;
> +                      }
>
>                         if ((v_contact_str = 
> switch_event_get_header(*v_event, "sip-force-contact"))) {
>                                 if (!strcasecmp(v_contact_str, 
> "nat-connectile-dysfunction") || !strcasecmp(v_contact_str, 
> "NDLB-connectile-dysfunction")) {
>
>
> ------------------------------------------------------------------------
> Never miss a thing. Make Yahoo your homepage. 
> <http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>   


-- 
David Knell, Director, 3C Limited
T: 020 8114 8901  F: 020 8692 0677  M: 07773 800623
http://www.3c.co.uk 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071227/76780f85/attachment-0002.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch.txt
Url: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20071227/76780f85/attachment-0002.txt

More information about the FreeSWITCH-users mailing list