<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:courier,monaco,monospace,sans-serif;font-size:12pt">That approach is pretty good since it gives you a way<br>to grant a certain extension to a certain user.<br><br>We could also add an option to the sofia profile to insist that <br>all users must use the same vaule for the username and the auth<br>username. like <br><br><param name="inbound-reg-force-matching-username"/><br><br>This is less flexible but easier to setup since it does not <br>require modification of every user in the directory.<br><br><br><br>one or both of those solutions seem ok to me, let me know.<br><br><br><br><div> <br><br></div><div>Anthony Minessale II<br><br><span>FreeSWITCH <a target="_blank" href="http://www.freeswitch.org/">http://www.freeswitch.org/</a></span><br><span>ClueCon <a target="_blank"
href="http://www.cluecon.com/">http://www.cluecon.com/</a></span><br><br>AIM: anthm<br>MSN:anthony_minessale@hotmail.com<br>GTALK/JABBER/PAYPAL:anthony.minessale@gmail.com<br>IRC: irc.freenode.net #freeswitch</div><div><br>FreeSWITCH Developer Conference<br>sip:888@conference.freeswitch.org<br>iax:guest@conference.freeswitch.org/888<br>googletalk:conf+888@conference.freeswitch.org<br>pstn:213-799-1400</div><div style="font-family: courier,monaco,monospace,sans-serif; font-size: 12pt;"><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Original Message ----<br>From: David Knell <dave@3c.co.uk><br>To: freeswitch-users@lists.freeswitch.org<br>Sent: Wednesday, December 26, 2007 8:02:32 AM<br>Subject: [Freeswitch-users] SIP users<br><br>
Hi all -<br><br>Got a bit of an issue with registering endpoints - these being phones -
<br>with FS,<br>which is that the username used for authentication is not necessarily <br>the same as<br>the username used for call routing. This is fine if you can trust your
<br>users<br>(and their endpoints) to set them to be the same, but I can't. To be <br>specific,<br>a dialplan entry such as a bridge to sofia/sip.foo.com/2000%sip.foo.com<br>will call whoever has set their SIP username to be 2000, which might be
<br>different<br>to who's authenticated using an authentication username of 2000.<br><br>Less wordily, any user can get any other user's calls by changing their
<br>SIP username<br>to match that user's.<br><br>I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c (see <br>attached)<br>to allow the username for an endpoint to be forced to be something, in <br>the same<br>way as sip-force-contact allows the contact to be set. A directory <br>entry might now<br>look like:<br><br><section name="directory"><br> <domain name="testing"><br> <user id="2000"><br> <params><br> <param name="password" value="password" /><br> </params><br> <variables><br> <variable name="sip-force-user" value="2000" /><br> </variables><br>
</user><br> </domain><br></section><br><br>A couple of questions. Firstly, have I overlooked something blindingly
<br>obvious<br>here and am I barking up completely the wrong tree? Assuming not, is <br>this the<br>right approach, or should we - instead of forcing the username to be <br>something -<br>verify that it is that something and refuse the registration if not?<br><br>Cheers --<br><br>Dave<br><br><!-- kill --><div><br><br>-----Inline Attachment Follows-----<br><br>*** 344,349 ****<br>--- 344,350 ----<br> int network_port;<br> int cd = 0;<br> const char *call_id = NULL;<br>+ char *force_user;<br><br> /* all callers must confirm that sip, sip->sip_request and
sip->sip_contact are not NULL */<br> switch_assert(sip != NULL && sip->sip_contact != NULL &&
sip->sip_request != NULL);<br>***************<br>*** 419,424 ****<br>--- 420,433 ----<br> char *exp_var;<br><br> register_gateway =
switch_event_get_header(*v_event, "sip-register-gateway");<br>+<br>+ /* Allow us to force the SIP user to be
something specific - needed if<br>+ * we - for example - want to be able to ensure
that the username a UA can<br>+ * be contacted at is the same one that they
used for authentication.<br>+ */<br>+ if ((force_user =
switch_event_get_header(*v_event, "sip-force-user"))) {<br>+ to_user = force_user;<br>+ }<br><br> if ((v_contact_str =
switch_event_get_header(*v_event, "sip-force-contact"))) {<br> if (!strcasecmp(v_contact_str,
"nat-connectile-dysfunction") || !strcasecmp(v_contact_str,
"NDLB-connectile-dysfunction")) {<br></div></div><br></div></div><br>
<hr size=1>Never miss a thing. <a href="http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs"> Make Yahoo your homepage.</a>
</body></html>