*** mod_sofia.h.orig 2007-12-30 04:38:03.000000000 +0000 --- mod_sofia.h 2007-12-30 04:38:59.000000000 +0000 *************** *** 115,121 **** PFLAG_GREEDY = (1 << 10), PFLAG_MULTIREG = (1 << 11), PFLAG_SUPRESS_CNG = (1 << 12), ! PFLAG_TLS = (1 << 13) } PFLAGS; typedef enum { --- 115,122 ---- PFLAG_GREEDY = (1 << 10), PFLAG_MULTIREG = (1 << 11), PFLAG_SUPRESS_CNG = (1 << 12), ! PFLAG_TLS = (1 << 13), ! PFLAG_CHECKUSER = (1 << 14) } PFLAGS; typedef enum { *** sofia_ref.c.orig 2007-12-28 03:35:11.000000000 +0000 --- sofia_reg.c 2007-12-30 07:31:42.000000000 +0000 *************** *** 345,348 **** --- 345,349 ---- int cd = 0; const char *call_id = NULL; + char *force_user; /* all callers must confirm that sip, sip->sip_request and sip->sip_contact are not NULL */ *************** *** 415,423 **** stale = 1; } ! if (v_event && *v_event) { char *exp_var; register_gateway = switch_event_get_header(*v_event, "sip-register-gateway"); if ((v_contact_str = switch_event_get_header(*v_event, "sip-force-contact"))) { --- 416,454 ---- stale = 1; } ! ! /* Optional check that auth name == SIP username */ ! switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Auth params: %s\n", *authorization->au_params); ! if (profile->pflags & PFLAG_CHECKUSER) { ! char *up = strstr(*authorization->au_params, "username=\""); ! char *tp = (char *) to_user; ! if (!up) { ! /* No username= parameter, so fail */ ! switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Username not found in auth parameters\n"); ! nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END()); ! return 1; ! } ! up += strlen("username=\""); ! while (*up && (*up != '"')) { ! if (tolower(*(tp++)) != tolower(*(up++))) { ! /* Names don't match, so fail */ ! switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "SIP username %s does not match auth username in %s\n", to_user, *authorization->au_params); ! nua_respond(nh, SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END()); ! return 1; ! } ! } ! } ! if (v_event && *v_event) { char *exp_var; register_gateway = switch_event_get_header(*v_event, "sip-register-gateway"); + + /* Allow us to force the SIP user to be something specific - needed if + * we - for example - want to be able to ensure that the username a UA can + * be contacted at is the same one that they used for authentication. + */ + if ((force_user = switch_event_get_header(*v_event, "sip-force-user"))) { + to_user = force_user; + } if ((v_contact_str = switch_event_get_header(*v_event, "sip-force-contact"))) { *** sofia.c.orig 2007-12-30 04:41:07.000000000 +0000 --- sofia.c 2007-12-30 04:43:46.000000000 +0000 *************** *** 1004,1007 **** --- 1004,1011 ---- profile->pflags |= PFLAG_FULL_ID; } + } else if (!strcasecmp(var, "inbound-reg-force-matching-username")) { + if (switch_true(val)) { + profile->pflags |= PFLAG_CHECKUSER; + } } else if (!strcasecmp(var, "bitpacking")) { if (!strcasecmp(val, "aal2")) {