<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry all - my bad on not following up on them. I'll do so today.<br>
<br>
--Dave<br>
<br>
<blockquote cite="mid:87F34243-76CE-494D-88D7-B07AD27435D1@jerris.com"
type="cite">
<pre wrap="">There are some outstanding questions on the implimentation so it is
not yet in svn. You can follow status on this at:
<a class="moz-txt-link-freetext" href="http://jira.freeswitch.org/browse/MODENDP-68">http://jira.freeswitch.org/browse/MODENDP-68</a>
Mike
On Jan 6, 2008, at 11:57 PM, David Basden wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi everyone,
Did this get committed or implemented in another way? I can't
seem to find it in the current svn.
Thanks,
David
On Thu, Dec 27, 2007 at 08:20:00PM +0000, David Knell wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi Anthony,
That seems like a good plan, too. The attached set of diffs
implement
both ways
of checking.
Cheers --
Dave
</pre>
<blockquote type="cite">
<pre wrap="">That approach is pretty good since it gives you a way
to grant a certain extension to a certain user.
We could also add an option to the sofia profile to insist that
all users must use the same vaule for the username and the auth
username. like
<param name="inbound-reg-force-matching-username"/>
This is less flexible but easier to setup since it does not
require modification of every user in the directory.
one or both of those solutions seem ok to me, let me know.
Anthony Minessale II
FreeSWITCH <a class="moz-txt-link-freetext" href="http://www.freeswitch.org/">http://www.freeswitch.org/</a>
ClueCon <a class="moz-txt-link-freetext" href="http://www.cluecon.com/">http://www.cluecon.com/</a>
AIM: anthm
<a class="moz-txt-link-abbreviated" href="mailto:MSN:anthony_minessale@hotmail.com">MSN:anthony_minessale@hotmail.com</a>
<a class="moz-txt-link-abbreviated" href="mailto:GTALK/JABBER/PAYPAL:anthony.minessale@gmail.com">GTALK/JABBER/PAYPAL:anthony.minessale@gmail.com</a>
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
<a class="moz-txt-link-freetext" href="sip:888@conference.freeswitch.org">sip:888@conference.freeswitch.org</a>
<a class="moz-txt-link-abbreviated" href="mailto:iax:guest@conference.freeswitch.org/888">iax:guest@conference.freeswitch.org/888</a>
<a class="moz-txt-link-abbreviated" href="mailto:googletalk:conf+888@conference.freeswitch.org">googletalk:conf+888@conference.freeswitch.org</a>
pstn:213-799-1400
----- Original Message ----
From: David Knell <a class="moz-txt-link-rfc2396E" href="mailto:dave@3c.co.uk"><dave@3c.co.uk></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>
Sent: Wednesday, December 26, 2007 8:02:32 AM
Subject: [Freeswitch-users] SIP users
Hi all -
Got a bit of an issue with registering endpoints - these being
phones -
with FS,
which is that the username used for authentication is not
necessarily
the same as
the username used for call routing. This is fine if you can trust
your
users
(and their endpoints) to set them to be the same, but I can't. To
be
specific,
a dialplan entry such as a bridge to sofia/sip.foo.com/
2000%sip.foo.com
will call whoever has set their SIP username to be 2000, which
might be
different
to who's authenticated using an authentication username of 2000.
Less wordily, any user can get any other user's calls by changing
their
SIP username
to match that user's.
I've added a few lines to src/mod/endpoints/mod_sofia/sofia_reg.c
(see
attached)
to allow the username for an endpoint to be forced to be
something, in
the same
way as sip-force-contact allows the contact to be set. A directory
entry might now
look like:
<section name="directory">
<domain name="testing">
<user id="2000">
<params>
<param name="password" value="password" />
</params>
<variables>
<variable name="sip-force-user" value="2000" />
</variables>
</user>
</domain>
</section>
A couple of questions. Firstly, have I overlooked something
blindingly
obvious
here and am I barking up completely the wrong tree? Assuming not,
is
this the
right approach, or should we - instead of forcing the username to be
something -
verify that it is that something and refuse the registration if not?
Cheers --
Dave
-----Inline Attachment Follows-----
*** 344,349 ****
--- 344,350 ----
int network_port;
int cd = 0;
const char *call_id = NULL;
+ char *force_user;
/* all callers must confirm that sip, sip->sip_request and
sip->sip_contact are not NULL */
switch_assert(sip != NULL && sip->sip_contact != NULL &&
sip->sip_request != NULL);
***************
*** 419,424 ****
--- 420,433 ----
char *exp_var;
register_gateway =
switch_event_get_header(*v_event, "sip-register-gateway");
+
+ /* Allow us to force the SIP user to be
something specific - needed if
+ * we - for example - want to be able to
ensure that the username a UA can
+ * be contacted at is the same one that they
used for authentication.
+ */
+ if ((force_user =
switch_event_get_header(*v_event, "sip-force-user"))) {
+ to_user = force_user;
+ }
if ((v_contact_str =
switch_event_get_header(*v_event, "sip-force-contact"))) {
if (!strcasecmp(v_contact_str,
"nat-connectile-dysfunction") || !strcasecmp(v_contact_str,
"NDLB-connectile-dysfunction")) {
------------------------------------------------------------------------
Never miss a thing. Make Yahoo your homepage.
<a class="moz-txt-link-rfc2396E" href="http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs"><http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs></a>
------------------------------------------------------------------------
_______________________________________________
Freeswitch-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<pre wrap="">
--
David Knell, Director, 3C Limited
T: 020 8114 8901 F: 020 8692 0677 M: 07773 800623
<a class="moz-txt-link-freetext" href="http://www.3c.co.uk">http://www.3c.co.uk</a>
</pre>
</blockquote>
<blockquote type="cite">
<pre wrap="">*** mod_sofia.h.orig 2007-12-30 04:38:03.000000000 +0000
--- mod_sofia.h 2007-12-30 04:38:59.000000000 +0000
***************
*** 115,121 ****
PFLAG_GREEDY = (1 << 10),
PFLAG_MULTIREG = (1 << 11),
PFLAG_SUPRESS_CNG = (1 << 12),
! PFLAG_TLS = (1 << 13)
} PFLAGS;
typedef enum {
--- 115,122 ----
PFLAG_GREEDY = (1 << 10),
PFLAG_MULTIREG = (1 << 11),
PFLAG_SUPRESS_CNG = (1 << 12),
! PFLAG_TLS = (1 << 13),
! PFLAG_CHECKUSER = (1 << 14)
} PFLAGS;
typedef enum {
*** sofia_ref.c.orig 2007-12-28 03:35:11.000000000 +0000
--- sofia_reg.c 2007-12-30 07:31:42.000000000 +0000
***************
*** 345,348 ****
--- 345,349 ----
int cd = 0;
const char *call_id = NULL;
+ char *force_user;
/* all callers must confirm that sip, sip->sip_request and
sip->sip_contact are not NULL */
***************
*** 415,423 ****
stale = 1;
}
!
if (v_event && *v_event) {
char *exp_var;
register_gateway =
switch_event_get_header(*v_event, "sip-register-gateway");
if ((v_contact_str =
switch_event_get_header(*v_event, "sip-force-contact"))) {
--- 416,454 ----
stale = 1;
}
!
! /* Optional check that auth name == SIP username */
! switch_log_printf(SWITCH_CHANNEL_LOG,
SWITCH_LOG_DEBUG, "Auth params: %s\n", *authorization->au_params);
! if (profile->pflags & PFLAG_CHECKUSER) {
! char *up = strstr(*authorization-
</pre>
<blockquote type="cite">
<pre wrap="">au_params, "username=\"");
</pre>
</blockquote>
<pre wrap="">! char *tp = (char *) to_user;
! if (!up) {
! /* No username= parameter, so fail */
!
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "Username
not found in auth parameters\n");
! nua_respond(nh, SIP_403_FORBIDDEN,
NUTAG_WITH_THIS(nua), TAG_END());
! return 1;
! }
! up += strlen("username=\"");
! while (*up && (*up != '"')) {
! if (tolower(*(tp++)) != tolower(*(up
++))) {
! /* Names don't match, so
fail */
!
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "SIP
username %s does not match auth username in %s\n", to_user,
*authorization->au_params);
! nua_respond(nh,
SIP_403_FORBIDDEN, NUTAG_WITH_THIS(nua), TAG_END());
! return 1;
! }
! }
! }
!
if (v_event && *v_event) {
char *exp_var;
register_gateway =
switch_event_get_header(*v_event, "sip-register-gateway");
+
+ /* Allow us to force the SIP user to be
something specific - needed if
+ * we - for example - want to be able to
ensure that the username a UA can
+ * be contacted at is the same one that
they used for authentication.
+ */
+ if ((force_user =
switch_event_get_header(*v_event, "sip-force-user"))) {
+ to_user = force_user;
+ }
if ((v_contact_str =
switch_event_get_header(*v_event, "sip-force-contact"))) {
*** sofia.c.orig 2007-12-30 04:41:07.000000000 +0000
--- sofia.c 2007-12-30 04:43:46.000000000 +0000
***************
*** 1004,1007 ****
--- 1004,1011 ----
profile-
</pre>
<blockquote type="cite">
<pre wrap="">pflags |= PFLAG_FULL_ID;
</pre>
</blockquote>
<pre wrap=""> }
+ } else if (!strcasecmp(var,
"inbound-reg-force-matching-username")) {
+ if
(switch_true(val)) {
+ profile-
</pre>
<blockquote type="cite">
<pre wrap="">pflags |= PFLAG_CHECKUSER;
</pre>
</blockquote>
<pre wrap="">+ }
} else if (!strcasecmp(var,
"bitpacking")) {
if (!strcasecmp(val,
"aal2")) {
</pre>
</blockquote>
<blockquote type="cite">
<pre wrap="">_______________________________________________
Freeswitch-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<pre wrap="">
_______________________________________________
Freeswitch-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
Freeswitch-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
David Knell, Director, 3C Limited
T: 020 8114 8901 F: 020 8692 0677 M: 07773 800623
<a class="moz-txt-link-freetext" href="http://www.3c.co.uk">http://www.3c.co.uk</a> </pre>
</body>
</html>