Hi!
I use this setup:
if (is_from_local() ) { if (!proxy_authorize("", "subscriber")) { xlog("L_ERR", "%is [%Tf]: %rm %fu -> %ru: bad credentials\n"); proxy_challenge("", "0"); break; } else { if (!check_from()) { sl_send_reply("403", "cheating: user!=from"); xlog("L_ERR", "%is [%Tf]: %rm %fu -> %ru: authuser!=from ->break\n"); break; }; }; xlog("L_INFO", "%is [%Tf]: %rm %fu -> %ru:successful authenticated\n"); setflag(2); # local user } else { if ((!is_uri_host_local()) ) { if (is_present_hf("Route")) { xlog("L_INFO", "%is [%Tf]: %rm %fu -> %ru: relaying allowed because route header is present\n"); } else { sl_send_reply("403", "we don't support relaying"); xlog("L_ERR", "%is [%Tf]: %rm %fu -> %ru: 403 relaying not allowed\n"); break; }; }; };
As you see, you also have to verify, that the username in the credentials is the same as in the From: header. This is done using the check_from() method.
For register requests, you have to compare the auth-username with the To: header. --> check_to()
regards, Klaus
Ticknor.Scott@ic.gc.ca wrote:
hey Everyone,
me and my partner in the lab here have set up a very simple SER implementation. up to now we have been using digest authentication with mysql, and created users with serctl etc. it was nice to get it working and place some calls, we have a couple cisco 7960 phones as well as X-Lite clients. but in our tests we found that we could put *any* user name & password in the X-Lite config--and the calls would still succeed! the message console in X-Lite shows the 401 unautourized response to REGISTER [which is to be expected] but then if we go ahead and dial...the other phone will ring.
there must be an explanation. i see some people are using RADIUS for authentication; would a RADIUS implementation solve this problem? i cannot attach my ser.cfg just now...but it is almost completely stock anyway, the changes made were uncommenting the digest auth bits, and setting the domain name. ideas?
scott t, DSi
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers