15 Oct
2007
15 Oct
'07
1:44 p.m.
El Monday 15 October 2007 12:12:44 Klaus Darilion escribió:
Iñaki Baz Castillo schrieb:
El Monday 15 October 2007 11:26:16 Klaus Darilion
escribió:
Authentication of in-dialog requests in SIP is
broken - you can not rely
on the From/To headers.
I can rely on "From" since if I authenticate a caller and do
"check_from()" I can be sure there is not spoof.
But I need to know the dialog original URI domain in order to allow or
not a REFER.
Because of this issue I need to store dialog info with original URI. What exactly do you want to achieve? Do you want to
allow REFER only
intradomain?
Exactly.
- Imagine you admin a OpenSer that gives service to 2 independent companies
(domain_A and domain_B).
- Imagine a user_A of domain_A calls to a user_B of domain_B.
- During the call user_A does REFER.
- OpenSer requires auth por REFER, so user_A sends auth (it can since it's a
local user).
- So finally user_B is transferred by an external user. Of course this is not
tolerable.
So I need to allow a REFER just if the caller and called are in the same
domain, but REFER is in-dialog so there is not domain name in the URI.
That's the issue I try to solve.
Thanks.
--
Iñaki Baz Castillo
ibc(a)in.ilimit.es