-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Even there.. how to deny it with openser!
Cirpack can do it, for example if I put another a contact name different of my auth name,
it replies an error!
It prevents another person to receive your calls!!
Look, you have in From and Contact header the user 105
From:
<sip:105@sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
but my user is the 106 user
Authorization: Digest username="106",
realm="sd-7501.dedibox.fr",
nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
uri="sip:sd-7501.dedibox.fr",
response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
cnonce="38c102", nc=00000001.
> #
> U 82.127.0.79:1045 -> 88.191.45.91:5060
> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
From:
<sip:105@sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
> To:
<sip:105@sd-7501.dedibox.fr:5060;user=phone>.
> Call-ID: 29eb6e9-c0a80101-5-17(a)192.168.95.70.
> CSeq: 90 REGISTER.
> Max-Forwards: 70.
> Expires: 3600.
> Contact: <sip:105@82.127.0.79:1046;user=phone>.
Authorization: Digest username="106",
realm="sd-7501.dedibox.fr",
nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
uri="sip:sd-7501.dedibox.fr",
response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
cnonce="38c102", nc=00000001.
> User-Agent: THOMSON ST2030 hw0 fw1.56
00-0E-50-4E-AF-C4.
> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
> Content-Length: 0.
Carsten Bock a écrit :
> Hi Marc,
>
> The problem is not the contact, but the From-Header. The From-Header
> contains the username, which registers. The Contact Header (according to
> RFC 3261) must be a valid URI, that's all (e.g. some CPE's put
> sip:<ip-address>:line=xyz in contact).
>
> Carsten
>
> Am Donnerstag, den 06.09.2007, 12:01 +0200 schrieb Marc LEURENT:
> I have a security matter with my configuration (default one), it's possible to
register using login/password and to set anything in the contact field.
> So if you have an account 106/password, it's possible to be 105 in the location
database!
>
> How is it possible to deny that kind of matter..? Thanks
>
> Is it useful to use: method_filtering of the REGISTRAR module
> Or is it better to so something whith the values below and a compare function??
> $ct - reference to body of contact header
> $ar - realm from Authorization or Proxy-Authorization header
> $au - username from Authorization or Proxy-Authorization header
>
> if ($ct != $au@$ar) {
> sl_send_reply("403", "User and login must be the same");
> };
>
> Best Regards,
>
> Marc LEURENT
>
>
> #
> U 82.127.0.79:1045 -> 88.191.45.91:5060
> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
From:
<sip:105@sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
> To:
<sip:105@sd-7501.dedibox.fr:5060;user=phone>.
> Call-ID: 29eb6e9-c0a80101-5-17(a)192.168.95.70.
> CSeq: 90 REGISTER.
> Max-Forwards: 70.
> Expires: 3600.
> Contact: <sip:105@82.127.0.79:1046;user=phone>.
Authorization: Digest username="106",
realm="sd-7501.dedibox.fr",
nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
uri="sip:sd-7501.dedibox.fr",
response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
cnonce="38c102", nc=00000001.
> User-Agent: THOMSON ST2030 hw0 fw1.56
00-0E-50-4E-AF-C4.
> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
> Content-Length: 0.
> .
>
>
> AOR:: 105
> Contact:: sip:105@82.127.0.79:1046;user=phone Q=
> Expires:: 194
> Callid:: 29eb6e9-c0a80101-5-17(a)192.168.95.70
> Cseq:: 92
> User-agent:: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4
> Received:: sip:82.127.0.79:1045
> State:: CS_SYNC
> Flags:: 0
> Cflag:: 192
> Socket:: udp:88.191.45.91:5060
> Methods:: 4294967295
>
>>
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFG39j0qjpLE0HiOBYRAlmQAJoDVJpStaoD/9SwcyJ3Yg27S1k1VwCgo4RD
oiS5S+tLQB/Pwqt6hOpkyxY=
=/x6c
-----END PGP SIGNATURE-----