At 18:07 13/12/2006, Daniel-Constantin Mierla wrote:
Hello,
On 12/13/06 17:43, Klaus Darilion wrote:
Mark Price wrote:
Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
should work without the need of copy
avp_check("$fu","eq/$tu/i") http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
Attached is an snipplet of SER/ottendorf authenticational policy, which does that in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it checks whether the user as identified in his digest credentials is allowed to use URI as in To header field, and it optionally checks From header field too.
# check if the authenticated user is the same as the target user if (!lookup_user("$t.uid", "@to.uri")) { sl_send_reply("404", "Unknown user in To"); drop; }
if ($f.uid != $t.uid) { sl_send_reply("403", "Authentication and To-Header mismatch"); drop; }
# check if the authenticated user is the same as the request originator # you may uncomment it if you care, what uri is in From header #if (!lookup_user("$f.uid", "@from.uri")) { # sl_send_reply("404", "Unknown user in From"); # drop; #} #if ($f.uid != $t.uid) { # sl_send_reply("403", "Authentication and From-Header mismatch"); # drop; #}
Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEA...
Alas, it relies on ser/ottendorf and to my best knowledge the select feature on which this script is based, is not available in openser. We are actively considering contributing select from ser to openser to avoid too big mismatches in both projects' config files, but that unfortunately appears unlikely during this busy end of year.
-jiri
-- Jiri Kuthan http://iptel.org/~jiri/