14 Dec
2006
14 Dec
'06
6:42 p.m.
At 18:07 13/12/2006, Daniel-Constantin Mierla wrote:
Hello,
On 12/13/06 17:43, Klaus Darilion wrote:
Attached is an snipplet of SER/ottendorf authenticational policy, which does that
in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it
checks whether the user as identified in his digest credentials is allowed to
use URI as in To header field, and it optionally checks From header field too.
# check if the authenticated user is the same as the target user
if (!lookup_user("$t.uid", "(a)to.uri")) {
sl_send_reply("404", "Unknown user in To");
drop;
}
if ($f.uid != $t.uid) {
sl_send_reply("403", "Authentication and To-Header
mismatch");
drop;
}
# check if the authenticated user is the same as the request originator
# you may uncomment it if you care, what uri is in From header
#if (!lookup_user("$f.uid", "(a)from.uri")) {
# sl_send_reply("404", "Unknown user in From");
# drop;
#}
#if ($f.uid != $t.uid) {
# sl_send_reply("403", "Authentication and
From-Header mismatch");
# drop;
#}
Full config
file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEAD&content-type=text/vnd.viewcvs-markup
Alas, it relies on ser/ottendorf and to my best knowledge the select feature on
which this script is based, is not available in openser. We are actively considering
contributing select from ser to openser to avoid too big mismatches in both
projects' config files, but that unfortunately appears unlikely during this
busy end of year.
-jiri
--
Jiri Kuthan http://iptel.org/~jiri/
Mark Price wrote:
should work without the need of copy
avp_check("$fu","eq/$tu/i")
http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384 Hi,
How would one determine if the From address equals the To address, or even
better, if the To address is either the same as or an alias of the From
address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)