Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
Thanks Mark Price
Mark Price wrote:
Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
regards klaus
Hello,
On 12/13/06 17:43, Klaus Darilion wrote:
Mark Price wrote:
Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
should work without the need of copy
avp_check("$fu","eq/$tu/i") http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
Cheers, Daniel
regards klaus
At 18:07 13/12/2006, Daniel-Constantin Mierla wrote:
Hello,
On 12/13/06 17:43, Klaus Darilion wrote:
Mark Price wrote:
Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
should work without the need of copy
avp_check("$fu","eq/$tu/i") http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
Attached is an snipplet of SER/ottendorf authenticational policy, which does that in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it checks whether the user as identified in his digest credentials is allowed to use URI as in To header field, and it optionally checks From header field too.
# check if the authenticated user is the same as the target user if (!lookup_user("$t.uid", "@to.uri")) { sl_send_reply("404", "Unknown user in To"); drop; }
if ($f.uid != $t.uid) { sl_send_reply("403", "Authentication and To-Header mismatch"); drop; }
# check if the authenticated user is the same as the request originator # you may uncomment it if you care, what uri is in From header #if (!lookup_user("$f.uid", "@from.uri")) { # sl_send_reply("404", "Unknown user in From"); # drop; #} #if ($f.uid != $t.uid) { # sl_send_reply("403", "Authentication and From-Header mismatch"); # drop; #}
Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEA...
Alas, it relies on ser/ottendorf and to my best knowledge the select feature on which this script is based, is not available in openser. We are actively considering contributing select from ser to openser to avoid too big mismatches in both projects' config files, but that unfortunately appears unlikely during this busy end of year.
-jiri
-- Jiri Kuthan http://iptel.org/~jiri/
On 12/14/06 19:42, Jiri Kuthan wrote:
[...]
Hi,
How would one determine if the From address equals the To address, or even better, if the To address is either the same as or an alias of the From address?
copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
should work without the need of copy
avp_check("$fu","eq/$tu/i") http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384
Attached is an snipplet of SER/ottendorf authenticational policy, which does that in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it checks whether the user as identified in his digest credentials is allowed to use URI as in To header field, and it optionally checks From header field too.
Thanks for your input. 'users' mailing list is mainly for discussion related stable releases, and avp_check("$fu","eq/$tu/i") is in OpenSER stable since long time ago - pseudo-variables in OpenSER were introduced in summer 2005 and become stable in October 2005, with version 1.0.0.
# check if the authenticated user is the same as the target user if (!lookup_user("$t.uid", "@to.uri")) { sl_send_reply("404", "Unknown user in To"); drop; } if ($f.uid != $t.uid) { sl_send_reply("403", "Authentication and To-Header mismatch"); drop; }[...]
Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEA...
Alas, it relies on ser/ottendorf and to my best knowledge the select feature on which this script is based, is not available in openser. We are actively considering contributing select from ser to openser to avoid too big mismatches in both projects' config files, but that unfortunately appears unlikely during this busy end of year.
We welcome any contribution, please follow the rules from OpenSER site: http://www.openser.org/index.php?option=com_content&task=view&id=32&...
OpenSER pseudo-variables were designed for extensibility, as scalable and flexible framework, for a dynamic information access. There is a well defined plan for its future development -- features will be added as needed, the next release (see the roadmap for timelines) will bring a lot here. In my opinion, having them in two stable releases by now, proves the stability and maturity, introducing something from an under-development system is not very much justified.
If you decide to contribute to openser pseudo-variables system, openser is 'open' :-), patches can be directly submitted to: http://sourceforge.net/tracker/?group_id=139143
Cheers, Daniel
-jiri
-- Jiri Kuthan http://iptel.org/~jiri/
introducing something from an under-development system is not very much justified.
again? :-)))
-jiri
-- Jiri Kuthan http://iptel.org/~jiri/
-
Daniel-Constantin Mierla -
Jiri Kuthan -
Klaus Darilion -
Mark Price