Next snapshot of ser-oob does not work:
# check if the authenticated user is the same as the target user
if (!lookup_user("$tu.uid", "@to.uri")) {
sl_reply("404", "Unknown user in To");
drop;
}
# the authentication ID does not match the ID in the To header
if ($f.uid != $t.uid) {
sl_reply("403", "Authentication and To-Header mismatch");
drop;
}
at this point fu.uid and tu.uid are both set, if you call
lookup_user(fu.uid,)
again, fu.uid will hold twice the same avp ["uid"], one coming from
the auth function and the second from the lookup_user
# check if the authenticated user is the same as the request originator
# you may uncomment it if you care, what uri is in From header
#if (!lookup_user("$fu.uid", "@from.uri")) {
# sl_reply("404", "Unknown user in From");
# drop;
Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:572: track=FROM class=USER
Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:582: track=TO class=USER
Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
Next check is not true and it's not possible to register
#}
#if ($fu.uid != $tu.uid) {
# sl_reply("403", "Authentication and From-Header mismatch");
# drop;
#}
Adding del_attr($fu.uid) before the lookup_user($fu.uid,@from.uri) solves
the problem above, but the i'm not sure how reliable is to delete it before
calling save_contacts since if it fails I'm not sure whether this AVP
affects the creation of the contact in the location table.
Comments?
Sam
P.D: Long time not posting and was unsure which address the list is
reachable at...apologies for double posting..
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
