-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Even there.. how to deny it with openser!
Cirpack can do it, for example if I put another a contact name different of my
auth name, it replies an error!
It prevents another person to receive your calls!!
Look, you have in From and Contact header the user 105
> From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7.
but my user is the 106 user
> Authorization: Digest username="106", realm="sd-7501.dedibox.fr",
> nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
> uri="sip:sd-7501.dedibox.fr",
> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
> cnonce="38c102", nc=00000001.
> #
> U 82.127.0.79:1045 -> 88.191.45.91:5060
> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
> From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7.
> To: <sip:[EMAIL PROTECTED]:5060;user=phone>.
> Call-ID: [EMAIL PROTECTED]
> CSeq: 90 REGISTER.
> Max-Forwards: 70.
> Expires: 3600.
> Contact: <sip:[EMAIL PROTECTED]:1046;user=phone>.
> Authorization: Digest username="106", realm="sd-7501.dedibox.fr",
> nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
> uri="sip:sd-7501.dedibox.fr",
> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
> cnonce="38c102", nc=00000001.
> User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4.
> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
> Content-Length: 0.
Carsten Bock a écrit :
> Hi Marc,
>
> The problem is not the contact, but the From-Header. The From-Header
> contains the username, which registers. The Contact Header (according to
> RFC 3261) must be a valid URI, that's all (e.g. some CPE's put
> sip:<ip-address>:line=xyz in contact).
>
> Carsten
>
> Am Donnerstag, den 06.09.2007, 12:01 +0200 schrieb Marc LEURENT:
> I have a security matter with my configuration (default one), it's possible
> to register using login/password and to set anything in the contact field.
> So if you have an account 106/password, it's possible to be 105 in the
> location database!
>
> How is it possible to deny that kind of matter..? Thanks
>
> Is it useful to use: method_filtering of the REGISTRAR module
> Or is it better to so something whith the values below and a compare
> function??
> $ct - reference to body of contact header
> $ar - realm from Authorization or Proxy-Authorization header
> $au - username from Authorization or Proxy-Authorization header
>
> if ($ct != [EMAIL PROTECTED]) {
> sl_send_reply("403", "User and login must be the same");
> };
>
> Best Regards,
>
> Marc LEURENT
>
>
> #
> U 82.127.0.79:1045 -> 88.191.45.91:5060
> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
> From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7.
> To: <sip:[EMAIL PROTECTED]:5060;user=phone>.
> Call-ID: [EMAIL PROTECTED]
> CSeq: 90 REGISTER.
> Max-Forwards: 70.
> Expires: 3600.
> Contact: <sip:[EMAIL PROTECTED]:1046;user=phone>.
> Authorization: Digest username="106", realm="sd-7501.dedibox.fr",
> nonce="46dfceb402cad04812873b855bc50ea65aa99ed5",
> uri="sip:sd-7501.dedibox.fr",
> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth,
> cnonce="38c102", nc=00000001.
> User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4.
> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
> Content-Length: 0.
> .
>
>
> AOR:: 105
> Contact:: sip:[EMAIL PROTECTED]:1046;user=phone Q=
> Expires:: 194
> Callid:: [EMAIL PROTECTED]
> Cseq:: 92
> User-agent:: THOMSON ST2030 hw0 fw1.56
> 00-0E-50-4E-AF-C4
> Received:: sip:82.127.0.79:1045
> State:: CS_SYNC
> Flags:: 0
> Cflag:: 192
> Socket:: udp:88.191.45.91:5060
> Methods:: 4294967295
>
>>
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG39j0qjpLE0HiOBYRAlmQAJoDVJpStaoD/9SwcyJ3Yg27S1k1VwCgo4RD
oiS5S+tLQB/Pwqt6hOpkyxY=
=/x6c
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
