Hi Marc, In OpenSER 1.2, you could add something like
if ($au != $fU) { sl_send_reply("403", "Screening failed"); } $au = Authorization Username $fU = Username in the From-SIP-URI i believe, in former versions of OpenSER there was a function for this, but i don't remember. Carsten Am Donnerstag, den 06.09.2007, 12:39 +0200 schrieb Marc LEURENT: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Even there.. how to deny it with openser! > Cirpack can do it, for example if I put another a contact name different of > my auth name, it replies an error! > It prevents another person to receive your calls!! > > > Look, you have in From and Contact header the user 105 > > From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7. > > but my user is the 106 user > > Authorization: Digest username="106", realm="sd-7501.dedibox.fr", > > nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", > > uri="sip:sd-7501.dedibox.fr", > > response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, > > cnonce="38c102", nc=00000001. > > > > # > > U 82.127.0.79:1045 -> 88.191.45.91:5060 > > REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0. > > Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420. > > From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7. > > To: <sip:[EMAIL PROTECTED]:5060;user=phone>. > > Call-ID: [EMAIL PROTECTED] > > CSeq: 90 REGISTER. > > Max-Forwards: 70. > > Expires: 3600. > > Contact: <sip:[EMAIL PROTECTED]:1046;user=phone>. > > Authorization: Digest username="106", realm="sd-7501.dedibox.fr", > > nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", > > uri="sip:sd-7501.dedibox.fr", > > response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, > > cnonce="38c102", nc=00000001. > > User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4. > > Allow-Events: refer,dialog,message-summary,check-sync,talk,hold. > > Content-Length: 0. > > > Carsten Bock a écrit : > > Hi Marc, > > > > The problem is not the contact, but the From-Header. The From-Header > > contains the username, which registers. The Contact Header (according to > > RFC 3261) must be a valid URI, that's all (e.g. some CPE's put > > sip:<ip-address>:line=xyz in contact). > > > > Carsten > > > > Am Donnerstag, den 06.09.2007, 12:01 +0200 schrieb Marc LEURENT: > > I have a security matter with my configuration (default one), it's possible > > to register using login/password and to set anything in the contact field. > > So if you have an account 106/password, it's possible to be 105 in the > > location database! > > > > How is it possible to deny that kind of matter..? Thanks > > > > Is it useful to use: method_filtering of the REGISTRAR module > > Or is it better to so something whith the values below and a compare > > function?? > > $ct - reference to body of contact header > > $ar - realm from Authorization or Proxy-Authorization header > > $au - username from Authorization or Proxy-Authorization header > > > > if ($ct != [EMAIL PROTECTED]) { > > sl_send_reply("403", "User and login must be the same"); > > }; > > > > Best Regards, > > > > Marc LEURENT > > > > > > # > > U 82.127.0.79:1045 -> 88.191.45.91:5060 > > REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0. > > Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420. > > From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7. > > To: <sip:[EMAIL PROTECTED]:5060;user=phone>. > > Call-ID: [EMAIL PROTECTED] > > CSeq: 90 REGISTER. > > Max-Forwards: 70. > > Expires: 3600. > > Contact: <sip:[EMAIL PROTECTED]:1046;user=phone>. > > Authorization: Digest username="106", realm="sd-7501.dedibox.fr", > > nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", > > uri="sip:sd-7501.dedibox.fr", > > response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, > > cnonce="38c102", nc=00000001. > > User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4. > > Allow-Events: refer,dialog,message-summary,check-sync,talk,hold. > > Content-Length: 0. > > . > > > > > > AOR:: 105 > > Contact:: sip:[EMAIL PROTECTED]:1046;user=phone Q= > > Expires:: 194 > > Callid:: [EMAIL PROTECTED] > > Cseq:: 92 > > User-agent:: THOMSON ST2030 hw0 fw1.56 > > 00-0E-50-4E-AF-C4 > > Received:: sip:82.127.0.79:1045 > > State:: CS_SYNC > > Flags:: 0 > > Cflag:: 192 > > Socket:: udp:88.191.45.91:5060 > > Methods:: 4294967295 > > > >> > _______________________________________________ > Users mailing list > Users@openser.org > http://openser.org/cgi-bin/mailman/listinfo/users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG39j0qjpLE0HiOBYRAlmQAJoDVJpStaoD/9SwcyJ3Yg27S1k1VwCgo4RD > oiS5S+tLQB/Pwqt6hOpkyxY= > =/x6c > -----END PGP SIGNATURE----- _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users