Iñaki Baz Castillo wrote:
El Monday 15 October 2007 22:35:34 Klaus Darilion escribió:
Iñaki Baz Castillo wrote:
El Monday 15 October 2007 12:12:44 Klaus Darilion escribió:
What exactly do you want to achieve? Do you want to allow REFER only
intradomain?
Exactly.
- Imagine you admin a OpenSer that gives service to 2 independent
companies (domain_A and domain_B).
- Imagine a user_A of domain_A calls to a user_B of domain_B.
- During the call user_A does REFER.
- OpenSer requires auth por REFER, so user_A sends auth (it can since
it's a local user).
- So finally user_B is transferred by an external user. Of course this is
not tolerable.
So I need to allow a REFER just if the caller and called are in the same
domain, but REFER is in-dialog so there is not domain name in the URI.
just an idea: check if $fd of REFER is identical to domain in REFER to
header - if not -> reject it.
It's a great idea!
Of course I need to test it. For example:
What about if the "Refer-to" header just contains "sip:001234234234" with no
@domain? maybe there are "broken" SIP devices which auto-complete this URI
with their domain?
Further, if B's phone send out the new INVITE, if $rd != $fd then do not
send the call to the gateway.
Humm, it can't be, because in case of a forwarding (implemented in OpenSer) I
do allow calls from others domain to PSTN gateway.
Usually, if a client wants to dial a phone number, the client will add
its own domain as RURI domain. E.g.
sip:[EMAIL PROTECTED] calls PSTN 12345: RURI=sip:[EMAIL PROTECTED] ->
forward to PSTN gateway
sip:[EMAIL PROTECTED] calls sip:[EMAIL PROTECTED] --> forward
request to otherdomain. Regardless if otherdomain.com is hosted in the
same openser or any others SIP proxy, at otherdomain.com this is an
incoming SIP call from an external SIP client which MUST NOT be routed
to the PSTN.
Thus, I would add both checks.
regards
klaus
_______________________________________________
Users mailing list
Users@openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
