Check_from and dbaliases

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Check_from and dbaliases

Carlo Dimaggio
Hi

I have 2 users registered: user1@domain and user2@domain with one  
alias (in db) 1000@domain configured for user1@domain.
In the configuration I use the check_from() function for security  
reason:

             if(method=="INVITE" && (!allow_trusted())) {
                 if (!proxy_authorize("","subscriber")) {
                         proxy_challenge("","1");
                         exit;
                 } else if (!check_from()) {
                         sl_send_reply("403", "Forbidden, use From=ID");
                         exit;
                 };
             };

When I call 1000@domain from user2@domain and then 1000@domain  
perform an hold (or a transfer), the script exit (hangup) because it  
doesn't validate the user since From username
(1000@domain) and auth username (user1@domain) are differents.

How can I avoid this? I would use another function to check From  
username in the dbaliases table but I don't find any useful function...


Thank you,
Carlo

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Check_from and dbaliases

Sergio Gutierrez
Hi Carlo.
 
check_from() is a function from uri_db module which compares From Username against Digest when its parameter use_uri_table is 0 (default behaviour).
 
For your case, I think you would need, beside aliases, to enable uri_db module, using uri_table, to define 1000 as an "authentication alias" for user1.
 
 
Best regards.
 
Sergio Gutierrez.
 
On 11/7/08, Carlo Dimaggio <[hidden email]> wrote:
Hi

I have 2 users registered: user1@domain and user2@domain with one
alias (in db) 1000@domain configured for user1@domain.
In the configuration I use the check_from() function for security
reason:

            if(method=="INVITE" && (!allow_trusted())) {
                if (!proxy_authorize("","subscriber")) {
                        proxy_challenge("","1");
                        exit;
                } else if (!check_from()) {
                        sl_send_reply("403", "Forbidden, use From=ID");
                        exit;
                };
            };

When I call 1000@domain from user2@domain and then 1000@domain
perform an hold (or a transfer), the script exit (hangup) because it
doesn't validate the user since From username
(1000@domain) and auth username (user1@domain) are differents.

How can I avoid this? I would use another function to check From
username in the dbaliases table but I don't find any useful function...


Thank you,
Carlo

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Check_from and dbaliases

Carlo Dimaggio

Il giorno 07/nov/08, alle ore 13:05, Sergio Gutierrez ha scritto:

> Hi Carlo.
>
> check_from() is a function from uri_db module which compares From  
> Username against Digest when its parameter use_uri_table is 0  
> (default behaviour).
>
> For your case, I think you would need, beside aliases, to enable  
> uri_db module, using uri_table, to define 1000 as an  
> "authentication alias" for user1.

As I understand, I have to replicate some informations from alias_db  
and subscriber tables to uri table. This can be a solution but it is  
a little tricky to manage (I could have data misalignment  for the 3  
tables - uri, subscriber and dbaliases).
There is a "general purpose" function in order to make sql operations  
directly on db (select in dbaliases)?


Thanks

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Check_from and dbaliases

Sergio Gutierrez
Hi Carlo.

You could use the avp_db_query() in module avpops.

http://www.opensips.org/html/docs/modules/devel/avpops.html#id2512006

For the validation you need, you would have to design the query to dbaliases. The function returns the result into an AVP, so you could evaluate it with avp_check().

Thanks and regards,

Sergio.

On Fri, Nov 7, 2008 at 9:09 AM, Carlo Dimaggio <[hidden email]> wrote:

Il giorno 07/nov/08, alle ore 13:05, Sergio Gutierrez ha scritto:

> Hi Carlo.
>
> check_from() is a function from uri_db module which compares From
> Username against Digest when its parameter use_uri_table is 0
> (default behaviour).
>
> For your case, I think you would need, beside aliases, to enable
> uri_db module, using uri_table, to define 1000 as an
> "authentication alias" for user1.

As I understand, I have to replicate some informations from alias_db
and subscriber tables to uri table. This can be a solution but it is
a little tricky to manage (I could have data misalignment  for the 3
tables - uri, subscriber and dbaliases).
There is a "general purpose" function in order to make sql operations
directly on db (select in dbaliases)?


Thanks

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users