force username to auth_username

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

force username to auth_username

Uwe Kastens
Hello,

Is there a simple trick to prevent a user to put a different username
than the auth_username to the location server on register? Example with
Xlite:

username 123456789
auth-username sigrid

save("location"); seems to put the username to the locationserver. So I
cannot prevent ATM that a user put a wrong value to that entry.

Any hints or pointer to the documentation are welcome

BR

Kiste
--

kiste lat: 54.322684, lon: 10.13586

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: force username to auth_username

Thomas Gelf
check_to() should be what you're looking for.

Regards,
Thomas Gelf

Uwe Kastens schrieb:

> Hello,
>
> Is there a simple trick to prevent a user to put a different username
> than the auth_username to the location server on register? Example with
> Xlite:
>
> username 123456789
> auth-username sigrid
>
> save("location"); seems to put the username to the locationserver. So I
> cannot prevent ATM that a user put a wrong value to that entry.
>
> Any hints or pointer to the documentation are welcome
>
> BR
>
> Kiste


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

solved => Re: force username to auth_username

Uwe Kastens
Hello @all,

> check_to() should be what you're looking for.
>

Ok, thats another module I will look to.

ATM I am checking if in the register $au != $fU and drop the packet then.




BR

Kiste
--

kiste lat: 54.322684, lon: 10.13586

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: solved => Re: force username to auth_username

Bogdan-Andrei Iancu
Hi Uwe,

$au != $fU is not correct for REGISTER, as the in REGISTER, the AOR (user) is specified by TO header. So you should do $au != $tU .

Using the check_to() function (as Thomas suggested) is better, as the check_to() function is able to use the correct auth header from the request - a request may have multiple Auth hdrs (for chain authentication), so you need to compare with the auth_id used by your proxy for auth.

Regards,
Bogdan


Uwe Kastens wrote:

> Hello @all,
>
>  
>> check_to() should be what you're looking for.
>>
>>    
>
> Ok, thats another module I will look to.
>
> ATM I am checking if in the register $au != $fU and drop the packet then.
>
>
>
>
> BR
>
> Kiste
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users