[Users] determining if From==To

Jiri Kuthan jiri at iptel.org
Thu Dec 14 18:42:58 CET 2006 

At 18:07 13/12/2006, Daniel-Constantin Mierla wrote:
>Hello,
>
>On 12/13/06 17:43, Klaus Darilion wrote:
>>Mark Price wrote:
>>>Hi,
>>>
>>>How would one determine if the From address equals the To address, or even
>>>better, if the To address is either the same as or an alias of the From
>>>address?
>>
>>
>>copy from uri into an AVP, copy to URI into an AVP, compare the AVPs (avp_check)
>should work without the need of copy
>
>avp_check("$fu","eq/$tu/i")
>http://www.openser.org/docs/modules/1.2.x/avpops.html#AEN384

Attached is an snipplet of SER/ottendorf authenticational policy, which does that
in a -- I believe -- more comprehensible manner. It checks if URI exists, if so, it
checks whether the user as identified in his digest credentials is allowed to
use URI as in To header field, and it optionally checks From header field too.


                # check if the authenticated user is the same as the target user
                if (!lookup_user("$t.uid", "@to.uri")) {
                        sl_send_reply("404", "Unknown user in To");
                        drop;
                }

                if ($f.uid != $t.uid) {
                        sl_send_reply("403", "Authentication and To-Header mismatch");
                        drop;
                }

                # check if the authenticated user is the same as the request originator
                # you may uncomment it if you care, what uri is in From header
                #if (!lookup_user("$f.uid", "@from.uri")) {
                #       sl_send_reply("404", "Unknown user in From");
                #       drop;
                #}
                #if ($f.uid != $t.uid) {
                #       sl_send_reply("403", "Authentication and From-Header mismatch");
                #       drop;
                #}

Full config file:http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/etc/ser.cfg?rev=HEAD&content-type=text/vnd.viewcvs-markup

Alas, it relies on ser/ottendorf and to my best knowledge the select feature on
which this script is based, is not available in openser. We are actively considering
contributing select from ser to openser to avoid too big mismatches in both
projects' config files, but that unfortunately appears unlikely during this
busy end of year.

-jiri


--
Jiri Kuthan            http://iptel.org/~jiri/

More information about the Users mailing list