[OpenSIPS-Users] Strange username registration
Douglas Lane
doug at wd.co.za
Fri Apr 9 08:06:40 CEST 2010
Hi Brett,
I think I'm going to go with the rejecting user at domain in the username
section of the auth. To try rewrite things, and then hope it doesn't
break any RFC3261 compliancies, and then have it break my billing
system, its just too much that can go wrong - rejection is simple, you
either allowed or denied ;-)
Now that I've been pointed in the right direction in regards to the
auth_db module, I'm going to redo those asterisk systems as those I have
access to fortunately - its just the REGISTER part that has the
user at domain in the user section, the INVITE is correct.
As for xlite/siemens doing things by default, nope - its a user error -
its always a user error ;-)
Thanks again for all the assistance.
Hopefully I'll be able to return the favor one day.
Thanks
Doug
On 2010/04/09 7:42 AM, Brett Nemeroff wrote:
> You know, probably the best thing to do would be to rewrite the URI
> using a transformation.. I included it in a previous post... it's
> something like $(Au{uri.user}) or something like that.. then use that
> for the billing record..
>
> I'm trying to think if this would cause any trouble for a multidomain
> configuration, but I can't think of any specific problems off hand..
>
> The only other thing you can do, which was the previous suggestions,
> would be to change the auth_db modparams so that domains IN the
> username part don't pass authentication. If Xlite/Siemens does this by
> default, that of course would be a problem. If it's a user
> configuration problem on the other hand, I'd think you'd want to
> reject that..
>
>
> On Fri, Apr 9, 2010 at 12:35 AM, Douglas Lane<doug at wd.co.za> wrote:
>
>> Hi Brett,
>>
>> I haven't made any changes, as the changes I made last night with
>> Vallimamod, I had to quickly undo as I lost a few asterisk registrations ;-)
>>
>> IP 1.2.3.4 is the client
>> IP 5.6.7.8 is the server
>>
>> Here is a registration from Asterisk server - it is successful:
>> U 1.2.3.4:5060 -> 5.6.7.8:5060
>> REGISTER sip:domain.com SIP/2.0.
>> Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK0f391872;rport.
>> Max-Forwards: 70.
>> From:<sip:finlogicvpbx at domain.com>;tag=as45515d65.
>> To:<sip:finlogicvpbx at domain.com>.
>> Call-ID: 2016b5f0057cbb960c5f688437c0915a at 1.2.3.4.
>> CSeq: 417 REGISTER.
>> User-Agent: Asterisk PBX 1.6.0.10-FONCORE-r40.
>> Authorization: Digest username="finlogicvpbx at domain.com",
>> realm="domain.com", algorithm=MD5, uri="sip:domain.com",
>> nonce="4bbebbfa0000574e9410cd08b00ba31be31b378189e1d9e8",
>> response="f4bb7a3479e82c35aa5122c652620571".
>> Expires: 120.
>> Contact:<sip:s at 1.2.3.4>.
>> Event: registration.
>> Content-Length: 0.
>>
>> Upon the save("location") function, the above registration is saved into
>> the location database as user_column=finlogicvpbx, domain=domain.com.
>> This is CORRECT and I'm happy with it.
>>
>>
>> And here is the every great Xlite (Siemens A580 is pretty much identical)
>> T 1.2.3.4:58889 -> 5.6.7.8:5060 [AP]
>> REGISTER sip:domain.com SIP/2.0.
>> Via: SIP/2.0/TCP
>> 192.168.0.236:10990;branch=z9hG4bK-d8754z-375adf06ebab9063-1---d8754z-;rport.
>>
>> Max-Forwards: 70.
>> Contact:
>> <sip:doug%40domain.com at 1.2.3.4;rinstance=0051b76a880b6325;transport=TCP>.
>> To:<sip:doug%40domain.com at domain.com>.
>> From:<sip:doug%40domain.com at domain.com>;tag=7adae37b.
>> Call-ID: ZDlmN2JmMmY4ZjdmYTU2MmI5YzAyYjZmMTE4ODBjY2Q..
>> CSeq: 2 REGISTER.
>> Expires: 3600.
>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>> SUBSCRIBE, INFO.
>> User-Agent: X-Lite Beta release 4.0 v3 stamp 55153.
>> Authorization: Digest
>> username="doug at domain.com",realm="domain.com",nonce="4bbc186000007a99f8b3ca45e77563c7b19f6ea461817c3e",uri="sip:domain.com",response="96bf9f599ddf3057c5bc48faf9a1d923",algorithm=MD5.
>>
>> Content-Length: 0.
>>
>> However, the same save("location") function, the above registration is
>> saved into the location database as user_column=doug at domain.com,
>> domain=domain.com.
>> This is INCORRECT and causes problems for billing (without modifying my
>> billing_party id accordingly).
>>
>> It also looks horrible when I do a network status in CDR tool, and there
>> is this one account that is in the domain "domain [dot] com [at] domain
>> [dot] com".
>>
>> Perhaps I need to strip out the From / To headers of any bad data like
>> %40? Or maybe there is another way to force location to use the Auth
>> Username and Auth Realm instead of the From Header?
>>
>> Thanks
>> Doug
>>
>>
>> On 2010/04/09 7:14 AM, Brett Nemeroff wrote:
>>
>>> I didn't see the new problem posted. Maybe I missed it? :)
>>>
>>>
>>>
>>>> Now when I try the same with an Xlite or a Siemens A580IP (those are the
>>>> only 2 devices I have tried so far), the only difference between the
>>>> asterisk registration and the xlite is the From header and To header in
>>>> the asterisk registration contains username [at] domain [dot] com,
>>>>
>>>>
>>> You mentioned that with the change you made, user is in the user field
>>> and domain is in the domain field.. but didn't mention how that
>>> differs from what's in the location table with xlite or the siemens.
>>> Maybe a sample of the table data posted would be helpful?
>>>
>>> Thanks,
>>> Brett
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list