<head><title></title></head>
<body><div class="iw_mail" dir="ltr">Mike,<br><br>Thanks for the response. The PBX that is interfacing with us does not have that option. And because of the varied nature of PBX's, I would like to<br>be as generic as possible. <br><br>So to me it really come back to what is the exposure to not performing the "db_check_from"?<br><br><div style="font-family: arial, helvetica, sans-serif; font-size: 16px;"><span data-mce-style="color: #808080; font-family: arial,helvetica,sans-serif; font-size: 11pt;" style="color: rgb(128, 128, 128); font-size: 11pt;">Regards,</span></div>
<span data-mce-style="color: #808080; font-family: arial,helvetica,sans-serif; font-size: 11pt;" style="color: rgb(128, 128, 128); font-size: 11pt;"><strong>Pat Burke</strong></span><br><br><br><br>Hello Pat,<br><br><br>I think that you can ask them to set the From Name as the callerid so<br>you can use transformation to take de information [1]<br><br><br>Example:<br><br> xlog("FROM NAME: $(hdr(From){nameaddr.name})");<br> xlog("FROM USER: $fU");<br><br> <br><br>Result (on log):<br><br><br>l 24 22:06:51 opensipsHomolog2 /usr/local/sbin/opensips[7960]: FROM<br>NAME: "1016"<br>Jul 24 22:06:51 opensipsHomolog2 /usr/local/sbin/opensips[7960]: FROM<br>USER: 101600000393<br><br><br><br>After the authentication you can use the uac_replace_from[2] and change<br>the callerid that you send you carriers.<br><br><br><br>[1] - <a href="https://www.opensips.org/Documentation/Script-Tran-2-2" target="_blank">https://www.opensips.org/Documentation/Script-Tran-2-2</a><br>[2] - <a href="http://www.opensips.org/html/docs/modules/devel/uac.html#idp5265536" target="_blank">http://www.opensips.org/html/docs/modules/devel/uac.html#idp5265536</a><br><br><br>Em 24/07/17 21:32, Pat Burke escreveu:<br>> Hello,<br>><br>> As a SIP Provider, we implementing the ability to provide SIP trunks<br>> to customers with a PBX or Dialer that require Registration. With<br>> this in mind,<br>> the customer wants to be able to set the CallerID on at least on the<br>> basis of the devices connected tho them, but potentially on a per call<br>> basis.<br>><br>> For the challenge-response to the non-Register methods, we have<br>> implemented the script as follows (seems to be a very standard way).<br>> My question is<br>> for the case of the CallerID not being the same as the<br>> username/authorization name, how do we do this? Because the "FROM"<br>> user is different from the<br>> authorized user, the db_check_from fails. I don't believe all phone<br>> systems support P-Asserted-ID, so we can't really go that route. So<br>> can we just remove<br>> the "db_check_from"? What risk does that expose us to?<br>><br>> if ( !(is_method("REGISTER")) ) {<br>> if (is_from_local("$var(reg_domain_attr)")) { # from Registered device<br>> $avp(callee_number_type) := "Registered";<br>><br>> # authenticate if from local subscriber<br>> # authenticate all initial non-REGISTER request that pretend to be<br>> # generated by local subscriber (domain from FROM URI is local)<br>> if (!proxy_authorize("", "subscriber")) {<br>> proxy_challenge("", "0");<br>> exit;<br>> }<br>><br>> if (!db_check_from()) {<br>> sl_send_reply("403","Forbidden auth ID");<br>> exit;<br>> }<br>><br>> consume_credentials();<br>> # caller authenticated<br>> }<br>> }<br>> Regards,<br>> *Pat Burke*<br><br><div class="signature"><br></div>
</div></body>