[asterisk-dev] Kill the user, kill the user!

Luigi Rizzo rizzo at icir.org
Fri Dec 7 08:51:49 CST 2007


On Fri, Dec 07, 2007 at 01:08:02AM -0800, Steve Langstaff wrote:
> > From: asterisk-dev-bounces at lists.digium.com 
> > [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of 
> > Johansson Olle E
> 
> > I've created a branch called "kill_the_user" that has no 
> > type=friend or type=user, only peers.
> > 
> > Incoming calls are handled this way
> > 
> > * First, we match on peer object name with the From username
> > * Then we try to match on IP/Port
> > * If we can't match, we send to the context defined in the "general"  
> > section in sip.conf or to "default".
> 
> Will this mechanism be able to distinguish between calls from the
> following?
> 	From: <sip:1234 at example1.net>
> 	From: <sip:1234 at example2.net>

call <-> section matching was discussed in a thread some time ago.

I think it is correct to say that there is no single method that satisfies
everyone, so the type and order of matching needs to be configurable.

trunk already has this section in chan_sip.c, and i hope it has
Not disappeared (or at least, I certainly want it reintroduced, as
it is off by default):

        if (global_match_auth_username) {
                /*
                 * XXX This is experimental code to grab the search key from the
                 * Auth header's username instead of the 'From' name, if available.
                 * Do not enable this block unless you understand the side effects (if any!)
                 * Note, the search for "username" should be done in a more robust way.
                 * Note2, at the moment we chech both fields, though maybe we should
                 * pick one or another depending on the request ? XXX
                 */


Matching on IP/port may be ok in some cases (i.e. if you trust the IP/port!)

I think matching on the From username is completely bogus because there is
no check whatsoever on that field - clients may generate a random value
and it is not authenticated in any way.

In any case, when the 'user' is gone i will be glad to add in some hooks
so you can define the order and type of checks as you like.

	cheers
	luigi



More information about the asterisk-dev mailing list