[asterisk-users] Blind transfers security
Stanisław Pitucha
stan at gradwell.net
Mon Sep 14 10:12:29 CDT 2009
2009/9/14 Olle E. Johansson <oej at edvina.net>:
> Make sure that each device has a TRANSFER_CONTEXT dialplan variable.
What about a situation where sip devices register at a proxy in front
of many asterisks and asterisks authorise all calls from that proxy?
I.e. I don't have any devices that asterisk would know about. That way
as far as asterisk is concerned, the call is a simple trunk call and
the B side (in A->B call) doesn't trigger any TRANSFER_CONTEXT setting
when doing a transfer.
I hacked together a solution that works for me now, but I'd rather
solve this problem properly. My solution was that the A->B call gets
out to the device via "rB" context. When A does a transfer
current.chan1 (in handle_refer) has CALLERID(num) set to "rB". When B
transfers, callerid is obviously A. So I just copy that value to some
variable in the new channel and bill based on that in a common
transfer context.
Still - I'd rather find a solution that doesn't involve patching
chan_sip... (and doesn't require me to set up sip users on all
asterisks).
More information about the asterisk-users
mailing list