Posted: Wed Apr 09, 2003 9:19 am Post subject: [Asterisk-Dev] Proposal for better matching of incoming call
Hi Mark, others,
sip_user "matching" for inbound calls shouldn't be by username only
--------------------------------------------------------------------
For incoming SIP calls, the check_user code matches against known users by
using the username part of the inbound From header only.
That gives the potential for false matches - there's no reason for that
username to be unique (consider "steve", "ata186" etc)
A false match means an authentication challenge to a caller who doesn't
know the right secret. Result: unintended caller blocking!
Here's some ideas for a fix. If we can agree the right approach I will
provide a patch.
Fix idea 1: sip_user->name can have a full(er) From. IE including
domain/part part of a sip address too. If it does, then check_user
compares more than just the username
This does leave the false-match problem behind for those who do not change
their sip.conf setup. But that's backwards compatibility for you!
Fix idea 2: leave sip_user->name alone, but add additional match=
parameter to say how to match an incoming call to this user. For
instance, pattern-match against headers. Perhaps something like
"match=From:.*@.*\.daviesfam\.org
This is nice and flexible because we can bring an incoming call into a
special context or whatever based on things other than the From username.
If match= isn't provided then the code needs to match based on the
->name. Probably the match should be extended to be done in the "fix idea
1" style.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum