This is a preliminary fix for the exploit identified in my last postings. By far it would be better to fix the find_user call to look for both, the From-header and an username in the Proxy-Authorization-header. We even should set a environment variable (which can be used for dialplans) to return the auth username.
But there is no need for this... if you have a peer that is not allowed to make calls, just send it into a context that does not exist. Every INVITE it sends you will fail.
In the fairly near future, chan_sip will probably lose the entire concept of user/peer, and just go entirely to peer. There is no particular advantage to separating them, and a ton of duplicated code to support them.
_______________________________________________
Asterisk-Users mailing list
[email protected]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
