Hi Maj,
Thank you for patch, I have incorporated it for next release.
Regards,
Avin Patel
Objective Systems, Inc.
C. Maj wrote:
> Does anyone else see it as a problem that incoming calls
> are authenticated by remote caller ID and not the remote IP
> address ? I think it's a security hazard. Attached is a
> patch to modify the find_user function in chan_h323.c to
> match on IP instead. It should also allow 'friend' types in
> ooh323.conf to work properly without having to use the
> remote IP address as the name of the context.
>
>
>
>
> ------------------------------------------------------------------------
>
> Index: chan_h323.c
> ===================================================================
> --- chan_h323.c (revision 220)
> +++ chan_h323.c (working copy)
> @@ -141,6 +141,7 @@
> struct ast_codec_pref prefs;
> int dtmfmode;
> int rtptimeout;
> + char ip[20];
> struct ooh323_user *next;
> };
>
> @@ -594,7 +595,7 @@
> return p;
> }
>
> -struct ooh323_user *find_user(const char * name)
> +struct ooh323_user *find_user(const char * ip)
> {
> struct ooh323_user *user=NULL;
>
> @@ -606,7 +607,7 @@
> ast_mutex_lock(&userl.lock);
> while(user)
> {
> - if(name && !strcmp(user->name, name))
> + if(ip && !strcmp(user->ip, ip))
> break;
> user = user->next;
> }
> @@ -1214,10 +1215,8 @@
> p->callerid_name = strdup(call->remoteIP);
> }
>
> - if(p->callerid_name)
> - {
> p->username = strdup(p->callerid_name);
> - user = find_user(p->username);
> + user = find_user(call->remoteIP);
> if(user)
> {
> ast_mutex_lock(&user->lock);
> @@ -1232,8 +1231,6 @@
> OO_SETFLAG(call->flags, OO_M_DISABLEGK);
> ast_mutex_unlock(&user->lock);
> }
> - }
> -
>
> ooh323c_set_capability_for_call(call, &p->prefs,
> p->capability,p->dtmfmode);
> configure_local_rtp(p, call);
> @@ -1558,6 +1555,9 @@
> else if (!strcasecmp(v->name, "amaflags")) {
> user->amaflags = ast_cdr_amaflags2int(v->value);
> }
> + else if (!strcasecmp(v->name, "ip")) {
> + strncpy(user->ip, v->value, sizeof(user->ip)-1);
> + }
> else if (!strcasecmp(v->name, "dtmfmode")) {
> if(!strcasecmp(v->value, "rfc2833"))
> user->dtmfmode = H323_DTMF_RFC2833;
>
>
> ------------------------------------------------------------------------
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> ooh323c-devel mailing list
> ooh323c-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ooh323c-devel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
ooh323c-devel mailing list
ooh323c-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ooh323c-devel
