[ http://tracker.iptel.org/browse/SER-375?page=all ]
Nils Ohlmeier resolved SER-375.
-------------------------------
Fix Version/s: 2.0
Ipteldorf
Resolution: Fixed
Thanks for reporting.
The suggested fix with del_attr should work too, but I chose to load the From
UID into the FR AVP track. Thus we avoid doublicated AVPs and we still have all
the AVPs accessible. Fixed in CVS.
> missing del_attr($fu.uid) in REGISTRAR route
> --------------------------------------------
>
> Key: SER-375
> URL: http://tracker.iptel.org/browse/SER-375
> Project: SER
> Issue Type: Bug
> Components: Registrar, Selects, Packaging
> Affects Versions: 2.0
> Environment: Linux test1 2.6.18-6-686 #1 SMP Sun Feb 10 22:11:31 UTC
> 2008 i686 GNU/Linux
> Debian stable (etch)
> Assigned To: Nils Ohlmeier
> Fix For: 2.0, Ipteldorf
>
>
> Next snapshot of ser-oob does not work:
> # check if the authenticated user is the same as the target user
> if (!lookup_user("$tu.uid", "@to.uri")) {
> sl_reply("404", "Unknown user in To");
> drop;
> }
> # the authentication ID does not match the ID in the To header
> if ($f.uid != $t.uid) {
> sl_reply("403", "Authentication and To-Header mismatch");
> drop;
> }
> at this point fu.uid and tu.uid are both set, if you call
> lookup_user(fu.uid,) again, fu.uid will hold twice the same avp ["uid"], one
> coming from the auth function and the second from the lookup_user
> # check if the authenticated user is the same as the request originator
> # you may uncomment it if you care, what uri is in From header
> #if (!lookup_user("$fu.uid", "@from.uri")) {
> # sl_reply("404", "Unknown user in From");
> # drop;
> Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:572: track=FROM class=USER
> Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
> Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
> Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:582: track=TO class=USER
> Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]"
> Next check is not true and it's not possible to register
> #}
> #if ($fu.uid != $tu.uid) {
> # sl_reply("403", "Authentication and From-Header mismatch");
> # drop;
> #}
> Adding del_attr($fu.uid) before the lookup_user($fu.uid,@from.uri) solves the
> problem above, but the i'm not sure how reliable is to delete it before
> calling save_contacts since if it fails I'm not sure whether this AVP affects
> the creation of the contact in the location table.
> Comments?
> Sam
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.iptel.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Serdev mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/serdev
