[ http://tracker.iptel.org/browse/SER-375?page=all ]
Nils Ohlmeier closed SER-375. ----------------------------- Fixed in CVS. > missing del_attr($fu.uid) in REGISTRAR route > -------------------------------------------- > > Key: SER-375 > URL: http://tracker.iptel.org/browse/SER-375 > Project: SER > Issue Type: Bug > Components: Registrar, Selects, Packaging > Affects Versions: 2.0 > Environment: Linux test1 2.6.18-6-686 #1 SMP Sun Feb 10 22:11:31 UTC > 2008 i686 GNU/Linux > Debian stable (etch) > Assigned To: Nils Ohlmeier > Fix For: 2.0, Ipteldorf > > > Next snapshot of ser-oob does not work: > # check if the authenticated user is the same as the target user > if (!lookup_user("$tu.uid", "@to.uri")) { > sl_reply("404", "Unknown user in To"); > drop; > } > # the authentication ID does not match the ID in the To header > if ($f.uid != $t.uid) { > sl_reply("403", "Authentication and To-Header mismatch"); > drop; > } > at this point fu.uid and tu.uid are both set, if you call > lookup_user(fu.uid,) again, fu.uid will hold twice the same avp ["uid"], one > coming from the auth function and the second from the lookup_user > # check if the authenticated user is the same as the request originator > # you may uncomment it if you care, what uri is in From header > #if (!lookup_user("$fu.uid", "@from.uri")) { > # sl_reply("404", "Unknown user in From"); > # drop; > Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:572: track=FROM class=USER > Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]" > Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]" > Apr 24 12:09:48 test1 ser[4940]: INFO: avp.c:582: track=TO class=USER > Apr 24 12:09:48 test1 ser[4940]: AVP["uid"]="[EMAIL PROTECTED]" > Next check is not true and it's not possible to register > #} > #if ($fu.uid != $tu.uid) { > # sl_reply("403", "Authentication and From-Header mismatch"); > # drop; > #} > Adding del_attr($fu.uid) before the lookup_user($fu.uid,@from.uri) solves the > problem above, but the i'm not sure how reliable is to delete it before > calling save_contacts since if it fails I'm not sure whether this AVP affects > the creation of the contact in the location table. > Comments? > Sam -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tracker.iptel.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira _______________________________________________ Serdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/serdev
