The save function from the registrar module uses the To header to disect
and store the username for the location table according to observations
and documentation
http://www.kamailio.org/docs/modules/stable/modules/registrar.html#registrar.f.save
After troubleshooting a ticket from an enduser unable to receive calls
where all looked fine but the username used for authentication wasn't
showing up in the location database. Finally I found the REGISTER was
added to the location database, but not with the user its username,
instead it was using the username (phonenumber) specified in the To
header. Till now I always assumed that the username in the location
table would be the username used during authentication(*).
This opens the door to hijacking incoming calls to other users on the
same kamailio registrar if one knows/guesses other usernames and use
those in the To header. This realisation is kind of shocking to me.
The solution is simple (if authentication is required):
save("location", "0x00", "sip:$au@$rd");
*: which kind of answers my question in the subject, what else can be
used if there is no authentication required?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
