Hi Adam,
The idea behind the db_check_from() is that in SIP you have the SIP user
and the auth SIP - and you may have any relation between them - like
[email protected] may authenticate with whatever auth credentials (user + pwd)
that are valid.
The function forces either an 1-1 mapping between SIP and auth users,
either uses the uri table to create a custom mapping - like what SIP
user is allowed to use what auth user.
If you disable the function, any SIP user will be able to use any valid
auth credentials.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 06/21/2012 10:46 AM, Adam Raszynski wrote:
Hi
In default opensips.cfg there is following line:
if (!db_check_from()) {
send_reply("403", "Forbidden Auth ID");
exit;
}
Beside that I authenticate all calls by using proxy_authorize function
The problem is that some buggy/cheap ATA's can't be configured to use
user in From field to be identical with authentication username and it
results 403 error for them.
Unfortunately I can't tell my customers to replace their buggy ATA's
So, is it safe to disable db_check_from when proxy_authorize is in place?
Does it pose any security problems?
Best Regards
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
