diff options
author | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2004-06-25 05:52:55 +0000 |
---|---|---|
committer | markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> | 2004-06-25 05:52:55 +0000 |
commit | 2880b1df66d522a3074402f1e0915c28a3dbada7 (patch) | |
tree | 6c1292d10168096e90fd3533b1abef631b86725c /channels | |
parent | 6c4cb5454fdb3be753f731b1ec136bf1907fea90 (diff) |
Add sample config file, implement verification
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@3300 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rwxr-xr-x | channels/chan_sip.c | 111 |
1 files changed, 98 insertions, 13 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 3bc39b703..cf7462a82 100755 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -158,6 +158,10 @@ static int globalrtpholdtimeout = 0; static int globaltrustrpid = 0; +#ifdef OSP_SUPPORT +static int globalospauth = 0; +#endif + static int usecnt =0; AST_MUTEX_DEFINE_STATIC(usecnt_lock); @@ -318,6 +322,7 @@ static struct sip_pvt { int pendingbye; /* Need to send bye after we ack? */ int gotrefer; /* Got a refer? */ #ifdef OSP_SUPPORT + int ospauth; /* Allow OSP Authentication */ int osphandle; /* OSP Handle for call */ time_t ospstart; /* OSP Start time */ #endif @@ -384,6 +389,9 @@ struct sip_user { int insecure; int canreinvite; int capability; +#ifdef OSP_SUPPORT + int ospauth; /* Allow OSP Authentication */ +#endif int dtmfmode; int inUse; int incominglimit; @@ -422,6 +430,9 @@ struct sip_peer { int rtptimeout; int rtpholdtimeout; int insecure; +#ifdef OSP_SUPPORT + int ospauth; /* Allow OSP Authentication */ +#endif int nat; int canreinvite; unsigned int callgroup; @@ -2216,6 +2227,9 @@ static struct sip_pvt *sip_alloc(char *callid, struct sockaddr_in *sin, int useg p->dtmfmode = globaldtmfmode; p->promiscredir = globalpromiscredir; p->trustrpid = globaltrustrpid; +#ifdef OSP_SUPPORT + p->ospauth = globalospauth; +#endif p->rtptimeout = globalrtptimeout; p->rtpholdtimeout = globalrtpholdtimeout; p->capability = capability; @@ -4322,8 +4336,16 @@ static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata char *reqheader = "Proxy-Authorization"; char *respheader = "Proxy-Authenticate"; char *authtoken; +#ifdef OSP_SUPPORT + char *osptoken; + unsigned int osptimelimit; +#endif /* Always OK if no secret */ - if (ast_strlen_zero(secret) && ast_strlen_zero(md5secret)) + if (ast_strlen_zero(secret) && ast_strlen_zero(md5secret) +#ifdef OSP_SUPPORT + && !p->ospauth +#endif + ) return 0; if (!strcasecmp(method, "REGISTER")) { /* On a REGISTER, we have to use 401 and its family of headers instead of 407 and its family @@ -4333,6 +4355,21 @@ static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata reqheader = "Authorization"; respheader = "WWW-Authenticate"; } +#ifdef OSP_SUPPORT + else if (p->ospauth) { + ast_log(LOG_DEBUG, "Checking OSP Authentication!\n"); + osptoken = get_header(req, "P-OSP-Auth-Token"); + /* Check for token existence */ + if (!strlen(osptoken)) + return -1; + /* Validate token */ + if (ast_osp_validate(NULL, osptoken, &p->osphandle, &osptimelimit, p->callerid, p->sa.sin_addr, p->exten) < 1) + return -1; + /* If ospauth is 'exclusive' don't require further authentication */ + if ((p->ospauth > 1) || (ast_strlen_zero(secret) && ast_strlen_zero(md5secret))) + return 0; + } +#endif authtoken = get_header(req, reqheader); if (ignore && !ast_strlen_zero(randdata) && ast_strlen_zero(authtoken)) { /* This is a retransmitted invite/register/etc, don't reconstruct authentication @@ -4984,6 +5021,18 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd user = find_user(of); if (user && ast_apply_ha(user->ha, sin)) { p->nat = user->nat; +#ifdef OSP_SUPPORT + p->ospauth = user->ospauth; +#endif + p->trustrpid = user->trustrpid; + /* replace callerid if rpid found, and not restricted */ + if(!ast_strlen_zero(rpid_num) && p->trustrpid) { + if (*calleridname) + sprintf(p->callerid,"\"%s\" <%s>",calleridname,rpid_num); + else + strncpy(p->callerid, rpid_num, sizeof(p->callerid) - 1); + } + if (p->rtp) { ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat); ast_rtp_setnat(p->rtp, p->nat); @@ -5004,7 +5053,6 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd strncpy(p->accountcode, user->accountcode, sizeof(p->accountcode) -1); strncpy(p->language, user->language, sizeof(p->language) -1); strncpy(p->musicclass, user->musicclass, sizeof(p->musicclass) -1); - p->trustrpid = user->trustrpid; p->canreinvite = user->canreinvite; p->amaflags = user->amaflags; p->callgroup = user->callgroup; @@ -5046,6 +5094,17 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd ast_verbose("Found peer '%s'\n", peer->name); /* Take the peer */ p->nat = peer->nat; + p->trustrpid = peer->trustrpid; + /* replace callerid if rpid found, and not restricted */ + if(!ast_strlen_zero(rpid_num) && p->trustrpid) { + if (*calleridname) + sprintf(p->callerid,"\"%s\" <%s>",calleridname,rpid_num); + else + strncpy(p->callerid, rpid_num, sizeof(p->callerid) - 1); + } +#ifdef OSP_SUPPORT + p->ospauth = peer->ospauth; +#endif if (p->rtp) { ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat); ast_rtp_setnat(p->rtp, p->nat); @@ -5087,8 +5146,6 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd else p->noncodeccapability &= ~AST_RTP_DTMF; } - p->trustrpid = peer->trustrpid; - } if (peer->temponly) { if (peer->ha) { @@ -5103,14 +5160,6 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd } - /* replace callerid if rpid found, and not restricted */ - if(!ast_strlen_zero(rpid_num) && p->trustrpid) { - if (*calleridname) - sprintf(p->callerid,"\"%s\" <%s>",calleridname,rpid_num); - else - strncpy(p->callerid, rpid_num, sizeof(p->callerid) - 1); - } - return res; } static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, char *uri, int reliable, struct sockaddr_in *sin, int ignore) @@ -7489,6 +7538,9 @@ static struct sip_user *build_user(char *name, struct ast_variable *v) user->canreinvite = globalcanreinvite; user->trustrpid = globaltrustrpid; +#ifdef OSP_SUPPORT + user->ospauth = globalospauth; +#endif /* set default context */ strncpy(user->context, context, sizeof(user->context)-1); strncpy(user->language, language, sizeof(user->language)-1); @@ -7568,7 +7620,16 @@ static struct sip_user *build_user(char *name, struct ast_variable *v) } else if (!strcasecmp(v->name, "restrictcid")) { user->restrictcid = ast_true(v->value); } else if (!strcasecmp(v->name, "trustrpid")) { - user->trustrpid = ast_true(v->value); + user->trustrpid = ast_true(v->value); +#ifdef OSP_SUPPORT + } else if (!strcasecmp(v->name, "ospauth")) { + if (!strcasecmp(v->value, "exclusive")) { + user->ospauth = 2; + } else if (ast_true(v->value)) { + user->ospauth = 1; + } else + user->ospauth = 0; +#endif } /*else if (strcasecmp(v->name,"type")) * ast_log(LOG_WARNING, "Ignoring %s\n", v->name); @@ -7607,6 +7668,9 @@ static struct sip_peer *temp_peer(char *name) peer->selfdestruct = 1; peer->dynamic = 1; peer->trustrpid = globaltrustrpid; +#ifdef OSP_SUPPORT + peer->ospauth = globalospauth; +#endif reg_source_db(peer); return peer; } @@ -7668,6 +7732,9 @@ static struct sip_peer *build_peer(char *name, struct ast_variable *v) peer->dtmfmode = 0; peer->promiscredir = globalpromiscredir; peer->trustrpid = globaltrustrpid; +#ifdef OSP_SUPPORT + peer->ospauth = globalospauth; +#endif while(v) { if (!strcasecmp(v->name, "secret")) strncpy(peer->secret, v->value, sizeof(peer->secret)-1); @@ -7795,6 +7862,15 @@ static struct sip_peer *build_peer(char *name, struct ast_variable *v) } } else if (!strcasecmp(v->name, "trustrpid")) { peer->trustrpid = ast_true(v->value); +#ifdef OSP_SUPPORT + } else if (!strcasecmp(v->name, "ospauth")) { + if (!strcasecmp(v->value, "exclusive")) { + peer->ospauth = 2; + } else if (ast_true(v->value)) { + peer->ospauth = 1; + } else + peer->ospauth = 0; +#endif } /* else if (strcasecmp(v->name,"type")) * ast_log(LOG_WARNING, "Ignoring %s\n", v->name); @@ -7913,6 +7989,15 @@ static int reload_config(void) srvlookup = ast_true(v->value); } else if (!strcasecmp(v->name, "trustrpid")) { globaltrustrpid = ast_true(v->value); +#ifdef OSP_SUPPORT + } else if (!strcasecmp(v->name, "ospauth")) { + if (!strcasecmp(v->value, "exclusive")) { + globalospauth = 2; + } else if (ast_true(v->value)) { + globalospauth = 1; + } else + globalospauth = 0; +#endif } else if (!strcasecmp(v->name, "pedantic")) { pedanticsipchecking = ast_true(v->value); } else if (!strcasecmp(v->name, "canreinvite")) { |