diff options
author | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2005-09-14 02:45:37 +0000 |
---|---|---|
committer | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2005-09-14 02:45:37 +0000 |
commit | 30bd8e4c5c39b4c0f5e1f67ebd6a1c6736389f55 (patch) | |
tree | 822ae5f745bc187a9cb2bbf555852575066ad00a /channels | |
parent | 4a580bd5151af8f3e7ddada1ed5e736eeb2cee68 (diff) |
support all OSP authentication models (issue #5159)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@6589 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rwxr-xr-x | channels/chan_sip.c | 93 |
1 files changed, 67 insertions, 26 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index f605c3350..974702999 100755 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -509,10 +509,11 @@ struct sip_auth { #define SIP_PROG_INBAND_NO (1 << 24) #define SIP_PROG_INBAND_YES (2 << 24) /* Open Settlement Protocol authentication */ -#define SIP_OSPAUTH (3 << 26) /* three settings, uses two bits */ +#define SIP_OSPAUTH (3 << 26) /* four settings, uses two bits */ #define SIP_OSPAUTH_NO (0 << 26) -#define SIP_OSPAUTH_YES (1 << 26) -#define SIP_OSPAUTH_EXCLUSIVE (2 << 26) +#define SIP_OSPAUTH_GATEWAY (1 << 26) +#define SIP_OSPAUTH_PROXY (2 << 26) +#define SIP_OSPAUTH_EXCLUSIVE (3 << 26) /* Call states */ #define SIP_CALL_ONHOLD (1 << 28) #define SIP_CALL_LIMIT (1 << 29) @@ -5783,25 +5784,63 @@ static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata respheader = "WWW-Authenticate"; } #ifdef OSP_SUPPORT - else if (ast_test_flag(p, SIP_OSPAUTH)) { - ast_log(LOG_DEBUG, "Checking OSP Authentication!\n"); - osptoken = get_header(req, "P-OSP-Auth-Token"); - /* Check for token existence */ - if (ast_strlen_zero(osptoken)) - return -1; - /* Validate token */ - if (ast_osp_validate(NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) - return -1; - - snprintf(tmp, sizeof(tmp), "%d", p->osphandle); - pbx_builtin_setvar_helper(p->owner, "_OSPHANDLE", tmp); - - - /* If ospauth is 'exclusive' don't require further authentication */ - if ((ast_test_flag(p, SIP_OSPAUTH) == SIP_OSPAUTH_EXCLUSIVE) || - (ast_strlen_zero(secret) && ast_strlen_zero(md5secret))) - return 0; - } + else { + ast_log (LOG_DEBUG, "Checking OSP Authentication!\n"); + osptoken = get_header (req, "P-OSP-Auth-Token"); + switch (ast_test_flag (p, SIP_OSPAUTH)) { + case SIP_OSPAUTH_NO: + break; + case SIP_OSPAUTH_GATEWAY: + if (ast_strlen_zero (osptoken)) { + if (ast_strlen_zero (secret) && ast_strlen_zero (md5secret)) { + return (0); + } + } + else { + if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) { + return (-1); + } + else { + snprintf (tmp, sizeof (tmp), "%d", p->osphandle); + pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp); + return (0); + } + } + break; + case SIP_OSPAUTH_PROXY: + if (ast_strlen_zero (osptoken)) { + return (0); + } + else { + if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) { + return (-1); + } + else { + snprintf (tmp, sizeof (tmp), "%d", p->osphandle); + pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp); + return (0); + } + } + break; + case SIP_OSPAUTH_EXCLUSIVE: + if (ast_strlen_zero (osptoken)) { + return (-1); + } + else { + if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) { + return (-1); + } + else { + snprintf (tmp, sizeof (tmp), "%d", p->osphandle); + pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp); + return (0); + } + } + break; + default: + return (-1); + } + } #endif authtoken = get_header(req, reqheader); if (ignore && !ast_strlen_zero(randdata) && ast_strlen_zero(authtoken)) { @@ -11073,10 +11112,12 @@ static int handle_common_options(struct ast_flags *flags, struct ast_flags *mask } else if (!strcasecmp(v->name, "ospauth")) { ast_set_flag(mask, SIP_OSPAUTH); ast_clear_flag(flags, SIP_OSPAUTH); - if (!strcasecmp(v->value, "exclusive")) - ast_set_flag(flags, SIP_OSPAUTH_EXCLUSIVE); - else - ast_set2_flag(flags, ast_true(v->value), SIP_OSPAUTH_YES); + if (!strcasecmp(v->value, "proxy")) + ast_set_flag(flags, SIP_OSPAUTH_PROXY); + else if (!strcasecmp(v->value, "gateway")) + ast_set_flag(flags, SIP_OSPAUTH_GATEWAY); + else if(!strcasecmp (v->value, "exclusive")) + ast_set_flag(flags, SIP_OSPAUTH_EXCLUSIVE); #endif } else if (!strcasecmp(v->name, "promiscredir")) { ast_set_flag(mask, SIP_PROMISCREDIR); |