diff options
Diffstat (limited to 'channels')
| -rw-r--r-- | channels/chan_sip.c | 45 |
1 files changed, 22 insertions, 23 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 724f02d7d..e09533711 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -344,6 +344,8 @@ enum check_auth_result { AUTH_NOT_FOUND = -3, /* returned by register_verify */ AUTH_FAKE_AUTH = -4, AUTH_UNKNOWN_DOMAIN = -5, + AUTH_PEER_NOT_DYNAMIC = -6, + AUTH_ACL_FAILED = -7, }; /*! \brief States for outbound registrations (with register= lines in sip.conf */ @@ -8943,6 +8945,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr if (peer) unref_peer(peer); peer = NULL; + res = AUTH_ACL_FAILED; } if (peer) { /* Set Frame packetization */ @@ -8952,6 +8955,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr } if (!ast_test_flag(&peer->flags[1], SIP_PAGE2_DYNAMIC)) { ast_log(LOG_ERROR, "Peer '%s' is trying to register, but not configured as host=dynamic\n", peer->name); + res = AUTH_PEER_NOT_DYNAMIC; } else { ast_copy_flags(&p->flags[0], &peer->flags[0], SIP_NAT); transmit_response(p, "100 Trying", req); @@ -9029,35 +9033,21 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr transmit_response(p, "403 Authentication user name does not match account name", &p->initreq); break; case AUTH_NOT_FOUND: + case AUTH_PEER_NOT_DYNAMIC: + case AUTH_ACL_FAILED: if (global_alwaysauthreject) { transmit_fake_auth_response(p, &p->initreq, 1); } else { /* URI not found */ - transmit_response(p, "404 Not found", &p->initreq); + if (res == AUTH_UNKNOWN_DOMAIN || res == AUTH_PEER_NOT_DYNAMIC) + transmit_response(p, "403 Forbidden", &p->initreq); + else + transmit_response(p, "404 Not found", &p->initreq); } break; default: break; } - if (option_debug > 1) { - const char *reason = ""; - - switch (res) { - case AUTH_SECRET_FAILED: - reason = "Bad password"; - break; - case AUTH_USERNAME_MISMATCH: - reason = "Bad digest user"; - break; - case AUTH_NOT_FOUND: - reason = "Peer not found"; - break; - default: - break; - } - ast_log(LOG_DEBUG, "SIP REGISTER attempt failed for %s : %s\n", - peer->name, reason); - } } if (peer) unref_peer(peer); @@ -15511,7 +15501,7 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, s ast_log(LOG_DEBUG, "Initializing initreq for method %s - callid %s\n", sip_methods[req->method].text, p->callid); check_via(p, req); if ((res = register_verify(p, sin, req, e)) < 0) { - const char *reason = ""; + const char *reason; switch (res) { case AUTH_SECRET_FAILED: @@ -15526,19 +15516,28 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, s case AUTH_UNKNOWN_DOMAIN: reason = "Not a local domain"; break; + case AUTH_PEER_NOT_DYNAMIC: + reason = "Peer is not supposed to register"; + break; + case AUTH_ACL_FAILED: + reason = "Device does not match ACL"; + break; default: + reason = "Unknown failure"; break; } ast_log(LOG_NOTICE, "Registration from '%s' failed for '%s' - %s\n", get_header(req, "To"), ast_inet_ntoa(sin->sin_addr), reason); - } + append_history(p, "RegRequest", "Failed : Account %s : %s", get_header(req, "To"), reason); + } else + append_history(p, "RegRequest", "Succeeded : Account %s", get_header(req, "To")); + if (res < 1) { /* Destroy the session, but keep us around for just a bit in case they don't get our 200 OK */ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } - append_history(p, "RegRequest", "%s : Account %s", res ? "Failed": "Succeeded", get_header(req, "To")); return res; } |