mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-19 03:08:45 +00:00
Always authenticate when insecure is not "very" even on matching IP
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3055 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Mark Spencer
@@ -4792,25 +4792,30 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
|
|||||||
if (!user) {
|
if (!user) {
|
||||||
/* If we didn't find a user match, check for peers */
|
/* If we didn't find a user match, check for peers */
|
||||||
ast_mutex_lock(&peerl.lock);
|
ast_mutex_lock(&peerl.lock);
|
||||||
/* which should be used? non-mysql code uses "p->recv", but
|
/* Look for peer based on the IP address we received data from */
|
||||||
* mysql code used "sin"
|
/* If peer is registred from this IP address or have this as a default
|
||||||
*/
|
IP address, this call is from the peer
|
||||||
|
*/
|
||||||
peer = find_peer(NULL, &p->recv);
|
peer = find_peer(NULL, &p->recv);
|
||||||
/* peer = find_peer(NULL, sin); */
|
|
||||||
ast_mutex_unlock(&peerl.lock);
|
|
||||||
if (peer) {
|
if (peer) {
|
||||||
if (sip_debug_test_addr(sin))
|
if (sip_debug_test_addr(sin))
|
||||||
ast_verbose("Found peer '%s'\n", peer->name);
|
ast_verbose("Found peer '%s'\n", peer->name);
|
||||||
/* Take the peer */
|
/* Take the peer */
|
||||||
p->nat = peer->nat;
|
p->nat = peer->nat;
|
||||||
if (p->rtp) {
|
if (p->rtp) {
|
||||||
ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat);
|
ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat);
|
||||||
ast_rtp_setnat(p->rtp, p->nat);
|
ast_rtp_setnat(p->rtp, p->nat);
|
||||||
}
|
}
|
||||||
if (p->vrtp) {
|
if (p->vrtp) {
|
||||||
ast_log(LOG_DEBUG, "Setting NAT on VRTP to %d\n", p->nat);
|
ast_log(LOG_DEBUG, "Setting NAT on VRTP to %d\n", p->nat);
|
||||||
ast_rtp_setnat(p->vrtp, p->nat);
|
ast_rtp_setnat(p->vrtp, p->nat);
|
||||||
}
|
}
|
||||||
|
if (peer->insecure > 1) {
|
||||||
|
/* Pretend there is no required authentication if insecure is "very" */
|
||||||
|
strcpy(p->peersecret, "");
|
||||||
|
strcpy(p->peermd5secret, "");
|
||||||
|
}
|
||||||
|
if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), peer->name, peer->secret, peer->md5secret, cmd, uri, reliable, ignore))) {
|
||||||
p->canreinvite = peer->canreinvite;
|
p->canreinvite = peer->canreinvite;
|
||||||
strncpy(p->peername, peer->name, sizeof(p->peername) - 1);
|
strncpy(p->peername, peer->name, sizeof(p->peername) - 1);
|
||||||
strncpy(p->authname, peer->name, sizeof(p->authname) - 1);
|
strncpy(p->authname, peer->name, sizeof(p->authname) - 1);
|
||||||
@@ -4822,11 +4827,6 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
|
|||||||
strncpy(p->context, peer->context, sizeof(p->context) - 1);
|
strncpy(p->context, peer->context, sizeof(p->context) - 1);
|
||||||
strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
|
strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
|
||||||
strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
|
strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
|
||||||
if (peer->insecure > 1) {
|
|
||||||
/* Pretend there is no required authentication if insecure is "very" */
|
|
||||||
strcpy(p->peersecret, "");
|
|
||||||
strcpy(p->peermd5secret, "");
|
|
||||||
}
|
|
||||||
p->callgroup = peer->callgroup;
|
p->callgroup = peer->callgroup;
|
||||||
p->pickupgroup = peer->pickupgroup;
|
p->pickupgroup = peer->pickupgroup;
|
||||||
p->capability = peer->capability;
|
p->capability = peer->capability;
|
||||||
@@ -4838,6 +4838,7 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
|
|||||||
else
|
else
|
||||||
p->noncodeccapability &= ~AST_RTP_DTMF;
|
p->noncodeccapability &= ~AST_RTP_DTMF;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if (peer->temponly) {
|
if (peer->temponly) {
|
||||||
if (peer->ha) {
|
if (peer->ha) {
|
||||||
ast_free_ha(peer->ha);
|
ast_free_ha(peer->ha);
|
||||||
@@ -4847,6 +4848,7 @@ static int check_user(struct sip_pvt *p, struct sip_request *req, char *cmd, cha
|
|||||||
} else
|
} else
|
||||||
if (sip_debug_test_addr(sin))
|
if (sip_debug_test_addr(sin))
|
||||||
ast_verbose("Found no matching peer or user for '%s:%d'\n", inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
|
ast_verbose("Found no matching peer or user for '%s:%d'\n", inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
|
||||||
|
ast_mutex_unlock(&peerl.lock);
|
||||||
|
|
||||||
}
|
}
|
||||||
return res;
|
return res;
|
||||||
|
|||||||
Reference in New Issue
Block a user