mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-30 02:26:23 +00:00
support all OSP authentication models (issue #5159)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@6589 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
@@ -509,10 +509,11 @@ struct sip_auth {
|
|||||||
#define SIP_PROG_INBAND_NO (1 << 24)
|
#define SIP_PROG_INBAND_NO (1 << 24)
|
||||||
#define SIP_PROG_INBAND_YES (2 << 24)
|
#define SIP_PROG_INBAND_YES (2 << 24)
|
||||||
/* Open Settlement Protocol authentication */
|
/* Open Settlement Protocol authentication */
|
||||||
#define SIP_OSPAUTH (3 << 26) /* three settings, uses two bits */
|
#define SIP_OSPAUTH (3 << 26) /* four settings, uses two bits */
|
||||||
#define SIP_OSPAUTH_NO (0 << 26)
|
#define SIP_OSPAUTH_NO (0 << 26)
|
||||||
#define SIP_OSPAUTH_YES (1 << 26)
|
#define SIP_OSPAUTH_GATEWAY (1 << 26)
|
||||||
#define SIP_OSPAUTH_EXCLUSIVE (2 << 26)
|
#define SIP_OSPAUTH_PROXY (2 << 26)
|
||||||
|
#define SIP_OSPAUTH_EXCLUSIVE (3 << 26)
|
||||||
/* Call states */
|
/* Call states */
|
||||||
#define SIP_CALL_ONHOLD (1 << 28)
|
#define SIP_CALL_ONHOLD (1 << 28)
|
||||||
#define SIP_CALL_LIMIT (1 << 29)
|
#define SIP_CALL_LIMIT (1 << 29)
|
||||||
@@ -5783,25 +5784,63 @@ static int check_auth(struct sip_pvt *p, struct sip_request *req, char *randdata
|
|||||||
respheader = "WWW-Authenticate";
|
respheader = "WWW-Authenticate";
|
||||||
}
|
}
|
||||||
#ifdef OSP_SUPPORT
|
#ifdef OSP_SUPPORT
|
||||||
else if (ast_test_flag(p, SIP_OSPAUTH)) {
|
else {
|
||||||
ast_log(LOG_DEBUG, "Checking OSP Authentication!\n");
|
ast_log (LOG_DEBUG, "Checking OSP Authentication!\n");
|
||||||
osptoken = get_header(req, "P-OSP-Auth-Token");
|
osptoken = get_header (req, "P-OSP-Auth-Token");
|
||||||
/* Check for token existence */
|
switch (ast_test_flag (p, SIP_OSPAUTH)) {
|
||||||
if (ast_strlen_zero(osptoken))
|
case SIP_OSPAUTH_NO:
|
||||||
return -1;
|
break;
|
||||||
/* Validate token */
|
case SIP_OSPAUTH_GATEWAY:
|
||||||
if (ast_osp_validate(NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1)
|
if (ast_strlen_zero (osptoken)) {
|
||||||
return -1;
|
if (ast_strlen_zero (secret) && ast_strlen_zero (md5secret)) {
|
||||||
|
return (0);
|
||||||
snprintf(tmp, sizeof(tmp), "%d", p->osphandle);
|
}
|
||||||
pbx_builtin_setvar_helper(p->owner, "_OSPHANDLE", tmp);
|
}
|
||||||
|
else {
|
||||||
|
if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) {
|
||||||
/* If ospauth is 'exclusive' don't require further authentication */
|
return (-1);
|
||||||
if ((ast_test_flag(p, SIP_OSPAUTH) == SIP_OSPAUTH_EXCLUSIVE) ||
|
}
|
||||||
(ast_strlen_zero(secret) && ast_strlen_zero(md5secret)))
|
else {
|
||||||
return 0;
|
snprintf (tmp, sizeof (tmp), "%d", p->osphandle);
|
||||||
}
|
pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case SIP_OSPAUTH_PROXY:
|
||||||
|
if (ast_strlen_zero (osptoken)) {
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
snprintf (tmp, sizeof (tmp), "%d", p->osphandle);
|
||||||
|
pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case SIP_OSPAUTH_EXCLUSIVE:
|
||||||
|
if (ast_strlen_zero (osptoken)) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (ast_osp_validate (NULL, osptoken, &p->osphandle, &osptimelimit, p->cid_num, p->sa.sin_addr, p->exten) < 1) {
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
snprintf (tmp, sizeof (tmp), "%d", p->osphandle);
|
||||||
|
pbx_builtin_setvar_helper (p->owner, "_OSPHANDLE", tmp);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return (-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
authtoken = get_header(req, reqheader);
|
authtoken = get_header(req, reqheader);
|
||||||
if (ignore && !ast_strlen_zero(randdata) && ast_strlen_zero(authtoken)) {
|
if (ignore && !ast_strlen_zero(randdata) && ast_strlen_zero(authtoken)) {
|
||||||
@@ -11073,10 +11112,12 @@ static int handle_common_options(struct ast_flags *flags, struct ast_flags *mask
|
|||||||
} else if (!strcasecmp(v->name, "ospauth")) {
|
} else if (!strcasecmp(v->name, "ospauth")) {
|
||||||
ast_set_flag(mask, SIP_OSPAUTH);
|
ast_set_flag(mask, SIP_OSPAUTH);
|
||||||
ast_clear_flag(flags, SIP_OSPAUTH);
|
ast_clear_flag(flags, SIP_OSPAUTH);
|
||||||
if (!strcasecmp(v->value, "exclusive"))
|
if (!strcasecmp(v->value, "proxy"))
|
||||||
ast_set_flag(flags, SIP_OSPAUTH_EXCLUSIVE);
|
ast_set_flag(flags, SIP_OSPAUTH_PROXY);
|
||||||
else
|
else if (!strcasecmp(v->value, "gateway"))
|
||||||
ast_set2_flag(flags, ast_true(v->value), SIP_OSPAUTH_YES);
|
ast_set_flag(flags, SIP_OSPAUTH_GATEWAY);
|
||||||
|
else if(!strcasecmp (v->value, "exclusive"))
|
||||||
|
ast_set_flag(flags, SIP_OSPAUTH_EXCLUSIVE);
|
||||||
#endif
|
#endif
|
||||||
} else if (!strcasecmp(v->name, "promiscredir")) {
|
} else if (!strcasecmp(v->name, "promiscredir")) {
|
||||||
ast_set_flag(mask, SIP_PROMISCREDIR);
|
ast_set_flag(mask, SIP_PROMISCREDIR);
|
||||||
|
|||||||
Reference in New Issue
Block a user