From fca349941e808cfcd6e21755e78272b74aba6b43 Mon Sep 17 00:00:00 2001 From: William King Date: Mon, 4 Feb 2013 12:00:28 -0600 Subject: [PATCH] Adding ability to require authentication for sip messages on a sofia profile. --- .../endpoints/mod_sofia/conf/sofia.conf.xml | 1 + src/mod/endpoints/mod_sofia/mod_sofia.h | 1 + src/mod/endpoints/mod_sofia/sofia.c | 4 ++ src/mod/endpoints/mod_sofia/sofia_presence.c | 42 +++++++++++++++++++ 4 files changed, 48 insertions(+) diff --git a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml index 39c53d56d4..150a3fe1d6 100644 --- a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml +++ b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml @@ -302,6 +302,7 @@ register for nat handling --> + diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h index 2690f0ee32..bb09f2d95c 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.h +++ b/src/mod/endpoints/mod_sofia/mod_sofia.h @@ -198,6 +198,7 @@ typedef enum { typedef enum { PFLAG_AUTH_CALLS, + PFLAG_AUTH_MESSAGES, PFLAG_BLIND_REG, PFLAG_AUTH_ALL, PFLAG_FULL_ID, diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index cdaafff755..9630522fff 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -4198,6 +4198,10 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name) if (switch_true(val)) { sofia_set_pflag(profile, PFLAG_AUTH_CALLS); } + } else if (!strcasecmp(var, "auth-messages")) { + if (switch_true(val)) { + sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES); + } } else if (!strcasecmp(var, "extended-info-parsing")) { if (switch_true(val)) { sofia_set_pflag(profile, PFLAG_EXTENDED_INFO_PARSING); diff --git a/src/mod/endpoints/mod_sofia/sofia_presence.c b/src/mod/endpoints/mod_sofia/sofia_presence.c index a2b2903933..0d4e3bb0b9 100644 --- a/src/mod/endpoints/mod_sofia/sofia_presence.c +++ b/src/mod/endpoints/mod_sofia/sofia_presence.c @@ -4367,6 +4367,7 @@ void sofia_presence_handle_sip_i_message(int status, sofia_dispatch_event_t *de, tagi_t tags[]) { + if (sip) { sip_from_t const *from = sip->sip_from; const char *from_user = NULL; @@ -4386,6 +4387,47 @@ void sofia_presence_handle_sip_i_message(int status, channel = switch_core_session_get_channel(session); } + if (sofia_test_pflag(profile, PFLAG_AUTH_MESSAGES) && sip){ + sip_authorization_t const *authorization = NULL; + auth_res_t auth_res = AUTH_FORBIDDEN; + char keybuf[128] = ""; + char *key; + size_t keylen; + switch_event_t *v_event = NULL; + + key = keybuf; + keylen = sizeof(keybuf); + + if (sip->sip_authorization) { + authorization = sip->sip_authorization; + } else if (sip->sip_proxy_authorization) { + authorization = sip->sip_proxy_authorization; + } + + if (authorization) { + char network_ip[80]; + sofia_glue_get_addr(de->data->e_msg, network_ip, sizeof(network_ip), NULL); + auth_res = sofia_reg_parse_auth(profile, authorization, sip, de, + (char *) sip->sip_request->rq_method_name, key, keylen, network_ip, NULL, 0, + REG_INVITE, NULL, NULL, NULL); + } else if ( sofia_reg_handle_register(nua, profile, nh, sip, de, REG_INVITE, key, keylen, &v_event, NULL)) { + if (v_event) { + switch_event_destroy(&v_event); + } + + goto end; + } + + if ((auth_res != AUTH_OK && auth_res != AUTH_RENEWED)) { + nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS_MSG(de->data->e_msg), TAG_END()); + goto end; + } + + if (channel) { + switch_channel_set_variable(channel, "sip_authorized", "true"); + } + } + if ((us = sofia_glue_get_unknown_header(sip, "X-FS-Sending-Message")) && !strcmp(us, switch_core_get_uuid())) { switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "Not sending message to ourselves!\n"); nua_respond(nh, SIP_503_SERVICE_UNAVAILABLE, NUTAG_WITH_THIS_MSG(de->data->e_msg), TAG_END());