[asterisk-commits] branch crichter/0.4.0 r29958 - in /team/crichter/0.4.0: ./ channels/ configs/

asterisk-commits at lists.digium.com asterisk-commits at lists.digium.com
Wed May 24 01:15:45 MST 2006 

Author: crichter
Date: Wed May 24 03:15:44 2006
New Revision: 29958

URL: http://svn.digium.com/view/asterisk?rev=29958&view=rev
Log:
Merged revisions 29909,29937 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/team/crichter/0.3.0

........
r29909 | root | 2006-05-24 06:00:39 +0200 (Mi, 24 Mai 2006) | 1 line

automerge commit
........
r29937 | crichter | 2006-05-24 09:53:26 +0200 (Mi, 24 Mai 2006) | 1 line

fixed to early connect bug which came in yesterday..
........

Modified:
    team/crichter/0.4.0/   (props changed)
    team/crichter/0.4.0/channels/chan_misdn.c
    team/crichter/0.4.0/channels/chan_sip.c
    team/crichter/0.4.0/configs/sip.conf.sample

Propchange: team/crichter/0.4.0/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Wed May 24 03:15:44 2006
@@ -1,1 +1,1 @@
-/team/crichter/0.3.0:1-29877
+/team/crichter/0.3.0:1-29949

Modified: team/crichter/0.4.0/channels/chan_misdn.c
URL: http://svn.digium.com/view/asterisk/team/crichter/0.4.0/channels/chan_misdn.c?rev=29958&r1=29957&r2=29958&view=diff
==============================================================================
--- team/crichter/0.4.0/channels/chan_misdn.c (original)
+++ team/crichter/0.4.0/channels/chan_misdn.c Wed May 24 03:15:44 2006
@@ -131,6 +131,7 @@
 	MISDN_ALERTING, /*!<  when Alerting */
 	MISDN_BUSY, /*!<  when BUSY */
 	MISDN_CONNECTED, /*!<  when connected */
+	MISDN_PRECONNECTED, /*!<  when connected */
 	MISDN_DISCONNECTED, /*!<  when connected */
 	MISDN_BRIDGED, /*!<  when bridged */
 	MISDN_CLEANING, /*!< when hangup from * but we were connected before */
@@ -2975,7 +2976,6 @@
 	}
 }
 
-
 void import_ies(struct ast_channel *chan, struct misdn_bchannel *bc)
 {
 	char *tmp;
@@ -2993,7 +2993,6 @@
 
 	tmp=pbx_builtin_getvar_helper(chan,"PRI_PROGRESS_INDICATOR");
 	if (tmp) bc->progress_indicator=atoi(tmp);
-
 }
  
 void export_ies(struct ast_channel *chan, struct misdn_bchannel *bc)
@@ -3103,7 +3102,7 @@
 		ch->l3id=bc->l3_id;
 		ch->addr=bc->addr;
 
-		if (bc->nt) {
+		if (bc->nt && ch->state == MISDN_PRECONNECTED ) {
 			/* OK we've got the very new l3id so we can answer
 			   now */
 			start_bc_tones(ch);
@@ -3511,7 +3510,10 @@
 	}
 	
 	/*we answer when we've got our very new L3 ID from the NT stack */
-	if (bc->nt) break;
+	if (bc->nt) { 
+		ch->state=MISDN_PRECONNECTED;
+		break;
+	}
 	
 	/* notice that we don't break here!*/
 

Modified: team/crichter/0.4.0/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/team/crichter/0.4.0/channels/chan_sip.c?rev=29958&r1=29957&r2=29958&view=diff
==============================================================================
--- team/crichter/0.4.0/channels/chan_sip.c (original)
+++ team/crichter/0.4.0/channels/chan_sip.c Wed May 24 03:15:44 2006
@@ -348,6 +348,8 @@
 static char default_notifymime[AST_MAX_EXTENSION] = DEFAULT_NOTIFYMIME;
 
 static int global_notifyringing = 1;	/*!< Send notifications on ringing */
+
+static int global_alwaysauthreject = 0;	/*!< Send 401 Unauthorized for all failing requests */
 
 static int default_qualify = 0;		/*!< Default Qualify= setting */
 
@@ -6428,6 +6430,15 @@
 	return 0;
 }
 
+/*! \brief Send a fake 401 Unauthorized response when the administrator
+  wants to hide the names of local users/peers from fishers
+*/
+static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, char *randdata, int randlen, int reliable)
+{
+	snprintf(randdata, randlen, "%08x", thread_safe_rand());
+	transmit_response_with_auth(p, "401 Unauthorized", req, randdata, reliable, "WWW-Authenticate", 0);
+}
+
 /*! \brief  register_verify: Verify registration of user */
 static int register_verify(struct sip_pvt *p, struct sockaddr_in *sin, struct sip_request *req, char *uri, int ignore)
 {
@@ -6559,8 +6570,12 @@
 			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
 			break;
 		case -3:
-			/* URI not found */
-			transmit_response(p, "404 Not found", &p->initreq);
+			if (global_alwaysauthreject) {
+				transmit_fake_auth_response(p, &p->initreq, p->randdata, sizeof(p->randdata), 1);
+			} else {
+				/* URI not found */
+				transmit_response(p, "404 Not found", &p->initreq);
+			}
 			/* Set res back to -2 because we don't want to return an invalid domain message. That check already happened up above. */
 			res = -2;
 			break;
@@ -7289,10 +7304,13 @@
 				ast_verbose("Found no matching peer or user for '%s:%d'\n", ast_inet_ntoa(iabuf, sizeof(iabuf), p->recv.sin_addr), ntohs(p->recv.sin_port));
 
 			/* do we allow guests? */
-			if (!global_allowguest)
-				res = -1;  /* we don't want any guests, authentication will fail */
+			if (!global_allowguest) {
+				if (global_alwaysauthreject)
+					res = -4; /* reject with fake authorization request */
+				else
+					res = -1; /* we don't want any guests, authentication will fail */
 #ifdef OSP_SUPPORT			
-			else if (global_allowguest == 2) {
+			} else if (global_allowguest == 2) {
 				ast_copy_flags(p, &global_flags, SIP_OSPAUTH);
 				res = check_auth(p, req, p->randdata, sizeof(p->randdata), "", "", "", sipmethod, uri, reliable, ignore); 
 			}
@@ -8265,6 +8283,7 @@
 	ast_cli(fd, "  URI user is phone no:   %s\n", ast_test_flag(&global_flags, SIP_USEREQPHONE) ? "Yes" : "No");
 	ast_cli(fd, "  Our auth realm          %s\n", global_realm);
 	ast_cli(fd, "  Realm. auth:            %s\n", authl ? "Yes": "No");
+	ast_cli(fd, "  Always auth rejects:    %s\n", global_alwaysauthreject ? "Yes" : "No");
 	ast_cli(fd, "  User Agent:             %s\n", default_useragent);
 	ast_cli(fd, "  MWI checking interval:  %d secs\n", global_mwitime);
 	ast_cli(fd, "  Reg. context:           %s\n", ast_strlen_zero(regcontext) ? "(not set)" : regcontext);
@@ -10412,16 +10431,19 @@
 	if (!p->lastinvite && !ignore && !p->owner) {
 		/* Handle authentication if this is our first invite */
 		res = check_user(p, req, SIP_INVITE, e, 1, sin, ignore);
-		if (res) {
-			if (res < 0) {
+		if (res < 0) {
+			if (res == -4) {
+				ast_log(LOG_NOTICE, "Sending fake auth rejection for user %s\n", get_header(req, "From"));
+				transmit_fake_auth_response(p, req, p->randdata, sizeof(p->randdata), 1);
+			} else {
 				ast_log(LOG_NOTICE, "Failed to authenticate user %s\n", get_header(req, "From"));
 				if (ignore)
 					transmit_response(p, "403 Forbidden", req);
 				else
 					transmit_response_reliable(p, "403 Forbidden", req, 1);
-				ast_set_flag(p, SIP_NEEDDESTROY);	
-				p->theirtag[0] = '\0'; /* Forget their to-tag, we'll get a new one */
 			}
+			ast_set_flag(p, SIP_NEEDDESTROY);	
+			p->theirtag[0] = '\0'; /* Forget their to-tag, we'll get a new one */
 			return 0;
 		}
 		/* Process the SDP portion */
@@ -10816,11 +10838,18 @@
 		}
 		/* Handle authentication if this is our first subscribe */
 		res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, sin, ignore, mailbox, mailboxsize);
-		if (res) {
-			if (res < 0) {
+		if (res < 0) {
+			if (res == -4) {
+				ast_log(LOG_NOTICE, "Sending fake auth rejection for user %s\n", get_header(req, "From"));
+				transmit_fake_auth_response(p, req, p->randdata, sizeof(p->randdata), 1);
+			} else {
 				ast_log(LOG_NOTICE, "Failed to authenticate user %s for SUBSCRIBE\n", get_header(req, "From"));
-				ast_set_flag(p, SIP_NEEDDESTROY);	
+				if (ignore)
+					transmit_response(p, "403 Forbidden", req);
+				else
+					transmit_response_reliable(p, "403 Forbidden", req, 1);
 			}
+			ast_set_flag(p, SIP_NEEDDESTROY);	
 			return 0;
 		}
 		gotdest = get_destination(p, NULL);
@@ -12444,6 +12473,7 @@
 	ast_copy_string(default_useragent, DEFAULT_USERAGENT, sizeof(default_useragent));
 	ast_copy_string(default_notifymime, DEFAULT_NOTIFYMIME, sizeof(default_notifymime));
 	global_notifyringing = 1;
+	global_alwaysauthreject = 0;
 	ast_copy_string(global_realm, DEFAULT_REALM, sizeof(global_realm));
 	ast_copy_string(global_musicclass, "default", sizeof(global_musicclass));
 	ast_copy_string(default_callerid, DEFAULT_CALLERID, sizeof(default_callerid));
@@ -12543,6 +12573,8 @@
 			ast_copy_string(default_notifymime, v->value, sizeof(default_notifymime));
 		} else if (!strcasecmp(v->name, "notifyringing")) {
 			global_notifyringing = ast_true(v->value);
+		} else if (!strcasecmp(v->name, "alwaysauthreject")) {
+			global_alwaysauthreject = ast_true(v->value);
 		} else if (!strcasecmp(v->name, "musicclass") || !strcasecmp(v->name, "musiconhold")) {
 			ast_copy_string(global_musicclass, v->value, sizeof(global_musicclass));
 		} else if (!strcasecmp(v->name, "language")) {

Modified: team/crichter/0.4.0/configs/sip.conf.sample
URL: http://svn.digium.com/view/asterisk/team/crichter/0.4.0/configs/sip.conf.sample?rev=29958&r1=29957&r2=29958&view=diff
==============================================================================
--- team/crichter/0.4.0/configs/sip.conf.sample (original)
+++ team/crichter/0.4.0/configs/sip.conf.sample Wed May 24 03:15:44 2006
@@ -107,6 +107,10 @@
 				; Useful to limit subscriptions to local extensions
 				; Settable per peer/user also
 ;notifyringing = yes		; Notify subscriptions on RINGING state
+;alwaysauthreject = yes		; When an incoming INVITE or REGISTER is to be rejected,
+		    		; for any reason, always reject with '401 Unauthorized'
+				; instead of letting the requester know whether there was
+				; a matching user or peer for their request
 
 ;
 ; If regcontext is specified, Asterisk will dynamically create and destroy a

More information about the asterisk-commits mailing list