[asterisk-commits] oej: trunk r64517 - in /trunk: ./
channels/chan_sip.c
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Wed May 16 01:51:43 MST 2007
Author: oej
Date: Wed May 16 03:51:39 2007
New Revision: 64517
URL: http://svn.digium.com/view/asterisk?view=rev&rev=64517
Log:
Merged revisions 64516 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
................
r64516 | oej | 2007-05-16 10:46:18 +0200 (Wed, 16 May 2007) | 17 lines
Merged following patch with a lot of changes for 1.4
------
Merged revisions 64514 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.2
........
r64514 | oej | 2007-05-16 10:25:56 +0200 (Wed, 16 May 2007) | 6 lines
Issue #9726 - rlister - Better logging for ACL denials
While at it, also added better logging and handling of peers that are not supposed to register.
My patch, stole the issue report from Russell. My apologies, Russell :-)
........
................
Modified:
trunk/ (props changed)
trunk/channels/chan_sip.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=64517&r1=64516&r2=64517
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Wed May 16 03:51:39 2007
@@ -344,6 +344,8 @@
AUTH_NOT_FOUND = -3, /* returned by register_verify */
AUTH_FAKE_AUTH = -4,
AUTH_UNKNOWN_DOMAIN = -5,
+ AUTH_PEER_NOT_DYNAMIC = -6,
+ AUTH_ACL_FAILED = -7,
};
/*! \brief States for outbound registrations (with register= lines in sip.conf */
@@ -8943,6 +8945,7 @@
if (peer)
unref_peer(peer);
peer = NULL;
+ res = AUTH_ACL_FAILED;
}
if (peer) {
/* Set Frame packetization */
@@ -8952,6 +8955,7 @@
}
if (!ast_test_flag(&peer->flags[1], SIP_PAGE2_DYNAMIC)) {
ast_log(LOG_ERROR, "Peer '%s' is trying to register, but not configured as host=dynamic\n", peer->name);
+ res = AUTH_PEER_NOT_DYNAMIC;
} else {
ast_copy_flags(&p->flags[0], &peer->flags[0], SIP_NAT);
transmit_response(p, "100 Trying", req);
@@ -9029,34 +9033,20 @@
transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
break;
case AUTH_NOT_FOUND:
+ case AUTH_PEER_NOT_DYNAMIC:
+ case AUTH_ACL_FAILED:
if (global_alwaysauthreject) {
transmit_fake_auth_response(p, &p->initreq, 1);
} else {
/* URI not found */
- transmit_response(p, "404 Not found", &p->initreq);
+ if (res == AUTH_UNKNOWN_DOMAIN || res == AUTH_PEER_NOT_DYNAMIC)
+ transmit_response(p, "403 Forbidden", &p->initreq);
+ else
+ transmit_response(p, "404 Not found", &p->initreq);
}
break;
default:
break;
- }
- if (option_debug > 1) {
- const char *reason = "";
-
- switch (res) {
- case AUTH_SECRET_FAILED:
- reason = "Bad password";
- break;
- case AUTH_USERNAME_MISMATCH:
- reason = "Bad digest user";
- break;
- case AUTH_NOT_FOUND:
- reason = "Peer not found";
- break;
- default:
- break;
- }
- ast_log(LOG_DEBUG, "SIP REGISTER attempt failed for %s : %s\n",
- peer->name, reason);
}
}
if (peer)
@@ -15511,7 +15501,7 @@
ast_log(LOG_DEBUG, "Initializing initreq for method %s - callid %s\n", sip_methods[req->method].text, p->callid);
check_via(p, req);
if ((res = register_verify(p, sin, req, e)) < 0) {
- const char *reason = "";
+ const char *reason;
switch (res) {
case AUTH_SECRET_FAILED:
@@ -15526,19 +15516,28 @@
case AUTH_UNKNOWN_DOMAIN:
reason = "Not a local domain";
break;
+ case AUTH_PEER_NOT_DYNAMIC:
+ reason = "Peer is not supposed to register";
+ break;
+ case AUTH_ACL_FAILED:
+ reason = "Device does not match ACL";
+ break;
default:
+ reason = "Unknown failure";
break;
}
ast_log(LOG_NOTICE, "Registration from '%s' failed for '%s' - %s\n",
get_header(req, "To"), ast_inet_ntoa(sin->sin_addr),
reason);
- }
+ append_history(p, "RegRequest", "Failed : Account %s : %s", get_header(req, "To"), reason);
+ } else
+ append_history(p, "RegRequest", "Succeeded : Account %s", get_header(req, "To"));
+
if (res < 1) {
/* Destroy the session, but keep us around for just a bit in case they don't
get our 200 OK */
sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
}
- append_history(p, "RegRequest", "%s : Account %s", res ? "Failed": "Succeeded", get_header(req, "To"));
return res;
}
More information about the asterisk-commits
mailing list