[asterisk-commits] oej: trunk r109316 - in /trunk: ./ channels/ configs/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Mar 18 02:23:51 CDT 2008
Author: oej
Date: Tue Mar 18 02:23:45 2008
New Revision: 109316
URL: http://svn.digium.com/view/asterisk?view=rev&rev=109316
Log:
Add manager peerstatus events when peer can't authenticate.
(closes issue #11959)
Reported by: mostyn
Patches:
peerstatus3.patch uploaded by mostyn (license 398)
Modified:
trunk/CHANGES
trunk/channels/chan_sip.c
trunk/configs/sip.conf.sample
Modified: trunk/CHANGES
URL: http://svn.digium.com/view/asterisk/trunk/CHANGES?view=diff&rev=109316&r1=109315&r2=109316
==============================================================================
--- trunk/CHANGES (original)
+++ trunk/CHANGES Tue Mar 18 02:23:45 2008
@@ -167,6 +167,8 @@
SIP session.
* Added TCP and TLS support for SIP. See doc/siptls.txt and configs/sip.conf.sample for
more information on how it is used.
+ * Added a new configuration option "authfailureevents" that enables manager events when
+ a peer can't authenticate properly.
IAX2 changes
------------
Modified: trunk/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?view=diff&rev=109316&r1=109315&r2=109316
==============================================================================
--- trunk/channels/chan_sip.c (original)
+++ trunk/channels/chan_sip.c Tue Mar 18 02:23:45 2008
@@ -705,6 +705,7 @@
static char global_sdpowner[AST_MAX_EXTENSION]; /*!< SDP owner name for the SIP channel */
static int allow_external_domains; /*!< Accept calls to external SIP domains? */
static int global_callevents; /*!< Whether we send manager events or not */
+static int global_authfailureevents; /*!< Whether we send authentication failure manager events or not. Default no. */
static int global_t1; /*!< T1 time */
static int global_t1min; /*!< T1 roundtrip time minimum */
static int global_timer_b; /*!< Timer B - RFC 3261 Section 17.1.1.2 */
@@ -9853,7 +9854,7 @@
/* Saving TCP connections is useless, we won't be able to reconnect */
if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP))
ast_db_put("SIP/Registry", peer->name, data);
- manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name, ast_inet_ntoa(peer->addr.sin_addr), ntohs(peer->addr.sin_port));
/* Is this a new IP address for us? */
if (inaddrcmp(&peer->addr, &oldsin)) {
@@ -10405,7 +10406,7 @@
case PARSE_REGISTER_UPDATE:
/* Say OK and ask subsystem to retransmit msg counter */
transmit_response_with_date(p, "200 OK", req);
- manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
peer->lastmsgssent = -1;
res = 0;
break;
@@ -10420,6 +10421,9 @@
case AUTH_SECRET_FAILED:
/* Wrong password in authentication. Go away, don't try again until you fixed it */
transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+ if (global_authfailureevents)
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_SECRET_FAILED\r\nAddress: %s\r\nPort: %d\r\n",
+ name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
break;
case AUTH_USERNAME_MISMATCH:
/* Username and digest username does not match.
@@ -10427,6 +10431,9 @@
users to use the same authentication user name until we support
proper authentication by digest auth name */
transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
+ if (global_authfailureevents)
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_USERNAME_MISMATCH\r\nAddress: %s\r\nPort: %d\r\n",
+ name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
break;
case AUTH_NOT_FOUND:
case AUTH_PEER_NOT_DYNAMIC:
@@ -10435,10 +10442,17 @@
transmit_fake_auth_response(p, &p->initreq, 1);
} else {
/* URI not found */
- if (res == AUTH_PEER_NOT_DYNAMIC)
+ if (res == AUTH_PEER_NOT_DYNAMIC) {
transmit_response(p, "403 Forbidden", &p->initreq);
+ if (global_authfailureevents)
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_PEER_NOT_DYNAMIC\r\nAddress: %s\r\nPort: %d\r\n",
+ name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
+ }
else
transmit_response(p, "404 Not found", &p->initreq);
+ if (global_authfailureevents)
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: URI_NOT_FOUND\r\nAddress: %s\r\nPort: %d\r\n",
+ name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
}
break;
default:
@@ -12941,6 +12955,7 @@
ast_cli(a->fd, " From: Domain: %s\n", default_fromdomain);
ast_cli(a->fd, " Record SIP history: %s\n", recordhistory ? "On" : "Off");
ast_cli(a->fd, " Call Events: %s\n", global_callevents ? "On" : "Off");
+ ast_cli(a->fd, " Auth. Failure Events: %s\n", global_authfailureevents ? "On" : "Off");
ast_cli(a->fd, " T38 fax pt UDPTL: %s\n", cli_yesno(ast_test_flag(&global_flags[1], SIP_PAGE2_T38SUPPORT_UDPTL)));
#ifdef WHEN_WE_HAVE_T38_FOR_OTHER_TRANSPORTS
@@ -20250,6 +20265,7 @@
/* Misc settings for the channel */
global_relaxdtmf = FALSE;
global_callevents = FALSE;
+ global_authfailureevents = FALSE;
global_t1 = SIP_TIMER_T1;
global_timer_b = 64 * SIP_TIMER_T1;
global_t1min = DEFAULT_T1MIN;
@@ -20561,6 +20577,8 @@
}
} else if (!strcasecmp(v->name, "callevents")) {
global_callevents = ast_true(v->value);
+ } else if (!strcasecmp(v->name, "authfailureevents")) {
+ global_authfailureevents = ast_true(v->value);
} else if (!strcasecmp(v->name, "maxcallbitrate")) {
default_maxcallbitrate = atoi(v->value);
if (default_maxcallbitrate < 0)
Modified: trunk/configs/sip.conf.sample
URL: http://svn.digium.com/view/asterisk/trunk/configs/sip.conf.sample?view=diff&rev=109316&r1=109315&r2=109316
==============================================================================
--- trunk/configs/sip.conf.sample (original)
+++ trunk/configs/sip.conf.sample Tue Mar 18 02:23:45 2008
@@ -218,6 +218,8 @@
; for peers and users as well
;callevents=no ; generate manager events when sip ua
; performs events (e.g. hold)
+;authfailureevents=no ; generate manager "peerstatus" events when peer can't
+ ; authenticate with Asterisk. Peerstatus will be "rejected".
;alwaysauthreject = yes ; When an incoming INVITE or REGISTER is to be rejected,
; for any reason, always reject with '401 Unauthorized'
; instead of letting the requester know whether there was
More information about the asterisk-commits
mailing list