[Asterisk-cvs] asterisk/channels chan_sip.c,1.394,1.395

markster at lists.digium.com markster at lists.digium.com
Mon May 24 10:30:56 CDT 2004 

Update of /usr/cvsroot/asterisk/channels
In directory mongoose.digium.com:/tmp/cvs-serv12474/channels

Modified Files:
	chan_sip.c 
Log Message:
Always authenticate when insecure is not "very" even on matching IP


Index: chan_sip.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_sip.c,v
retrieving revision 1.394
retrieving revision 1.395
diff -u -d -r1.394 -r1.395
--- chan_sip.c	21 May 2004 00:59:38 -0000	1.394
+++ chan_sip.c	24 May 2004 14:44:47 -0000	1.395
@@ -4792,25 +4792,30 @@
 	if (!user) {
 	/* If we didn't find a user match, check for peers */
 		ast_mutex_lock(&peerl.lock);
-		/* which should be used? non-mysql code uses "p->recv", but
-		 * mysql code used "sin"
-		 */
+		/* Look for peer based on the IP address we received data from */
+		/* If peer is registred from this IP address or have this as a default
+		   IP address, this call is from the peer 
+ 		*/
 		peer = find_peer(NULL, &p->recv);
-		/* peer = find_peer(NULL, sin); */
-		ast_mutex_unlock(&peerl.lock);
 		if (peer) {
-				if (sip_debug_test_addr(sin))
-					ast_verbose("Found peer '%s'\n", peer->name);
-				/* Take the peer */
-				p->nat = peer->nat;
-				if (p->rtp) {
-					ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat);
-					ast_rtp_setnat(p->rtp, p->nat);
-				}
-				if (p->vrtp) {
-					ast_log(LOG_DEBUG, "Setting NAT on VRTP to %d\n", p->nat);
-					ast_rtp_setnat(p->vrtp, p->nat);
-				}
+			if (sip_debug_test_addr(sin))
+				ast_verbose("Found peer '%s'\n", peer->name);
+			/* Take the peer */
+			p->nat = peer->nat;
+			if (p->rtp) {
+				ast_log(LOG_DEBUG, "Setting NAT on RTP to %d\n", p->nat);
+				ast_rtp_setnat(p->rtp, p->nat);
+			}
+			if (p->vrtp) {
+				ast_log(LOG_DEBUG, "Setting NAT on VRTP to %d\n", p->nat);
+				ast_rtp_setnat(p->vrtp, p->nat);
+			}
+			if (peer->insecure > 1) {
+				/* Pretend there is no required authentication if insecure is "very" */
+				strcpy(p->peersecret, "");
+				strcpy(p->peermd5secret, "");
+			}
+			if (!(res = check_auth(p, req, p->randdata, sizeof(p->randdata), peer->name, peer->secret, peer->md5secret, cmd, uri, reliable, ignore))) {
 				p->canreinvite = peer->canreinvite;
 				strncpy(p->peername, peer->name, sizeof(p->peername) - 1);
 				strncpy(p->authname, peer->name, sizeof(p->authname) - 1);
@@ -4822,11 +4827,6 @@
 					strncpy(p->context, peer->context, sizeof(p->context) - 1);
 				strncpy(p->peersecret, peer->secret, sizeof(p->peersecret) - 1);
 				strncpy(p->peermd5secret, peer->md5secret, sizeof(p->peermd5secret) - 1);
-				if (peer->insecure > 1) {
-					/* Pretend there is no required authentication if insecure is "very" */
-					strcpy(p->peersecret, "");
-					strcpy(p->peermd5secret, "");
-				}
 				p->callgroup = peer->callgroup;
 				p->pickupgroup = peer->pickupgroup;
 				p->capability = peer->capability;
@@ -4838,6 +4838,7 @@
 					else
 						p->noncodeccapability &= ~AST_RTP_DTMF;
 				}
+			}
 			if (peer->temponly) {
 				if (peer->ha) {
 					ast_free_ha(peer->ha);
@@ -4847,6 +4848,7 @@
 		} else
 			if (sip_debug_test_addr(sin))
 				ast_verbose("Found no matching peer or user for '%s:%d'\n", inet_ntoa(p->recv.sin_addr), ntohs(p->recv.sin_port));
+		ast_mutex_unlock(&peerl.lock);
 
 	}
 	return res;

More information about the svn-commits mailing list