首页 发现 帮助
登录
Kamailio
/
kamailio
镜像自地址 https://github.com/kamailio/kamailio.git
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

- fixed typo in a flag name
- use loadpath to load modules
- added comment about removing internal headers from messages received from
utrusted sources
- extract server_id from SER-Server-ID header in registrar

Jan Janak 17 年之前
父节点
cc30d60050
当前提交
0fe8b5f17f
共有 1 个文件被更改,包括 49 次插入32 次删除
分列视图 显示文件统计
  1. 49 32
      etc/ser-oob.cfg

+ 49 - 32
etc/ser-oob.cfg
查看文件 

@@ -64,6 +64,9 @@
 
 #   - identity
 
 #   - TLS
 
 #   - permissions
 
+#   - Re-name all internal headers so that they start with a common prefix, such
 
+#     as P-SER and then wipe all such headers from requests received from 
+#     untrusted sources, such as the user agents or foreign proxy servers
 
 # * refined DB use (e.g., flatstore for acc)
 
 # * miscellanous:
 
 #  - dialog module for monitoring purposes
 
@@ -216,44 +219,46 @@ session_timer.min_se = "90" desc "minimum session interval (in s)"
 
  
 # ------------------ module loading ----------------------------------
 
 
+loadpath "/usr/lib/ser/modules"
 
+
 
 # load a SQL database for authentication, domains, user AVPs etc.
 
-loadmodule "/usr/lib/ser/modules/mysql.so"
 
-
 
-loadmodule "/usr/lib/ser/modules/sl.so"
 
-loadmodule "/usr/lib/ser/modules/tm.so"
 
-loadmodule "/usr/lib/ser/modules/rr.so"
 
-loadmodule "/usr/lib/ser/modules/maxfwd.so"
 
-loadmodule "/usr/lib/ser/modules/usrloc.so"
 
-loadmodule "/usr/lib/ser/modules/registrar.so"
 
-loadmodule "/usr/lib/ser/modules/xlog.so"
 
-loadmodule "/usr/lib/ser/modules/textops.so"
 
-loadmodule "/usr/lib/ser/modules/ctl.so"
 
-loadmodule "/usr/lib/ser/modules/auth.so"
 
-loadmodule "/usr/lib/ser/modules/auth_db.so"
 
-loadmodule "/usr/lib/ser/modules/gflags.so"
 
-loadmodule "/usr/lib/ser/modules/domain.so"
 
-loadmodule "/usr/lib/ser/modules/uri_db.so"
 
-loadmodule "/usr/lib/ser/modules/avp.so"
 
-loadmodule "/usr/lib/ser/modules/avp_db.so"
 
-loadmodule "/usr/lib/ser/modules/acc_db.so"
 
-#loadmodule "/usr/lib/ser/modules/xmlrpc.so"
 
-loadmodule "/usr/lib/ser/modules/options.so"
 
-loadmodule "/usr/lib/ser/modules/sanity.so"
 
-loadmodule "/usr/lib/ser/modules/nathelper.so"
 
-loadmodule "/usr/lib/ser/modules/uri.so"
 
-loadmodule "/usr/lib/ser/modules/speeddial.so"
 
-loadmodule "/usr/lib/ser/modules/timer.so"
 
-loadmodule "/usr/lib/ser/modules/db_ops.so"
 
-loadmodule "/usr/lib/ser/modules/exec.so"
 
-loadmodule "/usr/lib/ser/modules/cfg_rpc.so"
 
-loadmodule "/usr/lib/ser/modules/eval.so"
 
+loadmodule "mysql"
 
+
 
+loadmodule "sl"
 
+loadmodule "tm"
 
+loadmodule "rr"
 
+loadmodule "maxfwd"
 
+loadmodule "usrloc"
 
+loadmodule "registrar"
 
+loadmodule "xlog"
 
+loadmodule "textops"
 
+loadmodule "ctl"
 
+loadmodule "auth"
 
+loadmodule "auth_db"
 
+loadmodule "gflags"
 
+loadmodule "domain"
 
+loadmodule "uri_db"
 
+loadmodule "avp"
 
+loadmodule "avp_db"
 
+loadmodule "acc_db"
 
+#loadmodule "xmlrpc"
 
+loadmodule "options"
 
+loadmodule "sanity"
 
+loadmodule "nathelper"
 
+loadmodule "uri"
 
+loadmodule "speeddial"
 
+loadmodule "timer"
 
+loadmodule "db_ops"
 
+loadmodule "exec"
 
+loadmodule "cfg_rpc"
 
+loadmodule "eval"
 
 
 # ----------------- setting script FLAGS -----------------------------
 
 flags
 
   FLAG_ACC            : 1, # this request will be recorded by ACC
 
   FLAG_FAILUREROUTE   : 2, # we are operating from the failure route
 
   FLAG_NAT            : 3, # the UAC is behind a NAT
 
-  FLAG_REP_ENABLED    : 4, # REGISTER replication is enabled if set
 
+  FLAG_REPL_ENABLED   : 4, # REGISTER replication is enabled if set
 
   FLAG_TOTAG          : 5,
 
   FLAG_PSTN_ALLOWED   : 6, # the user is allowed to use the PSTN
 
   FLAG_DONT_RM_CRED   : 7, # do not remove the credentials
 
@@ -765,6 +770,12 @@ route[REGISTRAR]
 
 			setflag(FLAG_NAT);
 
 			$uac_nat=1;
 
 		}
 
+
 
+		# If the replicating server added its own server id to the request
 
+        # then obtain its value and store it in an attribute, this is used
 
+        # by registrar.
 
+        $server_id = @msg.header["SER-Server-ID"];
 
+
 
 		# assumes URI in form of UID@mydomain; store contacts under
 
 		# this UID; note it only works if local policy causes UIDs to
 
 		# have form compliant to RFC3261 URI usernames
 
@@ -773,7 +784,13 @@ route[REGISTRAR]
 
 			log(1, "SER: Error while processing replicated REGISTER");
 
 		}
 
 		drop;
 
-	}
 
+	} else {
 
+	    # This is a REGISTER request received from the UA. Remove our internal
 
+        # header fields if they are present in the request, this may be an
 
+        # attempt of the user to fool us.
 
+        remove_hf("SER-Server-ID");
 
+        remove_hf("Repl-Marker");
 
+    }
 
 
 	# check if the REGISTER if for one of our local domains
 
 	if (!$t.did) {