|
@@ -698,72 +698,34 @@ route[PRESENCE] {
|
|
|
# Authentication route
|
|
# Authentication route
|
|
|
route[AUTH] {
|
|
route[AUTH] {
|
|
|
#!ifdef WITH_AUTH
|
|
#!ifdef WITH_AUTH
|
|
|
- if (is_method("REGISTER"))
|
|
|
|
|
- {
|
|
|
|
|
- # authenticate the REGISTER requests (uncomment to enable auth)
|
|
|
|
|
- if (!www_authorize("$td", "subscriber"))
|
|
|
|
|
- {
|
|
|
|
|
- www_challenge("$td", "0");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- if ($au!=$tU)
|
|
|
|
|
- {
|
|
|
|
|
- sl_send_reply("403","Forbidden auth ID");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
- } else {
|
|
|
|
|
|
|
|
|
|
#!ifdef WITH_IPAUTH
|
|
#!ifdef WITH_IPAUTH
|
|
|
- if(allow_source_address())
|
|
|
|
|
- {
|
|
|
|
|
- # source IP allowed
|
|
|
|
|
- return;
|
|
|
|
|
- }
|
|
|
|
|
-#!endif
|
|
|
|
|
-
|
|
|
|
|
- # authenticate if from local subscriber
|
|
|
|
|
- if (from_uri==myself)
|
|
|
|
|
- {
|
|
|
|
|
- if (!proxy_authorize("$fd", "subscriber")) {
|
|
|
|
|
- proxy_challenge("$fd", "0");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
- if (is_method("PUBLISH"))
|
|
|
|
|
- {
|
|
|
|
|
- if ($au!=$fU || $au!=$tU) {
|
|
|
|
|
- sl_send_reply("403","Forbidden auth ID");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
- if ($au!=$rU) {
|
|
|
|
|
- sl_send_reply("403","Forbidden R-URI");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
-#!ifdef WITH_MULTIDOMAIN
|
|
|
|
|
- if ($fd!=$rd) {
|
|
|
|
|
- sl_send_reply("403","Forbidden R-URI domain");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ if((!is_method("REGISTER")) && allow_source_address())
|
|
|
|
|
+ {
|
|
|
|
|
+ # source IP allowed
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
#!endif
|
|
#!endif
|
|
|
- } else {
|
|
|
|
|
- if ($au!=$fU) {
|
|
|
|
|
- sl_send_reply("403","Forbidden auth ID");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
|
|
|
|
|
- consume_credentials();
|
|
|
|
|
- # caller authenticated
|
|
|
|
|
- } else {
|
|
|
|
|
- # caller is not local subscriber, then check if it calls
|
|
|
|
|
- # a local destination, otherwise deny, not an open relay here
|
|
|
|
|
- if (!uri==myself)
|
|
|
|
|
- {
|
|
|
|
|
- sl_send_reply("403","Not relaying");
|
|
|
|
|
- exit;
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ if (is_method("REGISTER") || from_uri==myself)
|
|
|
|
|
+ {
|
|
|
|
|
+ # authenticate requests
|
|
|
|
|
+ if (!auth_check("$fd", "subscriber", "1")) {
|
|
|
|
|
+ auth_challenge("$fd", "0");
|
|
|
|
|
+ exit;
|
|
|
}
|
|
}
|
|
|
|
|
+ # user authenticated - remove auth header
|
|
|
|
|
+ if(!is_method("REGISTER|PUBLISH"))
|
|
|
|
|
+ consume_credentials();
|
|
|
}
|
|
}
|
|
|
|
|
+ # if caller is not local subscriber, then check if it calls
|
|
|
|
|
+ # a local destination, otherwise deny, not an open relay here
|
|
|
|
|
+ if (from_uri!=myself && uri!=myself)
|
|
|
|
|
+ {
|
|
|
|
|
+ sl_send_reply("403","Not relaying");
|
|
|
|
|
+ exit;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
#!endif
|
|
#!endif
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
Daniel-Constantin Mierla