Acasă Explorează Ajutor
Autentificare
Kamailio
/
kamailio
oglindă de https://github.com/kamailio/kamailio.git
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

kamailio.cfg: simplified route[AUTH]

- use auth_check(...) function which is combining www/proxy_auth()
  internally based on typical scenario provided by default cfg
Daniel-Constantin Mierla 13 ani în urmă
părinte
2d35cca658
comite
661795403a
1 a modificat fișierele cu 22 adăugiri și 60 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 22 60
      etc/kamailio.cfg

+ 22 - 60
etc/kamailio.cfg
Vizualizați fișierul 

@@ -698,72 +698,34 @@ route[PRESENCE] {
 
 # Authentication route
 
 route[AUTH] {
 
 #!ifdef WITH_AUTH
 
-	if (is_method("REGISTER"))
 
-	{
 
-		# authenticate the REGISTER requests (uncomment to enable auth)
 
-		if (!www_authorize("$td", "subscriber"))
 
-		{
 
-			www_challenge("$td", "0");
 
-			exit;
 
-		}
 
-
 
-		if ($au!=$tU)
 
-		{
 
-			sl_send_reply("403","Forbidden auth ID");
 
-			exit;
 
-		}
 
-	} else {
 
 
 #!ifdef WITH_IPAUTH
 
-		if(allow_source_address())
 
-		{
 
-			# source IP allowed
 
-			return;
 
-		}
 
-#!endif
 
-
 
-		# authenticate if from local subscriber
 
-		if (from_uri==myself)
 
-		{
 
-			if (!proxy_authorize("$fd", "subscriber")) {
 
-				proxy_challenge("$fd", "0");
 
-				exit;
 
-			}
 
-			if (is_method("PUBLISH"))
 
-			{
 
-				if ($au!=$fU || $au!=$tU) {
 
-					sl_send_reply("403","Forbidden auth ID");
 
-					exit;
 
-				}
 
-				if ($au!=$rU) {
 
-					sl_send_reply("403","Forbidden R-URI");
 
-					exit;
 
-				}
 
-#!ifdef WITH_MULTIDOMAIN
 
-				if ($fd!=$rd) {
 
-					sl_send_reply("403","Forbidden R-URI domain");
 
-					exit;
 
-				}
 
+	if((!is_method("REGISTER")) && allow_source_address())
 
+	{
 
+		# source IP allowed
 
+		return;
 
+	}
 
 #!endif
 
-			} else {
 
-				if ($au!=$fU) {
 
-					sl_send_reply("403","Forbidden auth ID");
 
-					exit;
 
-				}
 
-			}
 
 
-			consume_credentials();
 
-			# caller authenticated
 
-		} else {
 
-			# caller is not local subscriber, then check if it calls
 
-			# a local destination, otherwise deny, not an open relay here
 
-			if (!uri==myself)
 
-			{
 
-				sl_send_reply("403","Not relaying");
 
-				exit;
 
-			}
 
+	if (is_method("REGISTER") || from_uri==myself)
 
+	{
 
+		# authenticate requests
 
+		if (!auth_check("$fd", "subscriber", "1")) {
 
+			auth_challenge("$fd", "0");
 
+			exit;
 
 		}
 
+		# user authenticated - remove auth header
 
+		if(!is_method("REGISTER|PUBLISH"))
 
+			consume_credentials();
 
 	}
 
+	# if caller is not local subscriber, then check if it calls
 
+	# a local destination, otherwise deny, not an open relay here
 
+	if (from_uri!=myself && uri!=myself)
 
+	{
 
+		sl_send_reply("403","Not relaying");
 
+		exit;
 
+	}
 
+
 
 #!endif
 
 	return;
 
 }