|
|
@@ -35,16 +35,20 @@ route{
|
|
|
break;
|
|
|
};
|
|
|
|
|
|
- # Do some strict routing here
|
|
|
+ # Do strict routing if route headers present
|
|
|
rewriteFromRoute();
|
|
|
|
|
|
+ # divert voicemail requests
|
|
|
if (uri=~"mail\.iptel\.org" | uri=~":6060") {
|
|
|
log("Request is for voicemail\n");
|
|
|
forward("fox.iptel.org", 6060);
|
|
|
} else {
|
|
|
+ # process requests for iptel.org
|
|
|
if (uri=~"iptel\.org" | uri=~"195\.37\.77\.101") {
|
|
|
log("Request is for iptel.org\n");
|
|
|
-
|
|
|
+
|
|
|
+ # registers always MUST be authenticated to
|
|
|
+ # avoid stealing incoming calls
|
|
|
if (method=="REGISTER") {
|
|
|
log("Request is REGISTER\n");
|
|
|
if (!authorize("iptel.org")) {
|
|
|
@@ -52,48 +56,63 @@ route{
|
|
|
challenge("iptel.org");
|
|
|
break;
|
|
|
};
|
|
|
+ # update Contact database
|
|
|
log("REGISTER is authorized, saving location\n");
|
|
|
save_contact("location");
|
|
|
break;
|
|
|
};
|
|
|
|
|
|
+ # various aliases (might use a database in future)
|
|
|
if (uri=~"sip:9040@.*") {
|
|
|
setuser("jiri");
|
|
|
};
|
|
|
|
|
|
+ # now it's about PSTN destinations through our gateway
|
|
|
if (uri=~"sip:[0-9]+@.*") {
|
|
|
+ # free call destinations ... no authentication needed
|
|
|
if (uri=~"sip:001795061546@.*" | uri=~"sip:[79][0-9][0-9][0-9]@.*") {
|
|
|
log("Free PSTN\n");
|
|
|
} else {
|
|
|
+ # all other PSTN destinations only for authenticated users
|
|
|
+ # (Cisco GW, which has no digest support, is authenticated
|
|
|
+ # by its IP address -- that's for sure not very strong)
|
|
|
if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
|
|
|
challenge("iptel.org");
|
|
|
break;
|
|
|
};
|
|
|
-
|
|
|
+
|
|
|
+ # does the authenticated user have a permission for local
|
|
|
+ # calls? (i.e., is he in the "local" group?)
|
|
|
if (uri=~"sip:0[1-9]+@.*") {
|
|
|
if (!is_in_group("local")) {
|
|
|
sl_send_reply("403", "Toodle Noodle...");
|
|
|
break;
|
|
|
};
|
|
|
+ # the same for long-distance
|
|
|
} else if (uri=~"sip:00[1-9][0-9]+@.*") {
|
|
|
if (!is_in_group("ld")) {
|
|
|
sl_send_reply("403", "Toodle Noodle...");
|
|
|
break;
|
|
|
};
|
|
|
+ # the same for international calls
|
|
|
} else if (uri=~"sip:000[1-9][0-9]+@.*") {
|
|
|
if (!is_in_group("int")) {
|
|
|
sl_send_reply("403", "Toodle Noodle...");
|
|
|
break;
|
|
|
};
|
|
|
+ # everything else (e.g., interplanetary calls) is denied
|
|
|
} else {
|
|
|
sl_send_reply("403", "Toodle Noodle...");
|
|
|
break;
|
|
|
};
|
|
|
};
|
|
|
+ # requests to gateway must be record-route because the GW accepts
|
|
|
+ # only reqeusts coming from our proxy
|
|
|
addRecordRoute();
|
|
|
+ # if you have passed through all the checks, let your call go to GW!
|
|
|
rewritehostport("195.37.77.110:5060");
|
|
|
} else {
|
|
|
- # native SIP destinations
|
|
|
+ # native SIP destinations are handled using our USRLOC DB
|
|
|
if (!lookup_contact("location")) {
|
|
|
log("Unable to lookup contact, sending 404\n");
|
|
|
sl_send_reply("404", "Not Found");
|
|
|
@@ -101,12 +120,16 @@ route{
|
|
|
};
|
|
|
};
|
|
|
} else {
|
|
|
+ # outbound requests are allowed only for our users -- we don't
|
|
|
+ # support relaying and don't like strangers bothering us
|
|
|
+ # with resolving DNS
|
|
|
if (!(src_ip==195.37.77.110) & !(authorize("iptel.org"))) {
|
|
|
challenge("iptel.org");
|
|
|
break;
|
|
|
};
|
|
|
};
|
|
|
|
|
|
+ # we now we may, we now where, let it go out now!
|
|
|
t_relay();
|
|
|
};
|
|
|
}
|
Jiri Kuthan