[sr-dev] git:master: kamailio.cfg: simplified route[AUTH]

Daniel-Constantin Mierla miconda at gmail.com
Thu May 10 13:07:26 CEST 2012


Module: sip-router
Branch: master
Commit: 661795403a2a72cae30765e9f8cefa99c5228434
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=661795403a2a72cae30765e9f8cefa99c5228434

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Thu May 10 13:05:29 2012 +0200

kamailio.cfg: simplified route[AUTH]

- use auth_check(...) function which is combining www/proxy_auth()
  internally based on typical scenario provided by default cfg

---

 etc/kamailio.cfg |   82 ++++++++++++++---------------------------------------
 1 files changed, 22 insertions(+), 60 deletions(-)

diff --git a/etc/kamailio.cfg b/etc/kamailio.cfg
index 6d60ee3..158b525 100644
--- a/etc/kamailio.cfg
+++ b/etc/kamailio.cfg
@@ -698,72 +698,34 @@ route[PRESENCE] {
 # Authentication route
 route[AUTH] {
 #!ifdef WITH_AUTH
-	if (is_method("REGISTER"))
-	{
-		# authenticate the REGISTER requests (uncomment to enable auth)
-		if (!www_authorize("$td", "subscriber"))
-		{
-			www_challenge("$td", "0");
-			exit;
-		}
-
-		if ($au!=$tU)
-		{
-			sl_send_reply("403","Forbidden auth ID");
-			exit;
-		}
-	} else {
 
 #!ifdef WITH_IPAUTH
-		if(allow_source_address())
-		{
-			# source IP allowed
-			return;
-		}
-#!endif
-
-		# authenticate if from local subscriber
-		if (from_uri==myself)
-		{
-			if (!proxy_authorize("$fd", "subscriber")) {
-				proxy_challenge("$fd", "0");
-				exit;
-			}
-			if (is_method("PUBLISH"))
-			{
-				if ($au!=$fU || $au!=$tU) {
-					sl_send_reply("403","Forbidden auth ID");
-					exit;
-				}
-				if ($au!=$rU) {
-					sl_send_reply("403","Forbidden R-URI");
-					exit;
-				}
-#!ifdef WITH_MULTIDOMAIN
-				if ($fd!=$rd) {
-					sl_send_reply("403","Forbidden R-URI domain");
-					exit;
-				}
+	if((!is_method("REGISTER")) && allow_source_address())
+	{
+		# source IP allowed
+		return;
+	}
 #!endif
-			} else {
-				if ($au!=$fU) {
-					sl_send_reply("403","Forbidden auth ID");
-					exit;
-				}
-			}
 
-			consume_credentials();
-			# caller authenticated
-		} else {
-			# caller is not local subscriber, then check if it calls
-			# a local destination, otherwise deny, not an open relay here
-			if (!uri==myself)
-			{
-				sl_send_reply("403","Not relaying");
-				exit;
-			}
+	if (is_method("REGISTER") || from_uri==myself)
+	{
+		# authenticate requests
+		if (!auth_check("$fd", "subscriber", "1")) {
+			auth_challenge("$fd", "0");
+			exit;
 		}
+		# user authenticated - remove auth header
+		if(!is_method("REGISTER|PUBLISH"))
+			consume_credentials();
 	}
+	# if caller is not local subscriber, then check if it calls
+	# a local destination, otherwise deny, not an open relay here
+	if (from_uri!=myself && uri!=myself)
+	{
+		sl_send_reply("403","Not relaying");
+		exit;
+	}
+
 #!endif
 	return;
 }




More information about the sr-dev mailing list