|
|
|
@ -1,4 +1,5 @@ |
|
|
|
|
|
|
|
#!trydef KZ_STRICT_AUTH 1 |
|
|
|
kazoo.strict_auth = KZ_STRICT_AUTH descr "only allow requests from registered or trusted sources" |
|
|
|
|
|
|
|
route[AUTH] |
|
|
|
{ |
|
|
|
@ -52,23 +53,31 @@ route[AUTH_HEADERS_JSON] |
|
|
|
route[SETUP_AUTH_HEADERS] |
|
|
|
{ |
|
|
|
|
|
|
|
$avp(auth_allowed) = "false"; |
|
|
|
$xavp(hf=>X-AUTH-IP) = $si; |
|
|
|
$xavp(hf[0]=>X-AUTH-PORT) = $sp; |
|
|
|
|
|
|
|
#!ifdef REGISTRAR_ROLE |
|
|
|
|
|
|
|
$avp(is_registered) = "false"; |
|
|
|
$xavp(regcfg=>match_received) = $su; |
|
|
|
if (registered("location","$fu", 2, 1) != 1) return; |
|
|
|
|
|
|
|
$avp(is_registered) = "true"; |
|
|
|
#!ifdef WITH_AUTH_TOKEN |
|
|
|
route(AUTH_TOKEN); |
|
|
|
#!else |
|
|
|
route(AUTH_CCVS); |
|
|
|
if (registered("location","$fu", 2, 1) == 1) { |
|
|
|
$avp(is_registered) = "true"; |
|
|
|
$avp(auth_allowed) = "true"; |
|
|
|
route(AUTH_TOKEN); |
|
|
|
return; |
|
|
|
} |
|
|
|
#!endif |
|
|
|
|
|
|
|
#!endif |
|
|
|
if (allow_trusted()) { |
|
|
|
$avp(auth_allowed) = "true"; |
|
|
|
$xavp(hf[0]=>X-AUTH-Token) = $avp(trusted_x_header); |
|
|
|
$xavp(hf[0]=>X-AUTH-URI-User) = $rU; |
|
|
|
$xavp(hf[0]=>X-AUTH-URI-Realm) = $rd; |
|
|
|
$xavp(hf[0]=>X-AUTH-To-IP) = $RAi; |
|
|
|
$xavp(hf[0]=>X-AUTH-To-Port) = $RAp; |
|
|
|
$xavp(hf[0]=>X-AUTH-Source) = "trusted"; |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
@ -85,41 +94,4 @@ route[AUTH_TOKEN] |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
route[AUTH_CCVS] |
|
|
|
{ |
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Account-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Authorizing-Type) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}{s.len}) > 0 && $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-AUTH-Token) = $_s($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID})@$(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID})); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Authorizing-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Username}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Username) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Username}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Realm}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Realm) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Realm}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Account-Realm) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Account-Name) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name}{s.escape.param}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Presence-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Owner-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID}); |
|
|
|
|
|
|
|
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Hotdesk-Current-ID}{s.len}) > 0) |
|
|
|
$xavp(hf[0]=>X-ecallmgr_Hotdesk-Current-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Hotdesk-Current-ID}); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
#!endif |
lazedo
6 years ago