From bc336505d19a49f9e9e058b7e20ac2d55ce23457 Mon Sep 17 00:00:00 2001 From: lazedo Date: Thu, 28 Feb 2019 01:57:41 +0000 Subject: [PATCH] setup route & auth --- kamailio/auth.cfg | 4 ++ kamailio/default.cfg | 127 +++++++++++++------------------------------ 2 files changed, 43 insertions(+), 88 deletions(-) diff --git a/kamailio/auth.cfg b/kamailio/auth.cfg index df389a2..783e3da 100644 --- a/kamailio/auth.cfg +++ b/kamailio/auth.cfg @@ -46,6 +46,8 @@ route[SETUP_AUTH_HEADERS] } +#!ifdef REGISTRAR_ROLE + route[AUTH_TOKEN] { $xavp(regcfg=>match_received) = $su; @@ -93,3 +95,5 @@ route[AUTH_CCVS] $xavp(hf[0]=>X-ecallmgr_Owner-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID}); } } + +#!endif diff --git a/kamailio/default.cfg b/kamailio/default.cfg index 45bf547..20c727d 100644 --- a/kamailio/default.cfg +++ b/kamailio/default.cfg @@ -299,6 +299,9 @@ include_file "nodes-role.cfg" include_file "sip_trace-role.cfg" #!endif +## auth ## +include_file "auth.cfg" + ####### Permissions module ########## loadmodule "permissions.so" @@ -373,13 +376,10 @@ route } #!endif - #!ifdef DISPATCHER_ROLE - if (!isflagset(FLAG_INTERNALLY_SOURCED)) { - route(DISPATCHER_FIND_ROUTES); - } - #!endif + route(AUTH); + + route(SETUP); - route(RELAY); } #!trydef KZ_LOG_REQUEST_OPTIONS 0 @@ -502,7 +502,7 @@ route[HANDLE_MESSAGE] exit(); #!endif } else { - xlog("L_WARN", "$ci|end|MESSAGE $(hdr(Content-Type))\n"); + xlog("L_WARN", "$ci|end|MESSAGE $hdr(Content-Type)\n"); if( $hdr(Content-Type) == "application/im-iscomposing+xml" ) { xlog("L_WARN", "$ci|end|dropping MESSAGE application/im-iscomposing+xml\n"); sl_send_reply("200", "OK"); @@ -634,17 +634,46 @@ route[PREPARE_INITIAL_REQUESTS] record_route(); } +route[SETUP] +{ + #!ifdef DISPATCHER_ROLE + if (!isflagset(FLAG_INTERNALLY_SOURCED)) { + route(DISPATCHER_FIND_ROUTES); + } + #!endif + + #!ifdef REGISTRAR_ROLE + if (isflagset(FLAG_INTERNALLY_SOURCED)) { + route(ROUTE_TO_AOR); + } + #!endif + + route(RELAY); +} + +route[BRANCH_HEADERS] +{ + if (!isflagset(FLAG_INTERNALLY_SOURCED)) { + route(AUTH_HEADERS); + } else { + remove_hf_re("^X-"); + } + +} + # Manage outgoing branches branch_route[MANAGE_BRANCH] { - xlog("L_DEBUG", "$ci|branch|new branch [$T_branch_idx] to $ru\n"); + xlog("L_DEBUG", "$ci|branch|new branch [$T_branch_idx] to $ru => $du\n"); #!ifdef NAT_TRAVERSAL_ROLE route(NAT_MANAGE); #!endif + + route(BRANCH_HEADERS); + } route[RELAY] { - if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if(!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); } @@ -671,11 +700,6 @@ route[INTERNAL_TO_EXTERNAL_RELAY] } #!endif - #!ifdef REGISTRAR_ROLE - route(ROUTE_TO_AOR); - #!endif - - remove_hf_re("^X-.*"); t_on_reply("EXTERNAL_REPLY"); @@ -693,15 +717,6 @@ route[EXTERNAL_TO_INTERNAL_RELAY] } #!endif - remove_hf_re("^X-.*"); - - append_hf("X-AUTH-IP: $si\r\n"); - append_hf("X-AUTH-PORT: $sp\r\n"); - - #!ifdef REGISTRAR_ROLE - route(ADD_AUTHORIZATION_HEADERS); - #!endif - t_on_reply("INTERNAL_REPLY"); t_on_failure("INTERNAL_FAULT"); @@ -824,7 +839,7 @@ failure_route[INTERNAL_FAULT] xlog("L_INFO", "$ci|log|failure route ignoring failure after session progress\n"); } else if (t_check_status("403") && $T_reply_reason=="Forbidden") { xlog("L_WARNING", "$ci|log|failure route ignoring. Failed auth from IP $si\n"); - } else if (t_check_status("(401)|(407)|(486)|(403)")) { + } else if (t_check_status("(401)|(407)|(486)")) { xlog("L_INFO", "$ci|log|failure route ignoring auth reply $T_reply_code $T_reply_reason\n"); } else if (t_check_status("402")) { xlog("L_INFO", "$ci|log|failure route overriding reply code 402 with 486\n"); @@ -908,70 +923,6 @@ route[ROUTE_TO_AOR] } } - -#!ifdef REGISTRAR_ROLE - -#!ifdef WITH_AUTH_TOKEN -route[ADD_AUTHORIZATION_HEADERS] -{ - if (!is_method("INVITE|MESSAGE|REFER")) { - return; - } - - $xavp(regcfg=>match_received) = $su; - if (registered("location","$fu", 2, 1) == 1) { - if($(xavp(ulattrs=>token){s.len}) > 0) { - append_hf("X-AUTH-Token: $xavp(ulattrs=>token)\r\n"); - } else { - if($(xavp(ulattrs=>Authorizing-ID){s.len}) > 0 && $(xavp(ulattrs=>Account-ID){s.len})) { - append_hf("X-AUTH-Token: $xavp(ulattrs=>Authorizing-ID)@$xavp(ulattrs=>Account-ID)\r\n"); - } - } - } -} - -#!else - -route[ADD_AUTHORIZATION_HEADERS] -{ - if (!is_method("INVITE|MESSAGE|REFER")) { - return; - } - - $xavp(regcfg=>match_received) = $su; - if (registered("location","$fu", 2, 1) == 1) { - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}{s.len}) > 0) - append_hf("X-ecallmgr_Account-ID: $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}{s.len}) > 0) - append_hf("X-ecallmgr_Authorizing-Type: $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID}{s.len}) > 0) - append_hf("X-ecallmgr_Authorizing-ID: $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Username}{s.len}) > 0) - append_hf("X-ecallmgr_Username: $(xavp(ulattrs=>custom_channel_vars){kz.json,Username})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Realm}{s.len}) > 0) - append_hf("X-ecallmgr_Realm: $(xavp(ulattrs=>custom_channel_vars){kz.json,Realm})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm}{s.len}) > 0) - append_hf("X-ecallmgr_Account-Realm: $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name}{s.len}) > 0) - append_hf("X-ecallmgr_Account-Name: $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID}{s.len}) > 0) - append_hf("X-ecallmgr_Presence-ID: $(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID})\r\n"); - - if($(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID}{s.len}) > 0) - append_hf("X-ecallmgr_Owner-ID: $(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID})\r\n"); - } -} -#!endif - -#!endif - event_route[tm:local-request] { setflag(FLAG_LOCAL_REQUEST);