ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1106 Commits
23 Branches
2.0 MiB
 
 
Tree: 1d2c4face5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1d2c4face5'
${ noResults }
kazoo-configs-kamailio/kamailio/auth.cfg

172 lines
6.4 KiB
Raw Blame History

#!trydef KZ_STRICT_AUTH 1
kazoo.strict_auth = KZ_STRICT_AUTH descr "only allow requests from registered or trusted sources"
route[AUTH]
{
if (isflagset(FLAG_INTERNALLY_SOURCED)) {
$avp(auth_allowed) = "true";
return;
}
if (!is_method("INVITE|MESSAGE|REFER")) {
$avp(auth_allowed) = "true";
return;
}
#!ifdef DISPATCHER_ROLE
route(SETUP_AUTH_HEADERS);
#!endif
}
route[AUTH_HEADERS]
{
remove_hf_re("^X-");
if (!is_method("INVITE|MESSAGE|REFER")) {
return;
}
xavp_params_implode("hf", "$var(outx)");
$var(out) = $(var(outx){re.subst,/^(.*);$$/\1/});
$var(c) = $(var(out){param.count});
xlog("L_DEBUG", "$ci|auth|headers $var(c) => $var(out) => $var(outx)\n");
while($var(c) > 0) {
$var(idx) = $var(c) - 1;
xlog("L_DEBUG", "$ci|auth|adding $(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\n");
append_hf("$(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\r\n");
$var(c) = $var(c) - 1;
}
}
route[AUTH_HEADERS_JSON]
{
xavp_params_implode("hf", "$var(outx)");
$var(out) = $(var(outx){re.subst,/^(.*);$$/\1/});
$var(c) = $(var(out){param.count});
$var(headers_json) = "";
$var(sep) = "";
xlog("L_DEBUG", "$ci|auth|headers $var(c) => $var(out) => $var(outx)\n");
while($var(c) > 0) {
$var(idx) = $var(c) - 1;
xlog("L_DEBUG", "$ci|auth|adding $(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\n");
append_hf("$(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\r\n");
$var(headers_json) = $_s($var(headers_json)$var(sep)"$(var(out){param.name,$var(idx)})" : "$(var(out){param.valueat,$var(idx)}{s.unescape.param})");
$var(c) = $var(c) - 1;
$var(sep) = " , ";
}
$var(headers_json) = $_s({ $var(headers_json) });
}
route[SETUP_AUTH_HEADERS]
{
$avp(auth_allowed) = "false";
$xavp(hf=>X-AUTH-IP) = $si;
$xavp(hf[0]=>X-AUTH-PORT) = $sp;
#!ifdef REGISTRAR_ROLE
$avp(is_registered) = "false";
$xavp(regcfg=>match_received) = $su;
if (registered("location","sip:$Au", 2, 1) == 1) {
$avp(is_registered) = "true";
$avp(auth_allowed) = "true";
route(AUTH_XAVP_TOKEN);
return;
} else if(is_present_hf("Proxy-Authorization")) {
if(registered("location", "sip:$au@$ar", 2, 1) == 1) {
xlog("L_INFO", "$ci|auth|from sip:$au@$ar\n");
$avp(is_registered) = "true";
$avp(auth_allowed) = "true";
route(AUTH_XAVP_TOKEN);
return;
}
}
#!endif
if (allow_source_address()) {
$avp(auth_allowed) = "true";
$xavp(hf[0]=>X-AUTH-Token) = $avp(trusted_x_header);
$xavp(hf[0]=>X-AUTH-URI-User) = $rU;
$xavp(hf[0]=>X-AUTH-URI-Realm) = $rd;
if(is_present_hf("P-Asserted-Identity") && $(ai{uri.user}) != "") {
$xavp(hf[0]=>X-AUTH-From-User) = $(ai{uri.user});
} else if(is_present_hf("P-Preferred-Identity") && $pU != "") {
$xavp(hf[0]=>X-AUTH-From-User) = $pU;
} else if(is_present_hf("Remote-Party-ID") && $(re{uri.user}) != "") {
$xavp(hf[0]=>X-AUTH-From-User) = $(re{uri.user});
} else {
$xavp(hf[0]=>X-AUTH-From-User) = $fU;
}
if($xavp(hf=>X-AUTH-From-User) =~ "^\+?00+$") {
$xavp(hf[0]=>X-AUTH-From-Is-Anonymous) = "true";
$xavp(hf[0]=>X-AUTH-From-User) = $null;
} else if($(xavp(hf=>X-AUTH-From-User){s.tolower}) =~ "^anonymous$") {
$xavp(hf[0]=>X-AUTH-From-Is-Anonymous) = "true";
$xavp(hf[0]=>X-AUTH-From-User) = $null;
}
return;
}
}
#!ifdef REGISTRAR_ROLE
route[AUTH_XAVP_TOKEN]
{
#!ifdef WITH_AUTH_TOKEN
route(AUTH_TOKEN);
#!else
route(AUTH_CCVS)
#!endif
}
route[AUTH_TOKEN]
{
if($(xavp(ulattrs=>token){s.len}) > 0) {
$xavp(hf[0]=>X-AUTH-Token) = $xavp(ulattrs=>token);
} else {
if($(xavp(ulattrs=>Authorizing-ID){s.len}) > 0 && $(xavp(ulattrs=>Account-ID){s.len})) {
$xavp(hf[0]=>X-AUTH-Token) = $_s($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID})@$(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}));
}
}
}
route[AUTH_CCVS]
{
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}{s.len}) > 0 && $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}{s.len}) > 0)
$xavp(hf[0]=>X-AUTH-Token) = $_s($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID})@$(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}));
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Account-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Authorizing-Type) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-Type});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Authorizing-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Username}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Username) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Username});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Realm}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Realm) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Realm});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Account-Realm) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Realm});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Account-Name) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Account-Name}{s.escape.param});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Presence-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Presence-ID});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Owner-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Owner-ID});
if($(xavp(ulattrs=>custom_channel_vars){kz.json,Hotdesk-Current-ID}{s.len}) > 0)
$xavp(hf[0]=>X-ecallmgr_Hotdesk-Current-ID) = $(xavp(ulattrs=>custom_channel_vars){kz.json,Hotdesk-Current-ID});
}
#!endif