ruhnet
/
kazoo-configs-kamailio
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 183 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1047 Commits
23 Branches
2.0 MiB
 
 
Tree: 539cbcce1c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '539cbcce1c'
${ noResults }
kazoo-configs-kamailio/kamailio/auth.cfg

101 lines
3.1 KiB
Raw Blame History

#!trydef KZ_STRICT_AUTH 1
kazoo.strict_auth = KZ_STRICT_AUTH descr "only allow requests from registered or trusted sources"
route[AUTH]
{
if (isflagset(FLAG_INTERNALLY_SOURCED)) {
$avp(auth_allowed) = "true";
return;
}
if (!is_method("INVITE|MESSAGE|REFER")) {
$avp(auth_allowed) = "true";
return;
}
#!ifdef DISPATCHER_ROLE
route(SETUP_AUTH_HEADERS);
#!endif
}
route[AUTH_HEADERS]
{
remove_hf_re("^X-");
xavp_params_implode("hf", "$var(outx)");
$var(out) = $(var(outx){re.subst,/^(.*);$$/\1/});
$var(c) = $(var(out){param.count});
xlog("L_DEBUG", "$ci|auth|headers $var(c) => $var(out) => $var(outx)\n");
while($var(c) > 0) {
$var(idx) = $var(c) - 1;
xlog("L_DEBUG", "$ci|auth|adding $(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\n");
append_hf("$(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\r\n");
$var(c) = $var(c) - 1;
}
}
route[AUTH_HEADERS_JSON]
{
xavp_params_implode("hf", "$var(outx)");
$var(out) = $(var(outx){re.subst,/^(.*);$$/\1/});
$var(c) = $(var(out){param.count});
$var(headers_json) = "";
$var(sep) = "";
xlog("L_DEBUG", "$ci|auth|headers $var(c) => $var(out) => $var(outx)\n");
while($var(c) > 0) {
$var(idx) = $var(c) - 1;
xlog("L_DEBUG", "$ci|auth|adding $(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\n");
append_hf("$(var(out){param.name,$var(idx)}): $(var(out){param.valueat,$var(idx)}{s.unescape.param})\r\n");
$var(headers_json) = $_s($var(headers_json)$var(sep)"$(var(out){param.name,$var(idx)})" : "$(var(out){param.valueat,$var(idx)}{s.unescape.param})");
$var(c) = $var(c) - 1;
$var(sep) = " , ";
}
$var(headers_json) = $_s({ $var(headers_json) });
}
route[SETUP_AUTH_HEADERS]
{
$avp(auth_allowed) = "false";
$xavp(hf=>X-AUTH-IP) = $si;
$xavp(hf[0]=>X-AUTH-PORT) = $sp;
#!ifdef REGISTRAR_ROLE
$avp(is_registered) = "false";
$xavp(regcfg=>match_received) = $su;
if (registered("location","$fu", 2, 1) == 1) {
$avp(is_registered) = "true";
$avp(auth_allowed) = "true";
route(AUTH_TOKEN);
return;
}
#!endif
if (allow_source_address()) {
$avp(auth_allowed) = "true";
$xavp(hf[0]=>X-AUTH-Token) = $avp(trusted_x_header);
$xavp(hf[0]=>X-AUTH-URI-User) = $rU;
$xavp(hf[0]=>X-AUTH-URI-Realm) = $rd;
$xavp(hf[0]=>X-AUTH-To-IP) = $RAi;
$xavp(hf[0]=>X-AUTH-To-Port) = $RAp;
$xavp(hf[0]=>X-AUTH-Source) = "trusted";
return;
}
}
#!ifdef REGISTRAR_ROLE
route[AUTH_TOKEN]
{
if($(xavp(ulattrs=>token){s.len}) > 0) {
$xavp(hf[0]=>X-AUTH-Token) = $xavp(ulattrs=>token);
} else {
if($(xavp(ulattrs=>Authorizing-ID){s.len}) > 0 && $(xavp(ulattrs=>Account-ID){s.len})) {
$xavp(hf[0]=>X-AUTH-Token) = $_s($(xavp(ulattrs=>custom_channel_vars){kz.json,Authorizing-ID})@$(xavp(ulattrs=>custom_channel_vars){kz.json,Account-ID}));
}
}
}
#!endif