Two ways for forcing SIP username to be the same as the auth username - i.e. locking a user to an extension (MODENDP-68)

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7188 d0543943-73ff-0310-b7d9-9358b9ac24b2
2008-01-12 19:15:05 +00:00 · 2008-01-12 19:15:05 +00:00 · daea564f9b
parent 26d213213b
commit daea564f9b
3 changed files with 32 additions and 7 deletions
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@ -123,7 +123,8 @@ typedef enum {
 	PFLAG_GREEDY = (1 << 10),
 	PFLAG_MULTIREG = (1 << 11),
 	PFLAG_SUPRESS_CNG = (1 << 12),
-	PFLAG_TLS = (1 << 13)
+	PFLAG_TLS = (1 << 13),
+	PFLAG_CHECKUSER = (1 << 14)
 } PFLAGS;

 typedef enum {
@ -454,8 +455,8 @@ void sofia_presence_mwi_event_handler(switch_event_t *event);
 void sofia_presence_cancel(void);
 switch_status_t config_sofia(int reload, char *profile_name);
 void sofia_reg_auth_challange(nua_t *nua, sofia_profile_t *profile, nua_handle_t *nh, sofia_regtype_t regtype, const char *realm, int stale);
-auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, 
-								const char *regstr, char *np, size_t nplen, char *ip, switch_event_t **v_event, long exptime);
+auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, char *np, size_t nplen,
+								char *ip, switch_event_t **v_event, long exptime, sofia_regtype_t regtype, const char *to_user);
 void sofia_reg_handle_sip_r_challenge(int status,
 									  char const *phrase,
 									  nua_t *nua, sofia_profile_t *profile, 
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@ -194,7 +194,7 @@ void sofia_event_callback(nua_event_t event,
 			char network_ip[80];
 			get_addr(network_ip, sizeof(network_ip), &((struct sockaddr_in *) msg_addrinfo(nua_current_request(nua))->ai_addr)->sin_addr);
 			auth_res = sofia_reg_parse_auth(profile, authorization, 
-											(char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key), network_ip, NULL, 0);
+											(char *) sip->sip_request->rq_method_name, tech_pvt->key, strlen(tech_pvt->key), network_ip, NULL, 0, REG_INVITE, NULL);
 		}

 		if (auth_res != AUTH_OK) {
@ -1057,6 +1057,10 @@ switch_status_t config_sofia(int reload, char *profile_name)
 						if (switch_true(val)) {
 							profile->pflags |= PFLAG_FULL_ID;
 						}
+					} else if (!strcasecmp(var, "inbound-reg-force-matching-username")) {
+						if (switch_true(val)) {
+							profile->pflags |= PFLAG_CHECKUSER;
+						}
 					} else if (!strcasecmp(var, "bitpacking")) {
 						if (!strcasecmp(val, "aal2")) {
 							profile->codec_flags = SWITCH_CODEC_FLAG_AAL2;
--- a/src/mod/endpoints/mod_sofia/sofia_reg.c
+++ b/src/mod/endpoints/mod_sofia/sofia_reg.c
@ -28,6 +28,7 @@
 * Paul D. Tinsley <pdt at jackhammer.org>
 * Bret McDanel <trixter AT 0xdecafbad.com>
 * Marcel Barbulescu <marcelbarbulescu@gmail.com>
+ * David Knell <>
 *
 *
 * sofia_ref.c -- SOFIA SIP Endpoint (registration code)
@ -344,6 +345,7 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
 	int network_port;
 	int cd = 0;
 	const char *call_id = NULL;
+	char *force_user;

 	/* all callers must confirm that sip, sip->sip_request and sip->sip_contact are not NULL */
 	switch_assert(sip != NULL && sip->sip_contact != NULL && sip->sip_request != NULL);
@ -410,7 +412,7 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han

 	if (authorization) {
 		char *v_contact_str;
-		if ((auth_res = sofia_reg_parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen, network_ip, v_event, exptime)) 
+		if ((auth_res = sofia_reg_parse_auth(profile, authorization, sip->sip_request->rq_method_name, key, keylen, network_ip, v_event, exptime, regtype, to_user)) 
 			== AUTH_STALE) {
 			stale = 1;
 		}
@ -419,6 +421,14 @@ uint8_t sofia_reg_handle_register(nua_t * nua, sofia_profile_t *profile, nua_han
 			char *exp_var;

 			register_gateway = switch_event_get_header(*v_event, "sip-register-gateway");
+	
+			/* Allow us to force the SIP user to be something specific - needed if 
+			 * we - for example - want to be able to ensure that the username a UA can
+			 * be contacted at is the same one that they used for authentication.
+			 */ 
+			if ((force_user = switch_event_get_header(*v_event, "sip-force-user"))) {
+				to_user = force_user;
+			}
 			
 			if ((v_contact_str = switch_event_get_header(*v_event, "sip-force-contact"))) {
 				if (!strcasecmp(v_contact_str, "nat-connectile-dysfunction") || !strcasecmp(v_contact_str, "NDLB-connectile-dysfunction")) {
@ -742,8 +752,8 @@ void sofia_reg_handle_sip_r_challenge(int status,
 	
 }

-auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, 
-								const char *regstr, char *np, size_t nplen, char *ip, switch_event_t **v_event, long exptime)
+auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t const *authorization, const char *regstr, 
+		char *np, size_t nplen, char *ip, switch_event_t **v_event, long exptime, sofia_regtype_t regtype, const char *to_user)
 {
 	int indexnum;
 	const char *cur;
@ -815,6 +825,15 @@ auth_res_t sofia_reg_parse_auth(sofia_profile_t *profile, sip_authorization_t co
 		switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_ERROR, "Invalid Authorization header!\n");
 		goto end;
 	}
+	
+	/* Optional check that auth name == SIP username */
+	if ((regtype == REG_REGISTER) && (profile->pflags & PFLAG_CHECKUSER)) {
+		if (switch_strlen_zero(username) || switch_strlen_zero(to_user) || strcasecmp(to_user, username)) {
+			/* Names don't match, so fail */
+			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "SIP username %s does not match auth username\n", switch_str_nil(to_user));
+			goto end;
+		}
+	}

 	if (switch_strlen_zero(np)) {
 		first = 1;
@ -1093,3 +1112,4 @@ switch_status_t sofia_reg_add_gateway(char *key, sofia_gateway_t *gateway)



+