Add manager peerstatus events when peer can't authenticate.
authorOlle Johansson <oej@edvina.net>
Tue, 18 Mar 2008 07:23:45 +0000 (07:23 +0000)
committerOlle Johansson <oej@edvina.net>
Tue, 18 Mar 2008 07:23:45 +0000 (07:23 +0000)
(closes issue #11959)
Reported by: mostyn
Patches:
      peerstatus3.patch uploaded by mostyn (license 398)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@109316 65c4cc65-6c06-0410-ace0-fbb531ad65f3

CHANGES
channels/chan_sip.c
configs/sip.conf.sample

diff --git a/CHANGES b/CHANGES
index 052c370..e5ae21f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -167,6 +167,8 @@ SIP changes
      SIP session.
   * Added TCP and TLS support for SIP.  See doc/siptls.txt and configs/sip.conf.sample for
      more information on how it is used.
      SIP session.
   * Added TCP and TLS support for SIP.  See doc/siptls.txt and configs/sip.conf.sample for
      more information on how it is used.
+  * Added a new configuration option "authfailureevents" that enables manager events when
+    a peer can't authenticate properly. 
 
 IAX2 changes
 ------------
 
 IAX2 changes
 ------------
index f46c04d..a110252 100644 (file)
@@ -705,6 +705,7 @@ static char global_sdpsession[AST_MAX_EXTENSION];   /*!< SDP session name for the
 static char global_sdpowner[AST_MAX_EXTENSION];        /*!< SDP owner name for the SIP channel */
 static int allow_external_domains;     /*!< Accept calls to external SIP domains? */
 static int global_callevents;          /*!< Whether we send manager events or not */
 static char global_sdpowner[AST_MAX_EXTENSION];        /*!< SDP owner name for the SIP channel */
 static int allow_external_domains;     /*!< Accept calls to external SIP domains? */
 static int global_callevents;          /*!< Whether we send manager events or not */
+static int global_authfailureevents;           /*!< Whether we send authentication failure manager events or not. Default no. */
 static int global_t1;                  /*!< T1 time */
 static int global_t1min;               /*!< T1 roundtrip time minimum */
 static int global_timer_b;    /*!< Timer B - RFC 3261 Section 17.1.1.2 */
 static int global_t1;                  /*!< T1 time */
 static int global_t1min;               /*!< T1 roundtrip time minimum */
 static int global_timer_b;    /*!< Timer B - RFC 3261 Section 17.1.1.2 */
@@ -9853,7 +9854,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
        /* Saving TCP connections is useless, we won't be able to reconnect */
        if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP)) 
                ast_db_put("SIP/Registry", peer->name, data);
        /* Saving TCP connections is useless, we won't be able to reconnect */
        if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP)) 
                ast_db_put("SIP/Registry", peer->name, data);
-       manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+       manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name,  ast_inet_ntoa(peer->addr.sin_addr), ntohs(peer->addr.sin_port));
 
        /* Is this a new IP address for us? */
        if (inaddrcmp(&peer->addr, &oldsin)) {
 
        /* Is this a new IP address for us? */
        if (inaddrcmp(&peer->addr, &oldsin)) {
@@ -10405,7 +10406,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                        case PARSE_REGISTER_UPDATE:
                                /* Say OK and ask subsystem to retransmit msg counter */
                                transmit_response_with_date(p, "200 OK", req);
                        case PARSE_REGISTER_UPDATE:
                                /* Say OK and ask subsystem to retransmit msg counter */
                                transmit_response_with_date(p, "200 OK", req);
-                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
                                peer->lastmsgssent = -1;
                                res = 0;
                                break;
                                peer->lastmsgssent = -1;
                                res = 0;
                                break;
@@ -10420,6 +10421,9 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                case AUTH_SECRET_FAILED:
                        /* Wrong password in authentication. Go away, don't try again until you fixed it */
                        transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
                case AUTH_SECRET_FAILED:
                        /* Wrong password in authentication. Go away, don't try again until you fixed it */
                        transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+                       if (global_authfailureevents)
+                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_SECRET_FAILED\r\nAddress: %s\r\nPort: %d\r\n", 
+                                       name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
                        break;
                case AUTH_USERNAME_MISMATCH:
                        /* Username and digest username does not match. 
                        break;
                case AUTH_USERNAME_MISMATCH:
                        /* Username and digest username does not match. 
@@ -10427,6 +10431,9 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                           users to use the same authentication user name until we support
                           proper authentication by digest auth name */
                        transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
                           users to use the same authentication user name until we support
                           proper authentication by digest auth name */
                        transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
+                       if (global_authfailureevents)
+                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_USERNAME_MISMATCH\r\nAddress: %s\r\nPort: %d\r\n", 
+                                       name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
                        break;
                case AUTH_NOT_FOUND:
                case AUTH_PEER_NOT_DYNAMIC:
                        break;
                case AUTH_NOT_FOUND:
                case AUTH_PEER_NOT_DYNAMIC:
@@ -10435,10 +10442,17 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
                                transmit_fake_auth_response(p, &p->initreq, 1);
                        } else {
                                /* URI not found */
                                transmit_fake_auth_response(p, &p->initreq, 1);
                        } else {
                                /* URI not found */
-                               if (res == AUTH_PEER_NOT_DYNAMIC)
+                               if (res == AUTH_PEER_NOT_DYNAMIC) {
                                        transmit_response(p, "403 Forbidden", &p->initreq);
                                        transmit_response(p, "403 Forbidden", &p->initreq);
+                                       if (global_authfailureevents)
+                                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_PEER_NOT_DYNAMIC\r\nAddress: %s\r\nPort: %d\r\n", 
+                                                       name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
+                                       }
                                else
                                        transmit_response(p, "404 Not found", &p->initreq);
                                else
                                        transmit_response(p, "404 Not found", &p->initreq);
+                                       if (global_authfailureevents)
+                                               manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: URI_NOT_FOUND\r\nAddress: %s\r\nPort: %d\r\n", 
+                                                       name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
                        }
                        break;
                default:
                        }
                        break;
                default:
@@ -12941,6 +12955,7 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_
        ast_cli(a->fd, "  From: Domain:           %s\n", default_fromdomain);
        ast_cli(a->fd, "  Record SIP history:     %s\n", recordhistory ? "On" : "Off");
        ast_cli(a->fd, "  Call Events:            %s\n", global_callevents ? "On" : "Off");
        ast_cli(a->fd, "  From: Domain:           %s\n", default_fromdomain);
        ast_cli(a->fd, "  Record SIP history:     %s\n", recordhistory ? "On" : "Off");
        ast_cli(a->fd, "  Call Events:            %s\n", global_callevents ? "On" : "Off");
+       ast_cli(a->fd, "  Auth. Failure Events:   %s\n", global_authfailureevents ? "On" : "Off");
 
        ast_cli(a->fd, "  T38 fax pt UDPTL:       %s\n", cli_yesno(ast_test_flag(&global_flags[1], SIP_PAGE2_T38SUPPORT_UDPTL)));
 #ifdef WHEN_WE_HAVE_T38_FOR_OTHER_TRANSPORTS
 
        ast_cli(a->fd, "  T38 fax pt UDPTL:       %s\n", cli_yesno(ast_test_flag(&global_flags[1], SIP_PAGE2_T38SUPPORT_UDPTL)));
 #ifdef WHEN_WE_HAVE_T38_FOR_OTHER_TRANSPORTS
@@ -20250,6 +20265,7 @@ static int reload_config(enum channelreloadreason reason)
        /* Misc settings for the channel */
        global_relaxdtmf = FALSE;
        global_callevents = FALSE;
        /* Misc settings for the channel */
        global_relaxdtmf = FALSE;
        global_callevents = FALSE;
+       global_authfailureevents = FALSE;
        global_t1 = SIP_TIMER_T1;
        global_timer_b = 64 * SIP_TIMER_T1;
        global_t1min = DEFAULT_T1MIN;
        global_t1 = SIP_TIMER_T1;
        global_timer_b = 64 * SIP_TIMER_T1;
        global_t1min = DEFAULT_T1MIN;
@@ -20561,6 +20577,8 @@ static int reload_config(enum channelreloadreason reason)
                        }
                } else if (!strcasecmp(v->name, "callevents")) {
                        global_callevents = ast_true(v->value);
                        }
                } else if (!strcasecmp(v->name, "callevents")) {
                        global_callevents = ast_true(v->value);
+               } else if (!strcasecmp(v->name, "authfailureevents")) {
+                       global_authfailureevents = ast_true(v->value);
                } else if (!strcasecmp(v->name, "maxcallbitrate")) {
                        default_maxcallbitrate = atoi(v->value);
                        if (default_maxcallbitrate < 0)
                } else if (!strcasecmp(v->name, "maxcallbitrate")) {
                        default_maxcallbitrate = atoi(v->value);
                        if (default_maxcallbitrate < 0)
index df18aea..e9421fc 100644 (file)
@@ -218,6 +218,8 @@ srvlookup=yes                       ; Enable DNS SRV lookups on outbound calls
                                ; for peers and users as well
 ;callevents=no                 ; generate manager events when sip ua 
                                ; performs events (e.g. hold)
                                ; for peers and users as well
 ;callevents=no                 ; generate manager events when sip ua 
                                ; performs events (e.g. hold)
+;authfailureevents=no          ; generate manager "peerstatus" events when peer can't
+                               ; authenticate with Asterisk. Peerstatus will be "rejected".
 ;alwaysauthreject = yes                ; When an incoming INVITE or REGISTER is to be rejected,
                                ; for any reason, always reject with '401 Unauthorized'
                                ; instead of letting the requester know whether there was
 ;alwaysauthreject = yes                ; When an incoming INVITE or REGISTER is to be rejected,
                                ; for any reason, always reject with '401 Unauthorized'
                                ; instead of letting the requester know whether there was