def ksr_route_auth(self, msg): if KSR.pv.get("$rm") != "REGISTER" : if KSR.permissions.allow_source_address(1)>0 : # source IP allowed return 1; if KSR.pv.get("$rm")=="REGISTER" or KSR.is_myself(KSR.pv.get("$fu")) : # authenticate requests if KSR.auth_db.auth_check(KSR.pv.get("$fd"), "subscriber", 1)<0 : KSR.auth.auth_challenge(KSR.pv.get("$fd"), 0); return -255; # user authenticated - remove auth header if not "REGISTER,PUBLISH".find(KSR.pv.get("$rm"))!=-1 : KSR.auth.consume_credentials(); # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (not KSR.is_myself(KSR.pv.get("$fu")) and (not KSR.is_myself(KSR.pv.get("$ru")))) : KSR.sl.sl_send_reply(403,"Not relaying"); return -255; return 1;
def ksr_route_reqinit(self, msg): if not KSR.is_myself(KSR.pv.get("$si")): if not KSR.pv.is_null("$sht(ipban=>$si)"): # ip is already blocked KSR.dbg("request from blocked IP - " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + KSR.pv.get("$sp") + ")\n") return -255 if KSR.pike.pike_check_req() < 0: KSR.err("ALERT: pike blocking " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + KSR.pv.get("$sp") + ")\n") KSR.pv.seti("$sht(ipban=>$si)", 1) return -255 if not KSR.pv.is_null("$ua"): if (KSR.pv.get("$ua").find("friendly-scanner") != -1 or KSR.pv.get("$ua").find("sipcli") != -1): KSR.sl.sl_send_reply(200, "Processed") return -255 if KSR.maxfwd.process_maxfwd(10) < 0: KSR.sl.sl_send_reply(483, "Too Many Hops") return -255 if (KSR.pv.get("$rm") == "OPTIONS" and KSR.is_myself(KSR.pv.get("$ru")) and KSR.pv.is_null("$rU")): KSR.sl.sl_send_reply(200, "Keepalive") return -255 if KSR.sanity.sanity_check(1511, 7) < 0: KSR.err("Malformed SIP message from " + KSR.pv.get("$si") + ":" + KSR.pv.get("$sp") + "\n") return -255
def ksr_route_sipout(self, msg): if KSR.is_myself(KSR.pv.get("$ru")) : return 1; KSR.hdr.append("P-Hint: outbound\r\n"); self.ksr_route_relay(msg); return -255;
def ksr_route_reqinit(self, msg): if not KSR.is_myself(KSR.pv.get("$si")) : if not KSR.pv.is_null("$sht(ipban=>$si)") : # ip is already blocked KSR.dbg("request from blocked IP - " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) + ")\n"); return -255; if KSR.pike.pike_check_req()<0 : KSR.err("ALERT: pike blocking " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) + ")\n"); KSR.pv.seti("$sht(ipban=>$si)", 1); return -255; if not KSR.pv.is_null("$ua") : if (KSR.pv.get("$ua").find("friendly-scanner")!=-1 or KSR.pv.get("$ua").find("sipcli")!=-1) : KSR.sl.sl_send_reply(200, "Processed"); return -255; if KSR.maxfwd.process_maxfwd(10) < 0 : KSR.sl.sl_send_reply(483,"Too Many Hops"); return -255; if (KSR.pv.get("$rm")=="OPTIONS" and KSR.is_myself(KSR.pv.get("$ru")) and KSR.pv.is_null("$rU")) : KSR.sl.sl_send_reply(200,"Keepalive"); return -255; if KSR.sanity.sanity_check(1511, 7)<0 : KSR.err("Malformed SIP message from " + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) +"\n"); return -255;
def ksr_route_reqinit(self, msg): if not KSR.is_myself(KSR.pv.get("$si")) : if not KSR.pv.is_null("$sht(ipban=>$si)") : # ip is already blocked KSR.dbg("request from blocked IP - " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) + ")\n") return -255 if KSR.pike.pike_check_req()<0 : KSR.err("ALERT: pike blocking " + KSR.pv.get("$rm") + " from " + KSR.pv.get("$fu") + " (IP:" + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) + ")\n") KSR.pv.seti("$sht(ipban=>$si)", 1) return -255 if KSR.corex.has_user_agent() > 0 : ua = KSR.pv.gete("$ua") if (ua.find("friendly")!=-1 or ua.find("scanner")!=-1 or ua.find("sipcli")!=-1 or ua.find("sipvicious")!=-1) : KSR.sl.sl_send_reply(200, "Processed") return -255 if KSR.maxfwd.process_maxfwd(10) < 0 : KSR.sl.sl_send_reply(483,"Too Many Hops") return -255 if (KSR.is_OPTIONS() and KSR.is_myself_ruri() and KSR.corex.has_ruri_user() < 0) : KSR.sl.sl_send_reply(200,"Keepalive") return -255 if KSR.sanity.sanity_check(17895, 7)<0 : KSR.err("Malformed SIP message from " + KSR.pv.get("$si") + ":" + str(KSR.pv.get("$sp")) +"\n") return -255
def ksr_route_async_auth(self, msg): furi = KSR.pv.getw("$fu") ruri = KSR.pv.getw("$ru") if KSR.is_INVITE(): KSR.xlog.xnotice("Do auth procedure for {} from {}:{}".format( ruri, furi, KSR.pv.getw("$si"))) if KSR.auth_db.is_subscriber(furi, "subscriber", 2) > 0 and not KSR.isflagset( self.FLAGS['FLT_SKIP_AUTH']): if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request from local subscriber") KSR.setflag(self.FLAGS['FLT_FROM_SUBSCRIBER']) if KSR.auth_db.is_subscriber(ruri, "subscriber", 2) > 0: if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request to local subscriber") KSR.setflag(self.FLAGS['FLT_TO_SUBSCRIBER']) if KSR.isflagset(self.FLAGS['FLT_FROM_SUBSCRIBER']): if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): res = KSR.auth_db.auth_check(KSR.pv.getw("$fd"), "subscriber", 1) if res < 0: if res == -2: # -2 Wrong passworg KSR.xlog.xnotice("Wrong password. From:$fU Auth user:$au") KSR.sl.sl_send_reply(403, "You're not welcome here") if KSR.is_REGISTER(): self.send_registration_info_to_redis( 'False', time.time()) else: KSR.auth.auth_challenge(KSR.pv.getw("$fd"), 0) return -255 else: if KSR.is_REGISTER(): self.send_registration_info_to_redis('True', time.time()) # user authenticated - remove auth header # if not KSR.is_method("REGISTER,PUBLISH") : KSR.auth.consume_credentials() elif not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # Отпинываем нелокальных абонентов KSR.sl.send_reply(406, "Not acceptable") return -255 if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (not KSR.is_myself(furi) and (not KSR.is_myself(ruri))): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # authentication not enabled - do not relay at all to foreign networks if not KSR.is_myself(ruri): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # Jump from async route, based on processing SIP method if self.GLOBALS['WITH_ASYNC_FRAMEWORK']: KSR.asynk.task_route('ksr_route_async_' + KSR.pv.getw("$rm")) else: # lambda will generate 500 error if something went wrong getattr(self, 'ksr_route_async_' + KSR.pv.getw("$rm"), lambda: -255)(msg) return -255