def ksr_route_reqinit(self):
if KSR.is_INVITE():
KSR.xlog.xinfo("REQINIT. Check request $ru from $fu:$si")
if KSR.is_method("PUBLISH|SUBSCRIBE"):
# Drop unsupported methods
KSR.sl.sl_send_reply(404, "Pool is closed due to aids.")
return -255
if KSR.is_OPTIONS() and re.match("friendly-scanner|sipcli|VaxSIPUserAgent", KSR.pv.getw("$ua")):
# silent drop for scanners - uncomment next line if want to reply
# KSR.sl.sl_send_reply(200, "OK")
KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!")
return -255
if KSR.maxfwd.process_maxfwd(10) < 0:
KSR.sl.sl_send_reply(483, "Too Many Hops")
return -255
if KSR.is_OPTIONS():
KSR.sl.sl_send_reply(200, "Keepalive")
return -255
if (int(KSR.siputils.is_request()) > 0) and (int(KSR.textops.has_body()) < 0) and (int(KSR.hdr.is_present("Content-Length")) < 0):
KSR.xlog.xwarn("Malformed SIP message from $si:$sp - unpresent Body and no Content-Length header. User agent:$ua - Append hdr")
KSR.hdr.append("Content-Length: 0\r\n")
KSR.textopsx.msg_apply_changes()
if "null" in KSR.pv.getw("$ct"):
KSR.xlog.xalert("Null in contact:{} Patch it".format(KSR.pv.getw("$ct")))
KSR.hdr.remove("Contact")
KSR.hdr.append("Contact: sip:{}@{}:{}\r\n".format(KSR.pv.getw("$fU"), KSR.pv.getw("$si"), KSR.pv.getw("$sp")))
KSR.textopsx.msg_apply_changes()
KSR.xlog.xalert("Contact now:{}".format(KSR.pv.getw("$ct")))
if KSR.sanity.sanity_check(1511, 7) < 0:
KSR.xlog.xerr("Malformed SIP message from $si:$sp")
return -255
if not KSR.pv.is_null("$au") and re.match("(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)", KSR.pv.getw("$au")):
KSR.xlog.xalert("SQL Injection in authorization username from IP:$si:$sp - $au")
KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!")
return -255
if KSR.is_INVITE() and re.match("(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)", KSR.pv.getw("$ru")):
KSR.xlog.xalert("SQL Injection in RURI in INVITE from IP:$si:$sp - $ru")
KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!")
return -255
return 1
def ksr_route_location(self, msg):
rc = KSR.registrar.lookup("location")
if rc < 0:
KSR.tm.t_newtran()
if rc == -1 or rc == -3:
KSR.sl.send_reply(404, "Not Found")
return -255
elif rc == -2:
KSR.sl.send_reply(405, "Method Not Allowed")
return -255
# when routing via usrloc, log the missed calls also
if KSR.is_INVITE():
KSR.setflag(FLT_ACCMISSED)
self.ksr_route_relay(msg)
return -255
def ksr_route_location(self, msg):
rc = KSR.registrar.lookup("location");
if rc<0 :
KSR.tm.t_newtran();
if rc==-1 or rc==-3 :
KSR.sl.send_reply(404, "Not Found");
return -255;
elif rc==-2 :
KSR.sl.send_reply(405, "Method Not Allowed");
return -255;
# when routing via usrloc, log the missed calls also
if KSR.is_INVITE() :
KSR.setflag(FLT_ACCMISSED);
self.ksr_route_relay(msg);
return -255;
def ksr_route_relay(self, msg):
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if KSR.is_method_in("IBSU"):
if KSR.tm.t_is_set("branch_route") < 0:
KSR.tm.t_on_branch("ksr_branch_manage")
if KSR.is_method_in("ISU"):
if KSR.tm.t_is_set("onreply_route") < 0:
KSR.tm.t_on_reply("ksr_onreply_manage")
if KSR.is_INVITE():
if KSR.tm.t_is_set("failure_route") < 0:
KSR.tm.t_on_failure("ksr_failure_manage")
if KSR.tm.t_relay() < 0:
KSR.sl.sl_reply_error()
return -255
def ksr_route_relay(self, msg):
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if KSR.is_method_in("IBSU") :
if KSR.tm.t_is_set("branch_route")<0 :
KSR.tm.t_on_branch("ksr_branch_manage");
if KSR.is_method_in("ISU") :
if KSR.tm.t_is_set("onreply_route")<0 :
KSR.tm.t_on_reply("ksr_onreply_manage");
if KSR.is_INVITE() :
if KSR.tm.t_is_set("failure_route")<0 :
KSR.tm.t_on_failure("ksr_failure_manage");
if KSR.tm.t_relay()<0 :
KSR.sl.sl_reply_error();
return -255;
def ksr_route_relay(self):
KSR.nathelper.handle_ruri_alias()
# enable additional event routes for forwarded requests
# - serial forking, RTP relaying handling, a.s.o.
if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("branch_route") < 0):
KSR.tm.t_on_branch("ksr_branch_manage")
#if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("onreply_route") < 0):
# KSR.tm.t_on_reply("ksr_onreply_manage")
if KSR.is_INVITE() and (KSR.tm.t_is_set("failure_route") < 0):
KSR.tm.t_on_failure("ksr_failure_manage")
if KSR.isflagset(self.FLAGS['FLT_FROM_ASTERISK']):
KSR.textops.remove_hf_re("^X-")
if KSR.tm.t_relay() < 0:
KSR.xlog.xerr("Cant relay request. Send error.")
KSR.sl.sl_reply_error()
return -255
else:
return 1
def ksr_route_withindlg(self):
if KSR.siputils.has_totag() < 0:
return 1
# sequential request withing a dialog should
# take the path determined by record-routing
if KSR.rr.loose_route() > 0:
if not KSR.isdsturiset():
KSR.nathelper.handle_ruri_alias()
if KSR.is_ACK():
# ACK is forwarded statelessly
if self.ksr_route_natmanage() == -255:
return -255
elif KSR.is_NOTIFY():
# Add Record-Route for in-dialog NOTIFY as per RFC 6665.
KSR.rr.record_route()
elif KSR.is_INVITE():
KSR.xlog.xinfo("Hande reINVITE")
KSR.rr.record_route()
self.ksr_route_relay()
return -255
if KSR.is_ACK():
if KSR.tm.t_check_trans() > 0:
# no loose-route, but stateful ACK
# must be an ACK after a 487
# or e.g. 404 from upstream server
self.ksr_route_relay()
return -255
else:
# ACK without matching transaction ... ignore and discard
return -255
KSR.sl.sl_send_reply(404, "Not here")
return -255
def ksr_route_async_auth(self, msg):
furi = KSR.pv.getw("$fu")
ruri = KSR.pv.getw("$ru")
if KSR.is_INVITE():
KSR.xlog.xnotice("Do auth procedure for {} from {}:{}".format(
ruri, furi, KSR.pv.getw("$si")))
if KSR.auth_db.is_subscriber(furi, "subscriber",
2) > 0 and not KSR.isflagset(
self.FLAGS['FLT_SKIP_AUTH']):
if not KSR.is_REGISTER():
KSR.xlog.xinfo("Request from local subscriber")
KSR.setflag(self.FLAGS['FLT_FROM_SUBSCRIBER'])
if KSR.auth_db.is_subscriber(ruri, "subscriber", 2) > 0:
if not KSR.is_REGISTER():
KSR.xlog.xinfo("Request to local subscriber")
KSR.setflag(self.FLAGS['FLT_TO_SUBSCRIBER'])
if KSR.isflagset(self.FLAGS['FLT_FROM_SUBSCRIBER']):
if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']):
res = KSR.auth_db.auth_check(KSR.pv.getw("$fd"), "subscriber", 1)
if res < 0:
if res == -2:
# -2 Wrong passworg
KSR.xlog.xnotice("Wrong password. From:$fU Auth user:$au")
KSR.sl.sl_send_reply(403, "You're not welcome here")
if KSR.is_REGISTER():
self.send_registration_info_to_redis(
'False', time.time())
else:
KSR.auth.auth_challenge(KSR.pv.getw("$fd"), 0)
return -255
else:
if KSR.is_REGISTER():
self.send_registration_info_to_redis('True', time.time())
# user authenticated - remove auth header
# if not KSR.is_method("REGISTER,PUBLISH") :
KSR.auth.consume_credentials()
elif not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']):
# Отпинываем нелокальных абонентов
KSR.sl.send_reply(406, "Not acceptable")
return -255
if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']):
# if caller is not local subscriber, then check if it calls
# a local destination, otherwise deny, not an open relay here
if (not KSR.is_myself(furi) and (not KSR.is_myself(ruri))):
KSR.sl.sl_send_reply(403, "Not relaying")
return -255
# authentication not enabled - do not relay at all to foreign networks
if not KSR.is_myself(ruri):
KSR.sl.sl_send_reply(403, "Not relaying")
return -255
# Jump from async route, based on processing SIP method
if self.GLOBALS['WITH_ASYNC_FRAMEWORK']:
KSR.asynk.task_route('ksr_route_async_' + KSR.pv.getw("$rm"))
else:
# lambda will generate 500 error if something went wrong
getattr(self, 'ksr_route_async_' + KSR.pv.getw("$rm"),
lambda: -255)(msg)
return -255
def ksr_request_route(self, msg):
# per request initial checks
if self.ksr_route_reqinit() == -255:
return 1
# NAT detection
if self.ksr_route_natdetect() == -255:
return 1
# CANCEL processing
if KSR.is_CANCEL():
self.manage_call_status(KSR.pv.getw("$fU"), 'del')
KSR.xlog.xinfo("CANCELing request from $fU:$si")
if KSR.tm.t_check_trans() > 0:
self.ksr_route_relay()
return 1
if KSR.is_BYE():
self.manage_call_status(KSR.pv.getw("$fU"), 'del')
# handle requests within SIP dialogs
if self.ksr_route_withindlg() == -255:
return 1
# handle retransmissions
if (not KSR.is_ACK()) and (KSR.tmx.t_precheck_trans() > 0):
KSR.tm.t_check_trans()
return 1
if KSR.tm.t_check_trans() == 0:
return 1
### only initial requests (no To tag)
# record routing for dialog forming requests (in case they are routed)
# - remove preloaded route headers
KSR.hdr.remove("Route")
#if KSR.is_method_in("IS") :
# KSR.rr.record_route()
if KSR.is_INVITE() and KSR.pv.is_null("$rU"):
KSR.sl.sl_send_reply(484, "Address Incomplete")
return 1
if KSR.is_method_in("IR"):
#r = redis.StrictRedis(host='127.0.0.1', port=6379, db=10, password='******')
r = redis.StrictRedis(host='127.0.0.1', port=6379, db=10, decode_responses=True)
if r.get("{}:{}".format(KSR.pv.getw("$fU"), KSR.pv.getw("$rU"))) or r.get(KSR.pv.getw("$rU")) or r.get(KSR.pv.getw("$tU")):
KSR.sl.sl_send_reply(503, "There is no money.")
return -255
if KSR.is_INVITE():
if (KSR.dispatcher.ds_is_from_list(self.DSIDS['MEDIASERVERS']) > 0 or KSR.dispatcher.ds_is_from_list(self.DSIDS['CALLERS']) > 0):
KSR.setflag(self.FLAGS['FLT_FROM_ASTERISK'])
KSR.setflag(self.FLAGS['FLT_SKIP_AUTH'])
if (KSR.dispatcher.ds_is_from_list(self.DSIDS['GW']) > 0):
KSR.setflag(self.FLAGS['FLT_FROM_GW'])
KSR.setflag(self.FLAGS['FLT_SKIP_AUTH'])
if self.GLOBALS['WITH_ASYNC_FRAMEWORK']:
KSR.asynk.task_route("ksr_route_async_auth")
else:
if self.ksr_route_async_auth(msg) == -255:
return 1
else:
KSR.xlog.xerr("Запрос $ru от $fu :: $si дошел до конца request_route и не был обработан")
KSR.sl.sl_send_reply("404", "Out of order")
return 1
