def ksr_route_reqinit(self): if KSR.is_INVITE(): KSR.xlog.xinfo("REQINIT. Check request $ru from $fu:$si") if KSR.is_method("PUBLISH|SUBSCRIBE"): # Drop unsupported methods KSR.sl.sl_send_reply(404, "Pool is closed due to aids.") return -255 if KSR.is_OPTIONS() and re.match("friendly-scanner|sipcli|VaxSIPUserAgent", KSR.pv.getw("$ua")): # silent drop for scanners - uncomment next line if want to reply # KSR.sl.sl_send_reply(200, "OK") KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!") return -255 if KSR.maxfwd.process_maxfwd(10) < 0: KSR.sl.sl_send_reply(483, "Too Many Hops") return -255 if KSR.is_OPTIONS(): KSR.sl.sl_send_reply(200, "Keepalive") return -255 if (int(KSR.siputils.is_request()) > 0) and (int(KSR.textops.has_body()) < 0) and (int(KSR.hdr.is_present("Content-Length")) < 0): KSR.xlog.xwarn("Malformed SIP message from $si:$sp - unpresent Body and no Content-Length header. User agent:$ua - Append hdr") KSR.hdr.append("Content-Length: 0\r\n") KSR.textopsx.msg_apply_changes() if "null" in KSR.pv.getw("$ct"): KSR.xlog.xalert("Null in contact:{} Patch it".format(KSR.pv.getw("$ct"))) KSR.hdr.remove("Contact") KSR.hdr.append("Contact: sip:{}@{}:{}\r\n".format(KSR.pv.getw("$fU"), KSR.pv.getw("$si"), KSR.pv.getw("$sp"))) KSR.textopsx.msg_apply_changes() KSR.xlog.xalert("Contact now:{}".format(KSR.pv.getw("$ct"))) if KSR.sanity.sanity_check(1511, 7) < 0: KSR.xlog.xerr("Malformed SIP message from $si:$sp") return -255 if not KSR.pv.is_null("$au") and re.match("(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)", KSR.pv.getw("$au")): KSR.xlog.xalert("SQL Injection in authorization username from IP:$si:$sp - $au") KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!") return -255 if KSR.is_INVITE() and re.match("(\=)|(\-\-)|(')|(\#)|(\%27)|(\%24)", KSR.pv.getw("$ru")): KSR.xlog.xalert("SQL Injection in RURI in INVITE from IP:$si:$sp - $ru") KSR.sl.sl_send_reply(503, "There is no money, but you hang in there. Best wishes! Cheers!") return -255 return 1
def ksr_route_location(self, msg): rc = KSR.registrar.lookup("location") if rc < 0: KSR.tm.t_newtran() if rc == -1 or rc == -3: KSR.sl.send_reply(404, "Not Found") return -255 elif rc == -2: KSR.sl.send_reply(405, "Method Not Allowed") return -255 # when routing via usrloc, log the missed calls also if KSR.is_INVITE(): KSR.setflag(FLT_ACCMISSED) self.ksr_route_relay(msg) return -255
def ksr_route_location(self, msg): rc = KSR.registrar.lookup("location"); if rc<0 : KSR.tm.t_newtran(); if rc==-1 or rc==-3 : KSR.sl.send_reply(404, "Not Found"); return -255; elif rc==-2 : KSR.sl.send_reply(405, "Method Not Allowed"); return -255; # when routing via usrloc, log the missed calls also if KSR.is_INVITE() : KSR.setflag(FLT_ACCMISSED); self.ksr_route_relay(msg); return -255;
def ksr_route_relay(self, msg): # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if KSR.is_method_in("IBSU"): if KSR.tm.t_is_set("branch_route") < 0: KSR.tm.t_on_branch("ksr_branch_manage") if KSR.is_method_in("ISU"): if KSR.tm.t_is_set("onreply_route") < 0: KSR.tm.t_on_reply("ksr_onreply_manage") if KSR.is_INVITE(): if KSR.tm.t_is_set("failure_route") < 0: KSR.tm.t_on_failure("ksr_failure_manage") if KSR.tm.t_relay() < 0: KSR.sl.sl_reply_error() return -255
def ksr_route_relay(self, msg): # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if KSR.is_method_in("IBSU") : if KSR.tm.t_is_set("branch_route")<0 : KSR.tm.t_on_branch("ksr_branch_manage"); if KSR.is_method_in("ISU") : if KSR.tm.t_is_set("onreply_route")<0 : KSR.tm.t_on_reply("ksr_onreply_manage"); if KSR.is_INVITE() : if KSR.tm.t_is_set("failure_route")<0 : KSR.tm.t_on_failure("ksr_failure_manage"); if KSR.tm.t_relay()<0 : KSR.sl.sl_reply_error(); return -255;
def ksr_route_relay(self): KSR.nathelper.handle_ruri_alias() # enable additional event routes for forwarded requests # - serial forking, RTP relaying handling, a.s.o. if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("branch_route") < 0): KSR.tm.t_on_branch("ksr_branch_manage") #if KSR.is_method("INVITE|BYE|SUBSCRIBE|UPDATE") and (KSR.tm.t_is_set("onreply_route") < 0): # KSR.tm.t_on_reply("ksr_onreply_manage") if KSR.is_INVITE() and (KSR.tm.t_is_set("failure_route") < 0): KSR.tm.t_on_failure("ksr_failure_manage") if KSR.isflagset(self.FLAGS['FLT_FROM_ASTERISK']): KSR.textops.remove_hf_re("^X-") if KSR.tm.t_relay() < 0: KSR.xlog.xerr("Cant relay request. Send error.") KSR.sl.sl_reply_error() return -255 else: return 1
def ksr_route_withindlg(self): if KSR.siputils.has_totag() < 0: return 1 # sequential request withing a dialog should # take the path determined by record-routing if KSR.rr.loose_route() > 0: if not KSR.isdsturiset(): KSR.nathelper.handle_ruri_alias() if KSR.is_ACK(): # ACK is forwarded statelessly if self.ksr_route_natmanage() == -255: return -255 elif KSR.is_NOTIFY(): # Add Record-Route for in-dialog NOTIFY as per RFC 6665. KSR.rr.record_route() elif KSR.is_INVITE(): KSR.xlog.xinfo("Hande reINVITE") KSR.rr.record_route() self.ksr_route_relay() return -255 if KSR.is_ACK(): if KSR.tm.t_check_trans() > 0: # no loose-route, but stateful ACK # must be an ACK after a 487 # or e.g. 404 from upstream server self.ksr_route_relay() return -255 else: # ACK without matching transaction ... ignore and discard return -255 KSR.sl.sl_send_reply(404, "Not here") return -255
def ksr_route_async_auth(self, msg): furi = KSR.pv.getw("$fu") ruri = KSR.pv.getw("$ru") if KSR.is_INVITE(): KSR.xlog.xnotice("Do auth procedure for {} from {}:{}".format( ruri, furi, KSR.pv.getw("$si"))) if KSR.auth_db.is_subscriber(furi, "subscriber", 2) > 0 and not KSR.isflagset( self.FLAGS['FLT_SKIP_AUTH']): if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request from local subscriber") KSR.setflag(self.FLAGS['FLT_FROM_SUBSCRIBER']) if KSR.auth_db.is_subscriber(ruri, "subscriber", 2) > 0: if not KSR.is_REGISTER(): KSR.xlog.xinfo("Request to local subscriber") KSR.setflag(self.FLAGS['FLT_TO_SUBSCRIBER']) if KSR.isflagset(self.FLAGS['FLT_FROM_SUBSCRIBER']): if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): res = KSR.auth_db.auth_check(KSR.pv.getw("$fd"), "subscriber", 1) if res < 0: if res == -2: # -2 Wrong passworg KSR.xlog.xnotice("Wrong password. From:$fU Auth user:$au") KSR.sl.sl_send_reply(403, "You're not welcome here") if KSR.is_REGISTER(): self.send_registration_info_to_redis( 'False', time.time()) else: KSR.auth.auth_challenge(KSR.pv.getw("$fd"), 0) return -255 else: if KSR.is_REGISTER(): self.send_registration_info_to_redis('True', time.time()) # user authenticated - remove auth header # if not KSR.is_method("REGISTER,PUBLISH") : KSR.auth.consume_credentials() elif not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # Отпинываем нелокальных абонентов KSR.sl.send_reply(406, "Not acceptable") return -255 if not KSR.isflagset(self.FLAGS['FLT_SKIP_AUTH']): # if caller is not local subscriber, then check if it calls # a local destination, otherwise deny, not an open relay here if (not KSR.is_myself(furi) and (not KSR.is_myself(ruri))): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # authentication not enabled - do not relay at all to foreign networks if not KSR.is_myself(ruri): KSR.sl.sl_send_reply(403, "Not relaying") return -255 # Jump from async route, based on processing SIP method if self.GLOBALS['WITH_ASYNC_FRAMEWORK']: KSR.asynk.task_route('ksr_route_async_' + KSR.pv.getw("$rm")) else: # lambda will generate 500 error if something went wrong getattr(self, 'ksr_route_async_' + KSR.pv.getw("$rm"), lambda: -255)(msg) return -255
def ksr_request_route(self, msg): # per request initial checks if self.ksr_route_reqinit() == -255: return 1 # NAT detection if self.ksr_route_natdetect() == -255: return 1 # CANCEL processing if KSR.is_CANCEL(): self.manage_call_status(KSR.pv.getw("$fU"), 'del') KSR.xlog.xinfo("CANCELing request from $fU:$si") if KSR.tm.t_check_trans() > 0: self.ksr_route_relay() return 1 if KSR.is_BYE(): self.manage_call_status(KSR.pv.getw("$fU"), 'del') # handle requests within SIP dialogs if self.ksr_route_withindlg() == -255: return 1 # handle retransmissions if (not KSR.is_ACK()) and (KSR.tmx.t_precheck_trans() > 0): KSR.tm.t_check_trans() return 1 if KSR.tm.t_check_trans() == 0: return 1 ### only initial requests (no To tag) # record routing for dialog forming requests (in case they are routed) # - remove preloaded route headers KSR.hdr.remove("Route") #if KSR.is_method_in("IS") : # KSR.rr.record_route() if KSR.is_INVITE() and KSR.pv.is_null("$rU"): KSR.sl.sl_send_reply(484, "Address Incomplete") return 1 if KSR.is_method_in("IR"): #r = redis.StrictRedis(host='127.0.0.1', port=6379, db=10, password='******') r = redis.StrictRedis(host='127.0.0.1', port=6379, db=10, decode_responses=True) if r.get("{}:{}".format(KSR.pv.getw("$fU"), KSR.pv.getw("$rU"))) or r.get(KSR.pv.getw("$rU")) or r.get(KSR.pv.getw("$tU")): KSR.sl.sl_send_reply(503, "There is no money.") return -255 if KSR.is_INVITE(): if (KSR.dispatcher.ds_is_from_list(self.DSIDS['MEDIASERVERS']) > 0 or KSR.dispatcher.ds_is_from_list(self.DSIDS['CALLERS']) > 0): KSR.setflag(self.FLAGS['FLT_FROM_ASTERISK']) KSR.setflag(self.FLAGS['FLT_SKIP_AUTH']) if (KSR.dispatcher.ds_is_from_list(self.DSIDS['GW']) > 0): KSR.setflag(self.FLAGS['FLT_FROM_GW']) KSR.setflag(self.FLAGS['FLT_SKIP_AUTH']) if self.GLOBALS['WITH_ASYNC_FRAMEWORK']: KSR.asynk.task_route("ksr_route_async_auth") else: if self.ksr_route_async_auth(msg) == -255: return 1 else: KSR.xlog.xerr("Запрос $ru от $fu :: $si дошел до конца request_route и не был обработан") KSR.sl.sl_send_reply("404", "Out of order") return 1