sr-dev September 2018

sr-dev@lists.kamailio.org

24 participants
331 discussions

[kamailio/kamailio] auth: allow challenge from failure/onreply routes (#1641)

by lazedo

#### Pre-Submission Checklist    - [X] Commit message has the format required by CONTRIBUTING guide - [X] Commits are split per component (core, individual modules, libs, utils, ...) - [X] Each component has a single commit (if not, squash them into one commit) - [X] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated) #### Type Of Change - [X] Small bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality) #### Checklist:  - [X] PR should be backported to stable branches - [X] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number) #### Description  when handling registration requests we create a transaction for async process and need to use t_on_failure / t_on_failure. when the async processes returns we want to call auth_challenge without the need to create `fake` routes ``` onreply_route[KZ_AUTHORIZATION_OK] { $var(password) = $(kzR{kz.json,Auth-Password}); $var(nonce) = $adn; if( $(kzR{kz.json,Event-Name}) == "authn_err" ) { ==>> auth_challenge("$fd", "0"); xlog("L_INFO", "$ci|end|issued auth challenge from async registrar for $Au $si:$sp\n"); exit; } else { xlog("L_INFO", "$ci|log|authenticated $Au via registrar async process\n"); route(SAVE_AUTHORIZATION); } } failure_route[KZ_AUTHORIZATION_ERROR] { xlog("L_INFO", "$ci|log|registrar process failed with $T_reply_code for $Au $si:$sp\n"); ==>> auth_challenge("$fd", "0"); exit; } ``` You can view, comment on, or merge this pull request online at: https://github.com/kamailio/kamailio/pull/1641 -- Commit Summary -- * auth: allow challenge from failure/onreply routes -- File Changes -- M src/modules/auth/auth_mod.c (6) -- Patch Links -- https://github.com/kamailio/kamailio/pull/1641.patch https://github.com/kamailio/kamailio/pull/1641.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/pull/1641

6 years, 2 months

git:master:18fa51b8: sanity: reset sanity reply info before starting the checks

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 18fa51b8121e34e76c9a9935ed8e168aa9a70ebc URL: https://github.com/kamailio/kamailio/commit/18fa51b8121e34e76c9a9935ed8e168… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T12:39:58+02:00 sanity: reset sanity reply info before starting the checks --- Modified: src/modules/sanity/sanity_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/18fa51b8121e34e76c9a9935ed8e168… Patch: https://github.com/kamailio/kamailio/commit/18fa51b8121e34e76c9a9935ed8e168… --- diff --git a/src/modules/sanity/sanity_mod.c b/src/modules/sanity/sanity_mod.c index d57854639e..fc79663ba2 100644 --- a/src/modules/sanity/sanity_mod.c +++ b/src/modules/sanity/sanity_mod.c @@ -135,6 +135,10 @@ int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks) { int ret; + if(ksr_sanity_noreply!=0) { + ksr_sanity_info_init(); + } + ret = SANITY_CHECK_PASSED; if (SANITY_RURI_SIP_VERSION & msg_checks && (ret = check_ruri_sip_version(_msg)) != SANITY_CHECK_PASSED) {

6 years, 2 months

git:master:c3258c2c: modules: readme files regenerated - sanity ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: c3258c2c7d3ce64a1ecb1c187b440b48e1544af3 URL: https://github.com/kamailio/kamailio/commit/c3258c2c7d3ce64a1ecb1c187b440b4… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2018-09-13T12:31:33+02:00 modules: readme files regenerated - sanity ... [skip ci] --- Modified: src/modules/sanity/README --- Diff: https://github.com/kamailio/kamailio/commit/c3258c2c7d3ce64a1ecb1c187b440b4… Patch: https://github.com/kamailio/kamailio/commit/c3258c2c7d3ce64a1ecb1c187b440b4… --- diff --git a/src/modules/sanity/README b/src/modules/sanity/README index 027725f150..4493c7f3cd 100644 --- a/src/modules/sanity/README +++ b/src/modules/sanity/README @@ -19,10 +19,12 @@ Nils Ohlmeier 3.2. uri_checks (integer) 3.3. proxy_require (string) 3.4. autodrop (integer) + 3.5. noreply (int) 4. Functions 4.1. sanity_check([msg_checks [, uri_checks]]) + 4.2. sanity_reply() List of Examples @@ -30,9 +32,11 @@ Nils Ohlmeier 1.2. Set uri_checks parameter 1.3. Set proxy_require parameter 1.4. Set autodrop parameter - 1.5. sanity_check usage - 1.6. sanity_check usage with parameter - 1.7. sanity_check usage with two parameters + 1.5. Set noreply parameter + 1.6. sanity_check usage + 1.7. sanity_check usage with parameter + 1.8. sanity_check usage with two parameters + 1.9. sanity_reply usage Chapter 1. Admin Guide @@ -46,10 +50,12 @@ Chapter 1. Admin Guide 3.2. uri_checks (integer) 3.3. proxy_require (string) 3.4. autodrop (integer) + 3.5. noreply (int) 4. Functions 4.1. sanity_check([msg_checks [, uri_checks]]) + 4.2. sanity_reply() 1. Overview @@ -111,6 +117,7 @@ Chapter 1. Admin Guide 3.2. uri_checks (integer) 3.3. proxy_require (string) 3.4. autodrop (integer) + 3.5. noreply (int) 3.1. default_checks (integer) @@ -169,9 +176,24 @@ modparam("sanity", "proxy_require", "foo, bar") modparam("sanity", "autodrop", 1) ... +3.5. noreply (int) + + If set to 1, then the module does not send a SIP reply internally in + case there is an error detected when performing the sanity checks. + There is the option to send the reply from config file with functions + from sl or tm module as well as sanity_reply() from this module. + + Default value: 0. + + Example 1.5. Set noreply parameter +... +modparam("sanity", "noreply", 1) +... + 4. Functions 4.1. sanity_check([msg_checks [, uri_checks]]) + 4.2. sanity_reply() 4.1. sanity_check([msg_checks [, uri_checks]]) @@ -186,7 +208,7 @@ modparam("sanity", "autodrop", 1) The parameters can be static integers or variables holding integer values. - Example 1.5. sanity_check usage + Example 1.6. sanity_check usage ... if (!sanity_check()) { exit; @@ -199,7 +221,7 @@ if (!sanity_check()) { of the checks (like for the module parameter) which should be executed at this function call. - Example 1.6. sanity_check usage with parameter + Example 1.7. sanity_check usage with parameter ... if (method=="REGISTER" && !sanity_check("256")) { /* the register contains an invalid expires value and is replied with a @@ -212,7 +234,7 @@ if (method=="REGISTER" && !sanity_check("256")) { overwrites the global module parameter uri_checks and thus determines which URIs will be checked if the parse uri test will be executed. - Example 1.7. sanity_check usage with two parameters + Example 1.8. sanity_check usage with two parameters ... if (method=="INVITE" && !sanity_check("1024", "6")) { /* the INVITE contains an invalid From or To header and is replied with @@ -220,3 +242,18 @@ a 400 */ exit; } ... + +4.2. sanity_reply() + + Send a SIP reply using the code and reason text set internally by the + module when detecting errors while performing the sanity checks. It is + done only when parameter noreply is set to 1. + + Example 1.9. sanity_reply usage +... +if(!sanity_check("1024", "6")) { + xdbg("sanity checks failed\n"); + sanity_reply(); + exit; +} +...

6 years, 2 months

[kamailio/kamailio] sanity: Doesn't sent reply when some checks are failed. (#1543)

by Konstantin

### Description According the documentation the module will send reply if one of the checks is failed. However it doesn't send reply if digest credentials, duplicated To/From tags or authorization header checks are failed. I would like to propose to add a new parameter which will enable or disable auto sending of reply. #### Reproduction Send to kamailio request with empty nonce in Authorization header. ### Possible Solutions Set autodrop to 0 and send the reply from configuration file. But in some cases this reply will be sent twice from module and from config. ### Additional Information kamailio version 4.4.7 and the latest 5.x -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/1543

6 years, 2 months

git:master:af7e6e55: sanity: send 500 reply if sanity info is not set for the current request

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: af7e6e55182da0bf44a159e21df8948556bf71ae URL: https://github.com/kamailio/kamailio/commit/af7e6e55182da0bf44a159e21df8948… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T12:24:53+02:00 sanity: send 500 reply if sanity info is not set for the current request --- Modified: src/modules/sanity/sanity.c --- Diff: https://github.com/kamailio/kamailio/commit/af7e6e55182da0bf44a159e21df8948… Patch: https://github.com/kamailio/kamailio/commit/af7e6e55182da0bf44a159e21df8948… --- diff --git a/src/modules/sanity/sanity.c b/src/modules/sanity/sanity.c index 8cde4729c2..d00eab5d6d 100644 --- a/src/modules/sanity/sanity.c +++ b/src/modules/sanity/sanity.c @@ -76,10 +76,14 @@ int ki_sanity_reply(sip_msg_t *msg) } if(!(msg->msg_flags&FL_MSG_NOREPLY)) { - if(msg->id != _ksr_sanity_info.msgid + if(_ksr_sanity_info.code==0 || _ksr_sanity_info.reason[0]=='\0' + || msg->id != _ksr_sanity_info.msgid || msg->pid != _ksr_sanity_info.msgpid) { - LM_INFO("reply sending invoked for a different sip request\n"); - return -1; + LM_INFO("no sanity reply info set - sending 500\n"); + if(slb.zreply(msg, 500, "Server Sanity Failure") < 0) { + return -1; + } + return 1; } if(slb.zreply(msg, _ksr_sanity_info.code, _ksr_sanity_info.reason) < 0) { return -1;

6 years, 2 months

git:master:aa7c4bea: sanity: docs for noreply param and sanity_reply() function

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: aa7c4beafbfee054872a4fa05a7d2a2f105e431e URL: https://github.com/kamailio/kamailio/commit/aa7c4beafbfee054872a4fa05a7d2a2… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T12:17:19+02:00 sanity: docs for noreply param and sanity_reply() function --- Modified: src/modules/sanity/doc/sanity_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/aa7c4beafbfee054872a4fa05a7d2a2… Patch: https://github.com/kamailio/kamailio/commit/aa7c4beafbfee054872a4fa05a7d2a2… --- diff --git a/src/modules/sanity/doc/sanity_admin.xml b/src/modules/sanity/doc/sanity_admin.xml index f9f63071a0..a8a57d88d9 100644 --- a/src/modules/sanity/doc/sanity_admin.xml +++ b/src/modules/sanity/doc/sanity_admin.xml @@ -225,6 +225,27 @@ modparam("sanity", "proxy_require", "foo, bar") <programlisting> ... modparam("sanity", "autodrop", 1) +... + </programlisting> + </example> + </section> + + <section id="sanity.p.noreply"> + <title><varname>noreply</varname> (int)</title> + <para> + If set to 1, then the module does not send a SIP reply internally in + case there is an error detected when performing the sanity checks. + There is the option to send the reply from config file with functions + from sl or tm module as well as sanity_reply() from this module. + </para> + <para> + Default value: 0. + </para> + <example> + <title>Set <varname>noreply</varname> parameter</title> + <programlisting> +... +modparam("sanity", "noreply", 1) ... </programlisting> </example> @@ -302,6 +323,28 @@ if (method=="INVITE" && !sanity_check("1024", "6")) { ]]> </programlisting> </example> - </section> + </section> + <section id="sanity.f.sanity_reply"> + <title> + <function>sanity_reply()</function> + </title> + <para> + Send a SIP reply using the code and reason text set internally by the module + when detecting errors while performing the sanity checks. It is done only + when parameter noreply is set to 1. + </para> + <example> + <title><function>sanity_reply</function> usage</title> + <programlisting> +... +if(!sanity_check("1024", "6")) { + xdbg("sanity checks failed\n"); + sanity_reply(); + exit; +} +... + </programlisting> + </example> + </section> </section> </chapter>

6 years, 2 months

git:master:83789bed: sanity: option to skip sending the reply internally

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 83789bed83388f8b53339b6b93abc33e4d9d62c1 URL: https://github.com/kamailio/kamailio/commit/83789bed83388f8b53339b6b93abc33… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T11:04:06+02:00 sanity: option to skip sending the reply internally - new mod param 'noreply' - if set to 1, no reply is sent internally; default is 0 - new function - sanity_reply() that can be used in config to send a reply with a code and reason set by the module when detecting a problem inside sip message --- Modified: src/modules/sanity/sanity.c Modified: src/modules/sanity/sanity.h Modified: src/modules/sanity/sanity_mod.c --- Diff: https://github.com/kamailio/kamailio/commit/83789bed83388f8b53339b6b93abc33… Patch: https://github.com/kamailio/kamailio/commit/83789bed83388f8b53339b6b93abc33…

6 years, 2 months

git:master:8a8fcc25: modules: readme files regenerated - sanity ... [skip ci]

by Kamailio Dev

Module: kamailio Branch: master Commit: 8a8fcc25a2e8faa8ef4d7b69207ac66fabc22827 URL: https://github.com/kamailio/kamailio/commit/8a8fcc25a2e8faa8ef4d7b69207ac66… Author: Kamailio Dev <kamailio.dev(a)kamailio.org> Committer: Kamailio Dev <kamailio.dev(a)kamailio.org> Date: 2018-09-13T10:01:52+02:00 modules: readme files regenerated - sanity ... [skip ci] --- Modified: src/modules/sanity/README --- Diff: https://github.com/kamailio/kamailio/commit/8a8fcc25a2e8faa8ef4d7b69207ac66… Patch: https://github.com/kamailio/kamailio/commit/8a8fcc25a2e8faa8ef4d7b69207ac66… --- diff --git a/src/modules/sanity/README b/src/modules/sanity/README index 588f53deae..027725f150 100644 --- a/src/modules/sanity/README +++ b/src/modules/sanity/README @@ -72,10 +72,8 @@ Chapter 1. Admin Guide supported (sip[s]|tel[s]) by Kamailio * required headers - (4) -checks if the minimum set of required headers to, from, cseq, callid and via is present in the request. - * via sip version - (8) - not working because parser fails already - when another version then 2.0 is present. - * via protocol - (16) - not working because parser fails already if - an unsupported transport is present. + * via sip version - (8) - disabled. + * via protocol - (16) - disabled. * Cseq method - (32) - checks if the method from the Cseq header is equal to the request method. * Cseq value - (64) - checks if the number in the Cseq header is a @@ -99,6 +97,8 @@ Chapter 1. Admin Guide * authorization header (8192) - checks if the Authorization is valid if the scheme is "digest" (see "digest credentials" above), always returns success for other schemes. + * first via header (16384) - checks if the first Via header is + available, can be parsed and has an address value. 2. Dependencies

6 years, 2 months

git:master:5572b37a: sanity: updates to the checks that can be done

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: 5572b37a7a83074c9c3b9d5a07640d040b3fe51f URL: https://github.com/kamailio/kamailio/commit/5572b37a7a83074c9c3b9d5a07640d0… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T09:47:14+02:00 sanity: updates to the checks that can be done --- Modified: src/modules/sanity/doc/sanity_admin.xml --- Diff: https://github.com/kamailio/kamailio/commit/5572b37a7a83074c9c3b9d5a07640d0… Patch: https://github.com/kamailio/kamailio/commit/5572b37a7a83074c9c3b9d5a07640d0… --- diff --git a/src/modules/sanity/doc/sanity_admin.xml b/src/modules/sanity/doc/sanity_admin.xml index dec9d79a86..f9f63071a0 100644 --- a/src/modules/sanity/doc/sanity_admin.xml +++ b/src/modules/sanity/doc/sanity_admin.xml @@ -49,14 +49,12 @@ </listitem> <listitem> <para> - via sip version - (8) - not working because parser fails already - when another version then 2.0 is present. + via sip version - (8) - disabled. </para> </listitem> <listitem> <para> - via protocol - (16) - not working because parser fails already if an - unsupported transport is present. + via protocol - (16) - disabled. </para> </listitem> <listitem> @@ -86,7 +84,7 @@ <listitem> <para> proxy require - (512) - checks if all items of the proxy require header - are present in the list of the extensions from the module + are present in the list of the extensions from the module parameter proxy_require. </para> </listitem> @@ -118,6 +116,12 @@ returns success for other schemes. </para> </listitem> + <listitem> + <para> + first via header (16384) - checks if the first Via header is + available, can be parsed and has an address value. + </para> + </listitem> </itemizedlist> </para> </section>

6 years, 2 months

git:master:e5481726: sanity: check for top Via header

by Daniel-Constantin Mierla

Module: kamailio Branch: master Commit: e548172654b17140489f7432c34411b39c74471d URL: https://github.com/kamailio/kamailio/commit/e548172654b17140489f7432c34411b… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2018-09-13T09:41:26+02:00 sanity: check for top Via header - existing ones for Via are disabled/useless --- Modified: src/modules/sanity/sanity.c Modified: src/modules/sanity/sanity.h Modified: src/modules/sanity/sanity_mod.c Modified: src/modules/sanity/sanity_mod.h --- Diff: https://github.com/kamailio/kamailio/commit/e548172654b17140489f7432c34411b… Patch: https://github.com/kamailio/kamailio/commit/e548172654b17140489f7432c34411b… --- diff --git a/src/modules/sanity/sanity.c b/src/modules/sanity/sanity.c index af90893e58..67ed61ef29 100644 --- a/src/modules/sanity/sanity.c +++ b/src/modules/sanity/sanity.c @@ -249,6 +249,25 @@ int check_required_headers(sip_msg_t* msg) { return SANITY_CHECK_PASSED; } +/* check if the SIP version in the Via header is 2.0 */ +int check_via1_header(sip_msg_t* msg) +{ + LM_DBG("check via1 header\n"); + if (parse_headers(msg, HDR_VIA1_F, 0) != 0) { + LM_WARN("failed to parse the Via1 header\n"); + msg->msg_flags |= FL_MSG_NOREPLY; + return SANITY_CHECK_FAILED; + } + + if (msg->via1->host.s==NULL || msg->via1->host.len<0) { + LM_WARN("failed to parse the Via1 host\n"); + msg->msg_flags |= FL_MSG_NOREPLY; + return SANITY_CHECK_FAILED; + } + + return SANITY_CHECK_PASSED; +} + /* check if the SIP version in the Via header is 2.0 */ int check_via_sip_version(sip_msg_t* msg) { diff --git a/src/modules/sanity/sanity.h b/src/modules/sanity/sanity.h index 2bf50c71f9..735425b7e6 100644 --- a/src/modules/sanity/sanity.h +++ b/src/modules/sanity/sanity.h @@ -36,6 +36,9 @@ int str2valid_uint(str* _number, unsigned int* _result); /* parses the given comma seperated string into a string list */ strl* parse_str_list(str* _string); +/* check top Via header */ +int check_via1_header(sip_msg_t* msg); + /* compare the protocol string in the Via header with the transport */ int check_via_protocol(struct sip_msg* _msg); diff --git a/src/modules/sanity/sanity_mod.c b/src/modules/sanity/sanity_mod.c index 6d8de764bc..c9c88678fb 100644 --- a/src/modules/sanity/sanity_mod.c +++ b/src/modules/sanity/sanity_mod.c @@ -141,6 +141,10 @@ int sanity_check(struct sip_msg* _msg, int msg_checks, int uri_checks) (ret = check_required_headers(_msg)) != SANITY_CHECK_PASSED) { goto done; } + if (SANITY_VIA1_HEADER & msg_checks && + (ret = check_via1_header(_msg)) != SANITY_CHECK_PASSED) { + goto done; + } if (SANITY_VIA_SIP_VERSION & msg_checks && (ret = check_via_sip_version(_msg)) != SANITY_CHECK_PASSED) { goto done; diff --git a/src/modules/sanity/sanity_mod.h b/src/modules/sanity/sanity_mod.h index e0e30eed28..3a7f89a05e 100644 --- a/src/modules/sanity/sanity_mod.h +++ b/src/modules/sanity/sanity_mod.h @@ -42,7 +42,8 @@ #define SANITY_CHECK_DIGEST (1<<11) #define SANITY_CHECK_DUPTAGS (1<<12) #define SANITY_CHECK_AUTHORIZATION (1<<13) -#define SANITY_MAX_CHECKS (1<<14) /* Make sure this is the highest value */ +#define SANITY_VIA1_HEADER (1<<14) +#define SANITY_MAX_CHECKS (1<<15) /* Make sure this is the highest value */ /* VIA_SIP_VERSION and VIA_PROTOCOL do not work yet * and PARSE_URIS is very expensive */

6 years, 2 months

← Newer
1
...
20
21
22
23
24
25
26
...
34
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

sr-dev September 2018