add auth-subscriptions flag. sofia ua can now optionally challenge subscrition requests

diff --git a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
index 0b3c0c8da8f944d7827324d8cbd5ddb4cb8cd86e..f624fa5a74aea1fbc913e35cd555469e6cb2f89c 100644 (file)
--- a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
+++ b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
@@ -315,6 +315,7 @@
         <!-- <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
         <param name="auth-calls" value="$${internal_auth_calls}"/>
         <!-- <param name="auth-messages" value="false"/> -->
+        <!-- <param name="auth-subscriptions" value="false"/> -->
         <!-- Force the user and auth-user to match. -->
         <param name="inbound-reg-force-matching-username" value="true"/>
         <!-- on authed calls, authenticate *all* the packets not just invite -->

diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h
index dd14a3a8e396c9140f7654db8d7b2baced4f4215..cd148d99e8ca2ab706cccf04225985a5b197f2af 100644 (file)
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@@ -275,6 +275,7 @@ typedef enum {
        PFLAG_TLS_ALWAYS_NAT,
        PFLAG_TCP_ALWAYS_NAT,
        PFLAG_ENABLE_CHAT,
+       PFLAG_AUTH_SUBSCRIPTIONS,
        /* No new flags below this line */
        PFLAG_MAX
 } PFLAGS;

diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c
index 1df2d5f58f4916dea654e8931f481c55e6dc292c..625fcb64e498b00ba7c5a7279f7f87dbae75ea82 100644 (file)
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -4724,6 +4724,10 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                                if (switch_true(val)) {
                                                        sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
                                                }
+                                       } else if (!strcasecmp(var, "auth-subscriptions")) {
+                                               if (switch_true(val)) {
+                                                       sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
+                                               }
                                        } else if (!strcasecmp(var, "extended-info-parsing")) {
                                                if (switch_true(val)) {
                                                        sofia_set_pflag(profile, PFLAG_EXTENDED_INFO_PARSING);

diff --git a/src/mod/endpoints/mod_sofia/sofia_presence.c b/src/mod/endpoints/mod_sofia/sofia_presence.c
index 1cd8556d4cdd1eabfe4c1be50d569c9b37b468ca..83942c280684570350e2bdcf03dfa3cc50f60dbe 100644 (file)
--- a/src/mod/endpoints/mod_sofia/sofia_presence.c
+++ b/src/mod/endpoints/mod_sofia/sofia_presence.c
@@ -3768,6 +3768,42 @@ void sofia_presence_handle_sip_i_subscribe(int status,
                        goto end;
                }
 
+               if ((auth_res != AUTH_OK && auth_res != AUTH_RENEWED)) {
+                       nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS_MSG(de->data->e_msg), TAG_END());
+                       goto end;
+               }
+       } else if (sofia_test_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS)) {
+               sip_authorization_t const *authorization = NULL;
+               auth_res_t auth_res = AUTH_FORBIDDEN;
+               char keybuf[128] = "";
+               char *key;
+               size_t keylen;
+               switch_event_t *v_event = NULL;
+
+               key = keybuf;
+               keylen = sizeof(keybuf);
+
+               if (sip->sip_authorization) {
+                       authorization = sip->sip_authorization;
+               } else if (sip->sip_proxy_authorization) {
+                       authorization = sip->sip_proxy_authorization;
+               }
+
+               if (authorization) {
+                       char network_ip[80];
+                       int network_port;
+                       sofia_glue_get_addr(de->data->e_msg, network_ip, sizeof(network_ip), &network_port);
+                       auth_res = sofia_reg_parse_auth(profile, authorization, sip, de,
+                                                                                       (char *) sip->sip_request->rq_method_name, key, keylen, network_ip, network_port, NULL, 0,
+                                                                                       REG_INVITE, NULL, NULL, NULL, NULL);
+               } else if ( sofia_reg_handle_register(nua, profile, nh, sip, de, REG_INVITE, key, (uint32_t)keylen, &v_event, NULL, NULL, NULL)) {
+                       if (v_event) {
+                               switch_event_destroy(&v_event);
+                       }
+
+                       goto end;
+               }
+
                if ((auth_res != AUTH_OK && auth_res != AUTH_RENEWED)) {
                        nua_respond(nh, SIP_401_UNAUTHORIZED, NUTAG_WITH_THIS_MSG(de->data->e_msg), TAG_END());
                        goto end;