FS-11825 [mod_sofia] use proper flag in blind auth 403 reply

diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h
index cf66a75bad4594766a940909c488ffb16a6e3286..de44aac2838c7365bac6fafffe54f14ddee4d960 100644 (file)
--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@@ -303,6 +303,7 @@ typedef enum {
        PFLAG_MAKE_EVERY_TRANSFER_A_NIGHTMARE,
        PFLAG_FIRE_TRANFER_EVENTS,
        PFLAG_BLIND_AUTH_ENFORCE_RESULT,
+       PFLAG_BLIND_AUTH_REPLY_403,
        PFLAG_PROXY_HOLD,
        PFLAG_PROXY_INFO,
        PFLAG_PROXY_MESSAGE,

diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c
index 5bb05b194cebac0d1da6855c8730d5809ab75dc8..d1e32a096f526bc34507d4c66eaba8b799d02daf 100644 (file)
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -4591,6 +4591,7 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                        sofia_clear_pflag(profile, PFLAG_MAKE_EVERY_TRANSFER_A_NIGHTMARE);
                                        sofia_clear_pflag(profile, PFLAG_FIRE_TRANFER_EVENTS);
                                        sofia_clear_pflag(profile, PFLAG_BLIND_AUTH_ENFORCE_RESULT);
+                                       sofia_clear_pflag(profile, PFLAG_BLIND_AUTH_REPLY_403);
                                        sofia_clear_pflag(profile, PFLAG_AUTH_REQUIRE_USER);
                                        sofia_clear_pflag(profile, PFLAG_AUTH_CALLS_ACL_ONLY);
                                        sofia_clear_pflag(profile, PFLAG_USE_PORT_FOR_ACL_CHECK);
@@ -5910,6 +5911,12 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                                }  else {
                                                        sofia_clear_pflag(profile, PFLAG_BLIND_AUTH_ENFORCE_RESULT);
                                                }
+                                       } else if (!strcasecmp(var, "blind-auth-reply-403")) {
+                                               if(switch_true(val)) {
+                                                       sofia_set_pflag(profile, PFLAG_BLIND_AUTH_REPLY_403);
+                                               }  else {
+                                                       sofia_clear_pflag(profile, PFLAG_BLIND_AUTH_REPLY_403);
+                                               }
                                        } else if (!strcasecmp(var, "auth-calls-acl-only")) {
                                                if(switch_true(val)) {
                                                        sofia_set_pflag(profile, PFLAG_AUTH_CALLS_ACL_ONLY);
@@ -10398,8 +10405,8 @@ void sofia_handle_sip_i_invite(switch_core_session_t *session, nua_t *nua, sofia
                }
                if (!sofia_test_pflag(profile, PFLAG_BLIND_AUTH_ENFORCE_RESULT) || blind_result == SWITCH_STATUS_SUCCESS) {
                        is_auth++;
-               } else if (sofia_test_pflag(profile, PFLAG_BLIND_AUTH_ENFORCE_RESULT)) {
-                       switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "blind auth enforce result enabled and couldn't find user %s, rejecting call\n", user);
+               } else if (sofia_test_pflag(profile, PFLAG_BLIND_AUTH_REPLY_403)) {
+                       switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "blind auth enforce 403 enabled and couldn't find user %s, rejecting call\n", user);
                        nua_respond(nh, SIP_403_FORBIDDEN, TAG_END());
                        goto fail;
                }