From f914772a03d6d6e3b02e6dc31e2c161c4171669f Mon Sep 17 00:00:00 2001 From: Anthony Minessale Date: Tue, 13 May 2008 20:58:38 +0000 Subject: [PATCH] when you have both auth-calls and inbound-acl at the same time passing acl lets you in with no challenge and failing gives you auth challenge git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@8387 d0543943-73ff-0310-b7d9-9358b9ac24b2 --- src/mod/endpoints/mod_sofia/sofia.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index 10230d7f8d..d3a6274e56 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -2655,11 +2655,24 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_ if (profile->acl_count) { uint32_t x = 0; + int ok = 1; + char *last_acl = NULL; + for (x = 0 ; x < profile->acl_count; x++) { - if (!switch_check_network_list_ip(network_ip, profile->acl[x])) { - switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip, profile->acl[x]); + last_acl = profile->acl[x]; + if (!(ok = switch_check_network_list_ip(network_ip, last_acl))) { + break; + } + } + + if (!ok) { + if (!(profile->pflags & PFLAG_AUTH_CALLS)) { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip, switch_str_nil(last_acl)); nua_respond(nh, SIP_403_FORBIDDEN, TAG_END()); return; + } else { + switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "IP %s Rejected by acl %s. Falling back to Digest auth.\n", + network_ip, switch_str_nil(last_acl)); } } }