Opensips系列之使用自己的账号系统过滤非法请求

最新推荐文章于 2022-12-07 14:53:45 发布

cww_zju_amdocs

最新推荐文章于 2022-12-07 14:53:45 发布

阅读量331

点赞数

分类专栏： Opensips

本文链接：https://blog.csdn.net/cww_zju_amdocs/article/details/109993815

版权

Opensips 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

配置修改

修改opensips.cfg，判断sip的from header的user在不在指定sip_register_table里面

    else if (is_method("REGISTER")) 
    {
        #  auth_db模块中配置的数据库中的用户表
        $var(auth_code) = fs_authorize("$fU", "sip_register_table");
        if ( $var(auth_code) <= 0)
        {
            xlog("Authentication failed for $fU@$fd from $si cause $var(auth_code)");
            exit;
        }
                
        xlog( "User $fU Registered/Unregisterd Successfully From IP:$si");
    }

代码修改

修改authdb_mod.c,增加fs_authorize函数：判断sip的from header的user在不在指定_table里面。

如果不在，返回USER_UNKOWN。

static cmd_export_t cmds[] = {
    {"www_authorize", (cmd_function)www_authorize,   2, auth_fixup, 0, REQUEST_ROUTE},
    {"fs_authorize", (cmd_function)fs_authorize, 2, auth_fixup, 0, REQUEST_ROUTE},
    {"proxy_authorize", (cmd_function)proxy_authorize, 2, auth_fixup, 0, REQUEST_ROUTE},
    {0, 0, 0, 0, 0, 0}
};

int fs_authorize(struct sip_msg *_m, char *_fU, char *_table)
{
	int res;
	str table;
	db_res_t *result = NULL;
	struct username _username;

	if (fixup_get_svalue(_m, (gparam_t *)_fU, &_username.user) != 0) {
		LM_ERR("cannot get the username\n");
		return -1;
	}

	if (!_table) {
		LM_ERR("invalid table parameter\n");
		return -1;
	}

	table.s = _table;
	table.len = strlen(_table);

	res = get_userinfo(&_username, &table, &result);
	if (res < 0) {
		/* Error while accessing the database */
		if (sigb.reply(_m, 500, &auth_500_err, NULL) == -1) {
			LM_ERR("failed to send 500 reply\n");
		}
		return ERROR;
	}
	if (res > 0) {
		/* Username not found in the database */
		auth_dbf.free_result(auth_db_handle, result);
		return USER_UNKNOWN;
	}

	auth_dbf.free_result(auth_db_handle, result);
	return AUTHORIZED;
}

/**
 * select pass_column from _table where user_column = _username;
*/
static inline int get_userinfo(struct username *_username, const str *_table, db_res_t **res)
{
    db_key_t keys[1];
    db_val_t vals[1];
	db_key_t col = &pass_column;

	if (auth_dbf.use_table(auth_db_handle, _table) < 0) {
		LM_ERR("failed to use_table\n");
		return -1;
	}

    keys[0] = &user_column;

	VAL_TYPE(vals) = DB_STR;
	VAL_NULL(vals) = 0;

	VAL_STR(vals).s = _username->user.s;
	VAL_STR(vals).len = _username->user.len;

	if (auth_dbf.query(auth_db_handle, keys, 0, vals, &col, 1, 1, 0, res) < 0) {
		LM_ERR("failed to query database\n");
		return -1;
	}

	if (RES_ROW_N(*res) == 0) {
		LM_ERR("no result for user %.*s@%.*s,key_col:%s,value_col:%s\n", 
			   _username->user.len, ZSW(_username->user.s),
			   _table->len, ZSW(_table->s), user_column.s, pass_column.s);
		return 1;
	}

	return 0;
}

cww_zju_amdocs

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
Opensips系列之使用自己的账号系统过滤非法请求

配置修改修改opensips.cfg，判断sip的from header的user在不在指定sip_register_table里面 else if (is_method("REGISTER")) { # auth_db模块中配置的数据库中的用户表 $var(auth_code) = fs_authorize("$fU", "sip_register_table"); if ( $var(auth_code) <= 0)
复制链接

扫一扫