From 897b32be8021d4e59ee160f13a905c83555fcaa6 Mon Sep 17 00:00:00 2001 From: Alexey Melnichuk Date: Thu, 20 Aug 2015 12:27:27 +0400 Subject: [PATCH] Fix. Verify number-alias and user id. This replaces `inbound-reg-force-matching-username` profile option. So if your extension has number-alias you can use UserID=number-alias AuthID=Extension It also supports such check on INVITE not only on REGISTER. --- .../resources/scripts/directory/directory.lua | 39 ++++++++++++++++--- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/directory/directory.lua b/resources/install/scripts/app/xml_handler/resources/scripts/directory/directory.lua index eba36ae81a..f4c0414ddb 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/directory/directory.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/directory/directory.lua @@ -62,6 +62,20 @@ --all other directory actions: sip_auth, user_call --except for the action: group_call + local sip_auth_method = params:getHeader("sip_auth_method") + if sip_auth_method then + sip_auth_method = sip_auth_method:upper(); + end + + local from_user = params:getHeader("sip_from_user") + + -- verify from_user and number alias for this methods + local METHODS = { + -- _ANY_ = true, + REGISTER = true, + -- INVITE = true, + } + if (user == nil) then user = ""; end @@ -250,6 +264,15 @@ forward_no_answer_destination = row.forward_no_answer_destination; do_not_disturb = row.do_not_disturb; + -- check matching UserID and AuthName + if sip_auth_method and (METHODS[sip_auth_method] or METHODS._ANY_) then + continue = (sip_from_user == user) and ((sip_from_number == user) or (sip_from_number == from_user)) + if not continue then + XML_STRING = nil; + return 1; + end + end + --set the dial_string if (string.len(row.dial_string) > 0) then dial_string = row.dial_string; @@ -509,11 +532,17 @@ end end - --disable registration for number-alias - if (params:getHeader("sip_auth_method") == "REGISTER") then - if (api:execute("user_data", user .. "@" .. domain_name .." attr id") ~= user) then - XML_STRING = nil; - end + if XML_STRING and sip_auth_method and (METHODS[sip_auth_method] or METHODS._ANY_) then + --disable registration for number-alias + if (api:execute("user_data", user .. "@" .. domain_name .." attr id") ~= user) then + XML_STRING = nil; + end + --disable registration for foreign number_alias + if from_user ~= user then + if (api:execute("user_data", from_user .. "@" .. domain_name .." attr id") ~= user) then + XML_STRING = nil; + end + end end --get the XML string from the cache