Ejemplo n.º 1
TransferControl::authorizeAndModify(const UtlString& id,    /**< The authenticated identity of the
                                                             *   request originator, if any (the null
                                                             *   string if not).
                                                             *   This is in the form of a SIP uri
                                                             *   identity value as used in the
                                                             *   credentials database (user@domain)
                                                             *   without the scheme or any parameters.
                                    const Url&  requestUri, ///< parsed target Uri
                                    RouteState& routeState, ///< the state for this request.  
                                    const UtlString& method,///< the request method
                                    AuthResult  priorResult,///< results from earlier plugins.
                                    SipMessage& request,    ///< see AuthPlugin wrt modifying
                                    bool bSpiralingRequest, ///< request spiraling indication 
                                    UtlString&  reason      ///< rejection reason
   AuthResult result = CONTINUE;
   // get the call-id to use in logging
   UtlString callId;

   UtlString hostAddress;
   int hostPort;
   UtlString hostProtocols;
   //request.getContactUri(0, &hostAddress);;
   request.getContactAddress(0, &hostAddress,&hostPort,&hostProtocols);
   if (DENY != priorResult)
      if (method.compareTo(SIP_REFER_METHOD) == 0)
         UtlString targetStr;
         if (request.getReferToField(targetStr))
            Url target(targetStr, Url::NameAddr);  // parse the target URL

            UtlString targetMethod; 
            if (   Url::SipUrlScheme == target.getScheme() 
                /* REFER can create requests other than INVITE: we don't care about those       *
                 * so check that the method is INVITE or is unspecified (INVITE is the default) */
                && (   ! target.getUrlParameter(SIP_METHOD_URI_PARAMETER, targetMethod)
                    || (0==targetMethod.compareTo(SIP_INVITE_METHOD, UtlString::ignoreCase))
               if (id.isNull())
                  // UnAuthenticated REFER. Do challenge the REFER to confirm the 
                  // identity of the transferor.  Note:  prior to XECS-2487, we used to challenge
                  // only the unauthenticated REFERs that didn't carry a Replaces header.
                  // The fix for XECS-2487 now requires that all unauthenticated REFERs
                  // be challenged so that consultative transfers get routed properly
                  // when user-based gateway section is used.  See tracker for the details
                  if (mpSipRouter->isLocalDomain(target))
			//White list of two servets to let Exchange REFER to sipXecs endpoints
			if (hostAddress.compareTo(server1, UtlString::ignoreCase) == 0 || hostAddress.compareTo(server2, UtlString::ignoreCase) == 0)
			     Os::Logger::instance().log(FAC_AUTH, PRI_INFO, "TransferControl[%s]::authorizeAndModify "
					   "Whitelist host '%s' in call '%s'",
			     result = ALLOW; //Whitelist matched so allow the transfer
			     Os::Logger::instance().log(FAC_AUTH, PRI_INFO, "TransferControl[%s]::authorizeAndModify "
					   "challenging transfer in call '%s' from host '%s'",
					   mInstanceName.data(), callId.data(),hostAddress.data()
			     result = DENY; // we need an identity to attach to the Refer-To URI
                      * This is a transfer to a target outside our domain, so let it go
                      * unchallenged.  See XECS-806
                     Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "TransferControl[%s]::authorizeAndModify "
                                   "allowing foriegn transfer in call '%s'",
                                   mInstanceName.data(), callId.data()
                     // Add the References to the refer-to. Adding the callId field as a reference
                     // header (will be used in resulting INVITE) in the Refer-To provides us
                     // with enough information to be able to logically tie the calls together.
                     // Useful for CDR records.  
                     UtlString refcallId(callId);
                     target.setHeaderParameter(SIP_REFERENCES_FIELD, refcallId.data());
                     Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "TransferControl[%s]::authorizeAndModify "
                                   "adding Reference field [%s] to refer-to",
                                   mInstanceName.data(), callId.data()

                     result = ALLOW;
                   UtlString  contactString;
                   request.getContactEntry(0, &contactString);
                   Url contactUri( contactString );
                   UtlString userId;

            	   Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "TransferControl::authorizeAndModify - Contact field is: %s ", contactString.data());

                   if (contactString != "callcontroller") {
                	   // Authenticated REFER
                	   // annotate the refer-to with the authenticated controller identity
                	   SipXauthIdentity controllerIdentity;

                	   // add the References to the refer-to.
                	   UtlString refcallId(callId);
                	   target.setHeaderParameter(SIP_REFERENCES_FIELD, refcallId.data());
                	   Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "TransferControl[%s]::authorizeAndModify "
                                "adding Reference field [%s] to refer-to",
                                mInstanceName.data(), callId.data()
               Os::Logger::instance().log(FAC_AUTH, PRI_WARNING, "TransferControl[%s]::authorizeAndModify "
                             "unrecognized refer target '%s' for call '%s'",
                             mInstanceName.data(), targetStr.data(), callId.data()
            // REFER without a Refer-To header... incorrect, but just ignore it.
            Os::Logger::instance().log(FAC_AUTH, PRI_WARNING,
                          "TransferControl[%s]::authorizeAndModify "
                          "REFER method without Refer-To in call '%s'",
                          mInstanceName.data(), callId.data()
      else if (method.compareTo(SIP_INVITE_METHOD) == 0)
         UtlString targetCallId;
         UtlString targetFromTag;
         UtlString targetToTag;

         if (request.getReplacesData(targetCallId, targetToTag, targetFromTag))
             * This is an INVITE with Replaces: probably either the completion
             * of a call pickup or a consultative transfer.
             * In any case, it will not create a new call - just connect something
             * to an existing call - so we don't need to make any new authorization
             * decisions.
            result = ALLOW;
            // INVITE without Replaces: is not a transfer - ignore it.
         // neither REFER nor INVITE, so is not a transfer - ignore it.
      // Some earlier plugin already denied this - don't waste time figuring it out.
      Os::Logger::instance().log(FAC_AUTH, PRI_DEBUG, "TransferControl[%s]::authorizeAndModify "
                    "prior authorization result %s for call %s",
                    mInstanceName.data(), AuthResultStr(priorResult), callId.data()
   return result;
Ejemplo n.º 2
   const SipMessage& message,
   UtlString& requestString,
   Url& requestUri,
   const UtlString& method,
   ContactList& contactList,
   RequestSeqNo requestSeqNo,
   int redirectorNo,
   SipRedirectorPrivateStorage*& privateStorage,
   ErrorDescriptor& errorDescriptor)
   // If url param sipx-userforward = false, do not redirect to user-forward
   // aliases.
   UtlString userforwardParam;
   requestUri.getUrlParameter("sipx-userforward", userforwardParam);
   bool disableForwarding =
      userforwardParam.compareTo("false", UtlString::ignoreCase) == 0;
   if (disableForwarding)
      Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp user forwarding disabled by parameter",

   bool isDomainAlias = false;
   UtlString domain;
   UtlString hostAlias;
   UtlBoolean isMyHostAlias = mpSipUserAgent->isMyHostAlias(requestUri);
   if (mpSipUserAgent && domain != _localDomain && isMyHostAlias)
     isDomainAlias = true;
     hostAlias = domain;

   UtlString requestIdentity;

   OS_LOG_DEBUG(FAC_SIP, mLogName.data() << "::lookUp identity: " << requestIdentity.data()
           << " domain: " << domain.data()
           << " local-domain: " << _localDomain.data()
           << " isHostAlias: " << isMyHostAlias);

   //ResultSet aliases;
   //AliasDB::getInstance()->getContacts(requestUri, aliases);
   //int numAliasContacts = aliases.getSize();

   EntityDB::Aliases aliases;
   bool isUserIdentity = false;
   EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB();
   entityDb->getAliasContacts(requestUri, aliases, isUserIdentity);
   int numAliasContacts = aliases.size();

   if (numAliasContacts > 0)
      Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp "
                    "got %d AliasDB contacts", mLogName.data(),

      // Check if the request identity is a real user/extension
      UtlString realm;
      UtlString authType;

      SipXauthIdentity authIdentity;

      for (EntityDB::Aliases::iterator iter = aliases.begin(); iter != aliases.end(); iter++)

            // If disableForwarding and the relation value is "userforward",
            // do not record this contact.
            if (!(disableForwarding && iter->relation == ALIASDB_RELATION_USERFORWARD))
               UtlString contact = iter->contact.c_str();
               Url contactUri(contact);

               // if the request identity is a real user
               if (isUserIdentity)
                  // Encode AuthIdentity into the URI
                  authIdentity.encodeUri(contactUri, message);

               contactUri.setUrlParameter(SIP_SIPX_CALL_DEST_FIELD, "AL");
               if (numAliasContacts == 1 && isDomainAlias && isUserIdentity)

                 UtlString userId;
                 OS_LOG_NOTICE(FAC_SIP, "SipRedirectorAliasDB::lookUp normalized request-uri to " << requestString.data());
                 // Add the contact.
                 contactList.add( contactUri, *this );
   else if (isDomainAlias)
     // No alias found.  If this is was towards a domain alias, make sure to reset it back to
     // the old value prior to feeding it to the rest of the redirectors.

   return RedirectPlugin::SUCCESS;
Ejemplo n.º 3
   const SipMessage& message,
   UtlString& requestString,
   Url& requestUri,
   const UtlString& method,
   ContactList& contactList,
   RequestSeqNo requestSeqNo,
   int redirectorNo,
   SipRedirectorPrivateStorage*& privateStorage,
   ErrorDescriptor& errorDescriptor)
   // If url param sipx-userforward = false, do not redirect to user-forward
   // aliases.
   UtlString userforwardParam;
   requestUri.getUrlParameter("sipx-userforward", userforwardParam);
   bool disableForwarding =
      userforwardParam.compareTo("false", UtlString::ignoreCase) == 0;
   if (disableForwarding)
      Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp user forwarding disabled by parameter",

   if (_enableEarlyAliasResolution)
     resolveAlias(message, requestString, requestUri);

   UtlString requestIdentity;

   EntityDB::Aliases aliases;
   bool isUserIdentity = false;
   EntityDB* entityDb = SipRegistrar::getInstance(NULL)->getEntityDB();
   entityDb->getAliasContacts(requestUri, aliases, isUserIdentity);
   int numAliasContacts = aliases.size();

   if (numAliasContacts > 0)
      Os::Logger::instance().log(FAC_SIP, PRI_DEBUG, "%s::lookUp "
                    "got %d AliasDB contacts", mLogName.data(),

      // Check if the request identity is a real user/extension
      UtlString realm;
      UtlString authType;

      SipXauthIdentity authIdentity;

      for (EntityDB::Aliases::iterator iter = aliases.begin(); iter != aliases.end(); iter++)

            // If disableForwarding and the relation value is "userforward",
            // do not record this contact.
            if (!(disableForwarding && iter->relation == ALIASDB_RELATION_USERFORWARD))
               UtlString contact = iter->contact.c_str();
               Url contactUri(contact);

               // if the request identity is a real user
               if (isUserIdentity)
                  // Encode AuthIdentity into the URI
                  authIdentity.encodeUri(contactUri, message);

               contactUri.setUrlParameter(SIP_SIPX_CALL_DEST_FIELD, "AL");
               contactList.add( contactUri, *this );

                if (_enableDiversionHeader && contactList.getDiversionHeader().empty())
                  // Add a Diversion header for all deflections
                  UtlString stringUri;
                  // The requestUri is an addr-spec, not a name-addr.
                  Url diversionUri(stringUri, TRUE);
                  UtlString userId;
                  UtlString host;

                  std::ostringstream strm;
                  strm << "<sip:";
                  if (!userId.isNull())
                    strm << userId.data() << "@";
                  strm << host.data();
                  strm << ">;reason=unconditional;sipxfwd=" << iter->relation;
                  UtlString diversion = strm.str().c_str();
                  OS_LOG_INFO(FAC_SIP, "SipRedirectorAliasDB::lookUp inserting diversion from " << diversion.data());
   return RedirectPlugin::SUCCESS;
Ejemplo n.º 4
    const SipMessage& message,
    const UtlString& requestString,
    const Url& requestUri,
    const UtlString& method,
    ContactList& contactList,
    RequestSeqNo requestSeqNo,
    int redirectorNo,
    SipRedirectorPrivateStorage*& privateStorage,
    ErrorDescriptor& errorDescriptor)
    // If url param sipx-userforward = false, do not redirect to its aliases
    UtlString disableForwarding;
    requestUri.getUrlParameter("sipx-userforward", disableForwarding);
    if (disableForwarding.compareTo("false", UtlString::ignoreCase) == 0)
        OsSysLog::add(FAC_SIP, PRI_DEBUG, "%s::lookUp user forwarding disabled by parameter",
        UtlString requestIdentity;

        OsSysLog::add(FAC_SIP, PRI_DEBUG, "%s::lookUp identity '%s'",
                      mLogName.data(), requestIdentity.data());

        ResultSet aliases;
        AliasDB::getInstance()->getContacts(requestUri, aliases);
        int numAliasContacts = aliases.getSize();
        if (numAliasContacts > 0)
            OsSysLog::add(FAC_SIP, PRI_DEBUG, "%s::lookUp "
                          "got %d AliasDB contacts", mLogName.data(),

            // Check if the request identity is a real user/extension
            UtlString realm;
            UtlString authType;
            bool isUserIdentity =
                CredentialDB::getInstance()->isUriDefined(requestUri, realm, authType);
            SipXauthIdentity authIdentity;

            for (int i = 0; i < numAliasContacts; i++)
                static UtlString contactKey("contact");

                UtlHashMap record;
                if (aliases.getIndex(i, record))
                    UtlString contact = *((UtlString*)record.findValue(&contactKey));
                    Url contactUri(contact);

                    // if the request identity is a real user
                    if (isUserIdentity)
                        // Encode AuthIdentity into the URI
                        authIdentity.encodeUri(contactUri, message);

                    contactUri.setUrlParameter(SIP_SIPX_CALL_DEST_FIELD, "AL");
                    // Add the contact.
                    contactList.add( contactUri, *this );

    return RedirectPlugin::SUCCESS;