Advertisement
Guest User

Untitled

a guest
Sep 13th, 2011
421
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 30.43 KB | None | 0 0
  1. #
  2. # $Id: opensips.cfg 7027 2010-07-15 13:48:29Z razvancrainea $
  3. #
  4. # OpenSIPS basic configuration script
  5. #     by Anca Vamanu <anca@voice-system.ro>
  6. #
  7. # Please refer to the Core CookBook at:
  8. #      http://www.opensips.org/index.php?n=Resources.DocsCookbooks
  9. # for a explanation of possible statements, functions and parameters.
  10. #
  11.  
  12.  
  13. ####### Global Parameters #########
  14.  
  15. log_stderror=no
  16. log_facility=LOG_LOCAL0
  17.  
  18. fork=yes
  19. children=4
  20.  
  21. /* uncomment the following lines to enable debugging */
  22. #debug=6
  23. debug=3
  24.  
  25. /* uncomment the next line to disable the auto discovery of local aliases
  26.    based on revers DNS on IPs (default on) */
  27. auto_aliases=no
  28.  
  29. # change the listen-opensips and advertised-opensips values in the defines.m4 file
  30.  
  31. listen=udp:REAL_IP:REAL_PORT
  32. listen=tcp:REAL_IP:REAL_PORT
  33.  
  34. advertised_address=VIRTUAL_IP
  35. advertised_port=VIRTUAL_PORT
  36.  
  37. server_header="Server: SoftSwitch_G9"
  38. user_agent_header="User-Agent: SoftSwitch_G9"
  39.  
  40. ####### Modules Section ########
  41.  
  42. #set module path
  43. mpath="//lib/opensips/modules/"
  44.  
  45. /* uncomment next line for MySQL DB support */
  46. loadmodule "db_mysql.so"
  47. loadmodule "signaling.so"
  48. loadmodule "sl.so"
  49. loadmodule "tm.so"
  50. loadmodule "rr.so"
  51. loadmodule "maxfwd.so"
  52. loadmodule "usrloc.so"
  53. loadmodule "registrar.so"
  54. loadmodule "textops.so"
  55. loadmodule "mi_fifo.so"
  56. loadmodule "uri.so"
  57.  
  58. loadmodule "auth.so"
  59. loadmodule "auth_db.so"
  60. loadmodule "domain.so"
  61.  
  62.  
  63. loadmodule "avpops.so"
  64. loadmodule "dialog.so"
  65. loadmodule "alias_db.so"
  66. loadmodule "drouting.so"
  67. loadmodule "uac.so"
  68. loadmodule "nat_traversal.so"
  69. loadmodule "nathelper.so"
  70. loadmodule "siptrace.so"
  71. loadmodule "sst.so"
  72. # loadmodule "perl.so"
  73.  
  74.  
  75. # ----------------- setting module-specific parameters ---------------
  76.  
  77.  
  78. # ----- perl params -----
  79. # modparam("perl", "filename", "/etc/opensips/scripts/perlfunctions.pl")
  80. # modparam("perl", "modpath", "/lib/opensips/perl/")
  81.  
  82.  
  83. # ----- sst params -----
  84. modparam("sst", "min_se", 300) # 1800
  85. modparam("sst", "timeout_avp", "$avp(s:timeout_sst)")
  86. modparam("sst", "sst_flag", 13)
  87. modparam("sst", "reject_to_small", 1)
  88.  
  89.  
  90. # ----- dialog params ------
  91. modparam("dialog", "profiles_with_value", "accountcalls")
  92. modparam("dialog", "dlg_match_mode", 1)
  93.  
  94. modparam("dialog", "default_timeout", 10800)
  95. modparam("dialog", "timeout_avp", "$avp(s:timeout_sst)")
  96. modparam("dialog", "dlg_flag", 12)
  97. modparam("dialog", "bye_on_timeout_flag", 15)
  98.  
  99.  
  100. # ----- siptrace params -----
  101. modparam("siptrace", "trace_on", 1)
  102. modparam("siptrace", "trace_flag", 22)
  103. modparam("siptrace", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
  104.  
  105.  
  106. # ----- nathelper params -----
  107. #This will do a SIP ping to the devices via SIP OPTIONS messages.
  108. #The value of the response (negative or positive) doesn't matter, although it does matter if you get the response.
  109. modparam("nathelper", "natping_interval", 60)
  110. modparam("nathelper", "ping_nated_only", 0)
  111. modparam("nathelper", "sipping_bflag", 7)
  112. modparam("nathelper", "sipping_from", "<sip:NAME@VIRTUAL_DOMAIN>")
  113. modparam("nathelper", "sipping_method", "OPTIONS")
  114. modparam("nathelper", "received_avp", "$avp(s:rcv)")
  115.  
  116.  
  117. # ----- registrar params
  118. modparam("registrar", "received_avp", "$avp(s:rcv)")
  119.  
  120.  
  121. # ----- tm params -----
  122. modparam("tm", "fr_inv_timer_avp", "$avp(s:custom_fr_inv_timer)")
  123. modparam("tm", "pass_provisional_replies", 1)
  124.  
  125.  
  126. # ----- drouting params ------
  127. modparam("drouting", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
  128. modparam("drouting", "use_domain", 0)
  129. modparam("drouting", "probing_interval", 60)
  130. modparam("drouting", "probing_from", "sip:NAME@REAL_IP")
  131. modparam("drouting", "probing_method", "OPTIONS")
  132. modparam("drouting", "probing_reply_codes", "501, 403, 404")
  133.  
  134.  
  135. # ----- avpops params ------
  136. modparam("avpops", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
  137.  
  138.  
  139. # ----- mi_fifo params -----
  140. modparam("mi_fifo", "fifo_name", "/tmp/opensips_fifo")
  141. modparam("mi_fifo", "fifo_mode", 0666)
  142.  
  143.  
  144. # ----- rr params -----
  145. # add value to ;lr param to cope with most of the UAs
  146. modparam("rr", "enable_full_lr", 1)
  147. # do not append from tag to the RR (no need for this script)
  148. modparam("rr", "append_fromtag", 1)
  149.  
  150.  
  151. # ----- usrloc params -----
  152. modparam("usrloc", "desc_time_order", 1)
  153. modparam("usrloc", "db_mode", 3)
  154. modparam("usrloc", "nat_bflag", 7)
  155. modparam("usrloc", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
  156.  
  157.  
  158. # ----- uri params -----
  159. modparam("uri", "use_uri_table", 0)
  160.  
  161. # ----- auth_db params -----
  162. /* uncomment the following lines if you want to enable the DB based authentication */
  163. modparam("auth_db", "calculate_ha1", yes)
  164. modparam("auth_db", "password_column", "password")
  165. modparam("auth_db", "db_url", "mysql://opensips:opensipsrw@localhost/opensips")
  166. modparam("auth_db", "load_credentials", "")
  167.  
  168. # ----- auth params -----
  169. modparam("auth", "rpid_avp", "$avp(s:rpid)")
  170.  
  171. # ----- alias_db params -----
  172. /* uncomment the following lines if you want to enable the DB based aliases */
  173. modparam("alias_db", "db_url",  "mysql://opensips:opensipsrw@localhost/opensips")
  174.  
  175.  
  176. # ----- domain params -----
  177. /* uncomment the following lines to enable multi-domain detection
  178.    support */
  179. modparam("domain", "db_url","mysql://opensips:opensipsrw@localhost/opensips")
  180. modparam("domain", "db_mode", 0)   # Use non-caching
  181.  
  182.  
  183. ####### Routing Logic ########
  184.  
  185.  
  186. # main request routing logic
  187.  
  188. route{
  189.  
  190.     if (!mf_process_maxfwd_header("10")) {
  191.         sl_send_reply("483","Too Many Hops");
  192.         exit;
  193.     }
  194.    
  195.     if (client_nat_test("3")) {
  196.    
  197.         if(search("Content-Type: application/sdp"))
  198.             fix_nated_sdp("10");
  199.     }
  200.  
  201.     force_rport();
  202.    
  203.    
  204.     if ( is_present_hf("Remote-Party-ID") && is_from_gw("1") )
  205.     {
  206.         $avp(s:rpidpriv) = $(hdr(Remote-Party-ID){s.select,1,>}{param.value,privacy});
  207.         if( $avp(s:rpidpriv) != NULL && ( $avp(s:rpidpriv) == "full" || $avp(s:rpidpriv) == "uri" ) ) {
  208.             setflag(11);   # Privacy flag
  209.             xlog("Found Remote-Party-ID. And it is a private call with privacy level of $avp(s:rpidpriv) ");
  210.         }
  211.        
  212.         remove_hf("Remote-Party-ID");
  213.     }
  214.    
  215.    
  216.    
  217.     if (has_totag()) {
  218.         # sequential request within a dialog should
  219.         # take the path determined by record-routing
  220.        
  221.         if (loose_route()) {
  222.             if (is_method("BYE")) {
  223.                 setflag(3); # ... even if the transaction fails
  224.             } else if (is_method("INVITE")) {
  225.                 # even if in most of the cases is useless, do RR for
  226.                 # re-INVITEs also, as some buggy clients do change route set
  227.                 # during the dialog.
  228.                
  229.                 record_route_preset("VIRTUAL_IP:VIRTUAL_PORT");
  230.                
  231.                 if(is_from_gw("1"))
  232.                 {
  233.                     /* Remove GW_PREFIX from Contact if you are getting a reply from the GW, i.e. the client just placed an outbound call  */
  234.                     if($ct != NULL)
  235.                     {
  236.                         $var(ct_username) = $(ct.fields(uri){uri.user});
  237.                        
  238.                         if($(var(ct_username){s.substr,0,4}) == "GW_PREFIX")
  239.                         {
  240.                             remove_hf("Contact");
  241.                             append_hf("Contact: <sip:$(var(ct_username){s.substr,4,0})@$(ct.fields(uri){uri.domain}):$(ct.fields(uri){uri.port})> \r\n", "Allow-Events");
  242.                         }
  243.                     }
  244.                 }
  245.                 else
  246.                 {
  247.                     if (client_nat_test("3"))
  248.                         fix_nated_contact();
  249.                    
  250.                     #Outgoing Re-Invite on a Received anonymous call, fetch the saved Unknown username and update the RURI
  251.                     if( $ruri.user == "Unknown" )
  252.                     {
  253.                         fetch_dlg_value("unk_to_username","$avp(s:to_ruri_username)");
  254.                         $ruri.user = $avp(s:to_ruri_username);
  255.                     }
  256.                    
  257.                     $avp(s:tmp) = goes_to_gw("1","p");
  258.            
  259.                     setflag(22);
  260.                     sip_trace();
  261.            
  262.                     if (sstCheckMin("1")) {
  263.                         xlog("L_ERR", "422 Session Timer Too Small reply sent.\n");
  264.                         exit;
  265.                     }
  266.                 }
  267.  
  268.                 # If it is a Re-Invite just remove the Require:timer from the headers
  269.                 route(21);
  270.             }
  271.            
  272.             # route it out to whatever destination was set by loose_route()
  273.             # in $du (destination URI).
  274.             route(1);
  275.            
  276.         } else {
  277.            
  278.             if ( is_method("ACK") ) {
  279.                 if ( t_check_trans() ) {
  280.                     # non loose-route, but stateful ACK; must be an ACK after
  281.                     # a 487 or e.g. 404 from upstream server
  282.                     t_relay();
  283.                     exit;
  284.                 } else {
  285.                     # ACK without matching transaction ->
  286.                     # ignore and discard
  287.                     exit;
  288.                 }
  289.             }
  290.             sl_send_reply("404","Not here");
  291.         }
  292.         exit;
  293.     }
  294.  
  295.     # initial requests
  296.  
  297.     # OPTIONS processing
  298.     if (is_method("OPTIONS"))
  299.     {
  300.         t_reply("404", "Not Found");
  301.         exit;
  302.     }
  303.    
  304.    
  305.     # CANCEL processing
  306.     if (is_method("CANCEL"))
  307.     {
  308.         setflag(22);
  309.         sip_trace();
  310.    
  311.         if (t_check_trans())
  312.             t_relay();
  313.         exit;
  314.     }
  315.  
  316.     t_check_trans();
  317.  
  318.    
  319.     $var(is_nat_treated) = 0;
  320.        
  321.     # authenticate if you're not registering but sending a request
  322.     if (!(method=="REGISTER") && !is_from_gw("1"))  
  323.     {
  324.         remove_hf("P-Preferred-Identity");
  325.         remove_hf("P-Asserted-Identity");
  326.         remove_hf("Remote-Party-Id");
  327.         remove_hf("Privacy");
  328.    
  329.         if(is_method("INVITE"))
  330.         {
  331.             setflag(22);
  332.             sip_trace();
  333.            
  334.             if (sstCheckMin("1")) {
  335.                 xlog("L_ERR", "422 Session Timer Too Small reply sent.\n");
  336.                 exit;
  337.             }
  338.         }
  339.    
  340.         if( !proxy_authorize("","subscriber") )
  341.         {
  342.             $var(auth_code) = $retcode;
  343.        
  344.             switch($var(auth_code))
  345.             {
  346.                 case "-5": $var(auth_error) = "generic error";      break;
  347.                 case "-4": $var(auth_error) = "no credentials";     break;
  348.                 case "-3": $var(auth_error) = "stale nonce";        break;
  349.                 case "-2": $var(auth_error) = "invalid password";   break;
  350.                 case "-1": $var(auth_error) = "invalid user";       break;
  351.                 default: $var(auth_error) = "$var(auth_code)";
  352.             }
  353.                        
  354.             if(is_method("INVITE") && $var(auth_code) != -4 && $var(auth_code) != -3 && $var(auth_code) != -2)
  355.             {
  356.                 avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','outbound','$si:$sp','407 - Proxy Authorization Required','NAME: Auth error - $var(auth_error) for user $au',NOW())");
  357.             }
  358.            
  359.             if($var(auth_code) != -2)
  360.             {
  361.                 xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ $var(auth_error) _ call");
  362.                 proxy_challenge("", "0");
  363.                 exit;
  364.             }
  365.         }
  366.        
  367.         avp_db_query("SELECT dba.alias_username, dba.username, dba.pmp_username, sub.domain, sub.password FROM dbaliases dba, subscriber sub WHERE sub.username = '$au' AND sub.username = dba.username AND (dba.pmp_username = '$(fU{s.escape.common})' OR dba.alias_username = '$(fU{s.escape.common})') ", "$avp(s:alias_username);$avp(s:username);$avp(s:pmp_username);$avp(s:domain);$avp(s:password)");
  368.        
  369.         #xlog("SELECT dba.alias_username, dba.username, dba.pmp_username, sub.domain, sub.password FROM dbaliases dba, subscriber sub WHERE sub.username = '$au' AND sub.username = dba.username AND (dba.pmp_username = '$(fU{s.escape.common})' OR dba.alias_username = '$(fU{s.escape.common})') ");
  370.        
  371.         if( $avp(s:alias_username) != NULL && $avp(s:alias_username) != '' )
  372.         {
  373.             #verify if the user has a blank password in the BD
  374.             if($var(auth_code) == -2)
  375.                 if( $avp(s:password) == NULL || $avp(s:password) == '') /* 'sempassword' */
  376.                     xlog("L_NOTICE", "Client $fU (with $au) has no password defined, will skip password auth");
  377.                 else
  378.                 {
  379.                     xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ invalid password _ call");
  380.                     avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','outbound','$si:$sp','407 - Proxy Authorization Required','NAME: Auth error - $var(auth_error) for user $au',NOW())");
  381.                     proxy_challenge("", "0");
  382.                     exit;
  383.                 }
  384.            
  385.             #authenticate with the user's domain if it exists
  386.             if($avp(s:domain) != NULL && $avp(s:domain) != '' && $si != $avp(s:domain))
  387.             {
  388.                 xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ invalid ip address _ call");
  389.                 if(is_method("INVITE") && $var(auth_code) != -4 && $var(auth_code) != -3)
  390.                 {
  391.                     avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','outbound','$si:$sp','407 - Proxy Authorization Required','NAME: Auth error - invalid ip address for user $au@$si, expecting $avp(s:domain)',NOW())");
  392.                 }
  393.                
  394.                 proxy_challenge("","0");
  395.                 exit;
  396.             }
  397.  
  398.             if($avp(s:username) == $au)
  399.             {
  400.                 if( $fn == "\"Anonymous\"" )
  401.                 {
  402.                     # Remote-Party-Id construct for outbound call
  403.                     $avp(s:rpid) = "<sip:" + $au + "@" + $ar + ">;privacy=full";
  404.                     append_rpid_hf();
  405.                    
  406.                     # P-Asserted-Identity construct for outbound call
  407.                     append_hf("P-Asserted-Identity: sip:$au@$ar \r\n", "Contact");
  408.                     append_hf("Privacy: id \r\n", "Contact");
  409.                 }
  410.                 else
  411.                     append_hf("Privacy: none \r\n", "Contact");
  412.                
  413.                 if($avp(s:pmp_username) == $fU && $avp(s:pmp_username) != $avp(s:alias_username))
  414.                 {
  415.                     uac_replace_from("$avp(s:alias_username)","sip:$avp(s:alias_username)@$fd");
  416.                     $avp(s:ct) = $ct;
  417.                    
  418.                     if (client_nat_test("3"))
  419.                     {
  420.                         avp_subst("$avp(s:ct)", "/(.*)@(.*)/$avp(s:alias_username)@$si:$sp>/");
  421.                         $var(is_nat_treated) = 1;
  422.                     }  
  423.                     else
  424.                         avp_subst("$avp(s:ct)", "/(.*)@(.*)/$avp(s:alias_username)@\2/");
  425.                        
  426.                     remove_hf("Contact");
  427.                     append_hf("Contact: <sip:$avp(s:ct) \r\n");
  428.                 }
  429.             }
  430.             else
  431.             {
  432.                 uac_replace_from("$au","sip:$au@$ar");
  433.             }
  434.         }
  435.         else
  436.         {
  437.             uac_replace_from("$au","sip:$au@$ar");
  438.         }
  439.        
  440.         if (client_nat_test("3")) {
  441.             if($var(is_nat_treated) == 0)
  442.                 fix_nated_contact();
  443.         }
  444.                
  445.         consume_credentials();
  446.         # caller authenticated
  447.     }
  448.  
  449.     # preloaded route checking
  450.     if (loose_route())
  451.     {
  452.         xlog("L_ERR", "Attempt to route with preloaded Route's [$fu/$tu/$ru/$ci]");
  453.         if (!is_method("ACK"))
  454.             sl_send_reply("403","Preload Route denied");
  455.         exit;
  456.     }
  457.  
  458.     # record routing
  459.     if (!is_method("REGISTER|MESSAGE"))
  460.         record_route_preset("VIRTUAL_IP:VIRTUAL_PORT");
  461.  
  462.     # INVITEs - differentiate between outbound and inbound calls
  463.     if (is_method("INVITE"))
  464.     {
  465.         if (!is_from_gw("1"))
  466.         {
  467.             $avp(s:is_inbound) = 0;
  468.            
  469.             # On outbound-calls leave the timeout of SIP-negotiation at 120 sec
  470.             $avp(s:custom_fr_inv_timer) = 120;
  471.            
  472.             # Outbound-route for call-limit control
  473.             route(39);
  474.            
  475.             # Call our dynamic route.
  476.             route(4);  
  477.         }
  478.         else
  479.         {
  480.             $avp(s:is_inbound) = 1;
  481.            
  482.             # On inbound-calls leave the timeout of SIP-negotiation at 45 sec. Defines how much time it will take for the end of the call, it leads to redirection of the call to Voicemail
  483.             $avp(s:custom_fr_inv_timer) = 45;
  484.            
  485.             # if it was recognized that this inbound-call has to have an unknown number has the originator of the call (privacy=full on Remote-Party-ID header) do some headers manipulation
  486.             if(isflagset(11))
  487.             {
  488.                 create_dialog();
  489.                 store_dlg_value( "unk_to_username", "$(ct.fields(uri){uri.user})" );
  490.                
  491.                 xlog("Inbound call with request for Unknown username. We save the number for future Re-Invite as unk_to_username = $(ct.fields(uri){uri.user})");
  492.                
  493.                 remove_hf("Contact");
  494.                 append_hf("Contact: <sip:Unknown@$(ct.fields(uri){uri.domain}):$(ct.fields(uri){uri.port})> \r\n", "Allow-Events");
  495.                
  496.                 uac_replace_from("Unknown","sip:Unknown@$fd");
  497.             }
  498.             /*
  499.             # [Ticket: 9681]
  500.             else
  501.                 # if there is no Display-name in the From header, just add the username in the URI to it
  502.                 if ($fn == NULL || $fn == "")
  503.                 {
  504.                     uac_replace_from("$fU","");
  505.                 }
  506.             */
  507.         }
  508.     }
  509.    
  510.     if (!is_uri_host_local())
  511.     {
  512.         if(!is_from_gw("1") && !goes_to_gw("1") && is_method("REGISTER"))
  513.         {
  514.             setflag(22);
  515.             sip_trace();
  516.            
  517.             xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ unknown domain _ register");
  518.             avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(ci{s.escape.common})','register','$si:$sp','404 - Not Found (unknown domain)','NAME: Auth error - unknown domain $rd',NOW())");
  519.            
  520.             t_reply("404", "Not Found (unknown domain)");
  521.             exit;
  522.         }
  523.        
  524.         append_hf("P-hint: outbound\r\n");
  525.  
  526.         route(1);
  527.     }
  528.  
  529.     if (is_method("PUBLISH"))
  530.     {
  531.         sl_send_reply("503", "Service Unavailable");
  532.         exit;
  533.     }
  534.    
  535.  
  536.     if (is_method("REGISTER"))
  537.     {
  538.         fix_nated_register();
  539.                
  540.         if (client_nat_test("3")) {
  541.             setbflag(7);
  542.         }
  543.        
  544.         setflag(22);
  545.         sip_trace();
  546.        
  547.         if(!www_authorize("","subscriber"))
  548.         {
  549.             $var(auth_code) = $retcode;
  550.        
  551.             switch($var(auth_code))
  552.             {
  553.                 case "-5": $var(auth_error) = "generic error";  break;
  554.                 case "-4": $var(auth_error) = "no credentials"; break;
  555.                 case "-3": $var(auth_error) = "stale nonce";        break;
  556.                 case "-2": $var(auth_error) = "invalid password";   break;
  557.                 case "-1": $var(auth_error) = "invalid user";       break;
  558.                 default: $var(auth_error) = "$var(auth_code)";
  559.             }
  560.                        
  561.             if($var(auth_code) != -4 && $var(auth_code) != -3 && $var(auth_code) != -2)
  562.                 avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(ci{s.escape.common})','register','$si:$sp','401 - Unauthorized','NAME: Auth error - $var(auth_error) for user $au',NOW())");
  563.            
  564.             if($var(auth_code) != -2)
  565.             {
  566.                 xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ $var(auth_error) _ register");
  567.                 www_challenge("", "0");
  568.                 exit;
  569.             }
  570.         }
  571.        
  572.         #authenticate with the user's domain
  573.         avp_db_query("SELECT domain, password, BO_login, BO_name FROM subscriber WHERE username='$(fU{s.escape.common})'", "$avp(s:domain);$avp(s:password);$avp(s:login);$avp(s:name)");
  574.        
  575.         #verify if the user has a blank password in the BD
  576.         if($var(auth_code) == -2 )
  577.             if( $avp(s:password) == NULL || $avp(s:password) == '') /* 'sempassword' */
  578.                 xlog("L_NOTICE", "User $fU has no password defined, will skip password auth");
  579.             else
  580.             {
  581.                 xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ invalid password _ register");
  582.                 avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(ci{s.escape.common})','register','$si:$sp','401 - Unauthorized','NAME: Auth error - $var(auth_error) for user $au',NOW())");
  583.                
  584.                 www_challenge("", "0");
  585.                 exit;
  586.             }
  587.        
  588.         if($avp(s:domain) != NULL && $avp(s:domain) != '' && $si != $avp(s:domain))
  589.         {
  590.             xlog("L_NOTICE","Auth error for $fU@$fd from $si cause _ invalid ip address _ register");
  591.             avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(ci{s.escape.common})','register','$si:$sp','401 - Unauthorized','NAME: Auth error - invalid ip address for user $au@$si, expecting $avp(s:domain)',NOW())");
  592.            
  593.             www_challenge("","0");
  594.             exit;
  595.         }
  596.        
  597.         if (!db_check_to())
  598.         {
  599.             sl_send_reply("403", "Forbidden auth ID");
  600.             exit;
  601.         }
  602.  
  603.         if (!save("location"))
  604.             sl_reply_error();
  605.         else
  606.             # Add to the BO login and name of the user to the entry on the location table
  607.             avp_db_query("UPDATE location SET login='$avp(s:login)', name='$avp(s:name)' WHERE username = '$au'");
  608.                    
  609.         exit;
  610.     }
  611.  
  612.     if ($rU==NULL) {
  613.         # request with no Username in RURI
  614.         sl_send_reply("484","Address Incomplete");
  615.         exit;
  616.     }
  617.    
  618.    
  619.     if($avp(s:is_inbound) == 1)
  620.     {
  621.         alias_db_lookup("dbaliases", "d");
  622.     }
  623.    
  624.     # do lookup with method filtering
  625.     if (!lookup("location","mb")) {
  626.         switch ($retcode) {
  627.             case -1:
  628.                 setflag(22);
  629.                 sip_trace();
  630.                
  631.                 if(is_method("REGISTER"))
  632.                 {
  633.                     avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(ci{s.escape.common})','register','$si:$sp','401 - Unauthorized','NAME: Possible break-through attack attempt that went too far',NOW())");
  634.                 }else if(is_method("INVITE"))
  635.                 {
  636.                     xlog("Call to $rU not delivered, user not registered");
  637.                     avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','inbound','$si:$sp','480 - Temporarily Not Available','NAME: Call to $(rU{s.escape.common}) not delivered, user not registered',NOW())");
  638.                 }
  639.                
  640.                 xlog("Lookup on location with return value of -1 : Placed call on a user that is not available or an attack that went to far - analyse this if you were not expecting this.");
  641.  
  642.                 avp_db_query("SELECT dba.vmail FROM dbaliases dba WHERE dba.alias_username = '$(tU{s.escape.common})' ", "$avp(s:is_voicemail)");
  643.                
  644.                 if( $avp(s:is_voicemail) == 1)
  645.                 {
  646.                     # ASTERISK HOOK - BEGIN
  647.                     # callee is not registered, so different to Voicemail
  648.                     # First add the VM recording prefix to the RURI
  649.                     prefix("VMR_U_");
  650.                     # forward the call to Asterisk (replace below with real IP and port)
  651.                     rewritehostport("VOICEMAIL_IP:VOICEMAIL_PORT");
  652.                    
  653.                     route(1);
  654.                     # ASTERISK HOOK - END
  655.                     exit;
  656.                 }
  657.                
  658.             case -3:
  659.                 t_newtran();
  660.                 t_reply("404", "Not Found");
  661.                 exit;
  662.             case -2:
  663.                 sl_send_reply("405", "Method Not Allowed");
  664.                 exit;
  665.         }
  666.     }
  667.    
  668.     if($avp(s:is_inbound) == 1)
  669.     {
  670.         #inbound-route for call-limit control
  671.         route(40);
  672.        
  673.         avp_db_query("SELECT pmp_username FROM dbaliases WHERE alias_username='$tU'", "$avp(s:pmp_username)");
  674.    
  675.         if($avp(s:pmp_username) != NULL && $avp(s:pmp_username) != "")
  676.         {
  677.             $ruri.user = $avp(s:pmp_username);
  678.             uac_replace_to("$avp(s:pmp_username)","sip:$avp(s:pmp_username)@$ruri.domain");
  679.         }
  680.     }
  681.    
  682.     route(1);
  683. }
  684.  
  685.  
  686. route[1] {
  687.     # for INVITEs enable some additional helper routes
  688.     if (is_method("INVITE")) {
  689.         t_on_branch("2");
  690.         t_on_reply("2");
  691.         t_on_failure("1");
  692.     }
  693.    
  694.     /* Insert SIP message into sip_trace table, avoiding duplicated entries from other parts of the script */
  695.     if( (!is_method("SUBSCRIBE") && !is_method("INVITE")) || (is_method("INVITE") && is_from_gw("1")) )
  696.     {
  697.         setflag(22);
  698.         sip_trace();
  699.     }
  700.    
  701.     /* Just prefix with the one defined in the drouting tables on an outgoing BYE or ACK to the GW */
  702.     if(is_method("ACK") || is_method("BYE") || is_method("PRACK") || is_method("CANCEL"))
  703.     {
  704.         #Bye to an Unknown user
  705.         if( $ruri.user == "Unknown" )
  706.         {
  707.             fetch_dlg_value("unk_to_username","$avp(s:to_ruri_username)");
  708.             $ruri.user = $avp(s:to_ruri_username);
  709.         }
  710.    
  711.         $avp(s:tmp) = goes_to_gw("1","p");
  712.     }  
  713.    
  714.     if (!t_relay()) {
  715.         sl_reply_error();
  716.     };
  717.    
  718.     exit;
  719. }
  720.  
  721.  
  722. route[4] {
  723.  
  724.     if(!isflagset(10))
  725.     {
  726.         setflag(10);
  727.        
  728.         # Fetch from DB the group_id that is associated with the username so that is possible to choose the related route
  729.         avp_db_query("SELECT groupid FROM dr_groups WHERE username = '$avp(s:alias_username)'", "$avp(s:group_id)");
  730.        
  731.         # If no group_id is found use the default one
  732.         if (!$avp(s:group_id))
  733.             $avp(s:group_id) = 0;
  734.    
  735.         # Do routing by choosing the rule associated with the group_id
  736.         if ( !do_routing("$avp(s:group_id)", "0") ) {
  737.             send_reply("503", "No Rules matching the URI");
  738.             exit;
  739.         }
  740.     }
  741.    
  742. }
  743.  
  744.  
  745. branch_route[2] {
  746.  
  747.     xlog("New branch at $ru\n");
  748.    
  749.     if( ( is_method("INVITE") || is_method("REGISTER") ) && $du != NULL)
  750.     {
  751.         # if RURI-domain is equal to the destination-domain and their ports are different substitute RURI-port with the destination-port
  752.         if( $(du{uri.host}) == $rd && $(du{uri.port}) != $rp )
  753.             $rp = $(du{uri.port});
  754.     }
  755.    
  756. }
  757.  
  758.  
  759. local_route{
  760.  
  761.     if( !is_method("OPTIONS") )
  762.     {
  763.         setflag(22);
  764.         sip_trace();
  765.     }
  766.    
  767. }
  768.  
  769.  
  770. onreply_route[2] {
  771.  
  772.     if(is_from_gw("1"))
  773.     {
  774.         /* Remove GW_PREFIX from Contact if you are getting a reply from the GW, i.e. the client just placed an outbound call  */
  775.         if($ct != NULL)
  776.         {
  777.             $var(ct_username) = $(ct.fields(uri){uri.user});
  778.            
  779.             if($(var(ct_username){s.substr,0,4}) == "GW_PREFIX")
  780.             {
  781.                 remove_hf("Contact");
  782.                 append_hf("Contact: <sip:$(var(ct_username){s.substr,4,0})@$(ct.fields(uri){uri.domain}):$(ct.fields(uri){uri.port})> \r\n", "Allow-Events");
  783.             }
  784.         }
  785.     }else{
  786.         if (client_nat_test("3"))
  787.         {
  788.             if(search("Content-Type: application/sdp"))
  789.                 fix_nated_sdp("10");
  790.        
  791.             fix_nated_contact();
  792.         }
  793.        
  794.        
  795.        
  796.     }
  797.    
  798.     /*
  799.         For Testing purposes only.  By using a Perl script it's possible to change a received "183 - In Progress" to "180 - Ringing"
  800.         The resulting 180 message is not logged into SIP-trace
  801.     */
  802.     /*
  803.     if(t_check_status("183")) {
  804.         perl_exec("sendReplyAs180");
  805.         drop();
  806.     }
  807.     */
  808. }
  809.  
  810.  
  811. failure_route[1] {
  812.    
  813.     if ( t_was_cancelled() ) {
  814.         exit;
  815.     }
  816.    
  817.     if ( t_check_status("[34][0-9][0-9]") && $avp(s:is_inbound) == 1 ) {
  818.        
  819.         xlog("Inbound call with 3XX or 4XX, go for voicemail if active");
  820.        
  821.         # if the failure code is "408 - timeout", "486 - busy" or "480 - temporarily unavailable"
  822.         # forward the calls to voicemail recording
  823.         if ( t_check_status("CLIENT_ERROR_BUSY|CLIENT_ERROR_UNAVAILABLE") )
  824.         {
  825.             avp_db_query("SELECT sub.vmail FROM subscriber sub, dbaliases dba WHERE sub.username = dba.username AND ( sub.username = '$(tU{s.escape.common})' OR dba.alias_username = '$(tU{s.escape.common})')", "$avp(s:is_voicemail)");
  826.                
  827.             if( $avp(s:is_voicemail) == 1)
  828.             {
  829.                 # ASTERISK HOOK - BEGIN
  830.                 # First revert the RURI to get the original user in RURI
  831.                 # Then add the VM recording prefix to the RURI
  832.                 revert_uri();
  833.                
  834.                 if(t_check_status("CLIENT_ERROR_BUSY"))
  835.                     prefix("VMR_B_");
  836.                 else
  837.                     prefix("VMR_U_");
  838.                
  839.                 # forward to the call to Asterisk (replace below with real IP and port)
  840.                 rewritehostport("VOICEMAIL_IP:VOICEMAIL_PORT");
  841.                 t_relay();
  842.                 # ASTERISK HOOK - END
  843.             }
  844.         }
  845.        
  846.         exit;
  847.     }
  848.        
  849.     if ( t_check_status("GW_RETURN_ERRORS") && $avp(s:is_inbound) == 0 )
  850.     {
  851.         xlog("Problems with this Gateway, jumping to the next one if possible");
  852.    
  853.         resetflag(10);
  854.    
  855.         if (use_next_gw()) {
  856.             t_relay();
  857.             exit;
  858.         } else {
  859.             t_reply ("503", "Service not available");
  860.             exit;
  861.         }
  862.     }
  863. }
  864.  
  865.  
  866. route[21] {     # Suppresses SST announcements
  867.        
  868.     # For removing header Require: timer
  869.     if (is_present_hf("Require")) {
  870.         if (subst('/^(Require:.*)timer\s*,(.*)$/\1\2/i')) {
  871.             #xlog("L_INFO", "Removed timer support (1)\n");
  872.         } else if (subst('/^(Require:.*),\s*timer(.*)$/\1\2/i')) {
  873.             #xlog("L_INFO", "Removed timer support (2)\n");
  874.         } else if (search('^Require:.*timer.*$')) {
  875.             remove_hf("Require");
  876.             #xlog("L_INFO", "Removed timer support (3)\n");
  877.         }
  878.     }
  879.    
  880. }
  881.  
  882.  
  883. /**** CALL-LIMIT ROUTES ****/
  884.  
  885. #Outbound-route for call-limit control
  886. route[39]
  887. {
  888.     ## have we done our checking on this call?
  889.     if(!isflagset(21))
  890.     {
  891.         xlog("Call from $fU");
  892.    
  893.         avp_db_query("SELECT sub.username, sub.call_limit FROM dbaliases dba, subscriber sub WHERE (dba.pmp_username = '$(au{s.escape.common})' OR dba.alias_username = '$(au{s.escape.common})') AND dba.username = sub.username ", "$avp(s:from_user);$avp(s:channels)");
  894.        
  895.         if( $avp(s:from_user) != NULL && $avp(s:from_user) != '' )
  896.         {
  897.             # user has max channel limit set as preference
  898.             if(is_avp_set("$avp(s:channels)/n") && avp_check("$avp(s:channels)", "gt/i:0") && $avp(s:channels) > 0)
  899.             {
  900.                 # get current calls for uuid
  901.                 get_profile_size("accountcalls","$avp(s:from_user)","$var(calls)");
  902.  
  903.                 # check within limit
  904.                 if($avp(s:channels) > $var(calls))
  905.                 {
  906.                     xlog("L_ERR","Call control [outbound]: user '$avp(s:from_user)' currently has '$var(calls)' of '$avp(s:channels)' active calls before this one\n");
  907.                     $var(setprofile) = 1;
  908.                 }
  909.                 else
  910.                 {
  911.                     xlog("L_ERR","Call control [outbound]: user '$avp(s:from_user)' channel limit exceeded [$var(calls)/$avp(s:channels)]\n");
  912.                     avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','outbound','$si:$sp','486 - Busy Here','NAME: Channel limit exceeded [$var(calls)/$avp(s:channels)]',NOW())");
  913.                    
  914.                     sl_send_reply("486", "Busy Here");
  915.                     exit;
  916.                 }
  917.             }
  918.             else
  919.             {
  920.                 $var(setprofile) = 0;
  921.             }
  922.  
  923.             if($var(setprofile) > 0)
  924.             {
  925.                 setflag(15);
  926.                
  927.                 if ( is_present_hf("Session-Expires") )
  928.                 {
  929.                     setflag(12);
  930.                     setflag(13);
  931.                 }
  932.                            
  933.                 create_dialog();
  934.                 set_dlg_profile("accountcalls","$avp(s:from_user)");
  935.             }
  936.  
  937.             ## mark checking done
  938.             setflag(21);
  939.         }
  940.     }
  941. }
  942.  
  943. #Inbound-route for call-limit control
  944. route[40]
  945. {
  946.     ## have we done our checking on this call?
  947.     if(!isflagset(21))
  948.     {
  949.         avp_db_query("SELECT call_limit FROM subscriber WHERE username='$tU'", "$avp(s:channels)");
  950.    
  951.         # user has max channel limit set as preference
  952.         if(is_avp_set("$avp(s:channels)/n") && avp_check("$avp(s:channels)", "gt/i:0") && $avp(s:channels) > 0)
  953.         {
  954.             # get current calls for uuid
  955.             get_profile_size("accountcalls","$tU","$var(calls)");  
  956.  
  957.             # check within limit
  958.             if($avp(s:channels) > $var(calls))
  959.             {
  960.                 xlog("Call control [inbound]: user '$tU' currently has '$var(calls)' of '$avp(s:channels)' active calls before this one\n");
  961.                 $var(setprofile) = 1;
  962.             }
  963.             else
  964.             {
  965.                 setflag(22);
  966.                 sip_trace();
  967.            
  968.                 xlog("Call control [inbound]: user '$tU' channel limit exceeded [$var(calls)/$avp(s:channels)] - Go for voicemail, if active!\n");
  969.                 avp_db_query("INSERT INTO G9_ProxyLogs (CallingStationID, CalledStationID, call_id, type, source, error_code, description, datetime_created) VALUES ('$(fU{s.escape.common})','$(tU{s.escape.common})','$(ci{s.escape.common})','inbound','$si:$sp','486 - Busy Here','NAME: Channel limit exceeded [$var(calls)/$avp(s:channels)]',NOW())");
  970.                
  971.                 avp_db_query("SELECT dba.vmail FROM dbaliases dba WHERE dba.alias_username = '$(tU{s.escape.common})' ", "$avp(s:is_voicemail)");
  972.                
  973.                 if( $avp(s:is_voicemail) == 1)
  974.                 {
  975.                     # ASTERISK HOOK - BEGIN
  976.                     # First revert the RURI to get the original user in RURI
  977.                     # Then add the VM recording prefix to the RURI
  978.                     revert_uri();
  979.                     prefix("VMR_B_");
  980.                    
  981.                     # forward to the call to Asterisk (replace below with real IP and port)
  982.                     if (!t_relay("udp:VOICEMAIL_IP:VOICEMAIL_PORT")) {
  983.                         sl_send_reply("486", "Busy Here");
  984.                     };
  985.                     # ASTERISK HOOK - END
  986.                 }
  987.                 else
  988.                     sl_send_reply("486", "Busy Here");
  989.                
  990.                 exit;
  991.             }
  992.         }
  993.         else
  994.         {
  995.             $var(setprofile) = 0;
  996.         }
  997.  
  998.         if($var(setprofile) > 0)
  999.         {
  1000.             setflag(15);
  1001.            
  1002.             setflag(12);
  1003.             setflag(13);
  1004.            
  1005.             create_dialog();
  1006.             set_dlg_profile("accountcalls","$tU");
  1007.         }
  1008.  
  1009.         ## mark checking done
  1010.         setflag(21);
  1011.     }
  1012. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement