Add manager peerstatus events when peer can't authenticate.

(closes issue #11959)
Reported by: mostyn
Patches: 
      peerstatus3.patch uploaded by mostyn (license 398)


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@109316 65c4cc65-6c06-0410-ace0-fbb531ad65f3

3 files changed, 25 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index 052c37089..e5ae21fb9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -167,6 +167,8 @@ SIP changes
      SIP session.
   * Added TCP and TLS support for SIP.  See doc/siptls.txt and configs/sip.conf.sample for
      more information on how it is used.
+  * Added a new configuration option "authfailureevents" that enables manager events when
+    a peer can't authenticate properly. 
 
 IAX2 changes
 ------------
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index f46c04d8b..a110252e4 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -705,6 +705,7 @@ static char global_sdpsession[AST_MAX_EXTENSION];	/*!< SDP session name for the
 static char global_sdpowner[AST_MAX_EXTENSION];	/*!< SDP owner name for the SIP channel */
 static int allow_external_domains;	/*!< Accept calls to external SIP domains? */
 static int global_callevents;		/*!< Whether we send manager events or not */
+static int global_authfailureevents;		/*!< Whether we send authentication failure manager events or not. Default no. */
 static int global_t1;			/*!< T1 time */
 static int global_t1min;		/*!< T1 roundtrip time minimum */
 static int global_timer_b;    /*!< Timer B - RFC 3261 Section 17.1.1.2 */
@@ -9853,7 +9854,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
 	/* Saving TCP connections is useless, we won't be able to reconnect */
 	if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP)) 
 		ast_db_put("SIP/Registry", peer->name, data);
-	manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+	manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name,  ast_inet_ntoa(peer->addr.sin_addr), ntohs(peer->addr.sin_port));
 
 	/* Is this a new IP address for us? */
 	if (inaddrcmp(&peer->addr, &oldsin)) {
@@ -10405,7 +10406,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 			case PARSE_REGISTER_UPDATE:
 				/* Say OK and ask subsystem to retransmit msg counter */
 				transmit_response_with_date(p, "200 OK", req);
-				manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\n", peer->name);
+				manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 				peer->lastmsgssent = -1;
 				res = 0;
 				break;
@@ -10420,6 +10421,9 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 		case AUTH_SECRET_FAILED:
 			/* Wrong password in authentication. Go away, don't try again until you fixed it */
 			transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
+			if (global_authfailureevents)
+				manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_SECRET_FAILED\r\nAddress: %s\r\nPort: %d\r\n", 
+					name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 			break;
 		case AUTH_USERNAME_MISMATCH:
 			/* Username and digest username does not match. 
@@ -10427,6 +10431,9 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 			   users to use the same authentication user name until we support
 			   proper authentication by digest auth name */
 			transmit_response(p, "403 Authentication user name does not match account name", &p->initreq);
+			if (global_authfailureevents)
+				manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_USERNAME_MISMATCH\r\nAddress: %s\r\nPort: %d\r\n", 
+					name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 			break;
 		case AUTH_NOT_FOUND:
 		case AUTH_PEER_NOT_DYNAMIC:
@@ -10435,10 +10442,17 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 				transmit_fake_auth_response(p, &p->initreq, 1);
 			} else {
 				/* URI not found */
-				if (res == AUTH_PEER_NOT_DYNAMIC)
+				if (res == AUTH_PEER_NOT_DYNAMIC) {
 					transmit_response(p, "403 Forbidden", &p->initreq);
+					if (global_authfailureevents)
+						manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: AUTH_PEER_NOT_DYNAMIC\r\nAddress: %s\r\nPort: %d\r\n", 
+							name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
+					}
 				else
 					transmit_response(p, "404 Not found", &p->initreq);
+					if (global_authfailureevents)
+						manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Rejected\r\nCause: URI_NOT_FOUND\r\nAddress: %s\r\nPort: %d\r\n", 
+							name, ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 			}
 			break;
 		default:
@@ -12941,6 +12955,7 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_
 	ast_cli(a->fd, "  From: Domain:           %s\n", default_fromdomain);
 	ast_cli(a->fd, "  Record SIP history:     %s\n", recordhistory ? "On" : "Off");
 	ast_cli(a->fd, "  Call Events:            %s\n", global_callevents ? "On" : "Off");
+	ast_cli(a->fd, "  Auth. Failure Events:   %s\n", global_authfailureevents ? "On" : "Off");
 
 	ast_cli(a->fd, "  T38 fax pt UDPTL:       %s\n", cli_yesno(ast_test_flag(&global_flags[1], SIP_PAGE2_T38SUPPORT_UDPTL)));
 #ifdef WHEN_WE_HAVE_T38_FOR_OTHER_TRANSPORTS
@@ -20250,6 +20265,7 @@ static int reload_config(enum channelreloadreason reason)
 	/* Misc settings for the channel */
 	global_relaxdtmf = FALSE;
 	global_callevents = FALSE;
+	global_authfailureevents = FALSE;
 	global_t1 = SIP_TIMER_T1;
 	global_timer_b = 64 * SIP_TIMER_T1;
 	global_t1min = DEFAULT_T1MIN;
@@ -20561,6 +20577,8 @@ static int reload_config(enum channelreloadreason reason)
 			}
 		} else if (!strcasecmp(v->name, "callevents")) {
 			global_callevents = ast_true(v->value);
+		} else if (!strcasecmp(v->name, "authfailureevents")) {
+			global_authfailureevents = ast_true(v->value);
 		} else if (!strcasecmp(v->name, "maxcallbitrate")) {
 			default_maxcallbitrate = atoi(v->value);
 			if (default_maxcallbitrate < 0)
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index df18aea12..e9421fcc4 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -218,6 +218,8 @@ srvlookup=yes			; Enable DNS SRV lookups on outbound calls
 				; for peers and users as well
 ;callevents=no			; generate manager events when sip ua 
 				; performs events (e.g. hold)
+;authfailureevents=no		; generate manager "peerstatus" events when peer can't
+				; authenticate with Asterisk. Peerstatus will be "rejected".
 ;alwaysauthreject = yes		; When an incoming INVITE or REGISTER is to be rejected,
  		    		; for any reason, always reject with '401 Unauthorized'
  				; instead of letting the requester know whether there was