when you have both auth-calls and inbound-acl at the same time passing acl lets…

when you have both auth-calls and inbound-acl at the same time passing acl lets you in with no challenge and failing gives you auth challenge git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@8387 d0543943-73ff-0310-b7d9-9358b9ac24b2

when you have both auth-calls and inbound-acl at the same time passing acl lets…
when you have both auth-calls and inbound-acl at the same time passing acl lets you in with no challenge and failing gives you auth challenge git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@8387 d0543943-73ff-0310-b7d9-9358b9ac24b2
f914772a · Anthony Minessale · 40efe06a · f914772a
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -2655,11 +2655,24 @@ void sofia_handle_sip_i_invite(nua_t *nua, sofia_profile_t *profile, nua_handle_

 	if (profile->acl_count) {
 		uint32_t x = 0;
+		int ok = 1;
+		char *last_acl = NULL;
+
 		for (x = 0 ; x < profile->acl_count; x++) {
-			if (!switch_check_network_list_ip(network_ip, profile->acl[x])) {
-				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip,  profile->acl[x]);
+			last_acl = profile->acl[x];
+			if (!(ok = switch_check_network_list_ip(network_ip, last_acl))) {
+				break;
+			}
+		}
+
+		if (!ok) {
+			if (!(profile->pflags & PFLAG_AUTH_CALLS)) {
+				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "IP %s Rejected by acl %s\n", network_ip, switch_str_nil(last_acl));
 				nua_respond(nh, SIP_403_FORBIDDEN, TAG_END());
 				return;
+			} else {
+				switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "IP %s Rejected by acl %s. Falling back to Digest auth.\n", 
+								  network_ip, switch_str_nil(last_acl));
 			}
 		}
 	}