[Asterisk-code-review] res pjsip: Add ability to identify by Authorization username (asterisk[13])

George Joseph asteriskteam at digium.com
Mon Mar 7 22:45:42 CST 2016


George Joseph has uploaded a new change for review.

  https://gerrit.asterisk.org/2367

Change subject: res_pjsip:  Add ability to identify by Authorization username
......................................................................

res_pjsip:  Add ability to identify by Authorization username

A new value "auth_username" has been added to endpoint/identify_by that
will use the username and digest fields in the Authorization header
instead of username and domain in the the From header to match an endpoint,
or the To header to match an aor.

Although identify_by was always a comma-separated list, there was only
1 choice so order wasn't preserved.  So to keep the order, a vector was added
to the end of ast_sip_endpoint.  This is only used by res_pjsip_registrar
to find the aor of course since the res_pjsip_endpoint_identifier_* modules
are called in globals/endpoint_identifier_order.

Along the way, the logic in res_pjsip_registrar was corrected to match
most-specific to least-specific as res_pjsip_endpoint_identifier_user does.

The order is:

username at domain
username at domain_alias
username

The testsuite tests all pass but a new test is forthcoming for this new
feature.

ASTERISK-25835 #close
Reported-by: Ross Beer

Change-Id: I30ba62d208e6f63439600916fcd1c08a365ed69d
---
M CHANGES
M configs/samples/pjsip.conf.sample
M include/asterisk/res_pjsip.h
M res/res_pjsip.c
M res/res_pjsip/pjsip_configuration.c
M res/res_pjsip_endpoint_identifier_user.c
M res/res_pjsip_registrar.c
7 files changed, 257 insertions(+), 69 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/67/2367/1

diff --git a/CHANGES b/CHANGES
index 11de7d5..53a6e66 100644
--- a/CHANGES
+++ b/CHANGES
@@ -105,6 +105,14 @@
  * Added new global option (regcontext) to pjsip. When set, Asterisk will
    dynamically create and destroy a NoOp priority 1 extension
    for a given endpoint who registers or unregisters with us.
+ 
+ * Endpoints and aors can now be identified by the username and realm in an
+   incoming Authorization header.  To use this feature, add "auth_username"
+   to your endpoint's "identify_by" list.  You can combine "auth_username"
+   and the original "username" to test both the From/To and Authorization
+   headers.  For endpoints, the order is controlled by the global
+   "endpoint_identifier_order" setting.  For matching aors to an endpoint
+   for inbound registration, the order is controlled by this option.
 
 res_pjsip_history
 ------------------
diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample
index ebbd199..34fad01 100644
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -620,8 +620,13 @@
                                 ; the specified address. (default: "no")
 ;force_rport=yes        ; Force use of return port (default: "yes")
 ;ice_support=no ; Enable the ICE mechanism to help traverse NAT (default: "no")
-;identify_by=username   ; Way s for Endpoint to be identified (default:
-                        ; "username")
+;identify_by=username   ; A comma-separated list of ways the Endpoint or AoR can be
+                        ; identified.
+                        ; "username": Identify by the From or To username and domain
+                        ; "auth_username": Identify by the Authorization username and realm
+                        : In all cases, if an exact match on username and domain/realm fails,
+                        ; the match will be retried with just the username.
+                        ; (default: "username")
 ;redirect_method=user   ; How redirects received from an endpoint are handled
                         ; (default: "user")
 ;mailboxes=     ; Mailbox es to be associated with (default: "")
@@ -888,8 +893,12 @@
                         ; (default: "0")
 ;endpoint_identifier_order=ip,username,anonymous
             ; The order by which endpoint identifiers are given priority.
-            ; Identifier names are derived from res_pjsip_endpoint_identifier_*
-            ; modules. (default: ip,username,anonymous)
+            ; Currently, "ip", "username", "auth_username" and "anonymous" are valid
+            ; identifiers as registered by the res_pjsip_endpoint_identifier_* modules.
+            ; Some modules like res_pjsip_endpoint_identifier_user register more than
+            ; one identifier. Use the CLI command "pjsip show identifiers" to see the
+            ; identifiers currently available.
+            ; (default: ip,username,anonymous)
 ;max_initial_qualify_time=4 ; The maximum amount of time (in seconds) from
                             ; startup that qualifies should be attempted on all
                             ; contacts.  If greater than the qualify_frequency
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index fc921c8..b9c1c96 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -387,7 +387,10 @@
 enum ast_sip_endpoint_identifier_type {
 	/*! Identify based on user name in From header */
 	AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME = (1 << 0),
+	/*! Identify based on user name in Auth header first, then From header */
+	AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME = (1 << 1),
 };
+AST_VECTOR(ast_sip_identify_by_vector, enum ast_sip_endpoint_identifier_type);
 
 enum ast_sip_session_refresh_method {
 	/*! Use reinvite to negotiate direct media */
@@ -713,6 +716,8 @@
 	unsigned int usereqphone;
 	/*! Do we send messages for connected line updates for unanswered incoming calls immediately to this endpoint? */
 	unsigned int rpid_immediate;
+	/*! Order of the method(s) by which the endpoint should be identified. */
+	struct ast_sip_identify_by_vector ident_method_order;
 };
 
 /*!
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index e0af0b0..d4a6652 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -252,18 +252,22 @@
 				<configOption name="identify_by" default="username,location">
 					<synopsis>Way(s) for Endpoint to be identified</synopsis>
 					<description><para>
-						An endpoint can be identified in multiple ways. Currently, the only supported
-						option is <literal>username</literal>, which matches the endpoint based on the
-						username in the From header.
+						endpoints and aors can be identified in multiple ways. Currently, the supported
+						options are <literal>username</literal>, which matches the endpoint or aor id based on
+						the username and domain in the From header (or To header for aors), and
+						<literal>auth_username</literal>, which matches the endpoint or aor id based on the
+						username and realm in the Authentication header.  In all cases, if an exact match
+						on both username and domain/realm fails, the match will be retried with just the username.
 						</para>
 						<note><para>Endpoints can also be identified by IP address; however, that method
 						of identification is not handled by this configuration option. See the documentation
 						for the <literal>identify</literal> configuration section for more details on that
-						method of endpoint identification. If this option is set to <literal>username</literal>
-						and an <literal>identify</literal> configuration section exists for the endpoint, then
-						the endpoint can be identified in multiple ways.</para></note>
+						method of endpoint identification. If this option is set and an <literal>identify</literal>
+						configuration section exists for the endpoint, then the endpoint can be identified in
+						multiple ways.</para></note>
 						<enumlist>
 							<enum name="username" />
+							<enum name="auth_username" />
 						</enumlist>
 					</description>
 				</configOption>
@@ -1303,7 +1307,9 @@
 				<configOption name="endpoint_identifier_order" default="ip,username,anonymous">
 					<synopsis>The order by which endpoint identifiers are processed and checked.
                                         Identifier names are usually derived from and can be found in the endpoint
-                                        identifier module itself (res_pjsip_endpoint_identifier_*)</synopsis>
+                                        identifier module itself (res_pjsip_endpoint_identifier_*).
+                                        You can use the CLI command "pjsip show identifiers" to see the
+                                        identifiers currently available.</synopsis>
 				</configOption>
 				<configOption name="default_from_user" default="asterisk">
 					<synopsis>When Asterisk generates an outgoing SIP request, the From header username will be
diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c
index ebd6212..8a1f2b0 100644
--- a/res/res_pjsip/pjsip_configuration.c
+++ b/res/res_pjsip/pjsip_configuration.c
@@ -479,6 +479,15 @@
 	struct ast_sip_endpoint *endpoint = obj;
 	char *idents = ast_strdupa(var->value);
 	char *val;
+	enum ast_sip_endpoint_identifier_type method;
+
+	/*
+	 * If there's already something in the vector when we get here,
+	 * it's the default value so we need to clean it out.
+	 */
+	if (AST_VECTOR_SIZE(&endpoint->ident_method_order)) {
+		AST_VECTOR_RESET(&endpoint->ident_method_order, AST_VECTOR_ELEM_CLEANUP_NOOP);
+	}
 
 	while ((val = ast_strip(strsep(&idents, ",")))) {
 		if (ast_strlen_zero(val)) {
@@ -486,27 +495,54 @@
 		}
 
 		if (!strcasecmp(val, "username")) {
-			endpoint->ident_method |= AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME;
+			method = AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME;
+		} else	if (!strcasecmp(val, "auth_username")) {
+			method = AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME;
 		} else {
 			ast_log(LOG_ERROR, "Unrecognized identification method %s specified for endpoint %s\n",
 					val, ast_sorcery_object_get_id(endpoint));
+			AST_VECTOR_RESET(&endpoint->ident_method_order, AST_VECTOR_ELEM_CLEANUP_NOOP);
 			return -1;
 		}
+
+		endpoint->ident_method |= method;
+		AST_VECTOR_APPEND(&endpoint->ident_method_order, method);
 	}
+
 	return 0;
 }
 
 static int ident_to_str(const void *obj, const intptr_t *args, char **buf)
 {
 	const struct ast_sip_endpoint *endpoint = obj;
-	switch (endpoint->ident_method) {
-	case AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME :
-		*buf = "username"; break;
-	default:
+	int methods;
+	char *method;
+	int i;
+	int j = 0;
+
+	methods = AST_VECTOR_SIZE(&endpoint->ident_method_order);
+	if (!methods) {
 		return 0;
 	}
 
-	*buf = ast_strdup(*buf);
+	if (!(*buf = ast_calloc(MAX_OBJECT_FIELD, sizeof(char)))) {
+		return -1;
+	}
+
+	for (i = 0; i < methods; i++) {
+		switch (AST_VECTOR_GET(&endpoint->ident_method_order, i)) {
+		case AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME :
+			method = "username";
+			break;
+		case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME :
+			method = "auth_username";
+			break;
+		default:
+			continue;
+		}
+		j = sprintf(*buf + j, "%s%s", method, i < methods - 1 ? "," : "");
+	}
+
 	return 0;
 }
 
@@ -2092,6 +2128,7 @@
 	endpoint->pickup.named_pickupgroups = ast_unref_namedgroups(endpoint->pickup.named_pickupgroups);
 	ao2_cleanup(endpoint->persistent);
 	ast_variables_destroy(endpoint->channel_vars);
+	AST_VECTOR_FREE(&endpoint->ident_method_order);
 }
 
 static int init_subscription_configuration(struct ast_sip_endpoint_subscription_configuration *subscription)
@@ -2136,6 +2173,11 @@
 		return NULL;
 	}
 	ast_party_id_init(&endpoint->id.self);
+
+	if (AST_VECTOR_INIT(&endpoint->ident_method_order, 1)) {
+		return NULL;
+	}
+
 	return endpoint;
 }
 
diff --git a/res/res_pjsip_endpoint_identifier_user.c b/res/res_pjsip_endpoint_identifier_user.c
index aa6d398..e7afdd0 100644
--- a/res/res_pjsip_endpoint_identifier_user.c
+++ b/res/res_pjsip_endpoint_identifier_user.c
@@ -29,7 +29,7 @@
 #include "asterisk/res_pjsip.h"
 #include "asterisk/module.h"
 
-static int get_endpoint_details(pjsip_rx_data *rdata, char *endpoint, size_t endpoint_size, char *domain, size_t domain_size)
+static int get_from_header(pjsip_rx_data *rdata, char *username, size_t username_size, char *domain, size_t domain_size)
 {
 	pjsip_uri *from = rdata->msg_info.from->uri;
 	pjsip_sip_uri *sip_from;
@@ -37,8 +37,24 @@
 		return -1;
 	}
 	sip_from = (pjsip_sip_uri *) pjsip_uri_get_uri(from);
-	ast_copy_pj_str(endpoint, &sip_from->user, endpoint_size);
+	ast_copy_pj_str(username, &sip_from->user, username_size);
 	ast_copy_pj_str(domain, &sip_from->host, domain_size);
+	return 0;
+}
+
+static int get_auth_header(pjsip_rx_data *rdata, char *username, size_t username_size, char *realm, size_t realm_size)
+{
+	pjsip_authorization_hdr *header;
+
+	header = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
+
+	if (!header || pj_stricmp2(&header->scheme, "digest")) {
+		return -1;
+	}
+
+	ast_copy_pj_str(username, &header->credential.digest.username, username_size);
+	ast_copy_pj_str(realm, &header->credential.digest.realm, realm_size);
+
 	return 0;
 }
 
@@ -56,30 +72,26 @@
 	return 0;
 }
 
-static struct ast_sip_endpoint *username_identify(pjsip_rx_data *rdata)
+static struct ast_sip_endpoint *find_endpoint(pjsip_rx_data *rdata, char *endpoint_name, char *domain_name)
 {
-	char endpoint_name[64], domain_name[64], id[AST_UUID_STR_LEN];
+	char id[AST_UUID_STR_LEN];
 	struct ast_sip_endpoint *endpoint;
 	RAII_VAR(struct ast_sip_domain_alias *, alias, NULL, ao2_cleanup);
 	RAII_VAR(struct ao2_container *, transport_states, NULL, ao2_cleanup);
 	RAII_VAR(struct ast_sip_transport_state *, transport_state, NULL, ao2_cleanup);
 	RAII_VAR(struct ast_sip_transport *, transport, NULL, ao2_cleanup);
 
-	if (get_endpoint_details(rdata, endpoint_name, sizeof(endpoint_name), domain_name, sizeof(domain_name))) {
-		return NULL;
-	}
-
 	/* Attempt to find the endpoint given the name and domain provided */
 	snprintf(id, sizeof(id), "%s@%s", endpoint_name, domain_name);
 	if ((endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id))) {
-		goto done;
+		return endpoint;
 	}
 
 	/* See if an alias exists for the domain provided */
 	if ((alias = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "domain_alias", domain_name))) {
 		snprintf(id, sizeof(id), "%s@%s", endpoint_name, alias->domain);
 		if ((endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id))) {
-			goto done;
+			return endpoint;
 		}
 	}
 
@@ -90,40 +102,80 @@
 		&& !ast_strlen_zero(transport->domain)) {
 		snprintf(id, sizeof(id), "anonymous@%s", transport->domain);
 		if ((endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id))) {
-			goto done;
+			return endpoint;
 		}
 	}
 
 	/* Fall back to no domain */
 	endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", endpoint_name);
 
-done:
-	if (endpoint) {
-		if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME)) {
-			ao2_ref(endpoint, -1);
-			return NULL;
-		}
-		ast_debug(3, "Retrieved endpoint %s\n", ast_sorcery_object_get_id(endpoint));
-	} else {
-		ast_debug(3, "Could not identify endpoint by username '%s'\n", endpoint_name);
-	}
 	return endpoint;
 }
+
+static struct ast_sip_endpoint *username_identify(pjsip_rx_data *rdata)
+{
+	char username[64], domain[64];
+	struct ast_sip_endpoint *endpoint;
+
+	if (get_from_header(rdata, username, sizeof(username), domain, sizeof(domain))) {
+		return NULL;
+	}
+	ast_debug(3, "Attempting identify by From username '%s' domain '%s'\n", username, domain);
+
+	endpoint = find_endpoint(rdata, username, domain);
+	if (!endpoint || !(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME)) {
+		ast_debug(3, "Could not identify endpoint by From username '%s'\n", username);
+		ao2_cleanup(endpoint);
+		return NULL;
+	}
+	ast_debug(3, "Identified by From username '%s' domain '%s'\n", username, domain);
+
+	return endpoint;
+}
+
+static struct ast_sip_endpoint *auth_username_identify(pjsip_rx_data *rdata)
+{
+	char username[64], realm[64];
+	struct ast_sip_endpoint *endpoint;
+
+	if (get_auth_header(rdata, username, sizeof(username), realm, sizeof(realm))) {
+		return NULL;
+	}
+	ast_debug(3, "Attempting identify by Authorization username '%s' realm '%s'\n", username, realm);
+
+	endpoint = find_endpoint(rdata, username, realm);
+	if (!endpoint || !(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME)) {
+		ast_debug(3, "Could not identify endpoint by Authorization username '%s'\n", username);
+		ao2_cleanup(endpoint);
+		return NULL;
+	}
+	ast_debug(3, "Identified by Authorization username '%s' realm '%s'\n", username, realm);
+
+	return endpoint;
+}
+
 
 static struct ast_sip_endpoint_identifier username_identifier = {
 	.identify_endpoint = username_identify,
 };
+
+static struct ast_sip_endpoint_identifier auth_username_identifier = {
+	.identify_endpoint = auth_username_identify,
+};
+
 
 static int load_module(void)
 {
 	CHECK_PJSIP_MODULE_LOADED();
 
 	ast_sip_register_endpoint_identifier_with_name(&username_identifier, "username");
+	ast_sip_register_endpoint_identifier_with_name(&auth_username_identifier, "auth_username");
 	return AST_MODULE_LOAD_SUCCESS;
 }
 
 static int unload_module(void)
 {
+	ast_sip_unregister_endpoint_identifier(&auth_username_identifier);
 	ast_sip_unregister_endpoint_identifier(&username_identifier);
 	return 0;
 }
diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c
index fb2b9da..c519adc 100644
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@@ -612,6 +612,66 @@
 	return PJ_TRUE;
 }
 
+static char *find_aor_name(const char *username, const char *domain, const char *aors)
+{
+	char *configured_aors;
+	char *aor_name;
+	char *id_domain;
+	struct ast_sip_domain_alias *alias;
+
+	id_domain = ast_alloca(strlen(username) + strlen(domain) + 2);
+	sprintf(id_domain, "%s@%s", username, domain);
+
+	/* Look for exact match on username at domain */
+	configured_aors = ast_strdupa(aors);
+	while ((aor_name = ast_strip(strsep(&configured_aors, ",")))) {
+		if (ast_strlen_zero(aor_name)) {
+			continue;
+		}
+
+		if (!strcmp(aor_name, id_domain)) {
+			ast_debug(3, "Matched username '%s' to aor '%s'\n", id_domain, aor_name);
+			return ast_strdup(aor_name);
+		}
+	}
+
+	/* If there's a domain alias, look for exact match on username at domain_alias */
+	alias = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "domain_alias", domain);
+	if (alias) {
+		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);
+
+		sprintf(id_domain, "%s@%s", username, alias->domain);
+		ao2_cleanup(alias);
+
+		configured_aors = ast_strdupa(aors);
+		while ((aor_name = ast_strip(strsep(&configured_aors, ",")))) {
+			if (ast_strlen_zero(aor_name)) {
+				continue;
+			}
+
+			if (!strcmp(aor_name, id_domain_alias)) {
+				ast_debug(3, "Matched username '%s' to aor '%s'\n", id_domain_alias, aor_name);
+				return ast_strdup(aor_name);
+			}
+		}
+	}
+
+	/* Look for exact match on username only */
+	configured_aors = ast_strdupa(aors);
+	while ((aor_name = ast_strip(strsep(&configured_aors, ",")))) {
+		if (ast_strlen_zero(aor_name)) {
+			continue;
+		}
+
+		if (!strcmp(aor_name, username)) {
+			ast_debug(3, "Matched username '%s' to aor '%s'\n", username, aor_name);
+			return ast_strdup(aor_name);
+		}
+	}
+
+	return NULL;
+}
+
 static pj_bool_t registrar_on_rx_request(struct pjsip_rx_data *rdata)
 {
 	RAII_VAR(struct serializer *, ser, NULL, ao2_cleanup);
@@ -620,10 +680,10 @@
 	RAII_VAR(struct ast_sip_endpoint *, endpoint,
 		 ast_pjsip_rdata_get_endpoint(rdata), ao2_cleanup);
 	RAII_VAR(struct ast_sip_aor *, aor, NULL, ao2_cleanup);
-	pjsip_sip_uri *uri;
-	char *domain_name;
-	char *configured_aors, *aor_name;
-	RAII_VAR(struct ast_str *, id, NULL, ast_free);
+	char *domain_name = NULL;
+	char *username = NULL;
+	RAII_VAR(char *, aor_name, NULL, ast_free);
+	int i;
 
 	if (pjsip_method_cmp(&rdata->msg_info.msg->line.req.method, &pjsip_register_method) || !endpoint) {
 		return PJ_FALSE;
@@ -644,38 +704,44 @@
 		return PJ_TRUE;
 	}
 
-	uri = pjsip_uri_get_uri(rdata->msg_info.to->uri);
-	domain_name = ast_alloca(uri->host.slen + 1);
-	ast_copy_pj_str(domain_name, &uri->host, uri->host.slen + 1);
+	for (i = 0; i < AST_VECTOR_SIZE(&endpoint->ident_method_order); i++) {
+		pjsip_sip_uri *uri;
+		pjsip_authorization_hdr *header;
 
-	configured_aors = ast_strdupa(endpoint->aors);
+		switch (AST_VECTOR_GET(&endpoint->ident_method_order, i)) {
+		case AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME :
+			uri = pjsip_uri_get_uri(rdata->msg_info.to->uri);
 
-	/* Iterate the configured AORs to see if the user or the user+domain match */
-	while ((aor_name = ast_strip(strsep(&configured_aors, ",")))) {
-		struct ast_sip_domain_alias *alias = NULL;
+			domain_name = ast_alloca(uri->host.slen + 1);
+			ast_copy_pj_str(domain_name, &uri->host, uri->host.slen + 1);
+			username = ast_alloca(uri->user.slen + 1);
+			ast_copy_pj_str(username, &uri->user, uri->user.slen + 1);
 
-		if (ast_strlen_zero(aor_name)) {
+			aor_name = find_aor_name(username, domain_name, endpoint->aors);
+			if (aor_name) {
+				ast_debug(3, "Matched aor '%s' by To username\n", aor_name);
+			}
+			break;
+		case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME :
+			header = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, NULL);
+
+			if (header && !pj_stricmp2(&header->scheme, "digest")) {
+				username = ast_alloca(header->credential.digest.username.slen + 1);
+				ast_copy_pj_str(username, &header->credential.digest.username, header->credential.digest.username.slen + 1);
+				domain_name = ast_alloca(header->credential.digest.realm.slen + 1);
+				ast_copy_pj_str(domain_name, &header->credential.digest.realm, header->credential.digest.realm.slen + 1);
+
+				aor_name = find_aor_name(username, domain_name, endpoint->aors);
+				if (aor_name) {
+					ast_debug(3, "Matched aor '%s' by Authentication username\n", aor_name);
+				}
+			}
+			break;
+		default:
 			continue;
 		}
 
-		if (!pj_strcmp2(&uri->user, aor_name)) {
-			break;
-		}
-
-		if (!id && !(id = ast_str_create(uri->user.slen + uri->host.slen + 2))) {
-			return PJ_TRUE;
-		}
-
-		ast_str_set(&id, 0, "%.*s@", (int)uri->user.slen, uri->user.ptr);
-		if ((alias = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "domain_alias", domain_name))) {
-			ast_str_append(&id, 0, "%s", alias->domain);
-			ao2_cleanup(alias);
-		} else {
-			ast_str_append(&id, 0, "%s", domain_name);
-		}
-
-		if (!strcmp(aor_name, ast_str_buffer(id))) {
-			ast_free(id);
+		if (aor_name) {
 			break;
 		}
 	}
@@ -684,7 +750,7 @@
 		/* The provided AOR name was not found (be it within the configuration or sorcery itself) */
 		pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 404, NULL, NULL, NULL);
 		ast_sip_report_req_no_support(endpoint, rdata, "registrar_requested_aor_not_found");
-		ast_log(LOG_WARNING, "AOR '%.*s' not found for endpoint '%s'\n", (int)uri->user.slen, uri->user.ptr, ast_sorcery_object_get_id(endpoint));
+		ast_log(LOG_WARNING, "AOR '%s' not found for endpoint '%s'\n", username, ast_sorcery_object_get_id(endpoint));
 		return PJ_TRUE;
 	}
 

-- 
To view, visit https://gerrit.asterisk.org/2367
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I30ba62d208e6f63439600916fcd1c08a365ed69d
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: George Joseph <george.joseph at fairview5.com>



More information about the asterisk-code-review mailing list