[Asterisk-code-review] res pjsip caller id: Anonymize 'From' when caller id present... (asterisk[13])
Anonymous Coward
asteriskteam at digium.com
Tue Mar 8 20:36:50 CST 2016
Anonymous Coward #1000019 has submitted this change and it was merged.
Change subject: res_pjsip_caller_id: Anonymize 'From' when caller id presentation is prohibited
......................................................................
res_pjsip_caller_id: Anonymize 'From' when caller id presentation is prohibited
Per RFC3325, the 'From' header is now anonymized on outgoing calls when
caller id presentation is prohibited.
TID = trust_id_outbound
PRO = Set(CALLERID(pres)=prohib)
USR = endpoint/from_user
DOM = endpoint/from_domain
PAI = YES(privacy=off), NO(not sent), PRI(privacy=full) (assumes send_pai=yes)
Conditions |Result
--------------------|----------------------------------------------------
TID PRO USR DOM |PAI FROM
--------------------|----------------------------------------------------
Y Y abc def.ghi |PRI "Anonymous" <sip:abc at def.ghi>
Y Y abc |PRI "Anonymous" <sip:abc at anonymous.invalid>
Y Y def.ghi |PRI "Anonymous" <sip:anonymous at def.ghi>
Y Y |PRI "Anonymous" <sip:anonymous at anonymous.invalid>
Y N abc def.ghi |YES <sip:abc at def.ghi>
Y N abc |YES <sip:abc@<ip_address>>
Y N def.ghi |YES "Caller Name" <sip:<caller_exten>@def.ghi>
Y N |YES "Caller Name" <sip:<caller_exten>@<ip_address>>
N Y abc def.ghi |NO "Anonymous" <sip:abc at def.ghi>
N Y abc |NO "Anonymous" <sip:abc at anonymous.invalid>
N Y def.ghi |NO "Anonymous" <sip:anonymous at def.ghi>
N Y |NO "Anonymous" <sip:anonymous at anonymous.invalid>
N N abc def.ghi |YES <sip:abc at def.ghi>
N N abc |YES <sip:abc@<ip_address>>
N N def.ghi |YES "Caller Name" <sip:<caller_exten>@def.ghi>
N N |YES "Caller Name" <sip:<caller_exten>@<ip_address>>
ASTERISK-25791 #close
Reported-by: Anthony Messina
Change-Id: I2c82a5ca1413c2c00fb62ea95b0ae8e97af54dc9
---
M CHANGES
M include/asterisk/res_pjsip.h
M include/asterisk/res_pjsip_session.h
M res/res_pjsip.c
M res/res_pjsip_caller_id.c
M res/res_pjsip_session.c
6 files changed, 151 insertions(+), 78 deletions(-)
Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
Anonymous Coward #1000019: Verified
Joshua Colp: Looks good to me, approved
diff --git a/CHANGES b/CHANGES
index 11de7d5..29b1b76 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,11 @@
--- Functionality changes from Asterisk 13.7.0 to Asterisk 13.8.0 ------------
------------------------------------------------------------------------------
+res_pjsip_caller_id
+------------------
+ * Per RFC3325, the 'From' header is now anonymized on outgoing calls when
+ caller id presentation is prohibited.
+
res_pjsip_config_wizard
------------------
* A new command (pjsip export config_wizard primitives) has been added that
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index fc921c8..3901cf7 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -2284,4 +2284,14 @@
*/
int ast_sip_set_tpselector_from_transport_name(const char *transport_name, pjsip_tpselector *selector);
+/*!
+ * \brief Set name and number information on an identity header.
+ *
+ * \param pool Memory pool to use for string duplication
+ * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
+ * \param id The identity information to apply to the header
+ */
+void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr,
+ const struct ast_party_id *id);
+
#endif /* _RES_PJSIP_H */
diff --git a/include/asterisk/res_pjsip_session.h b/include/asterisk/res_pjsip_session.h
index ddc87b0..75d37ac 100644
--- a/include/asterisk/res_pjsip_session.h
+++ b/include/asterisk/res_pjsip_session.h
@@ -149,6 +149,8 @@
enum ast_sip_session_t38state t38state;
/*! The AOR associated with this session */
struct ast_sip_aor *aor;
+ /*! From header saved at invite creation */
+ pjsip_fromto_hdr *saved_from_hdr;
};
typedef int (*ast_sip_session_request_creation_cb)(struct ast_sip_session *session, pjsip_tx_data *tdata);
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index e0af0b0..752491c 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -3864,6 +3864,35 @@
return NULL;
}
+/*!
+ * \brief Set name and number information on an identity header.
+ *
+ * \param pool Memory pool to use for string duplication
+ * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
+ * \param id The identity information to apply to the header
+ */
+void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const struct ast_party_id *id)
+{
+ pjsip_name_addr *id_name_addr;
+ pjsip_sip_uri *id_uri;
+
+ id_name_addr = (pjsip_name_addr *) id_hdr->uri;
+ id_uri = pjsip_uri_get_uri(id_name_addr->uri);
+
+ if (id->name.valid) {
+ int name_buf_len = strlen(id->name.str) * 2 + 1;
+ char *name_buf = ast_alloca(name_buf_len);
+
+ ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+ pj_strdup2(pool, &id_name_addr->display, name_buf);
+ }
+
+ if (id->number.valid) {
+ pj_strdup2(pool, &id_uri->user, id->number.str);
+ }
+}
+
+
static void remove_request_headers(pjsip_endpoint *endpt)
{
const pjsip_hdr *request_headers = pjsip_endpt_get_request_headers(endpt);
diff --git a/res/res_pjsip_caller_id.c b/res/res_pjsip_caller_id.c
index db4e178..9af2a8a 100644
--- a/res/res_pjsip_caller_id.c
+++ b/res/res_pjsip_caller_id.c
@@ -398,49 +398,18 @@
/*!
* \internal
- * \brief Set name and number information on an identity header.
- * \param pool Memory pool to use for string duplication
- * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
- * \param id The identity information to apply to the header
- */
-static void modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const struct ast_party_id *id)
-{
- pjsip_name_addr *id_name_addr;
- pjsip_sip_uri *id_uri;
-
- id_name_addr = (pjsip_name_addr *) id_hdr->uri;
- id_uri = pjsip_uri_get_uri(id_name_addr->uri);
-
- if (id->name.valid) {
- int name_buf_len = strlen(id->name.str) * 2 + 1;
- char *name_buf = ast_alloca(name_buf_len);
-
- ast_escape_quoted(id->name.str, name_buf, name_buf_len);
- pj_strdup2(pool, &id_name_addr->display, name_buf);
- }
-
- if (id->number.valid) {
- pj_strdup2(pool, &id_uri->user, id->number.str);
- }
-}
-
-/*!
- * \internal
* \brief Create an identity header for an outgoing message
* \param hdr_name The name of the header to create
* \param tdata The message to place the header on
* \param id The identification information for the new header
* \return newly-created header
*/
-static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_tx_data *tdata, const struct ast_party_id *id)
+static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromto_hdr *base, pjsip_tx_data *tdata, const struct ast_party_id *id)
{
pjsip_fromto_hdr *id_hdr;
- pjsip_fromto_hdr *base;
pjsip_name_addr *id_name_addr;
pjsip_sip_uri *id_uri;
- base = tdata->msg->type == PJSIP_REQUEST_MSG ? PJSIP_MSG_FROM_HDR(tdata->msg) :
- PJSIP_MSG_TO_HDR(tdata->msg);
id_hdr = pjsip_from_hdr_create(tdata->pool);
id_hdr->type = PJSIP_H_OTHER;
pj_strdup(tdata->pool, &id_hdr->name, hdr_name);
@@ -500,9 +469,10 @@
* \param tdata The message to add the header to
* \param id The identification information used to populate the header
*/
-static void add_pai_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
+static void add_pai_header(const struct ast_sip_session *session, pjsip_tx_data *tdata, const struct ast_party_id *id)
{
static const pj_str_t pj_pai_name = { "P-Asserted-Identity", 19 };
+ pjsip_fromto_hdr *base;
pjsip_fromto_hdr *pai_hdr;
pjsip_fromto_hdr *old_pai;
@@ -523,13 +493,16 @@
if (old_pai->type == PJSIP_H_OTHER) {
pj_list_erase(old_pai);
} else {
- modify_id_header(tdata->pool, old_pai, id);
+ ast_sip_modify_id_header(tdata->pool, old_pai, id);
add_privacy_header(tdata, id);
return;
}
}
- pai_hdr = create_new_id_hdr(&pj_pai_name, tdata, id);
+ base = tdata->msg->type == PJSIP_REQUEST_MSG ? session->saved_from_hdr :
+ PJSIP_MSG_TO_HDR(tdata->msg);
+
+ pai_hdr = create_new_id_hdr(&pj_pai_name, base, tdata, id);
if (!pai_hdr) {
return;
}
@@ -602,9 +575,10 @@
* \param tdata The message to add the header to
* \param id The identification information used to populate the header
*/
-static void add_rpid_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
+static void add_rpid_header(const struct ast_sip_session *session, pjsip_tx_data *tdata, const struct ast_party_id *id)
{
static const pj_str_t pj_rpid_name = { "Remote-Party-ID", 15 };
+ pjsip_fromto_hdr *base;
pjsip_fromto_hdr *rpid_hdr;
pjsip_fromto_hdr *old_rpid;
@@ -625,13 +599,16 @@
if (old_rpid->type == PJSIP_H_OTHER) {
pj_list_erase(old_rpid);
} else {
- modify_id_header(tdata->pool, old_rpid, id);
+ ast_sip_modify_id_header(tdata->pool, old_rpid, id);
add_privacy_params(tdata, old_rpid, id);
return;
}
}
- rpid_hdr = create_new_id_hdr(&pj_rpid_name, tdata, id);
+ base = tdata->msg->type == PJSIP_REQUEST_MSG ? session->saved_from_hdr :
+ PJSIP_MSG_TO_HDR(tdata->msg);
+
+ rpid_hdr = create_new_id_hdr(&pj_rpid_name, base, tdata, id);
if (!rpid_hdr) {
return;
}
@@ -658,10 +635,10 @@
return;
}
if (session->endpoint->id.send_pai) {
- add_pai_header(tdata, id);
+ add_pai_header(session, tdata, id);
}
if (session->endpoint->id.send_rpid) {
- add_rpid_header(tdata, id);
+ add_rpid_header(session, tdata, id);
}
}
@@ -669,10 +646,9 @@
* \internal
* \brief Session supplement callback for outgoing INVITE requests
*
- * For an initial INVITE request, we may change the From header to appropriately
- * reflect the identity information. On all INVITEs (initial and reinvite) we may
- * add other identity headers such as P-Asserted-Identity and Remote-Party-ID based
- * on configuration and privacy settings
+ * On all INVITEs (initial and reinvite) we may add other identity headers
+ * such as P-Asserted-Identity and Remote-Party-ID based on configuration
+ * and privacy settings
*
* \param session The session on which the INVITE will be sent
* \param tdata The outbound INVITE request
@@ -686,33 +662,12 @@
return;
}
- /* Must do a deep copy unless we hold the channel lock the entire time. */
ast_party_id_init(&connected_id);
ast_channel_lock(session->channel);
effective_id = ast_channel_connected_effective_id(session->channel);
ast_party_id_copy(&connected_id, &effective_id);
ast_channel_unlock(session->channel);
- if (session->inv_session->state < PJSIP_INV_STATE_CONFIRMED) {
- /* Only change the From header on the initial outbound INVITE. Switching it
- * mid-call might confuse some UAs.
- */
- pjsip_fromto_hdr *from;
- pjsip_dialog *dlg;
-
- from = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_FROM, tdata->msg->hdr.next);
- dlg = session->inv_session->dlg;
-
- if (ast_strlen_zero(session->endpoint->fromuser)
- && (session->endpoint->id.trust_outbound
- || (ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED)) {
- modify_id_header(tdata->pool, from, &connected_id);
- modify_id_header(dlg->pool, dlg->local.info, &connected_id);
- }
-
- ast_sip_add_usereqphone(session->endpoint, tdata->pool, from->uri);
- ast_sip_add_usereqphone(session->endpoint, dlg->pool, dlg->local.info->uri);
- }
add_id_headers(session, tdata, &connected_id);
ast_party_id_free(&connected_id);
}
diff --git a/res/res_pjsip_session.c b/res/res_pjsip_session.c
index 1de2461..3b91f58 100644
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@@ -30,6 +30,7 @@
#include "asterisk/res_pjsip.h"
#include "asterisk/res_pjsip_session.h"
+#include "asterisk/callerid.h"
#include "asterisk/datastore.h"
#include "asterisk/module.h"
#include "asterisk/logger.h"
@@ -800,6 +801,75 @@
return create_local_sdp(inv_session, session, previous_sdp);
}
+static void set_from_header(struct ast_sip_session *session)
+{
+ struct ast_party_id effective_id;
+ struct ast_party_id connected_id;
+ pj_pool_t *dlg_pool;
+ pjsip_fromto_hdr *dlg_info;
+ pjsip_name_addr *dlg_info_name_addr;
+ pjsip_sip_uri *dlg_info_uri;
+ int restricted;
+
+ if (!session->channel || session->saved_from_hdr) {
+ return;
+ }
+
+ /* We need to save off connected_id for RPID/PAI generation */
+ ast_party_id_init(&connected_id);
+ ast_channel_lock(session->channel);
+ effective_id = ast_channel_connected_effective_id(session->channel);
+ ast_party_id_copy(&connected_id, &effective_id);
+ ast_channel_unlock(session->channel);
+
+ restricted =
+ ((ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED);
+
+ /* Now set up dlg->local.info so pjsip can correctly generate From */
+
+ dlg_pool = session->inv_session->dlg->pool;
+ dlg_info = session->inv_session->dlg->local.info;
+ dlg_info_name_addr = (pjsip_name_addr *) dlg_info->uri;
+ dlg_info_uri = pjsip_uri_get_uri(dlg_info_name_addr);
+
+ if (session->endpoint->id.trust_outbound || !restricted) {
+ ast_sip_modify_id_header(dlg_pool, dlg_info, &connected_id);
+ }
+
+ ast_party_id_free(&connected_id);
+
+ if (!ast_strlen_zero(session->endpoint->fromuser)) {
+ dlg_info_name_addr->display.ptr = NULL;
+ dlg_info_name_addr->display.slen = 0;
+ pj_strdup2(dlg_pool, &dlg_info_uri->user, session->endpoint->fromuser);
+ }
+
+ if (!ast_strlen_zero(session->endpoint->fromdomain)) {
+ pj_strdup2(dlg_pool, &dlg_info_uri->host, session->endpoint->fromdomain);
+ }
+
+ ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
+
+ /* We need to save off the non-anonymized From for RPID/PAI generation (for domain) */
+ session->saved_from_hdr = pjsip_hdr_clone(dlg_pool, dlg_info);
+
+ /* In chan_sip, fromuser and fromdomain trump restricted so we only
+ * anonymize if they're not set.
+ */
+ if (restricted) {
+ /* fromuser doesn't provide a display name so we always set it */
+ pj_strdup2(dlg_pool, &dlg_info_name_addr->display, "Anonymous");
+
+ if (ast_strlen_zero(session->endpoint->fromuser)) {
+ pj_strdup2(dlg_pool, &dlg_info_uri->user, "anonymous");
+ }
+
+ if (ast_strlen_zero(session->endpoint->fromdomain)) {
+ pj_strdup2(dlg_pool, &dlg_info_uri->host, "anonymous.invalid");
+ }
+ }
+}
+
int ast_sip_session_refresh(struct ast_sip_session *session,
ast_sip_session_request_creation_cb on_request_creation,
ast_sip_session_sdp_creation_cb on_sdp_creation,
@@ -866,6 +936,12 @@
}
}
}
+
+ /*
+ * We MUST call set_from_header() before pjsip_inv_(reinvite|update). If we don't, the
+ * From in the reINVITE/UPDATE will be wrong but the rest of the messages will be OK.
+ */
+ set_from_header(session);
if (method == AST_SIP_SESSION_REFRESH_METHOD_INVITE) {
if (pjsip_inv_reinvite(inv_session, NULL, new_sdp, &tdata)) {
@@ -1082,6 +1158,7 @@
.on_rx_request = session_reinvite_on_rx_request,
};
+
void ast_sip_session_send_request_with_cb(struct ast_sip_session *session, pjsip_tx_data *tdata,
ast_sip_session_response_cb on_response)
{
@@ -1094,19 +1171,6 @@
ast_sip_mod_data_set(tdata->pool, tdata->mod_data, session_module.id,
MOD_DATA_ON_RESPONSE, on_response);
-
- if (!ast_strlen_zero(session->endpoint->fromuser) ||
- !ast_strlen_zero(session->endpoint->fromdomain)) {
- pjsip_fromto_hdr *from = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_FROM, tdata->msg->hdr.next);
- pjsip_sip_uri *uri = pjsip_uri_get_uri(from->uri);
-
- if (!ast_strlen_zero(session->endpoint->fromuser)) {
- pj_strdup2(tdata->pool, &uri->user, session->endpoint->fromuser);
- }
- if (!ast_strlen_zero(session->endpoint->fromdomain)) {
- pj_strdup2(tdata->pool, &uri->host, session->endpoint->fromdomain);
- }
- }
handle_outgoing_request(session, tdata);
internal_pjsip_inv_send_msg(session->inv_session, session->endpoint->transport, tdata);
@@ -1133,9 +1197,17 @@
#ifdef PJMEDIA_SDP_NEG_ANSWER_MULTIPLE_CODECS
pjmedia_sdp_neg_set_answer_multiple_codecs(session->inv_session->neg, PJ_TRUE);
#endif
+
+ /*
+ * We MUST call set_from_header() before pjsip_inv_invite. If we don't, the
+ * From in the initial INVITE will be wrong but the rest of the messages will be OK.
+ */
+ set_from_header(session);
+
if (pjsip_inv_invite(session->inv_session, tdata) != PJ_SUCCESS) {
return -1;
}
+
return 0;
}
--
To view, visit https://gerrit.asterisk.org/2293
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2c82a5ca1413c2c00fb62ea95b0ae8e97af54dc9
Gerrit-PatchSet: 5
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Jonathan Rose <jrose at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Walter Doekes <walter+asterisk at wjd.nu>
More information about the asterisk-code-review
mailing list