[Asterisk-code-review] res pjsip: Add 'ip' as a valid option to 'identify by' on en... (asterisk[13])

Joshua Colp asteriskteam at digium.com
Wed Oct 25 05:43:22 CDT 2017


Joshua Colp has uploaded this change for review. ( https://gerrit.asterisk.org/6905


Change subject: res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.
......................................................................

res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.

When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.

ASTERISK-27206

Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
---
M CHANGES
A contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
M include/asterisk/res_pjsip.h
M res/res_pjsip.c
M res/res_pjsip/pjsip_configuration.c
M res/res_pjsip_endpoint_identifier_ip.c
6 files changed, 73 insertions(+), 3 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/05/6905/1

diff --git a/CHANGES b/CHANGES
index 913b36a..daaf3e6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,16 @@
 ==============================================================================
 
 ------------------------------------------------------------------------------
+--- Functionality changes from Asterisk 13.18.0 to Asterisk 13.19.0 ----------
+------------------------------------------------------------------------------
+
+res_pjsip
+------------------
+ * The "identify_by" on endpoints can now be set to "ip" to restrict an endpoint
+   being matched based only on IP address. To ensure no behavior change the
+   default has been changed to "username,ip".
+
+------------------------------------------------------------------------------
 --- Functionality changes from Asterisk 13.17.0 to Asterisk 13.18.0 ----------
 ------------------------------------------------------------------------------
 
diff --git a/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
new file mode 100644
index 0000000..d457c92
--- /dev/null
+++ b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
@@ -0,0 +1,46 @@
+"""add pjsip identify by ip
+
+Revision ID: 20abce6d1e3c
+Revises: a1698e8bb9c5
+Create Date: 2017-10-24 15:44:06.404774
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '20abce6d1e3c'
+down_revision = 'a1698e8bb9c5'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def enum_update(table_name, column_name, enum_name, enum_values):
+    if op.get_context().bind.dialect.name != 'postgresql':
+        if op.get_context().bind.dialect.name == 'mssql':
+            op.drop_constraint('ck_ps_endpoints_identify_by_pjsip_identify_by_values', 'ps_endpoints')
+        op.alter_column(table_name, column_name,
+                        type_=sa.Enum(*enum_values, name=enum_name))
+        return
+
+    # Postgres requires a few more steps
+    tmp = enum_name + '_tmp'
+
+    op.execute('ALTER TYPE ' + enum_name + ' RENAME TO ' + tmp)
+
+    updated = sa.Enum(*enum_values, name=enum_name)
+    updated.create(op.get_bind(), checkfirst=False)
+
+    op.execute('ALTER TABLE ' + table_name + ' ALTER COLUMN ' + column_name +
+               ' TYPE ' + enum_name + ' USING identify_by::text::' + enum_name)
+
+    op.execute('DROP TYPE ' + tmp)
+
+
+def upgrade():
+    enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',
+                ['username', 'auth_username', 'ip'])
+
+
+def downgrade():
+    enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',
+                ['username', 'auth_username'])
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index ac1267d..931757f 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -435,6 +435,8 @@
 	AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME = (1 << 0),
 	/*! Identify based on user name in Auth header first, then From header */
 	AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME = (1 << 1),
+	/*! Identify based on source IP address */
+	AST_SIP_ENDPOINT_IDENTIFY_BY_IP = (1 << 2),
 };
 AST_VECTOR(ast_sip_identify_by_vector, enum ast_sip_endpoint_identifier_type);
 
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index e215946..723f688 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -268,7 +268,7 @@
 				<configOption name="ice_support" default="no">
 					<synopsis>Enable the ICE mechanism to help traverse NAT</synopsis>
 				</configOption>
-				<configOption name="identify_by" default="username,location">
+				<configOption name="identify_by" default="username,ip">
 					<synopsis>Way(s) for Endpoint to be identified</synopsis>
 					<description><para>
 						Endpoints and aors can be identified in multiple ways. Currently, the supported
diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c
index 8106676..629e85b 100644
--- a/res/res_pjsip/pjsip_configuration.c
+++ b/res/res_pjsip/pjsip_configuration.c
@@ -584,8 +584,10 @@
 
 		if (!strcasecmp(val, "username")) {
 			method = AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME;
-		} else	if (!strcasecmp(val, "auth_username")) {
+		} else if (!strcasecmp(val, "auth_username")) {
 			method = AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME;
+		} else if (!strcasecmp(val, "ip")) {
+			method = AST_SIP_ENDPOINT_IDENTIFY_BY_IP;
 		} else {
 			ast_log(LOG_ERROR, "Unrecognized identification method %s specified for endpoint %s\n",
 					val, ast_sorcery_object_get_id(endpoint));
@@ -629,6 +631,9 @@
 			break;
 		case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME :
 			method = "auth_username";
+			break;
+		case AST_SIP_ENDPOINT_IDENTIFY_BY_IP :
+			method = "ip";
 			break;
 		default:
 			continue;
@@ -1873,7 +1878,7 @@
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "aors", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, aors));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "media_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.address));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "bind_rtp_to_media_address", "no", OPT_BOOL_T, 1, STRFLDSET(struct ast_sip_endpoint, media.bind_rtp_to_media_address));
-	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username", ident_handler, ident_to_str, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username,ip", ident_handler, ident_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "direct_media", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.direct_media.enabled));
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "direct_media_method", "invite", direct_media_method_handler, direct_media_method_to_str, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "connected_line_method", "invite", connected_line_method_handler, connected_line_method_to_str, NULL, 0, 0);
diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c
index f935882..1471623 100644
--- a/res/res_pjsip_endpoint_identifier_ip.c
+++ b/res/res_pjsip_endpoint_identifier_ip.c
@@ -227,7 +227,14 @@
 	}
 
 	endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", match->endpoint_name);
+
 	if (endpoint) {
+		if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_IP)) {
+			ast_debug(3, "Endpoint '%s' found for '%s' but 'ip' method not supported'\n", match->endpoint_name,
+				ast_sockaddr_stringify(&addr));
+			ao2_cleanup(endpoint);
+			return NULL;
+		}
 		ast_debug(3, "Retrieved endpoint %s\n", ast_sorcery_object_get_id(endpoint));
 	} else {
 		ast_log(LOG_WARNING, "Identify section '%s' points to endpoint '%s' but endpoint could not be looked up\n",

-- 
To view, visit https://gerrit.asterisk.org/6905
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
Gerrit-Change-Number: 6905
Gerrit-PatchSet: 1
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171025/e118b5da/attachment-0001.html>


More information about the asterisk-code-review mailing list