[asterisk-commits] mmichelson: branch mmichelson/authenticate r380810 - /team/mmichelson/authent...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Feb 4 11:55:00 CST 2013
Author: mmichelson
Date: Mon Feb 4 11:54:56 2013
New Revision: 380810
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=380810
Log:
Get the authenticator working for "userpass" authentication.
Modified:
team/mmichelson/authenticate/res/res_sip_authenticator.c
Modified: team/mmichelson/authenticate/res/res_sip_authenticator.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip_authenticator.c?view=diff&rev=380810&r1=380809&r2=380810
==============================================================================
--- team/mmichelson/authenticate/res/res_sip_authenticator.c (original)
+++ team/mmichelson/authenticate/res/res_sip_authenticator.c Mon Feb 4 11:54:56 2013
@@ -32,45 +32,36 @@
static int default_requires_authentication(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
{
- return 1;
+ return ao2_container_count(endpoint->sip_auths);
}
-/* XXX For now, just use some hard-coded credentials. First step in this process is to
- * be sure that authentication is working and that the API doesn't need adjustments. The
- * next step will be figuring out the endpoint configuration needed in order for authentication
- * to properly work.
- */
-const char default_realm[] = "asterisk";
-const char default_username[] = "bob";
-const char default_password[] = "hunter2";
+static void auth_store_cleanup(void *data)
+{
+ struct ast_sip_auth **auth = data;
-static void auth_endpoint_cleanup(void *data)
-{
- struct ast_sip_endpoint **endpoint = data;
-
- ao2_cleanup(*endpoint);
+ ao2_cleanup(*auth);
ast_free(data);
}
-AST_THREADSTORAGE_CUSTOM(auth_endpoint, NULL, auth_endpoint_cleanup);
+AST_THREADSTORAGE_CUSTOM(auth_store, NULL, auth_store_cleanup);
-static int store_endpoint(struct ast_sip_endpoint *endpoint)
+static int store_auth(struct ast_sip_auth *auth)
{
- struct ast_sip_endpoint **pointing;
- pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+ struct ast_sip_auth **pointing;
+ pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
if (!pointing || *pointing) {
return -1;
}
- ao2_ref(endpoint, +1);
- *pointing = endpoint;
+ ao2_ref(auth, +1);
+ *pointing = auth;
return 0;
}
-static int remove_endpoint(void)
+static int remove_auth(void)
{
- struct ast_sip_endpoint **pointing;
- pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+ struct ast_sip_auth **pointing;
+ pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
if (!pointing) {
return -1;
}
@@ -80,13 +71,13 @@
return 0;
}
-static struct ast_sip_endpoint *get_endpoint(void)
+static struct ast_sip_auth *get_auth(void)
{
- struct ast_sip_endpoint **endpoint;
- endpoint = ast_threadstorage_get(&auth_endpoint, sizeof(endpoint));
- if (endpoint && *endpoint) {
- ao2_ref(*endpoint, +1);
- return *endpoint;
+ struct ast_sip_auth **auth;
+ auth = ast_threadstorage_get(&auth_store, sizeof(auth));
+ if (auth && *auth) {
+ ao2_ref(*auth, +1);
+ return *auth;
}
return NULL;
}
@@ -94,45 +85,76 @@
static pj_status_t default_lookup(pj_pool_t *pool, const pj_str_t *realm,
const pj_str_t *acc_name, pjsip_cred_info *info)
{
- RAII_VAR(struct ast_sip_endpoint *, endpoint, get_endpoint(), ao2_cleanup);
+ RAII_VAR(struct ast_sip_auth *, auth, get_auth(), ao2_cleanup);
- if (pj_strcmp2(realm, default_realm)) {
+ if (pj_strcmp2(realm, auth->realm)) {
return PJSIP_SC_FORBIDDEN;
}
- if (pj_strcmp2(acc_name, default_username)) {
+ if (pj_strcmp2(acc_name, auth->auth_user)) {
return PJSIP_SC_FORBIDDEN;
}
- pj_strdup2(pool, &info->realm, default_realm);
- pj_strdup2(pool, &info->username, default_username);
- pj_strdup2(pool, &info->data, default_password);
+ pj_strdup2(pool, &info->realm, auth->realm);
+ pj_strdup2(pool, &info->username, auth->auth_user);
+ pj_strdup2(pool, &info->data, auth->auth_pass);
info->data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
return PJ_SUCCESS;
+}
+
+static void setup_auth_srv(pj_pool_t *pool, pjsip_auth_srv *auth_server, struct ast_sip_auth *auth)
+{
+ pj_str_t realm;
+ pj_cstr(&realm, auth->realm);
+
+ pjsip_auth_srv_init(pool, auth_server, &realm, default_lookup, 0);
+}
+
+static int verify(void *obj, void *arg, void *data, int flags)
+{
+ struct ast_sip_auth *auth = obj;
+ pjsip_tx_data *tdata = arg;
+ pjsip_rx_data *rdata = data;
+ pjsip_auth_srv auth_server;
+ pj_status_t authed;
+ int response_code;
+
+ setup_auth_srv(tdata->pool, &auth_server, auth);
+
+ store_auth(auth);
+
+ authed = pjsip_auth_srv_verify(&auth_server, rdata, &response_code);
+
+ remove_auth();
+
+ return authed == PJ_SUCCESS ? CMP_MATCH : 0;
+}
+
+static int challenge(void *obj, void *arg, int flags)
+{
+ struct ast_sip_auth *auth = obj;
+ pjsip_tx_data *tdata = arg;
+ pjsip_auth_srv auth_server;
+ pj_str_t qop;
+ pj_cstr(&qop, "auth");
+
+ setup_auth_srv(tdata->pool, &auth_server, auth);
+
+ pjsip_auth_srv_challenge(&auth_server, &qop, NULL, NULL, PJ_FALSE, tdata);
+ return 0;
}
static enum ast_sip_check_auth_result default_check_auth(struct ast_sip_endpoint *endpoint,
pjsip_rx_data *rdata, pjsip_tx_data *tdata)
{
- pjsip_auth_srv auth_server;
- pj_str_t realm;
- pj_str_t qop;
- int response_code;
+ struct ast_sip_auth *auth;
- pj_cstr(&realm, default_realm);
- pj_cstr(&qop, "auth");
-
- pjsip_auth_srv_init(tdata->pool, &auth_server, &realm, default_lookup, 0);
-
- store_endpoint(endpoint);
-
- /* First thing's first, let's see if this request passes muster */
- if (pjsip_auth_srv_verify(&auth_server, rdata, &response_code) == PJ_SUCCESS) {
+ auth = ao2_callback_data(endpoint->sip_auths, 0, verify, tdata, rdata);
+ if (auth) {
+ /* Success! */
+ ao2_ref(auth, -1);
return AST_SIP_AUTHENTICATION_SUCCESS;
}
-
- remove_endpoint();
-
- /* Oh no! They couldn't authenticate. Well let's create a challenge for them. */
- pjsip_auth_srv_challenge(&auth_server, &qop, NULL, NULL, PJ_FALSE, tdata);
+
+ ao2_callback(endpoint->sip_auths, 0, challenge, tdata);
return AST_SIP_AUTHENTICATION_CHALLENGE;
}
More information about the asterisk-commits
mailing list