[asterisk-commits] mmichelson: branch mmichelson/authenticate r380810 - /team/mmichelson/authent...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Feb 4 11:55:00 CST 2013


Author: mmichelson
Date: Mon Feb  4 11:54:56 2013
New Revision: 380810

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=380810
Log:
Get the authenticator working for "userpass" authentication.


Modified:
    team/mmichelson/authenticate/res/res_sip_authenticator.c

Modified: team/mmichelson/authenticate/res/res_sip_authenticator.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip_authenticator.c?view=diff&rev=380810&r1=380809&r2=380810
==============================================================================
--- team/mmichelson/authenticate/res/res_sip_authenticator.c (original)
+++ team/mmichelson/authenticate/res/res_sip_authenticator.c Mon Feb  4 11:54:56 2013
@@ -32,45 +32,36 @@
 
 static int default_requires_authentication(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
-	return 1;
+	return ao2_container_count(endpoint->sip_auths);
 }
 
-/* XXX For now, just use some hard-coded credentials. First step in this process is to
- * be sure that authentication is working and that the API doesn't need adjustments. The
- * next step will be figuring out the endpoint configuration needed in order for authentication
- * to properly work.
- */
-const char default_realm[] = "asterisk";
-const char default_username[] = "bob";
-const char default_password[] = "hunter2";
+static void auth_store_cleanup(void *data)
+{
+	struct ast_sip_auth **auth = data;
 
-static void auth_endpoint_cleanup(void *data)
-{
-	struct ast_sip_endpoint **endpoint = data;
-
-	ao2_cleanup(*endpoint);
+	ao2_cleanup(*auth);
 	ast_free(data);
 }
 
-AST_THREADSTORAGE_CUSTOM(auth_endpoint, NULL, auth_endpoint_cleanup);
+AST_THREADSTORAGE_CUSTOM(auth_store, NULL, auth_store_cleanup);
 
-static int store_endpoint(struct ast_sip_endpoint *endpoint)
+static int store_auth(struct ast_sip_auth *auth)
 {
-	struct ast_sip_endpoint **pointing;
-	pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+	struct ast_sip_auth **pointing;
+	pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
 	if (!pointing || *pointing) {
 		return -1;
 	}
 
-	ao2_ref(endpoint, +1);
-	*pointing = endpoint;
+	ao2_ref(auth, +1);
+	*pointing = auth;
 	return 0;
 }
 
-static int remove_endpoint(void)
+static int remove_auth(void)
 {
-	struct ast_sip_endpoint **pointing;
-	pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+	struct ast_sip_auth **pointing;
+	pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
 	if (!pointing) {
 		return -1;
 	}
@@ -80,13 +71,13 @@
 	return 0;
 }
 
-static struct ast_sip_endpoint *get_endpoint(void)
+static struct ast_sip_auth *get_auth(void)
 {
-	struct ast_sip_endpoint **endpoint;
-	endpoint = ast_threadstorage_get(&auth_endpoint, sizeof(endpoint));
-	if (endpoint && *endpoint) {
-		ao2_ref(*endpoint, +1);
-		return *endpoint;
+	struct ast_sip_auth **auth;
+	auth = ast_threadstorage_get(&auth_store, sizeof(auth));
+	if (auth && *auth) {
+		ao2_ref(*auth, +1);
+		return *auth;
 	}
 	return NULL;
 }
@@ -94,45 +85,76 @@
 static pj_status_t default_lookup(pj_pool_t *pool, const pj_str_t *realm,
 		const pj_str_t *acc_name, pjsip_cred_info *info)
 {
-	RAII_VAR(struct ast_sip_endpoint *, endpoint, get_endpoint(), ao2_cleanup);
+	RAII_VAR(struct ast_sip_auth *, auth, get_auth(), ao2_cleanup);
 
-	if (pj_strcmp2(realm, default_realm)) {
+	if (pj_strcmp2(realm, auth->realm)) {
 		return PJSIP_SC_FORBIDDEN;
 	}
-	if (pj_strcmp2(acc_name, default_username)) {
+	if (pj_strcmp2(acc_name, auth->auth_user)) {
 		return PJSIP_SC_FORBIDDEN;
 	}
-	pj_strdup2(pool, &info->realm, default_realm);
-	pj_strdup2(pool, &info->username, default_username);
-	pj_strdup2(pool, &info->data, default_password);
+	pj_strdup2(pool, &info->realm, auth->realm);
+	pj_strdup2(pool, &info->username, auth->auth_user);
+	pj_strdup2(pool, &info->data, auth->auth_pass);
 	info->data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
 	return PJ_SUCCESS;
+}
+
+static void setup_auth_srv(pj_pool_t *pool, pjsip_auth_srv *auth_server, struct ast_sip_auth *auth)
+{
+	pj_str_t realm;
+	pj_cstr(&realm, auth->realm);
+
+	pjsip_auth_srv_init(pool, auth_server, &realm, default_lookup, 0);
+}
+
+static int verify(void *obj, void *arg, void *data, int flags)
+{
+	struct ast_sip_auth *auth = obj;
+	pjsip_tx_data *tdata = arg;
+	pjsip_rx_data *rdata = data;
+	pjsip_auth_srv auth_server;
+	pj_status_t authed;
+	int response_code;
+
+	setup_auth_srv(tdata->pool, &auth_server, auth);
+
+	store_auth(auth);
+
+	authed = pjsip_auth_srv_verify(&auth_server, rdata, &response_code);
+
+	remove_auth();
+
+	return authed == PJ_SUCCESS ? CMP_MATCH : 0;
+}
+
+static int challenge(void *obj, void *arg, int flags)
+{
+	struct ast_sip_auth *auth = obj;
+	pjsip_tx_data *tdata = arg;
+	pjsip_auth_srv auth_server;
+	pj_str_t qop;
+	pj_cstr(&qop, "auth");
+
+	setup_auth_srv(tdata->pool, &auth_server, auth);
+
+	pjsip_auth_srv_challenge(&auth_server, &qop, NULL, NULL, PJ_FALSE, tdata);
+	return 0;
 }
 
 static enum ast_sip_check_auth_result default_check_auth(struct ast_sip_endpoint *endpoint,
 		pjsip_rx_data *rdata, pjsip_tx_data *tdata)
 {
-	pjsip_auth_srv auth_server;
-	pj_str_t realm;
-	pj_str_t qop;
-	int response_code;
+	struct ast_sip_auth *auth;
 
-	pj_cstr(&realm, default_realm);
-	pj_cstr(&qop, "auth");
-
-	pjsip_auth_srv_init(tdata->pool, &auth_server, &realm, default_lookup, 0);
-
-	store_endpoint(endpoint);
-
-	/* First thing's first, let's see if this request passes muster */
-	if (pjsip_auth_srv_verify(&auth_server, rdata, &response_code) == PJ_SUCCESS) {
+	auth = ao2_callback_data(endpoint->sip_auths, 0, verify, tdata, rdata);
+	if (auth) {
+		/* Success! */
+		ao2_ref(auth, -1);
 		return AST_SIP_AUTHENTICATION_SUCCESS;
 	}
-
-	remove_endpoint();
-
-	/* Oh no! They couldn't authenticate. Well let's create a challenge for them. */
-	pjsip_auth_srv_challenge(&auth_server, &qop, NULL, NULL, PJ_FALSE, tdata);
+	
+	ao2_callback(endpoint->sip_auths, 0, challenge, tdata);
 	return AST_SIP_AUTHENTICATION_CHALLENGE;
 }
 




More information about the asterisk-commits mailing list