[asterisk-commits] mmichelson: branch mmichelson/authenticate r380737 - in /team/mmichelson/auth...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Jan 31 15:48:32 CST 2013
Author: mmichelson
Date: Thu Jan 31 15:48:28 2013
New Revision: 380737
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=380737
Log:
Add a backport from PJSIP trunk regarding authentication lookup.
Like with the pjsip_rx_data_clone() change previously, this is a backport
of functionality in PJSIP trunk that is due for release in PJSIP 2.0.5.
For ease of development, the change is being made here and we will maintain
the changes here and in the external PJSIP location until PJSIP 2.0.5 is
released.
Modified:
team/mmichelson/authenticate/res/pjproject/pjsip/include/pjsip/sip_auth.h
team/mmichelson/authenticate/res/pjproject/pjsip/src/pjsip/sip_auth_server.c
Modified: team/mmichelson/authenticate/res/pjproject/pjsip/include/pjsip/sip_auth.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/pjproject/pjsip/include/pjsip/sip_auth.h?view=diff&rev=380737&r1=380736&r2=380737
==============================================================================
--- team/mmichelson/authenticate/res/pjproject/pjsip/include/pjsip/sip_auth.h (original)
+++ team/mmichelson/authenticate/res/pjproject/pjsip/include/pjsip/sip_auth.h Thu Jan 31 15:48:28 2013
@@ -275,6 +275,36 @@
const pj_str_t *acc_name,
pjsip_cred_info *cred_info );
+/**
+ * This structure describes input param for credential lookup.
+ */
+typedef struct pjsip_auth_lookup_cred_param
+{
+ pj_str_t realm; /**< Realm to find the account. */
+ pj_str_t acc_name; /**< Account name to look for. */
+ pjsip_rx_data *rdata; /**< Incoming request to be authenticated. */
+
+} pjsip_auth_lookup_cred_param;
+
+
+/**
+ * Type of function to lookup credential for the specified name.
+ *
+ * @param pool Pool to initialize the credential info.
+ * @param param The input param for credential lookup.
+ * @param cred_info The structure to put the credential when it's found.
+ *
+ * @return The function MUST return PJ_SUCCESS when it found
+ * a correct credential for the specified account and
+ * realm. Otherwise it may return PJSIP_EAUTHACCNOTFOUND
+ * or PJSIP_EAUTHACCDISABLED.
+ */
+typedef pj_status_t pjsip_auth_lookup_cred2(
+ pj_pool_t *pool,
+ const pjsip_auth_lookup_cred_param *param,
+ pjsip_cred_info *cred_info );
+
+
/** Flag to specify that server is a proxy. */
#define PJSIP_AUTH_SRV_IS_PROXY 1
@@ -286,7 +316,8 @@
pj_str_t realm; /**< Realm to serve. */
pj_bool_t is_proxy; /**< Will issue 407 instead of 401 */
pjsip_auth_lookup_cred *lookup; /**< Lookup function. */
-
+ pjsip_auth_lookup_cred2 *lookup2; /**< Lookup function with additional
+ info in its input param. */
} pjsip_auth_srv;
@@ -432,6 +463,48 @@
pjsip_auth_lookup_cred *lookup,
unsigned options );
+/**
+ * This structure describes initialization settings of server authorization
+ * session.
+ */
+typedef struct pjsip_auth_srv_init_param
+{
+ /**
+ * Realm to be served by the server.
+ */
+ const pj_str_t *realm;
+
+ /**
+ * Account lookup function.
+ */
+ pjsip_auth_lookup_cred2 *lookup2;
+
+ /**
+ * Options, bitmask of:
+ * - PJSIP_AUTH_SRV_IS_PROXY: to specify that the server will authorize
+ * clients as a proxy server (instead of as UAS), which means that
+ * Proxy-Authenticate will be used instead of WWW-Authenticate.
+ */
+ unsigned options;
+
+} pjsip_auth_srv_init_param;
+
+
+/**
+ * Initialize server authorization session data structure to serve the
+ * specified realm and to use lookup_func function to look for the credential
+ * info.
+ *
+ * @param pool Pool used to initialize the authentication server.
+ * @param auth_srv The authentication server structure.
+ * @param param The initialization param.
+ *
+ * @return PJ_SUCCESS on success.
+ */
+PJ_DECL(pj_status_t) pjsip_auth_srv_init2(
+ pj_pool_t *pool,
+ pjsip_auth_srv *auth_srv,
+ const pjsip_auth_srv_init_param *param);
/**
* Request the authorization server framework to verify the authorization
Modified: team/mmichelson/authenticate/res/pjproject/pjsip/src/pjsip/sip_auth_server.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/pjproject/pjsip/src/pjsip/sip_auth_server.c?view=diff&rev=380737&r1=380736&r2=380737
==============================================================================
--- team/mmichelson/authenticate/res/pjproject/pjsip/src/pjsip/sip_auth_server.c (original)
+++ team/mmichelson/authenticate/res/pjproject/pjsip/src/pjsip/sip_auth_server.c Thu Jan 31 15:48:28 2013
@@ -39,11 +39,30 @@
unsigned options )
{
PJ_ASSERT_RETURN(pool && auth_srv && realm && lookup, PJ_EINVAL);
-
+ pj_bzero(auth_srv, sizeof(*auth_srv));
pj_strdup( pool, &auth_srv->realm, realm);
auth_srv->lookup = lookup;
auth_srv->is_proxy = (options & PJSIP_AUTH_SRV_IS_PROXY);
-
+
+ return PJ_SUCCESS;
+}
+
+/*
+ * Initialize server authorization session data structure to serve the
+ * specified realm and to use lookup_func function to look for the credential
+ * info.
+ */
+PJ_DEF(pj_status_t) pjsip_auth_srv_init2(
+ pj_pool_t *pool,
+ pjsip_auth_srv *auth_srv,
+ const pjsip_auth_srv_init_param *param)
+{
+ PJ_ASSERT_RETURN(pool && auth_srv && param, PJ_EINVAL);
+
+ pj_bzero(auth_srv, sizeof(*auth_srv));
+ pj_strdup( pool, &auth_srv->realm, param->realm);
+ auth_srv->lookup2 = param->lookup2;
+ auth_srv->is_proxy = (param->options & PJSIP_AUTH_SRV_IS_PROXY);
return PJ_SUCCESS;
}
@@ -147,12 +166,25 @@
return PJSIP_EINVALIDAUTHSCHEME;
}
- /* Find the credential information for the account. */
- status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm,
- &acc_name, &cred_info);
- if (status != PJ_SUCCESS) {
- *status_code = PJSIP_SC_FORBIDDEN;
- return status;
+ if (auth_srv->lookup2) {
+ pjsip_auth_lookup_cred_param param;
+
+ pj_bzero(¶m, sizeof(param));
+ param.realm = auth_srv->realm;
+ param.acc_name = acc_name;
+ param.rdata = rdata;
+ status = (*auth_srv->lookup2)(rdata->tp_info.pool, ¶m, &cred_info);
+ if (status != PJ_SUCCESS) {
+ *status_code = PJSIP_SC_FORBIDDEN;
+ return status;
+ }
+ } else {
+ status = (*auth_srv->lookup)(rdata->tp_info.pool, &auth_srv->realm,
+ &acc_name, &cred_info);
+ if (status != PJ_SUCCESS) {
+ *status_code = PJSIP_SC_FORBIDDEN;
+ return status;
+ }
}
/* Authenticate with the specified credential. */
More information about the asterisk-commits
mailing list