[asterisk-commits] kharwell: branch kharwell/pimp_sip_security r390437 - in /team/kharwell/pimp_...

Tue Jun 4 17:24:17 CDT 2013

Author: kharwell
Date: Tue Jun  4 17:24:15 2013
New Revision: 390437

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=390437
Log:
made artificial endpoint always on, removed alwaysauthreject option

Modified:
    team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
    team/kharwell/pimp_sip_security/res/res_sip/config_security.c
    team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c

Modified: team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/include/asterisk/res_sip.h?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================

--- team/kharwell/pimp_sip_security/include/asterisk/res_sip.h (original)
+++ team/kharwell/pimp_sip_security/include/asterisk/res_sip.h Tue Jun  4 17:24:15 2013
@@ -444,10 +444,6 @@
 	SORCERY_OBJECT(details);
 	struct ast_acl_list *acl;
 	struct ast_acl_list *contact_acl;
-
-	/*! If true always reject in a way so that the requester doesn't know if
-	  there was a matching peer */
-	int alwaysauthreject;
 };
 
 /*!

Modified: team/kharwell/pimp_sip_security/res/res_sip/config_security.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/config_security.c?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/config_security.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/config_security.c Tue Jun  4 17:24:15 2013
@@ -84,8 +84,5 @@
 	ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactacl", "", acl_handler, NULL, 0, 0);
-
-	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_SECURITY_TYPE, "alwaysauthreject", "yes",
-					  OPT_BOOL_T, 1, FLDSET(struct ast_sip_security, alwaysauthreject));
 	return 0;
 }

Modified: team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c Tue Jun  4 17:24:15 2013
@@ -127,68 +127,44 @@
 
 static struct ast_sip_auth *artificial_auth = NULL;
 
-static void create_artificial_auth(void)
+static int create_artificial_auth(void)
 {
 	if (!(artificial_auth = ast_sorcery_alloc(
 		      ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, "artificial"))) {
 		ast_log(LOG_ERROR, "Unable to create artificial auth\n");
-		return;
+		return -1;
 	}
 
 	ast_string_field_set(artificial_auth, realm, "asterisk");
 	ast_string_field_set(artificial_auth, auth_user, "");
 	ast_string_field_set(artificial_auth, auth_pass, "");
 	artificial_auth->type = AST_SIP_AUTH_TYPE_ARTIFICIAL;
+	return 0;
 }
 
 struct ast_sip_auth *ast_sip_get_artificial_auth(void)
 {
-	if (artificial_auth) {
-		ao2_ref(artificial_auth, +1);
-	}
-
+	ao2_ref(artificial_auth, +1);
 	return artificial_auth;
 }
 
 static struct ast_sip_endpoint *artificial_endpoint = NULL;
 
-static void create_artificial_endpoint(void)
+static int create_artificial_endpoint(void)
 {
 	if (!(artificial_endpoint = ast_sorcery_alloc(
 		      ast_sip_get_sorcery(), "endpoint", NULL))) {
-		return;
+		return -1;
 	}
 
 	artificial_endpoint->num_inbound_auths = 1;
+	return 0;
 }
 
 struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void)
 {
-	if (artificial_endpoint) {
-		ao2_ref(artificial_endpoint, +1);
-	}
-
+	ao2_ref(artificial_endpoint, +1);
 	return artificial_endpoint;
-}
-
-static int find_always_auth_reject(void *obj, void *arg, int flags)
-{
-	struct ast_sip_security *security = obj;
-
-	return security->alwaysauthreject ? CMP_MATCH | CMP_STOP : 0;
-}
-
-static int always_auth_reject(void)
-{
-	RAII_VAR(struct ao2_container *, securities, NULL, ao2_cleanup);
-	RAII_VAR(struct ast_sip_security *, security, NULL, ao2_cleanup);
-
-	securities = ast_sorcery_retrieve_by_fields(
-		ast_sip_get_sorcery(), SIP_SORCERY_SECURITY_TYPE,
-		AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
-
-	return (security = ao2_callback(securities, 0,
-					find_always_auth_reject, NULL)) != NULL;
 }
 
 static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
@@ -206,15 +182,12 @@
 	}
 
 	if (!endpoint && !is_ack) {
-		if (always_auth_reject()) {
-			endpoint = ast_sip_get_artificial_endpoint();
-		}
-
-		if (!endpoint) {
-			pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(),
-						      rdata, 403, NULL, NULL, NULL);
-			return PJ_TRUE;
-		}
+		/* always use an artificial endpoint - per discussion no reason
+		   to have "alwaysauthreject" as an option.  It is felt using it
+		   was a bug fix and it is not needed since we are not worried about
+		   breaking old stuff and we really don't want to enable the discovery
+		   of SIP accounts */
+		endpoint = ast_sip_get_artificial_endpoint();
 	}
 	rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint;
 	return PJ_FALSE;
@@ -295,6 +268,10 @@
 
 int ast_sip_initialize_distributor(void)
 {
+	if (create_artificial_endpoint() || create_artificial_auth()) {
+		return -1;
+	}
+
 	if (ast_sip_register_service(&distributor_mod)) {
 		return -1;
 	}
@@ -305,18 +282,15 @@
 		return -1;
 	}
 
-	create_artificial_endpoint();
-	create_artificial_auth();
-
 	return 0;
 }
 
 void ast_sip_finalize_distributor(void)
 {
-	ao2_cleanup(artificial_auth);
-	ao2_cleanup(artificial_endpoint);
-
 	ast_sip_unregister_service(&distributor_mod);
 	ast_sip_unregister_service(&endpoint_mod);
 	ast_sip_unregister_service(&auth_mod);
-}
+
+	ao2_cleanup(artificial_auth);
+	ao2_cleanup(artificial_endpoint);
+}


