[asterisk-commits] mmichelson: branch mmichelson/outbound_auth r383319 - in /team/mmichelson/out...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Mar 18 12:03:29 CDT 2013 

Author: mmichelson
Date: Mon Mar 18 12:03:27 2013
New Revision: 383319

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=383319
Log:
Add API for having pluggable outbound authenticators.

An outbound authenticator needs to be capable of creating requests. Currently
nothing uses this, but the code in sip_outbound_auth.c will be refactored to
make use of it.


Modified:
    team/mmichelson/outbound_auth/include/asterisk/res_sip.h
    team/mmichelson/outbound_auth/res/res_sip.exports.in
    team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c

Modified: team/mmichelson/outbound_auth/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/include/asterisk/res_sip.h?view=diff&rev=383319&r1=383318&r2=383319
==============================================================================
--- team/mmichelson/outbound_auth/include/asterisk/res_sip.h (original)
+++ team/mmichelson/outbound_auth/include/asterisk/res_sip.h Mon Mar 18 12:03:27 2013
@@ -339,6 +339,28 @@
 	enum ast_sip_check_auth_result (*check_authentication)(struct ast_sip_endpoint *endpoint,
 			pjsip_rx_data *rdata, pjsip_tx_data *tdata);
 };
+
+/*!
+ * \brief an interchangeable way of responding to authentication challenges
+ *
+ * An outbound authenticator takes incoming challenges and formulates a new SIP request with
+ * credentials.
+ */
+struct ast_sip_outbound_authenticator {
+	/*!
+	 * \brief Create a new request with authentication credentials
+	 *
+	 * \param endpoint The SIP endpoint with which Asterisk is communicating
+	 * \param challenge The SIP response with authentication challenge(s)
+	 * \param original_request The SIP request originally sent that was challenged. Should be used
+	 * as the basis for creating a challenge response
+	 * \param new_request The new SIP request with challenge response(s)
+	 * \retval 0 Successfully created new request
+	 * \retval -1 Failed to create a new request
+	 */
+	int (*challenge_response)(struct ast_sip_endpoint *endpoint, struct pjsip_rx_data *challenge,
+			struct pjsip_tx_data *original_request, struct pjsip_tx_data **new_request);
+};
  
 /*!
  * \brief An entity responsible for identifying the source of a SIP message
@@ -401,7 +423,29 @@
  * \param auth The authenticator to unregister
  */
 void ast_sip_unregister_authenticator(struct ast_sip_authenticator *auth);
- 
+
+ /*!
+ * \brief Register an outbound SIP authenticator
+ *
+ * An outbound authenticator is responsible for creating responses to
+ * authentication challenges by remote endpoints.
+ *
+ * \param auth The authenticator to register
+ * \retval 0 Success
+ * \retval -1 Failure
+ */
+int ast_sip_register_outbound_authenticator(struct ast_sip_outbound_authenticator *outbound_auth);
+ 
+/*!
+ * \brief Unregister an outbound SIP authenticator
+ *
+ * When there is no outbound authenticator registered, authentication challenges
+ * will be handled as any other final response would be.
+ *
+ * \param auth The authenticator to unregister
+ */
+void ast_sip_unregister_outbound_authenticator(struct ast_sip_outbound_authenticator *auth);
+
 /*!
  * \brief Register a SIP endpoint identifier
  *
@@ -788,6 +832,17 @@
  */
 enum ast_sip_check_auth_result ast_sip_check_authentication(struct ast_sip_endpoint *endpoint,
 		pjsip_rx_data *rdata, pjsip_tx_data *tdata);
+
+/*!
+ * \brief Create a response to an authentication challenge
+ *
+ * This will call into an outbound authenticator's challenge_response callback
+ * to create a new request with authentication credentials. See the challenge_response
+ * callback in the \ref ast_sip_outbound_authenticator structure for details about
+ * the parameters and return values.
+ */
+int ast_sip_create_auth_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *challenge,
+		pjsip_tx_data *original_request, pjsip_tx_data **new_request);
  
 /*!
  * \brief Set authentication credentials for outbound authentication

Modified: team/mmichelson/outbound_auth/res/res_sip.exports.in
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip.exports.in?view=diff&rev=383319&r1=383318&r2=383319
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip.exports.in (original)
+++ team/mmichelson/outbound_auth/res/res_sip.exports.in Mon Mar 18 12:03:27 2013
@@ -4,6 +4,8 @@
 		LINKER_SYMBOL_PREFIXast_sip_unregister_service;
 		LINKER_SYMBOL_PREFIXast_sip_register_authenticator;
 		LINKER_SYMBOL_PREFIXast_sip_unregister_authenticator;
+		LINKER_SYMBOL_PREFIXast_sip_register_outbound_authenticator;
+		LINKER_SYMBOL_PREFIXast_sip_unregister_outbound_authenticator;
 		LINKER_SYMBOL_PREFIXast_sip_register_endpoint_identifier;
 		LINKER_SYMBOL_PREFIXast_sip_unregister_endpoint_identifier;
 		LINKER_SYMBOL_PREFIXast_sip_create_serializer;
@@ -14,6 +16,7 @@
 		LINKER_SYMBOL_PREFIXast_sip_authenticate_request;
 		LINKER_SYMBOL_PREFIXast_sip_get_authentication_credentials;
 		LINKER_SYMBOL_PREFIXast_sip_check_authentication;
+		LINKER_SYMBOL_PREFIXast_sip_create_auth_challenge_response;
 		LINKER_SYMBOL_PREFIXast_sip_set_outbound_authentication_credentials;
 		LINKER_SYMBOL_PREFIXast_sip_setup_outbound_authentication;
 		LINKER_SYMBOL_PREFIXast_sip_add_digest_to_challenge;

Modified: team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c?view=diff&rev=383319&r1=383318&r2=383319
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c (original)
+++ team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c Mon Mar 18 12:03:27 2013
@@ -22,6 +22,7 @@
 #include "pjsip.h"
 
 #include "asterisk/res_sip.h"
+#include "asterisk/module.h"
 
 static pj_bool_t outbound_auth(pjsip_rx_data *rdata);
 
@@ -100,6 +101,42 @@
 	return ast_sip_set_outbound_authentication_credentials(&dlg->auth_sess, endpoint);
 }
 
+static struct ast_sip_outbound_authenticator *registered_authenticator;
+
+int ast_sip_register_outbound_authenticator(struct ast_sip_outbound_authenticator *auth)
+{
+	if (registered_authenticator) {
+		ast_log(LOG_WARNING, "Outbound authenticator %p is already registered. Cannot register a new one\n", registered_authenticator);
+		return -1;
+	}
+	registered_authenticator = auth;
+	ast_debug(1, "Registered SIP outbound authenticator module %p\n", auth);
+	ast_module_ref(ast_module_info->self);
+	return 0;
+}
+
+void ast_sip_unregister_outbound_authenticator(struct ast_sip_outbound_authenticator *auth)
+{
+	if (registered_authenticator != auth) {
+		ast_log(LOG_WARNING, "Trying to unregister outbound authenticator %p but outbound authenticator %p registered\n",
+				auth, registered_authenticator);
+		return;
+	}
+	registered_authenticator = NULL;
+	ast_debug(1, "Unregistered SIP outbound authenticator %p\n", auth);
+	ast_module_unref(ast_module_info->self);
+}
+
+int ast_sip_create_auth_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *challenge,
+		pjsip_tx_data *original_request, pjsip_tx_data **new_request)
+{
+	if (!registered_authenticator) {
+		ast_log(LOG_WARNING, "No SIP outbound authenticator registered. Cannot respond to authentication challenge\n");
+		return 0;
+	}
+	return registered_authenticator->challenge_response(endpoint, challenge, original_request, new_request);
+}
+
 int ast_sip_initialize_outbound_authentication(void) {
 	return ast_sip_register_service(&outbound_auth_mod);
 }

More information about the asterisk-commits mailing list