[asterisk-commits] mmichelson: branch mmichelson/outbound_auth r383324 - in /team/mmichelson/out...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Mar 18 13:37:57 CDT 2013
Author: mmichelson
Date: Mon Mar 18 13:37:53 2013
New Revision: 383324
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=383324
Log:
Add an outbound authenticator.
I've verified that this works with the session module. I had to revert some
of the code from the last commit, but this works!
Added:
team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c (with props)
Modified:
team/mmichelson/outbound_auth/include/asterisk/res_sip.h
team/mmichelson/outbound_auth/res/res_sip.exports.in
team/mmichelson/outbound_auth/res/res_sip/sip_distributor.c
team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c
team/mmichelson/outbound_auth/res/res_sip_session.c
Modified: team/mmichelson/outbound_auth/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/include/asterisk/res_sip.h?view=diff&rev=383324&r1=383323&r2=383324
==============================================================================
--- team/mmichelson/outbound_auth/include/asterisk/res_sip.h (original)
+++ team/mmichelson/outbound_auth/include/asterisk/res_sip.h Mon Mar 18 13:37:53 2013
@@ -352,14 +352,13 @@
*
* \param endpoint The SIP endpoint with which Asterisk is communicating
* \param challenge The SIP response with authentication challenge(s)
- * \param original_request The SIP request originally sent that was challenged. Should be used
- * as the basis for creating a challenge response
+ * \param tsx The transaction in which the challenge was received
* \param new_request The new SIP request with challenge response(s)
* \retval 0 Successfully created new request
* \retval -1 Failed to create a new request
*/
int (*challenge_response)(struct ast_sip_endpoint *endpoint, struct pjsip_rx_data *challenge,
- struct pjsip_tx_data *original_request, struct pjsip_tx_data **new_request);
+ struct pjsip_transaction *tsx, struct pjsip_tx_data **new_request);
};
/*!
@@ -712,6 +711,18 @@
void ast_sip_dialog_set_endpoint(pjsip_dialog *dlg, struct ast_sip_endpoint *endpoint);
/*!
+ * \brief Get the endpoint associated with this dialog
+ *
+ * This function increases the refcount of the endpoint by one. Release
+ * the reference once you are finished with the endpoint.
+ *
+ * \param dlg The SIP dialog from which to retrieve the endpoint
+ * \retval NULL No endpoint associated with this dialog
+ * \retval non-NULL The endpoint.
+ */
+struct ast_sip_endpoint *ast_sip_dialog_get_endpoint(pjsip_dialog *dlg);
+
+/*!
* \brief Pushes a task to SIP servants
*
* This uses the serializer provided to determine how to push the task.
@@ -842,7 +853,7 @@
* the parameters and return values.
*/
int ast_sip_create_auth_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *challenge,
- pjsip_tx_data *original_request, pjsip_tx_data **new_request);
+ pjsip_transaction *tsx, pjsip_tx_data **new_request);
/*!
* \brief Set authentication credentials for outbound authentication
Modified: team/mmichelson/outbound_auth/res/res_sip.exports.in
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip.exports.in?view=diff&rev=383324&r1=383323&r2=383324
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip.exports.in (original)
+++ team/mmichelson/outbound_auth/res/res_sip.exports.in Mon Mar 18 13:37:53 2013
@@ -40,6 +40,7 @@
LINKER_SYMBOL_PREFIXast_sip_thread_is_servant;
LINKER_SYMBOL_PREFIXast_sip_dialog_set_serializer;
LINKER_SYMBOL_PREFIXast_sip_dialog_set_endpoint;
+ LINKER_SYMBOL_PREFIXast_sip_dialog_get_endpoint;
LINKER_SYMBOL_PREFIXast_sip_retrieve_auths;
LINKER_SYMBOL_PREFIXast_sip_cleanup_auths;
local:
Modified: team/mmichelson/outbound_auth/res/res_sip/sip_distributor.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip/sip_distributor.c?view=diff&rev=383324&r1=383323&r2=383324
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip/sip_distributor.c (original)
+++ team/mmichelson/outbound_auth/res/res_sip/sip_distributor.c Mon Mar 18 13:37:53 2013
@@ -68,6 +68,16 @@
dist = distributor_dialog_data_alloc(dlg);
}
dist->endpoint = endpoint;
+}
+
+struct ast_sip_endpoint *ast_sip_dialog_get_endpoint(pjsip_dialog *dlg)
+{
+ struct distributor_dialog_data *dist = pjsip_dlg_get_mod_data(dlg, distributor_mod.id);
+ if (!dist || !dist->endpoint) {
+ return NULL;
+ }
+ ao2_ref(dist->endpoint, +1);
+ return dist->endpoint;
}
static pj_bool_t distributor(pjsip_rx_data *rdata)
Modified: team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c?view=diff&rev=383324&r1=383323&r2=383324
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c (original)
+++ team/mmichelson/outbound_auth/res/res_sip/sip_outbound_auth.c Mon Mar 18 13:37:53 2013
@@ -37,18 +37,23 @@
void *user_data;
};
-static void dialog_outbound_auth(pjsip_dialog *dlg, pjsip_transaction *tsx, pjsip_rx_data *rdata)
+static pj_bool_t dialog_outbound_auth(struct ast_sip_endpoint *endpoint, pjsip_dialog *dlg,
+ pjsip_transaction *tsx, pjsip_rx_data *rdata)
{
struct outbound_auth_cb_data *cb_data = dlg->mod_data[outbound_auth_mod.id];
pjsip_tx_data *tdata;
- pjsip_auth_clt_reinit_req(&dlg->auth_sess, rdata, tsx->last_tx, &tdata);
+
+ if (ast_sip_create_auth_challenge_response(endpoint, rdata, tsx, &tdata)) {
+ return PJ_FALSE;
+ }
if (cb_data) {
cb_data->cb(dlg, tdata, cb_data->user_data);
- return;
+ return PJ_TRUE;
}
pjsip_dlg_send_request(dlg, tdata, -1, NULL);
+ return PJ_TRUE;
}
static pj_bool_t outbound_auth(pjsip_rx_data *rdata)
@@ -67,8 +72,11 @@
tsx = pjsip_rdata_get_tsx(rdata);
dlg = pjsip_rdata_get_dlg(rdata);
if (dlg) {
- dialog_outbound_auth(dlg, tsx, rdata);
- return PJ_TRUE;
+ endpoint = ast_sip_dialog_get_endpoint(dlg);
+ if (!endpoint) {
+ return PJ_FALSE;
+ }
+ return dialog_outbound_auth(endpoint, dlg, tsx, rdata);
}
/* Endpoint identification is not automatically done on responses,
@@ -98,7 +106,7 @@
pjsip_dlg_add_usage(dlg, &outbound_auth_mod, cb_data);
dlg->sess_count--;
- return ast_sip_set_outbound_authentication_credentials(&dlg->auth_sess, endpoint);
+ return 0;
}
static struct ast_sip_outbound_authenticator *registered_authenticator;
@@ -111,7 +119,7 @@
}
registered_authenticator = auth;
ast_debug(1, "Registered SIP outbound authenticator module %p\n", auth);
- ast_module_ref(ast_module_info->self);
+ /* ast_module_ref(ast_module_info->self); */
return 0;
}
@@ -124,17 +132,17 @@
}
registered_authenticator = NULL;
ast_debug(1, "Unregistered SIP outbound authenticator %p\n", auth);
- ast_module_unref(ast_module_info->self);
+ /* ast_module_unref(ast_module_info->self); */
}
int ast_sip_create_auth_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *challenge,
- pjsip_tx_data *original_request, pjsip_tx_data **new_request)
+ pjsip_transaction *tsx, pjsip_tx_data **new_request)
{
if (!registered_authenticator) {
ast_log(LOG_WARNING, "No SIP outbound authenticator registered. Cannot respond to authentication challenge\n");
return -1;
}
- return registered_authenticator->challenge_response(endpoint, challenge, original_request, new_request);
+ return registered_authenticator->challenge_response(endpoint, challenge, tsx, new_request);
}
int ast_sip_initialize_outbound_authentication(void) {
Added: team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c?view=auto&rev=383324
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c (added)
+++ team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c Mon Mar 18 13:37:53 2013
@@ -1,0 +1,110 @@
+/*
+ * Asterisk -- An open source telephony toolkit.
+ *
+ * Copyright (C) 2013, Digium, Inc.
+ *
+ * Mark Michelson <mmichelson at digium.com>
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE file
+ * at the top of the source tree.
+ */
+
+#include "asterisk.h"
+
+#include <pjsip.h>
+
+#include "asterisk/res_sip.h"
+#include "asterisk/logger.h"
+#include "asterisk/module.h"
+#include "asterisk/strings.h"
+
+static int set_outbound_authentication_credentials(pjsip_auth_clt_sess *auth_sess, struct ast_sip_endpoint *endpoint)
+{
+ struct ast_sip_auth **auths = ast_alloca(endpoint->num_outbound_auths * sizeof(*auths));
+ pjsip_cred_info *auth_creds = ast_alloca(endpoint->num_outbound_auths * sizeof(*auth_creds));
+ int res = 0;
+ int i;
+
+ if (ast_sip_retrieve_auths(endpoint->sip_outbound_auths, endpoint->num_outbound_auths, auths)) {
+ res = -1;
+ goto cleanup;
+ }
+
+ for (i = 0; i < endpoint->num_outbound_auths; ++i) {
+ pj_cstr(&auth_creds[i].realm, auths[i]->realm);
+ pj_cstr(&auth_creds[i].username, auths[i]->auth_user);
+ pj_cstr(&auth_creds[i].scheme, "digest");
+ switch (auths[i]->type) {
+ case AST_SIP_AUTH_TYPE_USER_PASS:
+ pj_cstr(&auth_creds[i].data, auths[i]->auth_pass);
+ auth_creds[i].data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
+ break;
+ case AST_SIP_AUTH_TYPE_MD5:
+ pj_cstr(&auth_creds[i].data, auths[i]->md5_creds);
+ auth_creds[i].data_type = PJSIP_CRED_DATA_DIGEST;
+ break;
+ }
+ }
+
+ pjsip_auth_clt_set_credentials(auth_sess, endpoint->num_outbound_auths, auth_creds);
+
+cleanup:
+ ast_sip_cleanup_auths(auths, endpoint->num_outbound_auths);
+ return res;
+}
+
+static int digest_challenge_response(struct ast_sip_endpoint *endpoint, pjsip_rx_data *challenge,
+ pjsip_transaction *tsx, pjsip_tx_data **new_request)
+{
+ pjsip_auth_clt_sess auth_sess;
+
+ if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(),
+ tsx->pool, 0) != PJ_SUCCESS) {
+ ast_log(LOG_WARNING, "Failed to initialize client authentication session\n");
+ return -1;
+ }
+
+ if (set_outbound_authentication_credentials(&auth_sess, endpoint)) {
+ ast_log(LOG_WARNING, "Failed to set authentication credentials\n");
+ return -1;
+ }
+
+ if (pjsip_auth_clt_reinit_req(&auth_sess, challenge,
+ tsx->last_tx, new_request) != PJ_SUCCESS) {
+ ast_log(LOG_WARNING, "Failed to create new request with authentication credentials\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static struct ast_sip_outbound_authenticator digest_authenticator = {
+ .challenge_response = digest_challenge_response,
+};
+
+static int load_module(void)
+{
+ if (ast_sip_register_outbound_authenticator(&digest_authenticator)) {
+ return AST_MODULE_LOAD_DECLINE;
+ }
+ return AST_MODULE_LOAD_SUCCESS;
+}
+
+static int unload_module(void)
+{
+ ast_sip_unregister_outbound_authenticator(&digest_authenticator);
+ return 0;
+}
+
+AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "SIP authentication resource",
+ .load = load_module,
+ .unload = unload_module,
+ .load_pri = AST_MODPRI_CHANNEL_DEPEND,
+);
Propchange: team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Propchange: team/mmichelson/outbound_auth/res/res_sip_outbound_authenticator_digest.c
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: team/mmichelson/outbound_auth/res/res_sip_session.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/outbound_auth/res/res_sip_session.c?view=diff&rev=383324&r1=383323&r2=383324
==============================================================================
--- team/mmichelson/outbound_auth/res/res_sip_session.c (original)
+++ team/mmichelson/outbound_auth/res/res_sip_session.c Mon Mar 18 13:37:53 2013
@@ -779,16 +779,13 @@
return CMP_MATCH | CMP_STOP;
}
-#if 0
static int session_outbound_auth(pjsip_dialog *dlg, pjsip_tx_data *tdata, void *user_data)
{
pjsip_inv_session *inv = pjsip_dlg_get_inv_session(dlg);
- ast_log(LOG_NOTICE, "TEST TEST\n");
pjsip_inv_uac_restart(inv, PJ_TRUE);
pjsip_inv_send_msg(inv, tdata);
return 0;
}
-#endif
struct ast_sip_session *ast_sip_session_create_outgoing(struct ast_sip_endpoint *endpoint, const char *location, const char *request_user)
{
@@ -837,6 +834,11 @@
}
if (!(dlg = ast_sip_create_dialog(endpoint, uri, request_user))) {
+ return NULL;
+ }
+
+ if (ast_sip_setup_outbound_authentication(dlg, endpoint, session_outbound_auth, NULL)) {
+ pjsip_dlg_terminate(dlg);
return NULL;
}
@@ -1236,25 +1238,7 @@
static void session_inv_on_tsx_state_changed(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e)
{
- struct ast_sip_session *session = inv->mod_data[session_module.id];
-
- if (inv->state == PJSIP_INV_STATE_DISCONNECTED) {
- return;
- }
-
- if (e->body.tsx_state.type == PJSIP_EVENT_RX_MSG &&
- (tsx->status_code == 401 || tsx->status_code == 407)) {
- pjsip_tx_data *tdata;
- if (ast_sip_create_auth_challenge_response(session->endpoint,
- e->body.tsx_state.src.rdata, tsx->last_tx, &tdata)) {
- return;
- }
- if (inv->state < PJSIP_INV_STATE_CONFIRMED && tsx->method.id == PJSIP_INVITE_METHOD) {
- pjsip_inv_uac_restart(inv, PJ_TRUE);
- }
- ast_sip_session_send_request(session, tdata);
- return;
- }
+ /* XXX STUB */
}
static int add_sdp_streams(void *obj, void *arg, void *data, int flags)
More information about the asterisk-commits
mailing list