[asterisk-commits] kharwell: branch kharwell/pimp_sip_security r389750 - in /team/kharwell/pimp_...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri May 24 16:34:27 CDT 2013 

Author: kharwell
Date: Fri May 24 16:34:22 2013
New Revision: 389750

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=389750
Log:
updates per review findings

Modified:
    team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
    team/kharwell/pimp_sip_security/res/res_sip.exports.in
    team/kharwell/pimp_sip_security/res/res_sip/config_auth.c
    team/kharwell/pimp_sip_security/res/res_sip/sip_configuration.c
    team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c
    team/kharwell/pimp_sip_security/res/res_sip_authenticator_digest.c
    team/kharwell/pimp_sip_security/res/res_sip_outbound_authenticator_digest.c

Modified: team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/include/asterisk/res_sip.h?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/include/asterisk/res_sip.h (original)
+++ team/kharwell/pimp_sip_security/include/asterisk/res_sip.h Fri May 24 16:34:22 2013
@@ -201,6 +201,8 @@
 	AST_SIP_AUTH_TYPE_USER_PASS,
 	/*! Credentials stored as an MD5 sum */
 	AST_SIP_AUTH_TYPE_MD5,
+	/*! Credentials not stored this is a fake auth */
+	AST_SIP_AUTH_TYPE_ARTIFICIAL
 };
 
 #define SIP_SORCERY_AUTH_TYPE "auth"
@@ -263,16 +265,6 @@
 	AST_SIP_MEDIA_ENCRYPT_SDES,
 	/*! Offer encrypted session media with datagram TLS key exchange */
 	AST_SIP_MEDIA_ENCRYPT_DTLS,
-};
-
-/*!
- * \brief Endpoint type enumeration.
- */
-enum ast_sip_endpoint_type {
-	/*! Identifies an endpoint as authentic */
-	AUTHENTIC,
-	/*! Identifies an endpoint as artificial */
-	ARTIFICIAL
 };
 
 /*!
@@ -296,8 +288,6 @@
 		/*! Configured voicemail boxes for this endpoint. Used for MWI */
 		AST_STRING_FIELD(mailboxes);
 	);
-	/*! The type of endpoint */
-	enum ast_sip_endpoint_type type;
 	/*! Identification information for this endpoint */
 	struct ast_party_id id;
 	/*! Domain to which this endpoint belongs */
@@ -810,6 +800,20 @@
 void ast_sip_finalize_distributor(void);
 
 /*!
+ * \brief Retrieves a reference to the artificial auth.
+ *
+ * \retval The artificial auth
+ */
+struct ast_sip_auth *ast_sip_get_artificial_auth(void);
+
+/*!
+ * \brief Retrieves a reference to the artificial endpoint.
+ *
+ * \retval The artificial endpoint
+ */
+struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void);
+
+/*!
  * \page Threading model for SIP
  *
  * There are three major types of threads that SIP will have to deal with:

Modified: team/kharwell/pimp_sip_security/res/res_sip.exports.in
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip.exports.in?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip.exports.in (original)
+++ team/kharwell/pimp_sip_security/res/res_sip.exports.in Fri May 24 16:34:22 2013
@@ -52,6 +52,8 @@
 		LINKER_SYMBOL_PREFIXast_sip_retrieve_auths;
 		LINKER_SYMBOL_PREFIXast_sip_cleanup_auths;
 		LINKER_SYMBOL_PREFIXast_sip_is_content_type;
+		LINKER_SYMBOL_PREFIXast_sip_get_artificial_endpoint;
+		LINKER_SYMBOL_PREFIXast_sip_get_artificial_auth;
 	local:
 		*;
 };

Modified: team/kharwell/pimp_sip_security/res/res_sip/config_auth.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/config_auth.c?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/config_auth.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/config_auth.c Fri May 24 16:34:22 2013
@@ -87,6 +87,8 @@
 			res = -1;
 		}
 		break;
+	case AST_SIP_AUTH_TYPE_ARTIFICIAL:
+		break;
 	}
 
 	return res;

Modified: team/kharwell/pimp_sip_security/res/res_sip/sip_configuration.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/sip_configuration.c?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/sip_configuration.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/sip_configuration.c Fri May 24 16:34:22 2013
@@ -454,7 +454,6 @@
 		return NULL;
 	}
 	ast_party_id_init(&endpoint->id);
-	endpoint->type = AUTHENTIC;
 	return endpoint;
 }
 

Modified: team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c Fri May 24 16:34:22 2013
@@ -125,9 +125,33 @@
 	.on_rx_request = endpoint_lookup,
 };
 
+static struct ast_sip_auth *artificial_auth = NULL;
+
+struct ast_sip_auth *ast_sip_get_artificial_auth(void)
+{
+	if (artificial_auth) {
+		ao2_ref(artificial_auth, +1);
+		return artificial_auth;
+	}
+
+	if (!(artificial_auth = ast_sorcery_alloc(
+		      ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, "artificial"))) {
+		ast_log(LOG_ERROR, "Unable to create artificial auth\n");
+		return NULL;
+	}
+
+	ast_string_field_set(artificial_auth, realm, "asterisk");
+	ast_string_field_set(artificial_auth, auth_user, "");
+	ast_string_field_set(artificial_auth, auth_pass, "");
+	artificial_auth->type = AST_SIP_AUTH_TYPE_ARTIFICIAL;
+
+	ao2_ref(artificial_auth, +1);
+	return artificial_auth;
+}
+
 static struct ast_sip_endpoint *artificial_endpoint = NULL;
 
-static struct ast_sip_endpoint *create_artificial_endpoint(void)
+struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void)
 {
 	if (artificial_endpoint) {
 		ao2_ref(artificial_endpoint, +1);
@@ -139,11 +163,9 @@
 		return NULL;
 	}
 
+	artificial_endpoint->num_inbound_auths = 1;
+
 	ao2_ref(artificial_endpoint, +1);
-
-	artificial_endpoint->type = ARTIFICIAL;
-	artificial_endpoint->num_inbound_auths = 1;
-
 	return artificial_endpoint;
 }
 
@@ -183,7 +205,7 @@
 
 	if (!endpoint && !is_ack) {
 		if (always_auth_reject()) {
-			endpoint = create_artificial_endpoint();
+			endpoint = ast_sip_get_artificial_endpoint();
 		}
 
 		if (!endpoint) {
@@ -289,5 +311,6 @@
 	ast_sip_unregister_service(&endpoint_mod);
 	ast_sip_unregister_service(&auth_mod);
 
+	ao2_cleanup(artificial_auth);
 	ao2_cleanup(artificial_endpoint);
 }

Modified: team/kharwell/pimp_sip_security/res/res_sip_authenticator_digest.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip_authenticator_digest.c?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip_authenticator_digest.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip_authenticator_digest.c Fri May 24 16:34:22 2013
@@ -146,6 +146,10 @@
 {
 	RAII_VAR(struct ast_sip_auth *, auth, get_auth(), ao2_cleanup);
 	if (!auth) {
+		return PJSIP_SC_FORBIDDEN;
+	}
+
+	if (auth->type == AST_SIP_AUTH_TYPE_ARTIFICIAL) {
 		return PJSIP_SC_FORBIDDEN;
 	}
 
@@ -373,10 +377,8 @@
 	enum ast_sip_check_auth_result res;
 	int i;
 
-	if (endpoint->type == ARTIFICIAL) {
-		challenge("asterisk", tdata, rdata, 0);
-		return AST_SIP_AUTHENTICATION_CHALLENGE;
-	}
+	RAII_VAR(struct ast_sip_endpoint *, artificial_endpoint,
+		 ast_sip_get_artificial_endpoint(), ao2_cleanup);
 
 	auths = ast_alloca(endpoint->num_inbound_auths * sizeof(*auths));
 	verify_res = ast_alloca(endpoint->num_inbound_auths * sizeof(*verify_res));
@@ -385,7 +387,9 @@
 		return AST_SIP_AUTHENTICATION_ERROR;
 	}
 
-	if (ast_sip_retrieve_auths(endpoint->sip_inbound_auths, endpoint->num_inbound_auths, auths)) {
+	if (endpoint == artificial_endpoint) {
+		auths[0] = ast_sip_get_artificial_auth();
+	} else if (ast_sip_retrieve_auths(endpoint->sip_inbound_auths, endpoint->num_inbound_auths, auths)) {
 		res = AST_SIP_AUTHENTICATION_ERROR;
 		goto cleanup;
 	}

Modified: team/kharwell/pimp_sip_security/res/res_sip_outbound_authenticator_digest.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip_outbound_authenticator_digest.c?view=diff&rev=389750&r1=389749&r2=389750
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip_outbound_authenticator_digest.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip_outbound_authenticator_digest.c Fri May 24 16:34:22 2013
@@ -56,6 +56,8 @@
 			pj_cstr(&auth_creds[i].data, auths[i]->md5_creds);
 			auth_creds[i].data_type = PJSIP_CRED_DATA_DIGEST;
 			break;
+		case AST_SIP_AUTH_TYPE_ARTIFICIAL:
+			ast_log(LOG_ERROR, "Trying to set artificial outbound auth credentials shouldn't happen.\n");
 		}
 	}

More information about the asterisk-commits mailing list