[asterisk-dev] [Code Review]: Pimp my SIP: outbound auth

opticron reviewboard at asterisk.org
Thu Mar 21 14:38:30 CDT 2013



> On March 21, 2013, 10:34 a.m., opticron wrote:
> > /team/group/pimp_my_sip/res/res_sip.c, line 502
> > <https://reviewboard.asterisk.org/r/2406/diff/1/?file=34844#file34844line502>
> >
> >     Contact needs to be unreffed.
> 
> Mark Michelson wrote:
>     Nope, it's an RAII_VAR.

Not sure how I missed that...maybe I'm going yellow-highlight-blind from doing code reviews all day.


- opticron


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2406/#review8109
-----------------------------------------------------------


On March 19, 2013, 5:30 p.m., Mark Michelson wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2406/
> -----------------------------------------------------------
> 
> (Updated March 19, 2013, 5:30 p.m.)
> 
> 
> Review request for Asterisk Developers and Joshua Colp.
> 
> 
> Summary
> -------
> 
> This adds support for outbound authentication. "Outbound authentication" here means sending requests with authentication credentials based on a challenge received in a 401 or 407 SIP response.
> 
> There are two main considerations here: in-dialog requests and out-of-dialog requests.
> 
> For in-dialog requests, one uses ast_sip_dialog_setup_outbound_auth() in order to prepare a dialog for performing outbound authentication. This registers a module as a dialog usage so that when an inbound response is received, the module can intercept the response. A callback can be provided when setting up in-dialog outbound authentication if there is any further housekeeping that needs to be done based on the application in use.
> 
> For out-of-dialog requests, the outbound authentication logic is taken care of for you by the ast_sip_send_request() function. It registers a callback that will take care of sending an authentication request if the situation arises.
> 
> Both make use of a pluggable framework similar to what is used for inbound authentication. Currently the only outbound authenticator written is one that uses digest authentication.
> 
> There are some decidedly non-outbound-auth-related changes in this diff; however, they were done so that I could properly test outbound auth. The ast_sip_send_request() method has been split into two functions: one to create a request and one to send a request. This diff actually fills in these functions to be more than just stubs. In doing this, I found code that I needed embedded in other functions, so I pulled out that logic into their own smaller functions so that code did not have to be repeated. sip_options.c has a CLI command that allows for sending an OPTIONS request to an arbitrary endpoint. This was done so that I could test out-of-dialog outbound authentication. While I could remove the CLI command, it seems like a useful thing to have. In addition, chan_sip has a "sip qualify peer" CLI command, so having something similar to work off of is a good thing.
> 
> 
> This addresses bug ASTERISK-21199.
>     https://issues.asterisk.org/jira/browse/ASTERISK-21199
> 
> 
> Diffs
> -----
> 
>   /team/group/pimp_my_sip/include/asterisk/res_sip.h 383399 
>   /team/group/pimp_my_sip/res/res_sip.c 383399 
>   /team/group/pimp_my_sip/res/res_sip.exports.in 383399 
>   /team/group/pimp_my_sip/res/res_sip/include/res_sip_private.h 383399 
>   /team/group/pimp_my_sip/res/res_sip/location.c 383399 
>   /team/group/pimp_my_sip/res/res_sip/sip_configuration.c 383399 
>   /team/group/pimp_my_sip/res/res_sip/sip_distributor.c 383399 
>   /team/group/pimp_my_sip/res/res_sip/sip_options.c 383399 
>   /team/group/pimp_my_sip/res/res_sip/sip_outbound_auth.c PRE-CREATION 
>   /team/group/pimp_my_sip/res/res_sip_authenticator_digest.c 383399 
>   /team/group/pimp_my_sip/res/res_sip_outbound_authenticator_digest.c PRE-CREATION 
>   /team/group/pimp_my_sip/res/res_sip_session.c 383399 
> 
> Diff: https://reviewboard.asterisk.org/r/2406/diff
> 
> 
> Testing
> -------
> 
> Tested by using SIPp to challenge INVITE requests and OPTIONS requests. In both cases, I tested with and without an outbound authenticator registered. In both cases, behavior was as expected.
> 
> 
> Thanks,
> 
> Mark
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20130321/d865b22e/attachment-0001.htm>


More information about the asterisk-dev mailing list