[asterisk-scf-commits] asterisk-scf/release/sip.git branch "authexten" updated.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Thu Feb 10 21:00:15 CST 2011
branch "authexten" has been updated
via fbfa98d635f3cd6737585691cf82b4e65a0f1570 (commit)
via b34fd7b76ef0badf930c078b692a56a8d36b6e23 (commit)
via 6a20f1ab5164bf1bbca0a3917ed5d3336773feeb (commit)
via 8635a95c6569029b979ea21c9a4de78f35dac2cb (commit)
via 41084ebbf79fb23cce9c1581b5f45c6aaffe7410 (commit)
from 783d705e83c78f171ebd2128c5dadecf8cb9e44d (commit)
Summary of changes:
src/AuthHelper.cpp | 212 ++++++++++++++++++++++++++++++++++++++++++
src/AuthHelper.h | 48 ++++++++++
src/CMakeLists.txt | 2 +
src/PJSipManager.cpp | 12 +-
src/PJSipManager.h | 4 +-
src/PJSipModule.h | 44 ++++++++-
src/PJSipSessionModule.cpp | 181 +++---------------------------------
src/PJSipSessionModule.h | 2 +-
src/SipSessionManagerApp.cpp | 12 +--
9 files changed, 326 insertions(+), 191 deletions(-)
create mode 100644 src/AuthHelper.cpp
create mode 100644 src/AuthHelper.h
- Log -----------------------------------------------------------------
commit fbfa98d635f3cd6737585691cf82b4e65a0f1570
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Feb 10 20:54:44 2011 -0600
Sort auth hooks by priority so that they are called in proper order.
diff --git a/src/AuthHelper.cpp b/src/AuthHelper.cpp
index cd905df..da8047d 100644
--- a/src/AuthHelper.cpp
+++ b/src/AuthHelper.cpp
@@ -28,7 +28,7 @@ namespace SipSessionManager
class AuthHelperPriv
{
public:
- AuthHelperPriv(moduleHookMap moduleHooks, RequestType type, pjsip_endpoint *endpt)
+ AuthHelperPriv(moduleHookVector moduleHooks, RequestType type, pjsip_endpoint *endpt)
: mEndpoint(endpt), pool(pjsip_endpt_create_pool(endpt, "auth%p", 1200, 512))
{
if (moduleHooks.empty())
@@ -36,10 +36,10 @@ public:
return;
}
- for (moduleHookMap::iterator iter = moduleHooks.begin(); iter != moduleHooks.end(); ++iter)
+ for (moduleHookVector::iterator iter = moduleHooks.begin(); iter != moduleHooks.end(); ++iter)
{
- RequestTypeSeq types = iter->second;
- AuthHookPrx hook = iter->first;
+ RequestTypeSeq types = (*iter)->getRequestTypes();
+ AuthHookPrx hook = (*iter)->getHook();
for (RequestTypeSeq::iterator typeIter = types.begin(); typeIter != types.end(); ++typeIter)
{
if (*typeIter == type)
@@ -98,7 +98,7 @@ public:
pj_pool_t *pool;
};
-AuthHelper::AuthHelper(moduleHookMap hooks, RequestType type, pjsip_endpoint *endpt)
+AuthHelper::AuthHelper(moduleHookVector hooks, RequestType type, pjsip_endpoint *endpt)
: mImpl(new AuthHelperPriv(hooks, type, endpt)) { }
std::vector<AuthHookPrx> AuthHelper::getHooks()
diff --git a/src/AuthHelper.h b/src/AuthHelper.h
index 240541b..1e4fe5b 100644
--- a/src/AuthHelper.h
+++ b/src/AuthHelper.h
@@ -36,7 +36,7 @@ class AuthHelperPriv;
class AuthHelper
{
public:
- AuthHelper(moduleHookMap hooks, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type, pjsip_endpoint *endpt);
+ AuthHelper(moduleHookVector hooks, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type, pjsip_endpoint *endpt);
std::vector<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx> getHooks();
void fillInRequestInfo(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestInfoPtr info);
void addDigests(pjsip_tx_data *tdata, AsteriskSCF::SIP::ExtensionPoint::V1::DigestChallengeSeq digests);
diff --git a/src/PJSipManager.cpp b/src/PJSipManager.cpp
index 9cb0a06..d81fb40 100644
--- a/src/PJSipManager.cpp
+++ b/src/PJSipManager.cpp
@@ -35,15 +35,15 @@ namespace AsteriskSCF
namespace SipSessionManager
{
-void PJSipManager::addAuthHook(AuthHookPrx hook, RequestTypeSeq types)
+void PJSipManager::addAuthHook(AuthHookPrx hook, int priority, RequestTypeSeq types)
{
if (mSessionModule)
{
- mSessionModule->addAuthHook(hook, types);
+ mSessionModule->addAuthHook(hook, priority, types);
}
if (mLoggingModule)
{
- mLoggingModule->addAuthHook(hook, types);
+ mLoggingModule->addAuthHook(hook, priority, types);
}
}
diff --git a/src/PJSipManager.h b/src/PJSipManager.h
index 06183ca..4cf385d 100644
--- a/src/PJSipManager.h
+++ b/src/PJSipManager.h
@@ -82,7 +82,7 @@ public:
* for logging incoming and outgoing SIP messages
*/
void registerLoggingModule();
- void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types);
+ void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, int priority, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types);
void removeAuthHook(const AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook);
void clearAuthHooks();
private:
diff --git a/src/PJSipModule.h b/src/PJSipModule.h
index aeb2062..13d9a4e 100644
--- a/src/PJSipModule.h
+++ b/src/PJSipModule.h
@@ -17,6 +17,7 @@
#pragma once
#include <string>
+#include <boost/shared_ptr.hpp>
#include <pjsip.h>
#include <pjsip_ua.h>
@@ -34,7 +35,28 @@ namespace SipSessionManager
using namespace AsteriskSCF::SIP::V1;
-typedef std::map<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq> moduleHookMap;
+class AuthHookData
+{
+public:
+ AuthHookData(int priority, AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types)
+ : mPriority(priority), mHook(hook), mTypes(types) { }
+
+ int getPriority() const { return mPriority; }
+ AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx getHook() const { return mHook; }
+ AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq getRequestTypes() const { return mTypes; }
+
+ bool operator< (const AuthHookData &rhs) const
+ {
+ return getPriority() < rhs.getPriority();
+ }
+
+private:
+ int mPriority;
+ AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx mHook;
+ AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq mTypes;
+};
+
+typedef std::vector<boost::shared_ptr<AuthHookData> > moduleHookVector;
class PJSipModule
{
public:
@@ -48,13 +70,22 @@ public:
virtual pj_status_t on_tx_response(pjsip_tx_data *tdata) = 0;
virtual void on_tsx_state(pjsip_transaction *tsx, pjsip_event *event) = 0;
pjsip_module &getModule() { return mModule; };
- void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types)
+ void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, int priority, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types)
{
- mAuthHooks.insert(std::make_pair(hook, types));
+ boost::shared_ptr<AuthHookData> hookData(new AuthHookData(priority, hook, types));
+ mAuthHooks.push_back(hookData);
+ std::stable_sort(mAuthHooks.begin(), mAuthHooks.end());
}
void removeAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook)
{
- mAuthHooks.erase(hook);
+ for (moduleHookVector::iterator iter = mAuthHooks.begin(); iter != mAuthHooks.end(); ++iter)
+ {
+ if ((*iter)->getHook() == hook)
+ {
+ mAuthHooks.erase(iter);
+ break;
+ }
+ }
}
void clearAuthHooks()
{
@@ -64,7 +95,7 @@ protected:
PJSipModule() { }
virtual ~PJSipModule() { }
pjsip_module mModule;
- moduleHookMap mAuthHooks;
+ moduleHookVector mAuthHooks;
private:
const std::string mName;
};
diff --git a/src/SipSessionManagerApp.cpp b/src/SipSessionManagerApp.cpp
index 20d1194..225695d 100644
--- a/src/SipSessionManagerApp.cpp
+++ b/src/SipSessionManagerApp.cpp
@@ -78,7 +78,7 @@ public:
const RequestTypeSeq &requestTypes,
const Ice::Current&)
{
- mPJSipManager->addAuthHook(hook, requestTypes);
+ mPJSipManager->addAuthHook(hook, priority, requestTypes);
}
void removeAuthHook(const AuthHookPrx &hook, const Ice::Current&)
commit b34fd7b76ef0badf930c078b692a56a8d36b6e23
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Feb 10 19:25:49 2011 -0600
Use proper type for INVITE authentication.
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 9c0d8ef..82c1a9c 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -436,7 +436,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
return false;
}
- InviteRequestInfoPtr info(new InviteRequestInfo);
+ RequestInfoPtr info(new InviteRequestInfo);
authHelper->fillInRequestInfo(rdata, info);
//We have our RequestInfo created. Now start calling out to any registered hooks
commit 6a20f1ab5164bf1bbca0a3917ed5d3336773feeb
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Feb 10 17:35:47 2011 -0600
Make adjustments based on recent changes in the slice.
The priority is currently ignored when adding a hook, so I'll need
to get that straightened out before doing anything else.
diff --git a/src/AuthHelper.cpp b/src/AuthHelper.cpp
index f7526a3..cd905df 100644
--- a/src/AuthHelper.cpp
+++ b/src/AuthHelper.cpp
@@ -38,8 +38,8 @@ public:
for (moduleHookMap::iterator iter = moduleHooks.begin(); iter != moduleHooks.end(); ++iter)
{
- RequestTypeSeq types = iter->second.second;
- AuthHookPrx hook = iter->second.first;
+ RequestTypeSeq types = iter->second;
+ AuthHookPrx hook = iter->first;
for (RequestTypeSeq::iterator typeIter = types.begin(); typeIter != types.end(); ++typeIter)
{
if (*typeIter == type)
diff --git a/src/PJSipManager.cpp b/src/PJSipManager.cpp
index 43e6525..9cb0a06 100644
--- a/src/PJSipManager.cpp
+++ b/src/PJSipManager.cpp
@@ -35,27 +35,27 @@ namespace AsteriskSCF
namespace SipSessionManager
{
-void PJSipManager::addAuthHook(HookId id, AuthHookPrx hook, RequestTypeSeq types)
+void PJSipManager::addAuthHook(AuthHookPrx hook, RequestTypeSeq types)
{
if (mSessionModule)
{
- mSessionModule->addAuthHook(id, hook, types);
+ mSessionModule->addAuthHook(hook, types);
}
if (mLoggingModule)
{
- mLoggingModule->addAuthHook(id, hook, types);
+ mLoggingModule->addAuthHook(hook, types);
}
}
-void PJSipManager::removeAuthHook(const HookId &id)
+void PJSipManager::removeAuthHook(const AuthHookPrx hook)
{
if (mSessionModule)
{
- mSessionModule->removeAuthHook(id);
+ mSessionModule->removeAuthHook(hook);
}
if (mLoggingModule)
{
- mLoggingModule->removeAuthHook(id);
+ mLoggingModule->removeAuthHook(hook);
}
}
diff --git a/src/PJSipManager.h b/src/PJSipManager.h
index 0abdc7e..06183ca 100644
--- a/src/PJSipManager.h
+++ b/src/PJSipManager.h
@@ -82,8 +82,8 @@ public:
* for logging incoming and outgoing SIP messages
*/
void registerLoggingModule();
- void addAuthHook(AsteriskSCF::System::Hook::V1::HookId id, AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types);
- void removeAuthHook(const AsteriskSCF::System::Hook::V1::HookId &id);
+ void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types);
+ void removeAuthHook(const AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook);
void clearAuthHooks();
private:
static PJSipManager *mInstance;
diff --git a/src/PJSipModule.h b/src/PJSipModule.h
index aac348b..aeb2062 100644
--- a/src/PJSipModule.h
+++ b/src/PJSipModule.h
@@ -34,7 +34,7 @@ namespace SipSessionManager
using namespace AsteriskSCF::SIP::V1;
-typedef std::map<AsteriskSCF::System::Hook::V1::HookId, std::pair<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq> > moduleHookMap;
+typedef std::map<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq> moduleHookMap;
class PJSipModule
{
public:
@@ -48,13 +48,13 @@ public:
virtual pj_status_t on_tx_response(pjsip_tx_data *tdata) = 0;
virtual void on_tsx_state(pjsip_transaction *tsx, pjsip_event *event) = 0;
pjsip_module &getModule() { return mModule; };
- void addAuthHook(AsteriskSCF::System::Hook::V1::HookId id, AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types)
+ void addAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq types)
{
- mAuthHooks.insert(std::make_pair(id, std::make_pair(hook, types)));
+ mAuthHooks.insert(std::make_pair(hook, types));
}
- void removeAuthHook(AsteriskSCF::System::Hook::V1::HookId id)
+ void removeAuthHook(AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx hook)
{
- mAuthHooks.erase(id);
+ mAuthHooks.erase(hook);
}
void clearAuthHooks()
{
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 7f1d49e..9c0d8ef 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -436,7 +436,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
return false;
}
- RequestInfoPtr info(new RequestInfo);
+ InviteRequestInfoPtr info(new InviteRequestInfo);
authHelper->fillInRequestInfo(rdata, info);
//We have our RequestInfo created. Now start calling out to any registered hooks
diff --git a/src/SipSessionManagerApp.cpp b/src/SipSessionManagerApp.cpp
index 294dc1d..20d1194 100644
--- a/src/SipSessionManagerApp.cpp
+++ b/src/SipSessionManagerApp.cpp
@@ -72,20 +72,18 @@ public:
{
}
- HookId addAuthHook(
+ void addAuthHook(
const AuthHookPrx &hook,
+ int priority,
const RequestTypeSeq &requestTypes,
const Ice::Current&)
{
- HookId id;
- id.id = IceUtil::generateUUID();
- mPJSipManager->addAuthHook(id, hook, requestTypes);
- return id;
+ mPJSipManager->addAuthHook(hook, requestTypes);
}
- void removeAuthHook(const HookId &id, const Ice::Current&)
+ void removeAuthHook(const AuthHookPrx &hook, const Ice::Current&)
{
- mPJSipManager->removeAuthHook(id);
+ mPJSipManager->removeAuthHook(hook);
}
void clearAuthHooks(const Ice::Current&)
commit 8635a95c6569029b979ea21c9a4de78f35dac2cb
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Feb 10 16:54:36 2011 -0600
Add a pj_pool_t to the AuthHelper class.
Prior to this change, we were using the dialog's pool. The problem
with this is that the dialog is destroyed when the ACK for a 401
is received. This means that anything we had saved is killed off
along with the dialog. We have to tie our pool into a longer-staying
structure. So we break off a chunk from the endpoint's pool instead.
The last thing that needs to be done for now is to somehow make
the AuthHelper accessible when an INVITE with authorization is
received. After that, the whole AKA business can be looked into
more wholly.
diff --git a/src/AuthHelper.cpp b/src/AuthHelper.cpp
index bd84a7b..f7526a3 100644
--- a/src/AuthHelper.cpp
+++ b/src/AuthHelper.cpp
@@ -28,7 +28,8 @@ namespace SipSessionManager
class AuthHelperPriv
{
public:
- AuthHelperPriv(moduleHookMap moduleHooks, RequestType type)
+ AuthHelperPriv(moduleHookMap moduleHooks, RequestType type, pjsip_endpoint *endpt)
+ : mEndpoint(endpt), pool(pjsip_endpt_create_pool(endpt, "auth%p", 1200, 512))
{
if (moduleHooks.empty())
{
@@ -49,6 +50,11 @@ public:
}
}
+ ~AuthHelperPriv()
+ {
+ pjsip_endpt_release_pool(mEndpoint, pool);
+ }
+
void getURIParams(pjsip_uri *uri, ParamDict ¶ms)
{
pjsip_sip_uri *sipURI = (pjsip_sip_uri *) pjsip_uri_get_uri(uri);
@@ -88,10 +94,12 @@ public:
std::vector<AuthHookPrx> hooks;
std::vector<pjsip_auth_srv *> authServers;
+ pjsip_endpoint *mEndpoint;
+ pj_pool_t *pool;
};
-AuthHelper::AuthHelper(moduleHookMap hooks, RequestType type)
- : mImpl(new AuthHelperPriv(hooks, type)) { }
+AuthHelper::AuthHelper(moduleHookMap hooks, RequestType type, pjsip_endpoint *endpt)
+ : mImpl(new AuthHelperPriv(hooks, type, endpt)) { }
std::vector<AuthHookPrx> AuthHelper::getHooks()
{
@@ -117,14 +125,14 @@ static pj_status_t lookup_cred(pj_pool_t *pool, const pj_str_t *realm, const pj_
return !PJ_SUCCESS;
}
-void AuthHelper::addDigests(pj_pool_t *pool, pjsip_tx_data *tdata, DigestChallengeSeq digests)
+void AuthHelper::addDigests(pjsip_tx_data *tdata, DigestChallengeSeq digests)
{
for (DigestChallengeSeq::iterator digest = digests.begin(); digest != digests.end(); ++digest)
{
- pjsip_auth_srv *authServer = PJ_POOL_ZALLOC_T(pool, pjsip_auth_srv);
+ pjsip_auth_srv *authServer = PJ_POOL_ZALLOC_T(mImpl->pool, pjsip_auth_srv);
pj_str_t realm;
pj_cstr(&realm, (*digest)->realm.c_str());
- pjsip_auth_srv_init(pool, authServer, &realm, lookup_cred, 0);
+ pjsip_auth_srv_init(mImpl->pool, authServer, &realm, lookup_cred, 0);
pj_str_t nonce, opaque, *noncePtr = NULL, *opaquePtr = NULL;
if (!(*digest)->opaque.empty())
{
diff --git a/src/AuthHelper.h b/src/AuthHelper.h
index 4868432..240541b 100644
--- a/src/AuthHelper.h
+++ b/src/AuthHelper.h
@@ -36,10 +36,10 @@ class AuthHelperPriv;
class AuthHelper
{
public:
- AuthHelper(moduleHookMap hooks, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ AuthHelper(moduleHookMap hooks, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type, pjsip_endpoint *endpt);
std::vector<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx> getHooks();
void fillInRequestInfo(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestInfoPtr info);
- void addDigests(pj_pool_t *pool, pjsip_tx_data *tdata, AsteriskSCF::SIP::ExtensionPoint::V1::DigestChallengeSeq digests);
+ void addDigests(pjsip_tx_data *tdata, AsteriskSCF::SIP::ExtensionPoint::V1::DigestChallengeSeq digests);
private:
boost::shared_ptr<AuthHelperPriv> mImpl;
};
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index fc6496c..7f1d49e 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -426,9 +426,9 @@ pj_status_t PJSipSessionModule::unload()
return PJ_SUCCESS;
}
-bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestType type)
+bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestType type, pjsip_endpoint *endpt)
{
- boost::shared_ptr<AuthHelper> authHelper(new AuthHelper(mAuthHooks, type));
+ boost::shared_ptr<AuthHelper> authHelper(new AuthHelper(mAuthHooks, type, endpt));
std::vector<AuthHookPrx> hooks = authHelper->getHooks();
if (hooks.empty())
@@ -459,7 +459,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
pjsip_tx_data *tdata;
pjsip_inv_end_session(inv, 401, NULL, &tdata);
- authHelper->addDigests(inv->pool, tdata, digests);
+ authHelper->addDigests(tdata, digests);
pjsip_inv_send_msg(inv, tdata);
//XXX In this case, we need to put the authHelper
@@ -542,7 +542,7 @@ void PJSipSessionModule::handleNewInvite(pjsip_rx_data *rdata)
pjsip_inv_terminate(inv_session, 500, PJ_FALSE);
}
- bool authSent = checkAuth(rdata, inv_session, DialogEstablishing);
+ bool authSent = checkAuth(rdata, inv_session, DialogEstablishing, dlg->endpt);
// This means we sent a 401 to the requester,
// so no need to go any further
diff --git a/src/PJSipSessionModule.h b/src/PJSipSessionModule.h
index ceea718..068703f 100644
--- a/src/PJSipSessionModule.h
+++ b/src/PJSipSessionModule.h
@@ -86,7 +86,7 @@ private:
void handleNewInvite(pjsip_rx_data *rdata);
void handleInviteResponse(pjsip_inv_session *inv, pjsip_rx_data *rdata, pjsip_dialog *dlg);
void handleRefer(pjsip_inv_session *inv, pjsip_rx_data *rdata);
- bool checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ bool checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type, pjsip_endpoint *endpt);
void getURIParams(pjsip_uri *uri, AsteriskSCF::SIP::ExtensionPoint::V1::ParamDict ¶ms);
pjsip_inv_callback mInvCallback;
pjsip_ua_init_param mUaParam;
commit 41084ebbf79fb23cce9c1581b5f45c6aaffe7410
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Feb 10 13:48:51 2011 -0600
Add AuthHelper class.
This can be used by any PJSIP module for common authentication tasks.
Currently, it does the following:
* Can help determine if any user hooks pertain to the current message
* Fill in RequestInfo using information from pjsip_rx_data
* Adds digest challenges to outgoing responses.
diff --git a/src/AuthHelper.cpp b/src/AuthHelper.cpp
new file mode 100644
index 0000000..bd84a7b
--- /dev/null
+++ b/src/AuthHelper.cpp
@@ -0,0 +1,204 @@
+/*
+ * Asterisk SCF -- An open-source communications framework.
+ *
+ * Copyright (C) 2011, Digium, Inc.
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk SCF project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE.txt file
+ * at the top of the source tree.
+ */
+
+#include "AuthHelper.h"
+
+using namespace AsteriskSCF::SIP::ExtensionPoint::V1;
+using namespace AsteriskSCF::System::Hook::V1;
+
+namespace AsteriskSCF
+{
+
+namespace SipSessionManager
+{
+
+class AuthHelperPriv
+{
+public:
+ AuthHelperPriv(moduleHookMap moduleHooks, RequestType type)
+ {
+ if (moduleHooks.empty())
+ {
+ return;
+ }
+
+ for (moduleHookMap::iterator iter = moduleHooks.begin(); iter != moduleHooks.end(); ++iter)
+ {
+ RequestTypeSeq types = iter->second.second;
+ AuthHookPrx hook = iter->second.first;
+ for (RequestTypeSeq::iterator typeIter = types.begin(); typeIter != types.end(); ++typeIter)
+ {
+ if (*typeIter == type)
+ {
+ hooks.push_back(hook);
+ }
+ }
+ }
+ }
+
+ void getURIParams(pjsip_uri *uri, ParamDict ¶ms)
+ {
+ pjsip_sip_uri *sipURI = (pjsip_sip_uri *) pjsip_uri_get_uri(uri);
+
+ if (pj_strlen(&sipURI->user_param) != 0)
+ {
+ params.insert(std::make_pair("user", std::string(pj_strbuf(&sipURI->user_param), pj_strlen(&sipURI->user_param))));
+ }
+ if (pj_strlen(&sipURI->method_param) != 0)
+ {
+ params.insert(std::make_pair("method", std::string(pj_strbuf(&sipURI->method_param), pj_strlen(&sipURI->method_param))));
+ }
+ if (pj_strlen(&sipURI->transport_param) != 0)
+ {
+ params.insert(std::make_pair("transport", std::string(pj_strbuf(&sipURI->transport_param), pj_strlen(&sipURI->transport_param))));
+ }
+ if (sipURI->ttl_param != -1)
+ {
+ std::stringstream stream;
+ stream << sipURI->ttl_param;
+ params.insert(std::make_pair("ttl", stream.str()));
+ }
+ //lr has no value associated with it. It either is there or it is not there. It is
+ //the redheaded stepchild of the SIP URI parameter world. I weep for it.
+ if (sipURI->lr_param != 0)
+ {
+ params.insert(std::make_pair("lr", std::string()));
+ }
+
+ for (pjsip_param *iter = sipURI->other_param.next; iter != &sipURI->other_param; iter = iter->next)
+ {
+ std::string name(pj_strbuf(&iter->name), pj_strlen(&iter->name));
+ std::string value(pj_strbuf(&iter->value), pj_strlen(&iter->value));
+ params.insert(std::make_pair(name, value));
+ }
+ }
+
+ std::vector<AuthHookPrx> hooks;
+ std::vector<pjsip_auth_srv *> authServers;
+};
+
+AuthHelper::AuthHelper(moduleHookMap hooks, RequestType type)
+ : mImpl(new AuthHelperPriv(hooks, type)) { }
+
+std::vector<AuthHookPrx> AuthHelper::getHooks()
+{
+ return mImpl->hooks;
+}
+
+static pj_status_t lookup_cred(pj_pool_t *pool, const pj_str_t *realm, const pj_str_t *acc_name, pjsip_cred_info *cred_info)
+{
+ //XXX I'm still not 100% sure I understand the purpose of this function. Apparently, when I call
+ //pjsip_srv_auth_verify(), it then will call into this function with a realm and account name, and
+ //I then fill in the cred_info so that pjsip can determine if the user has authenticated properly.
+ //Of course, it's not documented what I should return if things fail. It's also not documented
+ //whether I should dynamically allocate data in the cred_info or not. I mean, I'm given a pool, so...maybe?
+
+ //Also, it would be super awesome if I were given ANYTHING from the dialog here so I might be able to
+ //pull mod_data from it and get information. Instead, I'm forced to store information in some sort of
+ //shared space, meaning potential resource contention. Lovely.
+
+ //Luckily all I'm focused on is adding the extension point into the code, the authentication itself
+ //is a separate task, so I can get to that when I get to that. For now I'll just be sure not to
+ //return PJ_SUCCESS so that it's clear that
+
+ return !PJ_SUCCESS;
+}
+
+void AuthHelper::addDigests(pj_pool_t *pool, pjsip_tx_data *tdata, DigestChallengeSeq digests)
+{
+ for (DigestChallengeSeq::iterator digest = digests.begin(); digest != digests.end(); ++digest)
+ {
+ pjsip_auth_srv *authServer = PJ_POOL_ZALLOC_T(pool, pjsip_auth_srv);
+ pj_str_t realm;
+ pj_cstr(&realm, (*digest)->realm.c_str());
+ pjsip_auth_srv_init(pool, authServer, &realm, lookup_cred, 0);
+ pj_str_t nonce, opaque, *noncePtr = NULL, *opaquePtr = NULL;
+ if (!(*digest)->opaque.empty())
+ {
+ pj_cstr(&opaque, (*digest)->opaque.front().c_str());
+ opaquePtr = &opaque;
+ }
+ if (!(*digest)->nonce.empty())
+ {
+ pj_cstr(&nonce, (*digest)->nonce.front().c_str());
+ noncePtr = &nonce;
+ }
+ pjsip_auth_srv_challenge(authServer, NULL, noncePtr, opaquePtr, PJ_FALSE, tdata);
+ mImpl->authServers.push_back(authServer);
+ }
+}
+
+void AuthHelper::fillInRequestInfo(pjsip_rx_data *rdata, RequestInfoPtr info)
+{
+ char buf[512];
+ size_t pos;
+
+ pjsip_name_addr *from = (pjsip_name_addr *)rdata->msg_info.from->uri;
+ info->fromName = std::string(pj_strbuf(&from->display), pj_strlen(&from->display));
+
+ pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, from->uri, buf, sizeof(buf));
+ std::string fromURI(buf, strlen(buf));
+ pos = fromURI.find_first_of(';');
+ info->fromURI = fromURI.substr(0, pos);
+
+ if (pos != std::string::npos)
+ {
+ mImpl->getURIParams(from->uri, info->fromParams);
+ }
+
+ pjsip_name_addr *to = (pjsip_name_addr *)rdata->msg_info.to->uri;
+ info->toName = std::string(pj_strbuf(&to->display), pj_strlen(&to->display));
+
+ pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, to->uri, buf, sizeof(buf));
+ std::string toURI(buf, strlen(buf));
+ pos = toURI.find_first_of(';');
+ info->toURI = toURI.substr(0, pos);
+
+ if (pos != std::string::npos)
+ {
+ mImpl->getURIParams(to->uri, info->toParams);
+ }
+
+ pjsip_uri *rURI = (pjsip_uri *) pjsip_uri_get_uri(rdata->msg_info.msg->line.req.uri);
+ pjsip_uri_print(PJSIP_URI_IN_REQ_URI, rURI, buf, sizeof(buf));
+ std::string rURIStr(buf, strlen(buf));
+ pos = rURIStr.find_first_of(';');
+ info->requestURI = rURIStr.substr(0, pos);
+
+ if (pos != std::string::npos)
+ {
+ mImpl->getURIParams(rURI, info->requestURIParams);
+ }
+
+ info->IPAddr = std::string(pj_sockaddr_print((pj_sockaddr_t *) &rdata->pkt_info.src_addr, buf, rdata->pkt_info.src_addr_len, 0), rdata->pkt_info.src_addr_len);
+ info->port = rdata->pkt_info.src_port;
+ std::string transport(rdata->tp_info.transport->type_name);
+ if (transport == "tcp")
+ {
+ info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::TCP;
+ }
+ else if (transport == "tls")
+ {
+ info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::TLS;
+ }
+ else if (transport == "udp")
+ {
+ info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::UDP;
+ }
+}
+
+};
+};
diff --git a/src/AuthHelper.h b/src/AuthHelper.h
new file mode 100644
index 0000000..4868432
--- /dev/null
+++ b/src/AuthHelper.h
@@ -0,0 +1,48 @@
+/*
+ * Asterisk SCF -- An open-source communications framework.
+ *
+ * Copyright (C) 2011, Digium, Inc.
+ *
+ * See http://www.asterisk.org for more information about
+ * the Asterisk SCF project. Please do not directly contact
+ * any of the maintainers of this project for assistance;
+ * the project provides a web site, mailing lists and IRC
+ * channels for your use.
+ *
+ * This program is free software, distributed under the terms of
+ * the GNU General Public License Version 2. See the LICENSE.txt file
+ * at the top of the source tree.
+ */
+
+#pragma once
+
+#include <boost/shared_ptr.hpp>
+#include <pjsip.h>
+#include <pjlib.h>
+
+#include <AsteriskSCF/System/Hook/HookIf.h>
+#include <AsteriskSCF/SIP/SIPExtensionPointIf.h>
+
+#include "PJSipModule.h"
+
+namespace AsteriskSCF
+{
+
+namespace SipSessionManager
+{
+
+class AuthHelperPriv;
+
+class AuthHelper
+{
+public:
+ AuthHelper(moduleHookMap hooks, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ std::vector<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx> getHooks();
+ void fillInRequestInfo(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestInfoPtr info);
+ void addDigests(pj_pool_t *pool, pjsip_tx_data *tdata, AsteriskSCF::SIP::ExtensionPoint::V1::DigestChallengeSeq digests);
+private:
+ boost::shared_ptr<AuthHelperPriv> mImpl;
+};
+
+}; //end namespace SipSessionManager
+}; //end namespace AsteriskSCF
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index d03df8c..99e9240 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -27,6 +27,8 @@ asterisk_scf_component_add_file(SipSessionManager PJSipSessionModule.h)
asterisk_scf_component_add_file(SipSessionManager PJSipLoggingModule.cpp)
asterisk_scf_component_add_file(SipSessionManager PJSipLoggingModuleConstruction.cpp)
asterisk_scf_component_add_file(SipSessionManager PJSipLoggingModule.h)
+asterisk_scf_component_add_file(SipSessionManager AuthHelper.cpp)
+asterisk_scf_component_add_file(SipSessionManager AuthHelper.h)
asterisk_scf_component_add_file(SipSessionManager SipStateReplicatorListener.cpp)
asterisk_scf_component_add_file(SipSessionManager SipStateReplicator.h)
asterisk_scf_component_add_slice(SipSessionManager ../local-slice/SipIf.ice)
diff --git a/src/PJSipModule.h b/src/PJSipModule.h
index 2a0d6ca..aac348b 100644
--- a/src/PJSipModule.h
+++ b/src/PJSipModule.h
@@ -1,7 +1,7 @@
/*
* Asterisk SCF -- An open-source communications framework.
*
- * Copyright (C) 2010, Digium, Inc.
+ * Copyright (C) 2010 - 2011, Digium, Inc.
*
* See http://www.asterisk.org for more information about
* the Asterisk SCF project. Please do not directly contact
@@ -34,6 +34,7 @@ namespace SipSessionManager
using namespace AsteriskSCF::SIP::V1;
+typedef std::map<AsteriskSCF::System::Hook::V1::HookId, std::pair<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq> > moduleHookMap;
class PJSipModule
{
public:
@@ -63,7 +64,7 @@ protected:
PJSipModule() { }
virtual ~PJSipModule() { }
pjsip_module mModule;
- std::map<AsteriskSCF::System::Hook::V1::HookId, std::pair<AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx, AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq> > mAuthHooks;
+ moduleHookMap mAuthHooks;
private:
const std::string mName;
};
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index bcddcc0..fc6496c 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -27,6 +27,7 @@
#include "SipSession.h"
#include "PJSipManager.h"
#include "SipStateReplicator.h"
+#include "AuthHelper.h"
using namespace AsteriskSCF::System::Logging;
using namespace AsteriskSCF::SIP::ExtensionPoint::V1;
@@ -425,159 +426,18 @@ pj_status_t PJSipSessionModule::unload()
return PJ_SUCCESS;
}
-void PJSipSessionModule::getURIParams(pjsip_uri *uri, ParamDict ¶ms)
-{
- pjsip_sip_uri *sipURI = (pjsip_sip_uri *) pjsip_uri_get_uri(uri);
-
- if (pj_strlen(&sipURI->user_param) != 0)
- {
- params.insert(std::make_pair("user", std::string(pj_strbuf(&sipURI->user_param), pj_strlen(&sipURI->user_param))));
- }
- if (pj_strlen(&sipURI->method_param) != 0)
- {
- params.insert(std::make_pair("method", std::string(pj_strbuf(&sipURI->method_param), pj_strlen(&sipURI->method_param))));
- }
- if (pj_strlen(&sipURI->transport_param) != 0)
- {
- params.insert(std::make_pair("transport", std::string(pj_strbuf(&sipURI->transport_param), pj_strlen(&sipURI->transport_param))));
- }
- if (sipURI->ttl_param != -1)
- {
- std::stringstream stream;
- stream << sipURI->ttl_param;
- params.insert(std::make_pair("ttl", stream.str()));
- }
- //lr has no value associated with it. It either is there or it is not there. It is
- //the redheaded stepchild of the SIP URI parameter world. I weep for it.
- if (sipURI->lr_param != 0)
- {
- params.insert(std::make_pair("lr", std::string()));
- }
-
- for (pjsip_param *iter = sipURI->other_param.next; iter != &sipURI->other_param; iter = iter->next)
- {
- std::string name(pj_strbuf(&iter->name), pj_strlen(&iter->name));
- std::string value(pj_strbuf(&iter->value), pj_strlen(&iter->value));
- params.insert(std::make_pair(name, value));
- }
-}
-
-static pj_status_t lookup_cred(pj_pool_t *pool, const pj_str_t *realm, const pj_str_t *acc_name, pjsip_cred_info *cred_info)
-{
- //XXX I'm still not 100% sure I understand the purpose of this function. Apparently, when I call
- //pjsip_srv_auth_verify(), it then will call into this function with a realm and account name, and
- //I then fill in the cred_info so that pjsip can determine if the user has authenticated properly.
- //Of course, it's not documented what I should return if things fail. It's also not documented
- //whether I should dynamically allocate data in the cred_info or not. I mean, I'm given a pool, so...maybe?
-
- //Also, it would be super awesome if I were given ANYTHING from the dialog here so I might be able to
- //pull mod_data from it and get information. Instead, I'm forced to store information in some sort of
- //shared space, meaning potential resource contention. Lovely.
-
- //Luckily all I'm focused on is adding the extension point into the code, the authentication itself
- //is a separate task, so I can get to that when I get to that. For now I'll just be sure not to
- //return PJ_SUCCESS so that it's clear that
-
- return !PJ_SUCCESS;
-}
-
bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestType type)
{
- //XXX This could be a handy function to determine if there are
- //any applicable hooks and then to fill in a vector of those that
- //are applicable if so.
- //If there are no hooks, this is simple
- if (mAuthHooks.empty())
- {
- return false;
- }
-
- //Even if they have hooks, it may be that they do not apply to this type
- //of request. Building a local vector of applicable hooks simplifies matters.
+ boost::shared_ptr<AuthHelper> authHelper(new AuthHelper(mAuthHooks, type));
- std::vector<AuthHookPrx> hooks;
- for (std::map<HookId, std::pair<AuthHookPrx, RequestTypeSeq> >::iterator iter = mAuthHooks.begin(); iter != mAuthHooks.end(); ++iter)
- {
- RequestTypeSeq types = iter->second.second;
- AuthHookPrx hook = iter->second.first;
- for (RequestTypeSeq::iterator typeIter = types.begin(); typeIter != types.end(); ++typeIter)
- {
- if (*typeIter == type)
- {
- hooks.push_back(hook);
- }
- }
- }
-
+ std::vector<AuthHookPrx> hooks = authHelper->getHooks();
if (hooks.empty())
{
return false;
}
- //XXX This marks the end of that function
-
- //XXX A method to take rdata and create a RequestInfoPtr
- //is essential
RequestInfoPtr info(new RequestInfo);
-
- char buf[512];
- size_t pos;
- pjsip_name_addr *from = (pjsip_name_addr *)rdata->msg_info.from->uri;
- info->fromName = std::string(pj_strbuf(&from->display), pj_strlen(&from->display));
-
- pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, from->uri, buf, sizeof(buf));
- std::string fromURI(buf, strlen(buf));
- //pjsip_uri_print includes the URI parameters, but since we're presenting
- //URI parameters in a separate dictionary, we need to strip those off.
- pos = fromURI.find_first_of(';');
- info->fromURI = fromURI.substr(0, pos);
-
- if (pos != std::string::npos)
- {
- getURIParams(from->uri, info->fromParams);
- }
-
- pjsip_name_addr *to = (pjsip_name_addr *)rdata->msg_info.to->uri;
- info->toName = std::string(pj_strbuf(&to->display), pj_strlen(&to->display));
-
- pjsip_uri_print(PJSIP_URI_IN_FROMTO_HDR, to->uri, buf, sizeof(buf));
- std::string toURI(buf, strlen(buf));
- pos = toURI.find_first_of(';');
- info->toURI = toURI.substr(0, pos);
-
- if (pos != std::string::npos)
- {
- getURIParams(to->uri, info->toParams);
- }
-
- pjsip_uri *rURI = (pjsip_uri *) pjsip_uri_get_uri(rdata->msg_info.msg->line.req.uri);
- pjsip_uri_print(PJSIP_URI_IN_REQ_URI, rURI, buf, sizeof(buf));
- std::string rURIStr(buf, strlen(buf));
- pos = rURIStr.find_first_of(';');
- info->requestURI = rURIStr.substr(0, pos);
-
- if (pos != std::string::npos)
- {
- getURIParams(rURI, info->requestURIParams);
- }
-
- info->IPAddr = std::string(pj_sockaddr_print((pj_sockaddr_t *) &rdata->pkt_info.src_addr, buf, rdata->pkt_info.src_addr_len, 0), rdata->pkt_info.src_addr_len);
- info->port = rdata->pkt_info.src_port;
- std::string transport(rdata->tp_info.transport->type_name);
- if (transport == "tcp")
- {
- info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::TCP;
- }
- else if (transport == "tls")
- {
- info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::TLS;
- }
- else if (transport == "udp")
- {
- info->transport = AsteriskSCF::SIP::ExtensionPoint::V1::UDP;
- }
-
- //XXX End of the function to fill in a RequestInfoPtr
+ authHelper->fillInRequestInfo(rdata, info);
//We have our RequestInfo created. Now start calling out to any registered hooks
for (std::vector<AuthHookPrx>::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
@@ -598,29 +458,12 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
pjsip_tx_data *tdata;
pjsip_inv_end_session(inv, 401, NULL, &tdata);
- //XXX this would be another good function to isolate. It would take the sequence
- //of digests and some tdata and ge the tdata in proper shape.
- for (DigestChallengeSeq::iterator digest = digests.begin(); digest != digests.end(); ++digest)
- {
- pjsip_auth_srv authServer;
- pj_str_t realm;
- pj_cstr(&realm, (*digest)->realm.c_str());
- pjsip_auth_srv_init(inv->pool, &authServer, &realm, lookup_cred, 0);
- pj_str_t nonce, opaque, *noncePtr = NULL, *opaquePtr = NULL;
- if (!(*digest)->opaque.empty())
- {
- pj_cstr(&opaque, (*digest)->opaque.front().c_str());
- opaquePtr = &opaque;
- }
- if (!(*digest)->nonce.empty())
- {
- pj_cstr(&nonce, (*digest)->nonce.front().c_str());
- noncePtr = &nonce;
- }
- pjsip_auth_srv_challenge(&authServer, NULL, noncePtr, opaquePtr, PJ_FALSE, tdata);
- }
- //XXX End of function
+
+ authHelper->addDigests(inv->pool, tdata, digests);
+
pjsip_inv_send_msg(inv, tdata);
+ //XXX In this case, we need to put the authHelper
+ //somewhere we can retrieve it later.
return true;
}
}
-----------------------------------------------------------------------
--
asterisk-scf/release/sip.git
More information about the asterisk-scf-commits
mailing list