[svn-commits] mmichelson: branch mmichelson/authenticate r380789 - in /team/mmichelson/auth...

Fri Feb 1 14:46:22 CST 2013

Author: mmichelson
Date: Fri Feb  1 14:46:19 2013
New Revision: 380789

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=380789
Log:
Construct a temporary way of using the endpoint to determine if authentication succeeds.

The "secret" endpoint configuration option is the only one added at this point. Configuration
of realm, authentication username, and potential other methods of authentication should be
added as well.

This change uses thread-local storage in order to get access to the endpoint in the PJSIP
callback. If this is deemed usable, then I may not need to backport the changes I pulled
in from PJSIP trunk early in this branch's lifetime.


Modified:
    team/mmichelson/authenticate/include/asterisk/res_sip.h
    team/mmichelson/authenticate/res/res_sip/sip_configuration.c
    team/mmichelson/authenticate/res/res_sip_authenticator.c

Modified: team/mmichelson/authenticate/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/include/asterisk/res_sip.h?view=diff&rev=380789&r1=380788&r2=380789
==============================================================================

--- team/mmichelson/authenticate/include/asterisk/res_sip.h (original)
+++ team/mmichelson/authenticate/include/asterisk/res_sip.h Fri Feb  1 14:46:19 2013
@@ -181,8 +181,10 @@
 	AST_DECLARE_STRING_FIELDS(
 		/*! Context to send incoming calls to */
 		AST_STRING_FIELD(context);
-                /*! Name of an explicit transport to use */
-                AST_STRING_FIELD(transport);
+		/*! Name of an explicit transport to use */
+		AST_STRING_FIELD(transport);
+		/*! Authentication secret */
+		AST_STRING_FIELD(secret);
 	);
 	/*! Identification information for this endpoint */
 	struct ast_party_id id;

Modified: team/mmichelson/authenticate/res/res_sip/sip_configuration.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip/sip_configuration.c?view=diff&rev=380789&r1=380788&r2=380789
==============================================================================
--- team/mmichelson/authenticate/res/res_sip/sip_configuration.c (original)
+++ team/mmichelson/authenticate/res/res_sip/sip_configuration.c Fri Feb  1 14:46:19 2013
@@ -232,6 +232,7 @@
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "timers", "yes", timers_handler, NULL, 0, 0);
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "timers_min_se", "90", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, min_se));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "timers_sess_expires", "1800", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, sess_expires));
+	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "secret", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, secret));
 
 	if (ast_sip_initialize_sorcery_transport(sip_sorcery)) {
 		ast_log(LOG_ERROR, "Failed to register SIP transport support with sorcery\n");

Modified: team/mmichelson/authenticate/res/res_sip_authenticator.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip_authenticator.c?view=diff&rev=380789&r1=380788&r2=380789
==============================================================================
--- team/mmichelson/authenticate/res/res_sip_authenticator.c (original)
+++ team/mmichelson/authenticate/res/res_sip_authenticator.c Fri Feb  1 14:46:19 2013
@@ -47,9 +47,58 @@
 const char default_username[] = "bob";
 const char default_password[] = "hunter2";
 
+static void auth_endpoint_cleanup(void *data)
+{
+	struct ast_sip_endpoint **endpoint = data;
+
+	ao2_cleanup(*endpoint);
+	ast_free(data);
+}
+
+AST_THREADSTORAGE_CUSTOM(auth_endpoint, NULL, auth_endpoint_cleanup);
+
+static int store_endpoint(struct ast_sip_endpoint *endpoint)
+{
+	struct ast_sip_endpoint **pointing;
+	pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+	if (!pointing || *pointing) {
+		return -1;
+	}
+
+	ao2_ref(endpoint, +1);
+	*pointing = endpoint;
+	return 0;
+}
+
+static int remove_endpoint(void)
+{
+	struct ast_sip_endpoint **pointing;
+	pointing = ast_threadstorage_get(&auth_endpoint, sizeof(pointing));
+	if (!pointing) {
+		return -1;
+	}
+
+	ao2_cleanup(*pointing);
+	*pointing = NULL;
+	return 0;
+}
+
+static struct ast_sip_endpoint *get_endpoint(void)
+{
+	struct ast_sip_endpoint **endpoint;
+	endpoint = ast_threadstorage_get(&auth_endpoint, sizeof(endpoint));
+	if (endpoint && *endpoint) {
+		ao2_ref(*endpoint, +1);
+		return *endpoint;
+	}
+	return NULL;
+}
+
 static pj_status_t default_lookup(pj_pool_t *pool, const pj_str_t *realm,
 		const pj_str_t *acc_name, pjsip_cred_info *info)
 {
+	RAII_VAR(struct ast_sip_endpoint *, endpoint, get_endpoint(), ao2_cleanup);
+
 	if (pj_strcmp2(realm, default_realm)) {
 		return PJSIP_SC_FORBIDDEN;
 	}
@@ -58,7 +107,7 @@
 	}
 	pj_strdup2(pool, &info->realm, default_realm);
 	pj_strdup2(pool, &info->username, default_username);
-	pj_strdup2(pool, &info->data, default_password);
+	pj_strdup2(pool, &info->data, endpoint->secret);
 	info->data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
 	return PJ_SUCCESS;
 }
@@ -76,10 +125,14 @@
 
 	pjsip_auth_srv_init(tdata->pool, &auth_server, &realm, default_lookup, 0);
 
+	store_endpoint(endpoint);
+
 	/* First thing's first, let's see if this request passes muster */
 	if (pjsip_auth_srv_verify(&auth_server, rdata, &response_code) == PJ_SUCCESS) {
 		return AST_SIP_AUTHENTICATION_SUCCESS;
 	}
+
+	remove_endpoint();
 
 	/* Oh no! They couldn't authenticate. Well let's create a challenge for them. */
 	pjsip_auth_srv_challenge(&auth_server, &qop, NULL, NULL, PJ_FALSE, tdata);


