[svn-commits] mmichelson: branch mmichelson/authenticate r380791 - in /team/mmichelson/auth...

SVN commits to the Digium repositories svn-commits at lists.digium.com
Fri Feb 1 17:58:30 CST 2013 

Author: mmichelson
Date: Fri Feb  1 17:58:26 2013
New Revision: 380791

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=380791
Log:
Make more extensive options for endpoint authentication.

This makes some seeming backwards steps in the actual authenticator,
but the endpoint now is set up with much more extensive options for
authentication. The next step will be to use these options in the
authenticator.


Modified:
    team/mmichelson/authenticate/include/asterisk/res_sip.h
    team/mmichelson/authenticate/res/res_sip/sip_configuration.c
    team/mmichelson/authenticate/res/res_sip_authenticator.c

Modified: team/mmichelson/authenticate/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/include/asterisk/res_sip.h?view=diff&rev=380791&r1=380790&r2=380791
==============================================================================
--- team/mmichelson/authenticate/include/asterisk/res_sip.h (original)
+++ team/mmichelson/authenticate/include/asterisk/res_sip.h Fri Feb  1 17:58:26 2013
@@ -174,6 +174,36 @@
 };
 
 /*!
+ * \brief Methods of storing SIP digest authentication credentials.
+ *
+ * Note that both methods result in MD5 digest authentication being
+ * used. The two methods simply alter how Asterisk determines the
+ * credentials for a SIP authentication
+ */
+enum ast_sip_auth_type {
+	/*! Credentials stored as a username and password combination */
+	AST_SIP_AUTH_TYPE_USER_PASS,
+	/*! Credentials stored as an MD5 sum */
+	AST_SIP_AUTH_TYPE_MD5,
+};
+
+struct ast_sip_auth {
+	SORCERY_OBJECT(details);
+	AST_DECLARE_STRING_FIELDS(
+		/* Identification for these credentials */
+		AST_STRING_FIELD(realm);
+		/* Authentication username */
+		AST_STRING_FIELD(auth_user);
+		/* Authentication password */
+		AST_STRING_FIELD(auth_pass);
+		/* Authentication credentials in MD5 format (hash of user:realm:pass) */
+		AST_STRING_FIELD(md5_creds);
+	);
+	/* Used to determine what to use when authenticating */
+	enum ast_sip_auth_type type;
+};
+
+/*!
  * \brief An entity with which Asterisk communicates
  */
 struct ast_sip_endpoint {
@@ -183,8 +213,6 @@
 		AST_STRING_FIELD(context);
 		/*! Name of an explicit transport to use */
 		AST_STRING_FIELD(transport);
-		/*! Authentication secret */
-		AST_STRING_FIELD(secret);
 	);
 	/*! Identification information for this endpoint */
 	struct ast_party_id id;
@@ -196,6 +224,8 @@
 	struct ast_codec_pref prefs;
 	/*! Configured codecs */
 	struct ast_format_cap *codecs;
+	/*! Authentication credentials */
+	struct ao2_container *sip_auths;
 	/*! DTMF mode to use with this endpoint */
 	enum ast_sip_dtmf_mode dtmf;
 	/*! Enabled SIP extensions */
@@ -410,6 +440,16 @@
 int ast_sip_initialize_sorcery_transport(struct ast_sorcery *sorcery);
 
 /*!
+ * \brief Initialize authentication support on a sorcery instance
+ *
+ * \param sorcery The sorcery instance
+ *
+ * \retval -1 failure
+ * \retval 0 success
+ */
+int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery);
+
+/*!
  * \brief Create a new SIP work structure
  *
  * A SIP work is a means of grouping together SIP tasks. For instance, one

Modified: team/mmichelson/authenticate/res/res_sip/sip_configuration.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip/sip_configuration.c?view=diff&rev=380791&r1=380790&r2=380791
==============================================================================
--- team/mmichelson/authenticate/res/res_sip/sip_configuration.c (original)
+++ team/mmichelson/authenticate/res/res_sip/sip_configuration.c Fri Feb  1 17:58:26 2013
@@ -193,6 +193,26 @@
 	return 0;
 }
 
+static int auth_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
+{
+	char *auths = ast_strdupa(var->value);
+	char *val;
+	struct ast_sip_endpoint *endpoint = obj;
+
+	while ((val = strsep(&auths, ","))) {
+		RAII_VAR(struct ast_sip_auth *, to_add,
+				ast_sorcery_retrieve_by_id(sip_sorcery, "auth", val), ao2_cleanup);
+		if (!to_add) {
+			ast_log(LOG_WARNING, "Unknown auth '%s' specified.\n", val);
+			return -1;
+		}
+		if (!ao2_link(endpoint->sip_auths, to_add)) {
+			return -1;
+		}
+	}
+	return 0;
+}
+
 int ast_res_sip_initialize_configuration(void)
 {
 	if (ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands))) {
@@ -205,6 +225,14 @@
 	}
 
 	ast_sorcery_apply_config(sip_sorcery, "res_sip");
+
+	if (ast_sip_initialize_sorcery_auth(sip_sorcery)) {
+		ast_log(LOG_ERROR, "Failed to register SIP authentication support\n");
+		ast_sorcery_unref(sip_sorcery);
+		sip_sorcery = NULL;
+		return -1;
+	}
+
 	ast_sorcery_apply_default(sip_sorcery, "endpoint", "config", "res_sip.conf,criteria=type=endpoint");
 
 	ast_sorcery_apply_default(sip_sorcery, "location_to_endpoint", "memory", NULL);
@@ -232,7 +260,7 @@
 	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "timers", "yes", timers_handler, NULL, 0, 0);
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "timers_min_se", "90", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, min_se));
 	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "timers_sess_expires", "1800", OPT_UINT_T, 0, FLDSET(struct ast_sip_endpoint, sess_expires));
-	ast_sorcery_object_field_register(sip_sorcery, "endpoint", "secret", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, secret));
+	ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "auth", "", auth_handler, NULL, 0, 0);
 
 	if (ast_sip_initialize_sorcery_transport(sip_sorcery)) {
 		ast_log(LOG_ERROR, "Failed to register SIP transport support with sorcery\n");
@@ -269,10 +297,15 @@
 	if (endpoint->codecs) {
 		ast_format_cap_destroy(endpoint->codecs);
 	}
-
-	/* XXX Will likely need to destroy a bunch
-	 * more other endpoint data too.
-	 */
+	ao2_cleanup(endpoint->sip_auths);
+}
+
+static int auth_cmp(void *obj, void *arg, int flags)
+{
+	struct ast_sip_auth *auth1 = obj;
+	const char *id2 = flags & OBJ_KEY ? arg : ast_sorcery_object_get_id(arg);
+
+	return strcasecmp(ast_sorcery_object_get_id(auth1), id2) ? 0 : CMP_MATCH;
 }
 
 void *ast_sip_endpoint_alloc(const char *name)
@@ -286,6 +319,11 @@
 		return NULL;
 	}
 	if (!(endpoint->codecs = ast_format_cap_alloc_nolock())) {
+		ao2_cleanup(endpoint);
+		return NULL;
+	}
+	if (!(endpoint->sip_auths = ao2_container_alloc_list(0,
+					AO2_CONTAINER_ALLOC_OPT_DUPS_REJECT, NULL, auth_cmp))) {
 		ao2_cleanup(endpoint);
 		return NULL;
 	}

Modified: team/mmichelson/authenticate/res/res_sip_authenticator.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/authenticate/res/res_sip_authenticator.c?view=diff&rev=380791&r1=380790&r2=380791
==============================================================================
--- team/mmichelson/authenticate/res/res_sip_authenticator.c (original)
+++ team/mmichelson/authenticate/res/res_sip_authenticator.c Fri Feb  1 17:58:26 2013
@@ -32,9 +32,6 @@
 
 static int default_requires_authentication(struct ast_sip_endpoint *endpoint, pjsip_rx_data *rdata)
 {
-	if (ast_strlen_zero(endpoint->secret)) {
-		return 0;
-	}
 	return 1;
 }
 
@@ -107,7 +104,7 @@
 	}
 	pj_strdup2(pool, &info->realm, default_realm);
 	pj_strdup2(pool, &info->username, default_username);
-	pj_strdup2(pool, &info->data, endpoint->secret);
+	pj_strdup2(pool, &info->data, default_password);
 	info->data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
 	return PJ_SUCCESS;
 }

More information about the svn-commits mailing list