[svn-commits] kharwell: branch kharwell/pimp_sip_security r390437 - in /team/kharwell/pimp_...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Tue Jun 4 17:24:17 CDT 2013
Author: kharwell
Date: Tue Jun 4 17:24:15 2013
New Revision: 390437
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=390437
Log:
made artificial endpoint always on, removed alwaysauthreject option
Modified:
team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
team/kharwell/pimp_sip_security/res/res_sip/config_security.c
team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c
Modified: team/kharwell/pimp_sip_security/include/asterisk/res_sip.h
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/include/asterisk/res_sip.h?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================
--- team/kharwell/pimp_sip_security/include/asterisk/res_sip.h (original)
+++ team/kharwell/pimp_sip_security/include/asterisk/res_sip.h Tue Jun 4 17:24:15 2013
@@ -444,10 +444,6 @@
SORCERY_OBJECT(details);
struct ast_acl_list *acl;
struct ast_acl_list *contact_acl;
-
- /*! If true always reject in a way so that the requester doesn't know if
- there was a matching peer */
- int alwaysauthreject;
};
/*!
Modified: team/kharwell/pimp_sip_security/res/res_sip/config_security.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/config_security.c?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/config_security.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/config_security.c Tue Jun 4 17:24:15 2013
@@ -84,8 +84,5 @@
ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0);
ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0);
ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactacl", "", acl_handler, NULL, 0, 0);
-
- ast_sorcery_object_field_register(sorcery, SIP_SORCERY_SECURITY_TYPE, "alwaysauthreject", "yes",
- OPT_BOOL_T, 1, FLDSET(struct ast_sip_security, alwaysauthreject));
return 0;
}
Modified: team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c
URL: http://svnview.digium.com/svn/asterisk/team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c?view=diff&rev=390437&r1=390436&r2=390437
==============================================================================
--- team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c (original)
+++ team/kharwell/pimp_sip_security/res/res_sip/sip_distributor.c Tue Jun 4 17:24:15 2013
@@ -127,68 +127,44 @@
static struct ast_sip_auth *artificial_auth = NULL;
-static void create_artificial_auth(void)
+static int create_artificial_auth(void)
{
if (!(artificial_auth = ast_sorcery_alloc(
ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, "artificial"))) {
ast_log(LOG_ERROR, "Unable to create artificial auth\n");
- return;
+ return -1;
}
ast_string_field_set(artificial_auth, realm, "asterisk");
ast_string_field_set(artificial_auth, auth_user, "");
ast_string_field_set(artificial_auth, auth_pass, "");
artificial_auth->type = AST_SIP_AUTH_TYPE_ARTIFICIAL;
+ return 0;
}
struct ast_sip_auth *ast_sip_get_artificial_auth(void)
{
- if (artificial_auth) {
- ao2_ref(artificial_auth, +1);
- }
-
+ ao2_ref(artificial_auth, +1);
return artificial_auth;
}
static struct ast_sip_endpoint *artificial_endpoint = NULL;
-static void create_artificial_endpoint(void)
+static int create_artificial_endpoint(void)
{
if (!(artificial_endpoint = ast_sorcery_alloc(
ast_sip_get_sorcery(), "endpoint", NULL))) {
- return;
+ return -1;
}
artificial_endpoint->num_inbound_auths = 1;
+ return 0;
}
struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void)
{
- if (artificial_endpoint) {
- ao2_ref(artificial_endpoint, +1);
- }
-
+ ao2_ref(artificial_endpoint, +1);
return artificial_endpoint;
-}
-
-static int find_always_auth_reject(void *obj, void *arg, int flags)
-{
- struct ast_sip_security *security = obj;
-
- return security->alwaysauthreject ? CMP_MATCH | CMP_STOP : 0;
-}
-
-static int always_auth_reject(void)
-{
- RAII_VAR(struct ao2_container *, securities, NULL, ao2_cleanup);
- RAII_VAR(struct ast_sip_security *, security, NULL, ao2_cleanup);
-
- securities = ast_sorcery_retrieve_by_fields(
- ast_sip_get_sorcery(), SIP_SORCERY_SECURITY_TYPE,
- AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
-
- return (security = ao2_callback(securities, 0,
- find_always_auth_reject, NULL)) != NULL;
}
static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
@@ -206,15 +182,12 @@
}
if (!endpoint && !is_ack) {
- if (always_auth_reject()) {
- endpoint = ast_sip_get_artificial_endpoint();
- }
-
- if (!endpoint) {
- pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(),
- rdata, 403, NULL, NULL, NULL);
- return PJ_TRUE;
- }
+ /* always use an artificial endpoint - per discussion no reason
+ to have "alwaysauthreject" as an option. It is felt using it
+ was a bug fix and it is not needed since we are not worried about
+ breaking old stuff and we really don't want to enable the discovery
+ of SIP accounts */
+ endpoint = ast_sip_get_artificial_endpoint();
}
rdata->endpt_info.mod_data[endpoint_mod.id] = endpoint;
return PJ_FALSE;
@@ -295,6 +268,10 @@
int ast_sip_initialize_distributor(void)
{
+ if (create_artificial_endpoint() || create_artificial_auth()) {
+ return -1;
+ }
+
if (ast_sip_register_service(&distributor_mod)) {
return -1;
}
@@ -305,18 +282,15 @@
return -1;
}
- create_artificial_endpoint();
- create_artificial_auth();
-
return 0;
}
void ast_sip_finalize_distributor(void)
{
- ao2_cleanup(artificial_auth);
- ao2_cleanup(artificial_endpoint);
-
ast_sip_unregister_service(&distributor_mod);
ast_sip_unregister_service(&endpoint_mod);
ast_sip_unregister_service(&auth_mod);
-}
+
+ ao2_cleanup(artificial_auth);
+ ao2_cleanup(artificial_endpoint);
+}
More information about the svn-commits
mailing list