[Asterisk-code-review] res pjsip: Add 'ip' as a valid option to 'identify by' on en... (asterisk[15])
Joshua Colp
asteriskteam at digium.com
Wed Oct 25 05:43:33 CDT 2017
Joshua Colp has uploaded this change for review. ( https://gerrit.asterisk.org/6906
Change subject: res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.
......................................................................
res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint.
When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.
ASTERISK-27206
Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
---
M CHANGES
A contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
M include/asterisk/res_pjsip.h
M res/res_pjsip.c
M res/res_pjsip/pjsip_configuration.c
M res/res_pjsip_endpoint_identifier_ip.c
6 files changed, 73 insertions(+), 3 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/06/6906/1
diff --git a/CHANGES b/CHANGES
index f126368..3a0962f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,16 @@
==============================================================================
------------------------------------------------------------------------------
+--- Functionality changes from Asterisk 15.1.0 to Asterisk 15.2.0 ------------
+------------------------------------------------------------------------------
+
+res_pjsip
+------------------
+ * The "identify_by" on endpoints can now be set to "ip" to restrict an endpoint
+ being matched based only on IP address. To ensure no behavior change the
+ default has been changed to "username,ip".
+
+------------------------------------------------------------------------------
--- Functionality changes from Asterisk 15.0.0 to Asterisk 15.1.0 ------------
------------------------------------------------------------------------------
diff --git a/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
new file mode 100644
index 0000000..d457c92
--- /dev/null
+++ b/contrib/ast-db-manage/config/versions/20abce6d1e3c_add_pjsip_identify_by_ip.py
@@ -0,0 +1,46 @@
+"""add pjsip identify by ip
+
+Revision ID: 20abce6d1e3c
+Revises: a1698e8bb9c5
+Create Date: 2017-10-24 15:44:06.404774
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '20abce6d1e3c'
+down_revision = 'a1698e8bb9c5'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def enum_update(table_name, column_name, enum_name, enum_values):
+ if op.get_context().bind.dialect.name != 'postgresql':
+ if op.get_context().bind.dialect.name == 'mssql':
+ op.drop_constraint('ck_ps_endpoints_identify_by_pjsip_identify_by_values', 'ps_endpoints')
+ op.alter_column(table_name, column_name,
+ type_=sa.Enum(*enum_values, name=enum_name))
+ return
+
+ # Postgres requires a few more steps
+ tmp = enum_name + '_tmp'
+
+ op.execute('ALTER TYPE ' + enum_name + ' RENAME TO ' + tmp)
+
+ updated = sa.Enum(*enum_values, name=enum_name)
+ updated.create(op.get_bind(), checkfirst=False)
+
+ op.execute('ALTER TABLE ' + table_name + ' ALTER COLUMN ' + column_name +
+ ' TYPE ' + enum_name + ' USING identify_by::text::' + enum_name)
+
+ op.execute('DROP TYPE ' + tmp)
+
+
+def upgrade():
+ enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',
+ ['username', 'auth_username', 'ip'])
+
+
+def downgrade():
+ enum_update('ps_endpoints', 'identify_by', 'pjsip_identify_by_values',
+ ['username', 'auth_username'])
diff --git a/include/asterisk/res_pjsip.h b/include/asterisk/res_pjsip.h
index b6403d6..1c71957 100644
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@@ -437,6 +437,8 @@
AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME = (1 << 0),
/*! Identify based on user name in Auth header first, then From header */
AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME = (1 << 1),
+ /*! Identify based on source IP address */
+ AST_SIP_ENDPOINT_IDENTIFY_BY_IP = (1 << 2),
};
AST_VECTOR(ast_sip_identify_by_vector, enum ast_sip_endpoint_identifier_type);
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index 11c0bf9..00fbb87 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -268,7 +268,7 @@
<configOption name="ice_support" default="no">
<synopsis>Enable the ICE mechanism to help traverse NAT</synopsis>
</configOption>
- <configOption name="identify_by" default="username,location">
+ <configOption name="identify_by" default="username,ip">
<synopsis>Way(s) for Endpoint to be identified</synopsis>
<description><para>
Endpoints and aors can be identified in multiple ways. Currently, the supported
diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c
index 653cb98..6db5b38 100644
--- a/res/res_pjsip/pjsip_configuration.c
+++ b/res/res_pjsip/pjsip_configuration.c
@@ -582,8 +582,10 @@
if (!strcasecmp(val, "username")) {
method = AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME;
- } else if (!strcasecmp(val, "auth_username")) {
+ } else if (!strcasecmp(val, "auth_username")) {
method = AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME;
+ } else if (!strcasecmp(val, "ip")) {
+ method = AST_SIP_ENDPOINT_IDENTIFY_BY_IP;
} else {
ast_log(LOG_ERROR, "Unrecognized identification method %s specified for endpoint %s\n",
val, ast_sorcery_object_get_id(endpoint));
@@ -627,6 +629,9 @@
break;
case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME :
method = "auth_username";
+ break;
+ case AST_SIP_ENDPOINT_IDENTIFY_BY_IP :
+ method = "ip";
break;
default:
continue;
@@ -1901,7 +1906,7 @@
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "aors", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, aors));
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "media_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.address));
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "bind_rtp_to_media_address", "no", OPT_BOOL_T, 1, STRFLDSET(struct ast_sip_endpoint, media.bind_rtp_to_media_address));
- ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username", ident_handler, ident_to_str, NULL, 0, 0);
+ ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username,ip", ident_handler, ident_to_str, NULL, 0, 0);
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "direct_media", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.direct_media.enabled));
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "direct_media_method", "invite", direct_media_method_handler, direct_media_method_to_str, NULL, 0, 0);
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "connected_line_method", "invite", connected_line_method_handler, connected_line_method_to_str, NULL, 0, 0);
diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c
index 30bfc26..8b92cef 100644
--- a/res/res_pjsip_endpoint_identifier_ip.c
+++ b/res/res_pjsip_endpoint_identifier_ip.c
@@ -227,7 +227,14 @@
}
endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", match->endpoint_name);
+
if (endpoint) {
+ if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_IP)) {
+ ast_debug(3, "Endpoint '%s' found for '%s' but 'ip' method not supported'\n", match->endpoint_name,
+ ast_sockaddr_stringify(&addr));
+ ao2_cleanup(endpoint);
+ return NULL;
+ }
ast_debug(3, "Retrieved endpoint %s\n", ast_sorcery_object_get_id(endpoint));
} else {
ast_log(LOG_WARNING, "Identify section '%s' points to endpoint '%s' but endpoint could not be looked up\n",
--
To view, visit https://gerrit.asterisk.org/6906
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd
Gerrit-Change-Number: 6906
Gerrit-PatchSet: 1
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171025/62ce9cc2/attachment.html>
More information about the asterisk-code-review
mailing list