[asterisk-scf-commits] asterisk-scf/integration/sip.git branch "auth-corrections" updated.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Mon Nov 21 15:03:58 CST 2011
branch "auth-corrections" has been updated
via e8f492df476df52ba8c37ad0be6647646c4f41b9 (commit)
via 6b8709327b6e2ba09b41863fa5e4de8b84666384 (commit)
from 6e2f71bbd46c8475a112b35dd37ba2527bfc7907 (commit)
Summary of changes:
src/AuthManager.cpp | 188 ++++++++++++++++++++++++++----------------
src/AuthManager.h | 71 ++++++++--------
src/PJSipRegistrarModule.cpp | 65 +++-----------
src/PJSipSessionModule.cpp | 62 +++-----------
4 files changed, 180 insertions(+), 206 deletions(-)
- Log -----------------------------------------------------------------
commit e8f492df476df52ba8c37ad0be6647646c4f41b9
Author: Mark Michelson <mmichelson at digium.com>
Date: Mon Nov 21 15:01:30 2011 -0600
* Change some names to be more accurate
* Remove some inaccurate comments
* Add a checkAuth() method to AuthManager to decrease duplication
* Add more conditions before calling handleNonInviteAuthentication()
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index 34346b1..d5e75f9 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -349,7 +349,7 @@ public:
return realms;
}
- std::vector<boost::shared_ptr<ServerAuthInstance> > mServerAuthInstances;
+ std::vector<ServerAuthInstancePtr> mServerAuthInstances;
pjsip_endpoint *mEndpoint;
moduleHookVector mRegisteredHooks;
Logger mLogger;
@@ -365,28 +365,77 @@ AuthManager::~AuthManager()
{
}
-boost::shared_ptr<ServerAuthInstance> AuthManager::createServerAuthInstance(pjsip_rx_data *rdata, RequestType type)
+ServerAuthInstancePtr AuthManager::createServerAuthInstance(pjsip_rx_data *rdata, RequestType type)
{
- boost::shared_ptr<ServerAuthInstance> instance;
+ ServerAuthInstancePtr instance;
{
boost::lock_guard<boost::mutex> hookLock(mImpl->mHooksLock);
- instance.reset(new ServerAuthInstance(rdata, mImpl->mRegisteredHooks,
- type, mImpl->mEndpoint, mImpl->mLogger));
+ instance = new ServerAuthInstance(rdata, mImpl->mRegisteredHooks,
+ type, mImpl->mEndpoint, mImpl->mLogger);
}
boost::lock_guard<boost::mutex> instancesLock(mImpl->mServerAuthInstancesLock);
mImpl->mServerAuthInstances.push_back(instance);
return instance;
}
+ServerAuthInstancePtr AuthManager::checkAuth(pjsip_rx_data *rdata, RequestInfoPtr& info, RequestType type, DigestChallengeSeq& digests)
+{
+ //First, let's see if this message has some auth that we know about.
+ if (authenticateRequest(rdata) == true)
+ {
+ //Oh yeah! Authentication succeeded!
+ return 0;
+ }
+
+ ServerAuthInstancePtr authInstance(createServerAuthInstance(rdata, type));
+
+ AuthHookSeq hooks = authInstance->getHooks();
+ if (hooks.empty())
+ {
+ return 0;
+ }
+
+ authInstance->fillInRequestInfo(rdata, info);
+
+ //We have our RequestInfo created. Now start calling out to any registered hooks
+ //
+ //XXX While this seems like something that could be taken care of in either the
+ //ServerAuthInstance or AuthManager class, there are some specific issues with this.
+ //For instance, in this case, we create the outgoing message using the inv_session,
+ //whereas other PJSIP modules will either access the base dialog directly
+ //or have a different layer of indirection instead of the inv_session.
+ for (AuthHookSeq::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
+ {
+ HookResult result;
+ result = (*iter)->challengeRequest(info, digests);
+ if (result.status == Failed)
+ {
+ mImpl->mLogger(Error) << "SIP Authentication hook reported a failure: " << result.info;
+ }
+ else if (result.status == Succeeded)
+ {
+ if (digests.empty())
+ {
+ //Hook says not to challenge. This ServerAuthInstance
+ //is deader than dead.
+ destroyServerAuthInstance(authInstance);
+ return 0;
+ }
+ return authInstance;
+ }
+ }
+ return 0;
+}
+
bool AuthManager::authenticateRequest(pjsip_rx_data *rdata)
{
const std::string fromTag(pj_strbuf(&rdata->msg_info.from->tag),
pj_strlen(&rdata->msg_info.from->tag));
const std::string callId(pj_strbuf(&rdata->msg_info.cid->id),
pj_strlen(&rdata->msg_info.cid->id));
- boost::shared_ptr<ServerAuthInstance> instance;
+ ServerAuthInstancePtr instance;
boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
- for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
+ for (std::vector<ServerAuthInstancePtr >::iterator iter = mImpl->mServerAuthInstances.begin();
iter != mImpl->mServerAuthInstances.end(); ++iter)
{
if ((*iter)->isEqual(fromTag, callId))
@@ -405,13 +454,13 @@ bool AuthManager::authenticateRequest(pjsip_rx_data *rdata)
return false;
}
-void AuthManager::destroyServerAuthInstance(const boost::shared_ptr<ServerAuthInstance> &instance)
+void AuthManager::destroyServerAuthInstance(const ServerAuthInstancePtr &instance)
{
boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
- for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
- iter != mImpl->mServerAuthInstances.end(); ++ iter)
+ for (std::vector<ServerAuthInstancePtr>::iterator iter = mImpl->mServerAuthInstances.begin();
+ iter != mImpl->mServerAuthInstances.end(); ++iter)
{
- if (*iter == instance)
+ if ((*iter).get() == instance.get())
{
mImpl->mServerAuthInstances.erase(iter);
break;
@@ -422,7 +471,7 @@ void AuthManager::destroyServerAuthInstance(const boost::shared_ptr<ServerAuthIn
void AuthManager::destroyServerAuthInstance(const ServerAuthInstance* instance)
{
boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
- for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
+ for (std::vector<ServerAuthInstancePtr>::iterator iter = mImpl->mServerAuthInstances.begin();
iter != mImpl->mServerAuthInstances.end(); ++ iter)
{
if ((*iter).get() == instance)
@@ -461,7 +510,7 @@ void AuthManager::getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cre
}
}
-void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<ServerAuthInstance> &instance, pj_timer_heap_callback *cb)
+void AuthManager::scheduleAuthTimeout(const ServerAuthInstancePtr &instance, pj_timer_heap_callback *cb)
{
instance->scheduleAuthTimeout(mImpl->mCounter++, cb);
}
diff --git a/src/AuthManager.h b/src/AuthManager.h
index 7dea61b..d9bdb23 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -43,7 +43,7 @@ class ServerAuthInstancePriv;
* as the authentication server to authenticate a
* SIP requester.
*/
-class ServerAuthInstance
+class ServerAuthInstance : public IceUtil::Shared
{
public:
@@ -107,6 +107,8 @@ private:
boost::shared_ptr<ServerAuthInstancePriv> mImpl;
};
+typedef IceUtil::Handle<ServerAuthInstance> ServerAuthInstancePtr;
+
class AuthManagerPriv;
/**
@@ -136,7 +138,11 @@ public:
* so that the AuthManager will have a reference to the ServerAuthInstance
* for later.
*/
- boost::shared_ptr<ServerAuthInstance> createServerAuthInstance(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ ServerAuthInstancePtr createServerAuthInstance(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
+ ServerAuthInstancePtr checkAuth(pjsip_rx_data *rdata,
+ AsteriskSCF::SIP::ExtensionPoint::V1::RequestInfoPtr& info,
+ AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type,
+ AsteriskSCF::SIP::ExtensionPoint::V1::DigestChallengeSeq& digests);
/**
* Call out to registered hooks to get credentials.
*
@@ -151,7 +157,7 @@ public:
* the requester does not attempt to authenticate or never succeeds
* in authenticating, the ServerAuthInstance will eventually be destroyed.
*/
- void scheduleAuthTimeout(const boost::shared_ptr<ServerAuthInstance> &instance, pj_timer_heap_callback *cb);
+ void scheduleAuthTimeout(const ServerAuthInstancePtr &instance, pj_timer_heap_callback *cb);
/**
* Destroy an ServerAuthInstance
*
@@ -159,7 +165,7 @@ public:
* but a failure condition occurs before a challenge can be sent to the
* requesting UA.
*/
- void destroyServerAuthInstance(const boost::shared_ptr<ServerAuthInstance> &instance);
+ void destroyServerAuthInstance(const ServerAuthInstancePtr &instance);
/**
* Destroy an ServerAuthInstance
*/
diff --git a/src/PJSipRegistrarModule.cpp b/src/PJSipRegistrarModule.cpp
index 101fbdf..f25624e 100644
--- a/src/PJSipRegistrarModule.cpp
+++ b/src/PJSipRegistrarModule.cpp
@@ -705,62 +705,25 @@ private:
bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *tsx, RequestType type)
{
- //First, let's see if this message has some auth that we know about.
- if (mAuthManager->authenticateRequest(rdata) == true)
- {
- //Oh yeah! Authentication succeeded!
- return false;
- }
+ DigestChallengeSeq digests;
+ RequestInfoPtr info(new RegisterRequestInfo);
+ ServerAuthInstancePtr authInstance =
+ mAuthManager->checkAuth(rdata, info, type, digests);
- boost::shared_ptr<ServerAuthInstance> authInstance(mAuthManager->createServerAuthInstance(rdata, type));
-
- std::vector<AuthHookPrx> hooks = authInstance->getHooks();
- if (hooks.empty())
+ if (!authInstance)
{
return false;
}
- RequestInfoPtr info(new RegisterRequestInfo);
- authInstance->fillInRequestInfo(rdata, info);
-
- //We have our RequestInfo created. Now start calling out to any registered hooks
- //
- //XXX While this seems like something that could be taken care of in either the
- //ServerAuthInstance or AuthManager class, there are some specific issues with this.
- //For instance, in this case, we create the outgoing message using the inv_session,
- //whereas other PJSIP modules will either access the base dialog directly
- //or have a different layer of indirection instead of the inv_session.
- for (std::vector<AuthHookPrx>::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
- {
- DigestChallengeSeq digests;
- HookResult result;
- result = (*iter)->challengeRequest(info, digests);
- if (result.status == Failed)
- {
- lg(Error) << "SIP Authentication hook reported a failure: " << result.info;
- }
- else if (result.status == Succeeded)
- {
- if (digests.empty())
- {
- //Hook says not to challenge. This ServerAuthInstance
- //is deader than dead.
- mAuthManager->destroyServerAuthInstance(authInstance);
- return false;
- }
-
- pjsip_tx_data *tdata;
- pjsip_endpt_create_response(tsx->endpt, rdata, 401, NULL, &tdata);
-
- authInstance->addDigests(tdata, digests);
-
- pjsip_tsx_send_msg(tsx, tdata);
-
- mAuthManager->scheduleAuthTimeout(authInstance, registrarAuthTimeout);
- return true;
- }
- }
- return false;
+ pjsip_tx_data *tdata;
+ pjsip_endpt_create_response(tsx->endpt, rdata, 401, NULL, &tdata);
+
+ authInstance->addDigests(tdata, digests);
+
+ pjsip_tsx_send_msg(tsx, tdata);
+
+ mAuthManager->scheduleAuthTimeout(authInstance, registrarAuthTimeout);
+ return true;
}
void PJSipRegistrarModule::authTimeout(pj_timer_heap_t *timer_heap, pj_timer_entry *entry)
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 9e960d8..5d1d207 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -338,61 +338,24 @@ pj_status_t PJSipSessionModule::unload()
bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv, RequestInfoPtr& info, RequestType type)
{
- //First, let's see if this message has some auth that we know about.
- if (mAuthManager->authenticateRequest(rdata) == true)
- {
- //Oh yeah! Authentication succeeded!
- return false;
- }
+ DigestChallengeSeq digests;
+ ServerAuthInstancePtr authInstance =
+ mAuthManager->checkAuth(rdata, info, type, digests);
- boost::shared_ptr<ServerAuthInstance> authInstance(mAuthManager->createServerAuthInstance(rdata, type));
-
- AuthHookSeq hooks = authInstance->getHooks();
- if (hooks.empty())
+ if (!authInstance)
{
return false;
}
- authInstance->fillInRequestInfo(rdata, info);
-
- //We have our RequestInfo created. Now start calling out to any registered hooks
- //
- //XXX While this seems like something that could be taken care of in either the
- //ServerAuthInstance or AuthManager class, there are some specific issues with this.
- //For instance, in this case, we create the outgoing message using the inv_session,
- //whereas other PJSIP modules will either access the base dialog directly
- //or have a different layer of indirection instead of the inv_session.
- for (AuthHookSeq::iterator iter = hooks.begin(); iter != hooks.end(); ++iter)
- {
- DigestChallengeSeq digests;
- HookResult result;
- result = (*iter)->challengeRequest(info, digests);
- if (result.status == Failed)
- {
- lg(Error) << "SIP Authentication hook reported a failure: " << result.info;
- }
- else if (result.status == Succeeded)
- {
- if (digests.empty())
- {
- //Hook says not to challenge. This ServerAuthInstance
- //is deader than dead.
- mAuthManager->destroyServerAuthInstance(authInstance);
- return false;
- }
-
- pjsip_tx_data *tdata;
- pjsip_inv_end_session(inv, 401, NULL, &tdata);
+ pjsip_tx_data *tdata;
+ pjsip_inv_end_session(inv, 401, NULL, &tdata);
- authInstance->addDigests(tdata, digests);
+ authInstance->addDigests(tdata, digests);
- pjsip_inv_send_msg(inv, tdata);
+ pjsip_inv_send_msg(inv, tdata);
- mAuthManager->scheduleAuthTimeout(authInstance, sessionAuthTimeout);
- return true;
- }
- }
- return false;
+ mAuthManager->scheduleAuthTimeout(authInstance, sessionAuthTimeout);
+ return true;
}
class SessionCreationOperation : public SipQueueableOperation
@@ -1489,7 +1452,10 @@ void PJSipSessionModule::handleNonInviteAuthentication(pjsip_inv_session* inv,
void PJSipSessionModule::invOnTsxStateChanged(pjsip_inv_session *inv, pjsip_transaction *tsx, pjsip_event *e)
{
- if (tsx->role == PJSIP_ROLE_UAC && tsx->state == PJSIP_TSX_STATE_COMPLETED)
+ if (e->type == PJSIP_EVENT_RX_MSG &&
+ tsx->role == PJSIP_ROLE_UAC &&
+ tsx->state == PJSIP_TSX_STATE_COMPLETED &&
+ tsx->method.id != PJSIP_INVITE_METHOD)
{
int respCode = e->body.tsx_state.src.rdata->msg_info.msg->line.status.code;
if (respCode == 401 || respCode == 407)
commit 6b8709327b6e2ba09b41863fa5e4de8b84666384
Author: Mark Michelson <mmichelson at digium.com>
Date: Thu Nov 17 13:54:32 2011 -0600
Some further cleanup to Auth code.
diff --git a/src/AuthManager.cpp b/src/AuthManager.cpp
index ec4dd50..34346b1 100644
--- a/src/AuthManager.cpp
+++ b/src/AuthManager.cpp
@@ -28,14 +28,14 @@ namespace AsteriskSCF
namespace SipSessionManager
{
-class AuthHookData
+class AuthHookWrapper
{
public:
- AuthHookData(int priority, const AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx &hook,
+ AuthHookWrapper(int priority, const AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx &hook,
const AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq &types)
: mPriority(priority), mHook(hook), mTypes(types) { }
- bool operator< (const AuthHookData &rhs) const
+ bool operator< (const AuthHookWrapper &rhs) const
{
return mPriority < rhs.mPriority;
}
@@ -45,10 +45,10 @@ public:
AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq mTypes;
};
-class AuthInstancePriv
+class ServerAuthInstancePriv
{
public:
- AuthInstancePriv(pjsip_rx_data *rdata, const moduleHookVector &moduleHooks,
+ ServerAuthInstancePriv(pjsip_rx_data *rdata, const moduleHookVector &moduleHooks,
RequestType type, pjsip_endpoint *endpoint, const Logger &logger)
: mEndpoint(endpoint),
mPool(pjsip_endpt_create_pool(mEndpoint, "auth%p", 500, 256)),
@@ -75,7 +75,7 @@ public:
}
}
- ~AuthInstancePriv()
+ ~ServerAuthInstancePriv()
{
pjsip_endpt_release_pool(mEndpoint, mPool);
}
@@ -134,16 +134,16 @@ public:
std::string callId;
};
-AuthInstance::AuthInstance(pjsip_rx_data *rdata, const moduleHookVector &hooks,
+ServerAuthInstance::ServerAuthInstance(pjsip_rx_data *rdata, const moduleHookVector &hooks,
RequestType type, pjsip_endpoint *endpoint, const Logger &logger)
- : mImpl(new AuthInstancePriv(rdata, hooks, type, endpoint, logger)) { }
+ : mImpl(new ServerAuthInstancePriv(rdata, hooks, type, endpoint, logger)) { }
-AuthHookSeq AuthInstance::getHooks()
+AuthHookSeq ServerAuthInstance::getHooks()
{
return mImpl->hooks;
}
-bool AuthInstance::authenticate(pjsip_rx_data *rdata)
+bool ServerAuthInstance::authenticate(pjsip_rx_data *rdata)
{
//For each server auth, we need to call pjsip_auth_srv_verify(), which will then
//annoyingly call into the lookup function we created for pjsip. That's where the
@@ -171,14 +171,14 @@ bool AuthInstance::authenticate(pjsip_rx_data *rdata)
static const int AuthTimeoutSeconds = 60;
-void AuthInstance::scheduleAuthTimeout(int id, pj_timer_heap_callback *cb)
+void ServerAuthInstance::scheduleAuthTimeout(int id, pj_timer_heap_callback *cb)
{
const pj_time_val time = {AuthTimeoutSeconds, 0};
pj_timer_entry_init(&mImpl->entry, id, this, cb);
pjsip_endpt_schedule_timer(mImpl->mEndpoint, &mImpl->entry, &time);
}
-void AuthInstance::addDigests(pjsip_tx_data *tdata, const DigestChallengeSeq &digests)
+void ServerAuthInstance::addDigests(pjsip_tx_data *tdata, const DigestChallengeSeq &digests)
{
static char qop[] = "auth";
pj_str_t pjqop = pj_str(qop);
@@ -230,7 +230,7 @@ void AuthInstance::addDigests(pjsip_tx_data *tdata, const DigestChallengeSeq &di
}
}
-void AuthInstance::fillInRequestInfo(pjsip_rx_data *rdata, RequestInfoPtr &info)
+void ServerAuthInstance::fillInRequestInfo(pjsip_rx_data *rdata, RequestInfoPtr &info)
{
char buf[512];
size_t pos;
@@ -303,12 +303,12 @@ void AuthInstance::fillInRequestInfo(pjsip_rx_data *rdata, RequestInfoPtr &info)
}
}
-bool AuthInstance::isEqual(const std::string &fromTag, const std::string &callId)
+bool ServerAuthInstance::isEqual(const std::string &fromTag, const std::string &callId)
{
return fromTag == mImpl->fromTag && callId == mImpl->callId;
}
-void AuthInstance::cancelAuthTimeout()
+void ServerAuthInstance::cancelAuthTimeout()
{
pjsip_endpt_cancel_timer(mImpl->mEndpoint, &mImpl->entry);
}
@@ -322,16 +322,40 @@ public:
~AuthManagerPriv()
{
- mAuthInstances.erase(mAuthInstances.begin(), mAuthInstances.end());
+ mServerAuthInstances.erase(mServerAuthInstances.begin(), mServerAuthInstances.end());
}
- std::vector<boost::shared_ptr<AuthInstance> > mAuthInstances;
+ Ice::StringSeq getRealms(pjsip_rx_data *rdata)
+ {
+ Ice::StringSeq realms;
+
+ pjsip_proxy_authenticate_hdr *authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
+
+ while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_WWW_AUTHENTICATE, authHeader->next)))
+ {
+ std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
+ mLogger(Debug) << "Found the realm " << realm;
+ realms.push_back(realm);
+ }
+
+ authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
+
+ while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_PROXY_AUTHENTICATE, authHeader->next)))
+ {
+ std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
+ realms.push_back(realm);
+ }
+
+ return realms;
+ }
+
+ std::vector<boost::shared_ptr<ServerAuthInstance> > mServerAuthInstances;
pjsip_endpoint *mEndpoint;
moduleHookVector mRegisteredHooks;
Logger mLogger;
int mCounter;
boost::mutex mHooksLock;
- boost::mutex mAuthInstancesLock;
+ boost::mutex mServerAuthInstancesLock;
};
AuthManager::AuthManager(pjsip_endpoint *endpt, const Logger &logger)
@@ -341,16 +365,16 @@ AuthManager::~AuthManager()
{
}
-boost::shared_ptr<AuthInstance> AuthManager::createAuthInstance(pjsip_rx_data *rdata, RequestType type)
+boost::shared_ptr<ServerAuthInstance> AuthManager::createServerAuthInstance(pjsip_rx_data *rdata, RequestType type)
{
- boost::shared_ptr<AuthInstance> instance;
+ boost::shared_ptr<ServerAuthInstance> instance;
{
boost::lock_guard<boost::mutex> hookLock(mImpl->mHooksLock);
- instance.reset(new AuthInstance(rdata, mImpl->mRegisteredHooks,
+ instance.reset(new ServerAuthInstance(rdata, mImpl->mRegisteredHooks,
type, mImpl->mEndpoint, mImpl->mLogger));
}
- boost::lock_guard<boost::mutex> instancesLock(mImpl->mAuthInstancesLock);
- mImpl->mAuthInstances.push_back(instance);
+ boost::lock_guard<boost::mutex> instancesLock(mImpl->mServerAuthInstancesLock);
+ mImpl->mServerAuthInstances.push_back(instance);
return instance;
}
@@ -360,19 +384,19 @@ bool AuthManager::authenticateRequest(pjsip_rx_data *rdata)
pj_strlen(&rdata->msg_info.from->tag));
const std::string callId(pj_strbuf(&rdata->msg_info.cid->id),
pj_strlen(&rdata->msg_info.cid->id));
- boost::shared_ptr<AuthInstance> instance;
- boost::lock_guard<boost::mutex> lock(mImpl->mAuthInstancesLock);
- for (std::vector<boost::shared_ptr<AuthInstance> >::iterator iter = mImpl->mAuthInstances.begin();
- iter != mImpl->mAuthInstances.end(); ++iter)
+ boost::shared_ptr<ServerAuthInstance> instance;
+ boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
+ for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
+ iter != mImpl->mServerAuthInstances.end(); ++iter)
{
if ((*iter)->isEqual(fromTag, callId))
{
if ((*iter)->authenticate(rdata))
{
- //If authentication has succeeded, then we can remove this AuthInstance
+ //If authentication has succeeded, then we can remove this ServerAuthInstance
//from our list, and we need to cancel the scheduled task
(*iter)->cancelAuthTimeout();
- mImpl->mAuthInstances.erase(iter);
+ mImpl->mServerAuthInstances.erase(iter);
return true;
}
break;
@@ -381,58 +405,34 @@ bool AuthManager::authenticateRequest(pjsip_rx_data *rdata)
return false;
}
-void AuthManager::destroyAuthInstance(const boost::shared_ptr<AuthInstance> &instance)
+void AuthManager::destroyServerAuthInstance(const boost::shared_ptr<ServerAuthInstance> &instance)
{
- boost::lock_guard<boost::mutex> lock(mImpl->mAuthInstancesLock);
- for (std::vector<boost::shared_ptr<AuthInstance> >::iterator iter = mImpl->mAuthInstances.begin();
- iter != mImpl->mAuthInstances.end(); ++ iter)
+ boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
+ for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
+ iter != mImpl->mServerAuthInstances.end(); ++ iter)
{
if (*iter == instance)
{
- mImpl->mAuthInstances.erase(iter);
+ mImpl->mServerAuthInstances.erase(iter);
break;
}
}
}
-void AuthManager::destroyAuthInstance(const AuthInstance* instance)
+void AuthManager::destroyServerAuthInstance(const ServerAuthInstance* instance)
{
- boost::lock_guard<boost::mutex> lock(mImpl->mAuthInstancesLock);
- for (std::vector<boost::shared_ptr<AuthInstance> >::iterator iter = mImpl->mAuthInstances.begin();
- iter != mImpl->mAuthInstances.end(); ++ iter)
+ boost::lock_guard<boost::mutex> lock(mImpl->mServerAuthInstancesLock);
+ for (std::vector<boost::shared_ptr<ServerAuthInstance> >::iterator iter = mImpl->mServerAuthInstances.begin();
+ iter != mImpl->mServerAuthInstances.end(); ++ iter)
{
if ((*iter).get() == instance)
{
- mImpl->mAuthInstances.erase(iter);
+ mImpl->mServerAuthInstances.erase(iter);
break;
}
}
}
-Ice::StringSeq AuthManager::getRealms(pjsip_rx_data *rdata)
-{
- Ice::StringSeq realms;
-
- pjsip_proxy_authenticate_hdr *authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
-
- while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_WWW_AUTHENTICATE, authHeader->next)))
- {
- std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
- mImpl->mLogger(Debug) << "Found the realm " << realm;
- realms.push_back(realm);
- }
-
- authHeader = (pjsip_proxy_authenticate_hdr*) &rdata->msg_info.msg->hdr;
-
- while ((authHeader = (pjsip_proxy_authenticate_hdr*) pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_PROXY_AUTHENTICATE, authHeader->next)))
- {
- std::string realm(pj_strbuf(&authHeader->challenge.digest.realm), pj_strlen(&authHeader->challenge.digest.realm));
- realms.push_back(realm);
- }
-
- return realms;
-}
-
void AuthManager::getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cred_info>& creds, const std::string& endpointName)
{
AuthHookSeq hooks = getHooks();
@@ -440,12 +440,11 @@ void AuthManager::getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cre
iter != hooks.end(); ++iter)
{
ClientAuthSeq auths;
- Ice::StringSeq realms = getRealms(rdata);
+ Ice::StringSeq realms = mImpl->getRealms(rdata);
HookResult result = (*iter)->respondToChallenge(endpointName, realms, auths);
if (result.status == Succeeded)
{
- //Cool. So now we need to update the auth info on mReg
for (ClientAuthSeq::iterator authIter = auths.begin();
authIter != auths.end(); ++authIter)
{
@@ -462,20 +461,20 @@ void AuthManager::getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cre
}
}
-void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb)
+void AuthManager::scheduleAuthTimeout(const boost::shared_ptr<ServerAuthInstance> &instance, pj_timer_heap_callback *cb)
{
instance->scheduleAuthTimeout(mImpl->mCounter++, cb);
}
void AuthManager::authTimeout(pj_timer_heap_t *, pj_timer_entry *entry)
{
- destroyAuthInstance(static_cast<AuthInstance *>(entry->user_data));
+ destroyServerAuthInstance(static_cast<ServerAuthInstance *>(entry->user_data));
}
void AuthManager::addAuthHook(const AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookPrx &hook,
int priority, const AsteriskSCF::SIP::ExtensionPoint::V1::RequestTypeSeq &types)
{
- boost::shared_ptr<AuthHookData> hookData(new AuthHookData(priority, hook, types));
+ boost::shared_ptr<AuthHookWrapper> hookData(new AuthHookWrapper(priority, hook, types));
boost::lock_guard<boost::mutex> lock(mImpl->mHooksLock);
mImpl->mRegisteredHooks.push_back(hookData);
std::stable_sort(mImpl->mRegisteredHooks.begin(), mImpl->mRegisteredHooks.end());
diff --git a/src/AuthManager.h b/src/AuthManager.h
index 37d4341..7dea61b 100644
--- a/src/AuthManager.h
+++ b/src/AuthManager.h
@@ -30,25 +30,25 @@ namespace AsteriskSCF
namespace SipSessionManager
{
-class AuthHookData;
+class AuthHookWrapper;
-typedef std::vector<boost::shared_ptr<AuthHookData> > moduleHookVector;
+typedef std::vector<boost::shared_ptr<AuthHookWrapper> > moduleHookVector;
void sessionAuthTimeout(pj_timer_heap_t *timer_heap, pj_timer_entry *entry);
-class AuthInstancePriv;
+class ServerAuthInstancePriv;
/**
- * An AuthInstance represents a single attempt of us
+ * An ServerAuthInstance represents a single attempt of us
* as the authentication server to authenticate a
* SIP requester.
*/
-class AuthInstance
+class ServerAuthInstance
{
public:
/**
- * The AuthInstance is able to distill all of the registered hooks
+ * The ServerAuthInstance is able to distill all of the registered hooks
* down to a smaller list based on the request types that the hooks
* service. This is a helper function to get the distilled
* list of hooks.
@@ -71,26 +71,26 @@ public:
* Attempt to authenticate an incoming request.
*
* It's most convenient to just call AuthManager::authenticate() so
- * that the proper AuthInstance may be found for you.
+ * that the proper ServerAuthInstance may be found for you.
*/
bool authenticate(pjsip_rx_data *rdata);
/**
- * Schedule the destruction of this AuthInstance.
+ * Schedule the destruction of this ServerAuthInstance.
*
* This will generally be called via AuthManager::scheduleAuthTimeout
* so that the id parameter can be guaranteed to be unique per
- * AuthInstance.
+ * ServerAuthInstance.
*/
void scheduleAuthTimeout(int id, pj_timer_heap_callback *cb);
/**
- * Cancel the current scheduled auth timeout task on the AuthInstance.
+ * Cancel the current scheduled auth timeout task on the ServerAuthInstance.
*/
void cancelAuthTimeout();
/**
- * Determine if this AuthInstance matches a message with the given
+ * Determine if this ServerAuthInstance matches a message with the given
* from tag and call-id.
*/
bool isEqual(const std::string &fromTag, const std::string &callId);
@@ -98,19 +98,19 @@ public:
friend class AuthManager;
private:
- AuthInstance(pjsip_rx_data *rdata,
+ ServerAuthInstance(pjsip_rx_data *rdata,
const moduleHookVector &hooks,
AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type,
pjsip_endpoint *endpoint,
const AsteriskSCF::System::Logging::Logger &logger);
- boost::shared_ptr<AuthInstancePriv> mImpl;
+ boost::shared_ptr<ServerAuthInstancePriv> mImpl;
};
class AuthManagerPriv;
/**
- * The AuthManager contains all AuthInstances
+ * The AuthManager contains all ServerAuthInstances
* for a given PJSIP module. It also contains
* all of a PJSIP module's registered authentication
* hooks.
@@ -123,27 +123,20 @@ public:
/**
* Attempt to authenticate a request
*
- * This will search through the AuthManager's AuthInstances to
+ * This will search through the AuthManager's ServerAuthInstances to
* attempt to authenticate the request.
- * XXX Note that since the current task at hand is just to set
- * up the extension point for authentication and not to actually
- * authenticate, this doesn't actually do anything useful.
*/
bool authenticateRequest(pjsip_rx_data *rdata);
/**
- * Create a new AuthInstance
+ * Create a new ServerAuthInstance
*
* If a PJSIP module wants to challenge a requester, then
- * it must create an AuthInstance in order to do so. Do not
- * construct AuthInstances directly, but rather use this function
- * so that the AuthManager will have a reference to the AuthInstance
+ * it must create an ServerAuthInstance in order to do so. Do not
+ * construct ServerAuthInstances directly, but rather use this function
+ * so that the AuthManager will have a reference to the ServerAuthInstance
* for later.
*/
- boost::shared_ptr<AuthInstance> createAuthInstance(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
- /**
- * Get the realms from an authentication challenge
- */
- Ice::StringSeq getRealms(pjsip_rx_data *rdata);
+ boost::shared_ptr<ServerAuthInstance> createServerAuthInstance(pjsip_rx_data *rdata, AsteriskSCF::SIP::ExtensionPoint::V1::RequestType type);
/**
* Call out to registered hooks to get credentials.
*
@@ -151,26 +144,26 @@ public:
*/
void getAuthCredentials(pjsip_rx_data *rdata, std::vector<pjsip_cred_info>& creds, const std::string& endpointName);
/**
- * Schedule the destruction of an AuthInstance
+ * Schedule the destruction of an ServerAuthInstance
*
* After challenging a requester for authentication information,
* a PJSIP module should call this method. This will ensure that if
* the requester does not attempt to authenticate or never succeeds
- * in authenticating, the AuthInstance will eventually be destroyed.
+ * in authenticating, the ServerAuthInstance will eventually be destroyed.
*/
- void scheduleAuthTimeout(const boost::shared_ptr<AuthInstance> &instance, pj_timer_heap_callback *cb);
+ void scheduleAuthTimeout(const boost::shared_ptr<ServerAuthInstance> &instance, pj_timer_heap_callback *cb);
/**
- * Destroy an AuthInstance
+ * Destroy an ServerAuthInstance
*
- * This method is handy for destroying an AuthInstance if one has been created,
+ * This method is handy for destroying an ServerAuthInstance if one has been created,
* but a failure condition occurs before a challenge can be sent to the
* requesting UA.
*/
- void destroyAuthInstance(const boost::shared_ptr<AuthInstance> &instance);
+ void destroyServerAuthInstance(const boost::shared_ptr<ServerAuthInstance> &instance);
/**
- * Destroy an AuthInstance
+ * Destroy an ServerAuthInstance
*/
- void destroyAuthInstance(const AuthInstance* instance);
+ void destroyServerAuthInstance(const ServerAuthInstance* instance);
/**
* This is the callback that scheduleAuthDestruction sets up.
*
@@ -189,12 +182,10 @@ public:
* Remove all registered authentication hooks from the AuthManager
*/
void clearAuthHooks();
-
/**
* Get all registered hooks
*/
AsteriskSCF::SIP::ExtensionPoint::V1::AuthHookSeq getHooks();
-
private:
boost::shared_ptr<AuthManagerPriv> mImpl;
};
diff --git a/src/PJSipRegistrarModule.cpp b/src/PJSipRegistrarModule.cpp
index b7193c6..101fbdf 100644
--- a/src/PJSipRegistrarModule.cpp
+++ b/src/PJSipRegistrarModule.cpp
@@ -712,7 +712,7 @@ bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *ts
return false;
}
- boost::shared_ptr<AuthInstance> authInstance(mAuthManager->createAuthInstance(rdata, type));
+ boost::shared_ptr<ServerAuthInstance> authInstance(mAuthManager->createServerAuthInstance(rdata, type));
std::vector<AuthHookPrx> hooks = authInstance->getHooks();
if (hooks.empty())
@@ -726,7 +726,7 @@ bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *ts
//We have our RequestInfo created. Now start calling out to any registered hooks
//
//XXX While this seems like something that could be taken care of in either the
- //AuthInstance or AuthManager class, there are some specific issues with this.
+ //ServerAuthInstance or AuthManager class, there are some specific issues with this.
//For instance, in this case, we create the outgoing message using the inv_session,
//whereas other PJSIP modules will either access the base dialog directly
//or have a different layer of indirection instead of the inv_session.
@@ -743,9 +743,9 @@ bool PJSipRegistrarModule::checkAuth(pjsip_rx_data *rdata, pjsip_transaction *ts
{
if (digests.empty())
{
- //Hook says not to challenge. This AuthInstance
+ //Hook says not to challenge. This ServerAuthInstance
//is deader than dead.
- mAuthManager->destroyAuthInstance(authInstance);
+ mAuthManager->destroyServerAuthInstance(authInstance);
return false;
}
diff --git a/src/PJSipSessionModule.cpp b/src/PJSipSessionModule.cpp
index 1d81826..9e960d8 100644
--- a/src/PJSipSessionModule.cpp
+++ b/src/PJSipSessionModule.cpp
@@ -345,7 +345,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
return false;
}
- boost::shared_ptr<AuthInstance> authInstance(mAuthManager->createAuthInstance(rdata, type));
+ boost::shared_ptr<ServerAuthInstance> authInstance(mAuthManager->createServerAuthInstance(rdata, type));
AuthHookSeq hooks = authInstance->getHooks();
if (hooks.empty())
@@ -358,7 +358,7 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
//We have our RequestInfo created. Now start calling out to any registered hooks
//
//XXX While this seems like something that could be taken care of in either the
- //AuthInstance or AuthManager class, there are some specific issues with this.
+ //ServerAuthInstance or AuthManager class, there are some specific issues with this.
//For instance, in this case, we create the outgoing message using the inv_session,
//whereas other PJSIP modules will either access the base dialog directly
//or have a different layer of indirection instead of the inv_session.
@@ -375,9 +375,9 @@ bool PJSipSessionModule::checkAuth(pjsip_rx_data *rdata, pjsip_inv_session *inv,
{
if (digests.empty())
{
- //Hook says not to challenge. This AuthInstance
+ //Hook says not to challenge. This ServerAuthInstance
//is deader than dead.
- mAuthManager->destroyAuthInstance(authInstance);
+ mAuthManager->destroyServerAuthInstance(authInstance);
return false;
}
-----------------------------------------------------------------------
--
asterisk-scf/integration/sip.git
More information about the asterisk-scf-commits
mailing list