asterisk/res/res_sip/config_auth.c

/*
 * Asterisk -- An open source telephony toolkit.
 *
 * Copyright (C) 2013, Digium, Inc.
 *
 * Mark Michelson <mmichelson@digium.com>
 *
 * See http://www.asterisk.org for more information about
 * the Asterisk project. Please do not directly contact
 * any of the maintainers of this project for assistance;
 * the project provides a web site, mailing lists and IRC
 * channels for your use.
 *
 * This program is free software, distributed under the terms of
 * the GNU General Public License Version 2. See the LICENSE file
 * at the top of the source tree.
 */

#include "asterisk.h"

#include <pjsip.h>
#include <pjlib.h>
#include "asterisk/res_sip.h"
#include "asterisk/logger.h"
#include "asterisk/sorcery.h"

static void auth_destroy(void *obj)
{
	struct ast_sip_auth *auth = obj;
	ast_string_field_free_memory(auth);
}

static void *auth_alloc(const char *name)
{
	struct ast_sip_auth *auth = ast_sorcery_generic_alloc(sizeof(*auth), auth_destroy);

	if (!auth) {
		return NULL;
	}

	if (ast_string_field_init(auth, 64)) {
		ao2_cleanup(auth);
		return NULL;
	}

	return auth;
}

static int auth_type_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
{
	struct ast_sip_auth *auth = obj;
	if (!strcasecmp(var->value, "userpass")) {
		auth->type = AST_SIP_AUTH_TYPE_USER_PASS;
	} else if (!strcasecmp(var->value, "md5")) {
		auth->type = AST_SIP_AUTH_TYPE_MD5;
	} else {
		ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",
				var->value, var->name);
		return -1;
	}
	return 0;
}

static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
{
	struct ast_sip_auth *auth = obj;
	int res = 0;

	if (ast_strlen_zero(auth->auth_user)) {
		ast_log(LOG_ERROR, "No authentication username for auth '%s'\n",
				ast_sorcery_object_get_id(auth));
		return -1;
	}

	switch (auth->type) {
	case AST_SIP_AUTH_TYPE_USER_PASS:
		if (ast_strlen_zero(auth->auth_pass)) {
			ast_log(LOG_ERROR, "'userpass' authentication specified but no"
					"password specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
			res = -1;
		}
		break;
	case AST_SIP_AUTH_TYPE_MD5:
		if (ast_strlen_zero(auth->md5_creds)) {
			ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred"
					"specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
			res = -1;
		}
		break;
	case AST_SIP_AUTH_TYPE_ARTIFICIAL:
		break;
	}

	return res;
}

/*! \brief Initialize sorcery with auth support */
int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery)
{
	ast_sorcery_apply_default(sorcery, SIP_SORCERY_AUTH_TYPE, "config", "res_sip.conf,criteria=type=auth");

	if (ast_sorcery_object_register(sorcery, SIP_SORCERY_AUTH_TYPE, auth_alloc, NULL, auth_apply)) {
		return -1;
	}

	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "type", "",
			OPT_NOOP_T, 0, 0);
	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "username",
			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_user));
	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "password",
			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_pass));
	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "md5_cred",
			"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, md5_creds));
	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "realm",
			"asterisk", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));
	ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",
			"32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));
	ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",
			"userpass", auth_type_handler, NULL, 0, 0);

	return 0;
}
Merge the pimp_my_sip branch into trunk. The pimp_my_sip branch is being merged at this point because it offers basic functionality, and from an API standpoint, things are complete. SIP work is not feature-complete; however, with the completion of the SUBSCRIBE/NOTIFY API, all APIs (except a PUBLISH API) have been created, and thus it is possible for developers to attempt to create new SIP work. API documentation can be found in the doxygen in the code, but usability documentation is still lacking. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@386540 65c4cc65-6c06-0410-ace0-fbb531ad65f3 2013-04-25 18:25:31 +00:00			`/*`
			`* Asterisk -- An open source telephony toolkit.`
			`*`
			`* Copyright (C) 2013, Digium, Inc.`
			`*`
			`* Mark Michelson <mmichelson@digium.com>`
			`*`
			`* See http://www.asterisk.org for more information about`
			`* the Asterisk project. Please do not directly contact`
			`* any of the maintainers of this project for assistance;`
			`* the project provides a web site, mailing lists and IRC`
			`* channels for your use.`
			`*`
			`* This program is free software, distributed under the terms of`
			`* the GNU General Public License Version 2. See the LICENSE file`
			`* at the top of the source tree.`
			`*/`

			`#include "asterisk.h"`

			`#include <pjsip.h>`
			`#include <pjlib.h>`
			`#include "asterisk/res_sip.h"`
			`#include "asterisk/logger.h"`
			`#include "asterisk/sorcery.h"`

			`static void auth_destroy(void *obj)`
			`{`
			`struct ast_sip_auth *auth = obj;`
			`ast_string_field_free_memory(auth);`
			`}`

			`static void auth_alloc(const char name)`
			`{`
Make sorcery details opaque and add extended fields. Sorcery specific object information is now opaque and allocated with the object. This means that modules do not need to be recompiled if the sorcery specific part is changed. It also means that sorcery can store additional information on objects and ensure it is freed or the reference count decreased when the object goes away. To facilitate the above a generic sorcery allocator function has been added which also ensures that allocated objects do not have a lock. Extended fields have been added thanks to all of the above which allows specific fields to be marked as extended, and thus simply stored as-is within the object. Type safety is NOT enforced on these fields. A consumer of them has to query and ultimately perform their own safety check. What does this mean? Extra modules can extend already defined structures without having to modify them. Tests have also been included to verify extended field functionality. Review: https://reviewboard.asterisk.org/r/2585/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@392586 65c4cc65-6c06-0410-ace0-fbb531ad65f3 2013-06-22 14:26:25 +00:00			`struct ast_sip_auth auth = ast_sorcery_generic_alloc(sizeof(auth), auth_destroy);`
Merge the pimp_my_sip branch into trunk. The pimp_my_sip branch is being merged at this point because it offers basic functionality, and from an API standpoint, things are complete. SIP work is not feature-complete; however, with the completion of the SUBSCRIBE/NOTIFY API, all APIs (except a PUBLISH API) have been created, and thus it is possible for developers to attempt to create new SIP work. API documentation can be found in the doxygen in the code, but usability documentation is still lacking. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@386540 65c4cc65-6c06-0410-ace0-fbb531ad65f3 2013-04-25 18:25:31 +00:00
			`if (!auth) {`
			`return NULL;`
			`}`

			`if (ast_string_field_init(auth, 64)) {`
			`ao2_cleanup(auth);`
			`return NULL;`
			`}`

			`return auth;`
			`}`

			`static int auth_type_handler(const struct aco_option opt, struct ast_variable var, void *obj)`
			`{`
			`struct ast_sip_auth *auth = obj;`
			`if (!strcasecmp(var->value, "userpass")) {`
			`auth->type = AST_SIP_AUTH_TYPE_USER_PASS;`
			`} else if (!strcasecmp(var->value, "md5")) {`
			`auth->type = AST_SIP_AUTH_TYPE_MD5;`
			`} else {`
			`ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",`
			`var->value, var->name);`
			`return -1;`
			`}`
			`return 0;`
			`}`

			`static int auth_apply(const struct ast_sorcery sorcery, void obj)`
			`{`
			`struct ast_sip_auth *auth = obj;`
			`int res = 0;`

			`if (ast_strlen_zero(auth->auth_user)) {`
			`ast_log(LOG_ERROR, "No authentication username for auth '%s'\n",`
			`ast_sorcery_object_get_id(auth));`
			`return -1;`
			`}`

			`switch (auth->type) {`
			`case AST_SIP_AUTH_TYPE_USER_PASS:`
			`if (ast_strlen_zero(auth->auth_pass)) {`
			`ast_log(LOG_ERROR, "'userpass' authentication specified but no"`
			`"password specified for auth '%s'\n", ast_sorcery_object_get_id(auth));`
			`res = -1;`
			`}`
			`break;`
			`case AST_SIP_AUTH_TYPE_MD5:`
			`if (ast_strlen_zero(auth->md5_creds)) {`
			`ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred"`
			`"specified for auth '%s'\n", ast_sorcery_object_get_id(auth));`
			`res = -1;`
			`}`
			`break;`
New SIP Channel driver: Always Auth Reject If no matching endpoint is found for the incoming request Asterisk will respond with a 401 Unauthorized (rejecting the request), but will first challenge if no authorization creditials are given. Changes also included moving ACL options into a new global 'security' configuration section in res_sip.conf. (closes issue ASTERISK-21433) Reported by: Matt Jordan Review: https://reviewboard.asterisk.org/r/2554/ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393442 65c4cc65-6c06-0410-ace0-fbb531ad65f3 2013-07-02 17:06:06 +00:00			`case AST_SIP_AUTH_TYPE_ARTIFICIAL:`
			`break;`
Merge the pimp_my_sip branch into trunk. The pimp_my_sip branch is being merged at this point because it offers basic functionality, and from an API standpoint, things are complete. SIP work is not feature-complete; however, with the completion of the SUBSCRIBE/NOTIFY API, all APIs (except a PUBLISH API) have been created, and thus it is possible for developers to attempt to create new SIP work. API documentation can be found in the doxygen in the code, but usability documentation is still lacking. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@386540 65c4cc65-6c06-0410-ace0-fbb531ad65f3 2013-04-25 18:25:31 +00:00			`}`

			`return res;`
			`}`

			`/! \brief Initialize sorcery with auth support /`
			`int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery)`
			`{`
			`ast_sorcery_apply_default(sorcery, SIP_SORCERY_AUTH_TYPE, "config", "res_sip.conf,criteria=type=auth");`

			`if (ast_sorcery_object_register(sorcery, SIP_SORCERY_AUTH_TYPE, auth_alloc, NULL, auth_apply)) {`
			`return -1;`
			`}`

			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "type", "",`
			`OPT_NOOP_T, 0, 0);`
			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "username",`
			`"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_user));`
			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "password",`
			`"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_pass));`
			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "md5_cred",`
			`"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, md5_creds));`
			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "realm",`
			`"asterisk", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));`
			`ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",`
			`"32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));`
			`ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",`
			`"userpass", auth_type_handler, NULL, 0, 0);`

			`return 0;`
			`}`