diff options
| author | Kevin Harwell <kharwell@digium.com> | 2013-07-02 17:06:06 +0000 |
|---|---|---|
| committer | Kevin Harwell <kharwell@digium.com> | 2013-07-02 17:06:06 +0000 |
| commit | a25a630659c49e5e5cddacdaa06a0bd323f7c9a1 (patch) | |
| tree | eed4d9cfab14942e856cafa3e654a238d9d73487 /include/asterisk | |
| parent | de206baa99f0e72129f036f1d8258f802367cb58 (diff) | |
New SIP Channel driver: Always Auth Reject
If no matching endpoint is found for the incoming request Asterisk will respond
with a 401 Unauthorized (rejecting the request), but will first challenge if
no authorization creditials are given.
Changes also included moving ACL options into a new global 'security'
configuration section in res_sip.conf.
(closes issue ASTERISK-21433)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2554/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393442 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'include/asterisk')
| -rw-r--r-- | include/asterisk/res_sip.h | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/include/asterisk/res_sip.h b/include/asterisk/res_sip.h index a25080766..d4f649531 100644 --- a/include/asterisk/res_sip.h +++ b/include/asterisk/res_sip.h @@ -237,6 +237,8 @@ enum ast_sip_auth_type { AST_SIP_AUTH_TYPE_USER_PASS, /*! Credentials stored as an MD5 sum */ AST_SIP_AUTH_TYPE_MD5, + /*! Credentials not stored this is a fake auth */ + AST_SIP_AUTH_TYPE_ARTIFICIAL }; #define SIP_SORCERY_AUTH_TYPE "auth" @@ -481,6 +483,17 @@ struct ast_sip_endpoint_identifier { struct ast_sip_endpoint *(*identify_endpoint)(pjsip_rx_data *rdata); }; +#define SIP_SORCERY_SECURITY_TYPE "security" + +/*! + * \brief SIP security details and configuration. + */ +struct ast_sip_security { + SORCERY_OBJECT(details); + struct ast_acl_list *acl; + struct ast_acl_list *contact_acl; +}; + /*! * \brief Register a SIP service in Asterisk. * @@ -778,6 +791,16 @@ int ast_sip_initialize_sorcery_domain_alias(struct ast_sorcery *sorcery); int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery); /*! + * \brief Initialize security support on a sorcery instance + * + * \param sorcery The sorcery instance + * + * \retval -1 failure + * \retval 0 success + */ +int ast_sip_initialize_sorcery_security(struct ast_sorcery *sorcery); + +/*! * \brief Callback called when an outbound request with authentication credentials is to be sent in dialog * * This callback will have the created request on it. The callback's purpose is to do any extra @@ -826,6 +849,27 @@ int ast_sip_dialog_setup_outbound_authentication(pjsip_dialog *dlg, const struct int ast_sip_initialize_distributor(void); /*! + * \brief Destruct the distributor module. + * + * Unregisters pjsip modules and cleans up any allocated resources. + */ +void ast_sip_destroy_distributor(void); + +/*! + * \brief Retrieves a reference to the artificial auth. + * + * \retval The artificial auth + */ +struct ast_sip_auth *ast_sip_get_artificial_auth(void); + +/*! + * \brief Retrieves a reference to the artificial endpoint. + * + * \retval The artificial endpoint + */ +struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void); + +/*! * \page Threading model for SIP * * There are three major types of threads that SIP will have to deal with: |