res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.

The inbound authentication object is supposed to be immutable when it is
stored in sorcery.  However, the immutable property is violated if the
authentication object does not have a realm set.

The immutable contract violation has a different effect depending upon
what sorcery back end is used.  If it is the config file back end you
would get the same object back until res_pjsip is reloaded.  If it is the
real-time or AstDB back end you would get a new object on each query.  If
it is cached you would get the same object back until it is refreshed from
the database.

Once an inbound authentication object has its realm set it may or may not
get updated again if the default_realm changes.

If the same authentication object is used for inbound and outbound
authentication then the immutable violation can make it very hard to
determine why the outbound authentication now fails.  The only diagnostic
message is a complaint about no realms matching when it had worked
earlier.  It fails because of the difference in behaviour for an empty
realm setting between inbound and outbound authentication objects.

* Fixed the sorcery object immutable violation by creating a new object
and setting the default_realm on it instead.  The new object is a shallow
copy for speed.

* The auth_store thread storage no longer holds an auth ref.  It
interferes with the shallow copy and never needed a ref anyway.

ASTERISK-26799 #close

Change-Id: I2328a52f61b78ed5fbba38180b7f183ee7e08956

1 files changed, 73 insertions, 32 deletions

diff --git a/res/res_pjsip_authenticator_digest.c b/res/res_pjsip_authenticator_digest.c
index 4bc35c5ff..ef57e3754 100644
--- a/res/res_pjsip_authenticator_digest.c
+++ b/res/res_pjsip_authenticator_digest.c
@@ -87,46 +87,46 @@ static void auth_store_cleanup(void *data)
 AST_THREADSTORAGE_CUSTOM(auth_store, NULL, auth_store_cleanup);
 
 /*!
- * \brief Store authentication information in thread-local storage
+ * \brief Store shallow copy authentication information in thread-local storage
  */
-static int store_auth(struct ast_sip_auth *auth)
+static int store_auth(const struct ast_sip_auth *auth)
 {
-	struct ast_sip_auth **pointing;
+	const struct ast_sip_auth **pointing;
+
 	pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
-	if (!pointing || *pointing) {
+	if (!pointing) {
 		return -1;
 	}
 
-	ao2_ref(auth, +1);
 	*pointing = auth;
 	return 0;
 }
 
 /*!
- * \brief Remove authentication information from thread-local storage
+ * \brief Remove shallow copy authentication information from thread-local storage
  */
 static int remove_auth(void)
 {
 	struct ast_sip_auth **pointing;
+
 	pointing = ast_threadstorage_get(&auth_store, sizeof(pointing));
 	if (!pointing) {
 		return -1;
 	}
 
-	ao2_cleanup(*pointing);
 	*pointing = NULL;
 	return 0;
 }
 
 /*!
- * \brief Retrieve authentication information from thread-local storage
+ * \brief Retrieve shallow copy authentication information from thread-local storage
  */
-static struct ast_sip_auth *get_auth(void)
+static const struct ast_sip_auth *get_auth(void)
 {
 	struct ast_sip_auth **auth;
+
 	auth = ast_threadstorage_get(&auth_store, sizeof(auth));
-	if (auth && *auth) {
-		ao2_ref(*auth, +1);
+	if (auth) {
 		return *auth;
 	}
 	return NULL;
@@ -150,7 +150,9 @@ static struct ast_sip_auth *get_auth(void)
 static pj_status_t digest_lookup(pj_pool_t *pool, const pj_str_t *realm,
 		const pj_str_t *acc_name, pjsip_cred_info *info)
 {
-	RAII_VAR(struct ast_sip_auth *, auth, get_auth(), ao2_cleanup);
+	const struct ast_sip_auth *auth;
+
+	auth = get_auth();
 	if (!auth) {
 		return PJSIP_SC_FORBIDDEN;
 	}
@@ -312,7 +314,7 @@ enum digest_verify_result {
  * \return CMP_MATCH on successful authentication
  * \return 0 on failed authentication
  */
-static int verify(struct ast_sip_auth *auth, pjsip_rx_data *rdata, pj_pool_t *pool)
+static int verify(const struct ast_sip_auth *auth, pjsip_rx_data *rdata, pj_pool_t *pool)
 {
 	pj_status_t authed;
 	int response_code;
@@ -329,9 +331,7 @@ static int verify(struct ast_sip_auth *auth, pjsip_rx_data *rdata, pj_pool_t *po
 	setup_auth_srv(pool, &auth_server, auth->realm);
 
 	store_auth(auth);
-
 	authed = pjsip_auth_srv_verify(&auth_server, rdata, &response_code);
-
 	remove_auth();
 
 	if (authed == PJ_SUCCESS) {
@@ -389,47 +389,88 @@ static enum ast_sip_check_auth_result digest_check_auth(struct ast_sip_endpoint
 		pjsip_rx_data *rdata, pjsip_tx_data *tdata)
 {
 	struct ast_sip_auth **auths;
+	struct ast_sip_auth **auths_shallow;
 	enum digest_verify_result *verify_res;
+	struct ast_sip_endpoint *artificial_endpoint;
 	enum ast_sip_check_auth_result res;
-	int i;
+	int idx;
+	int is_artificial;
 	int failures = 0;
 	size_t auth_size;
 
-	RAII_VAR(struct ast_sip_endpoint *, artificial_endpoint,
-		 ast_sip_get_artificial_endpoint(), ao2_cleanup);
-
 	auth_size = AST_VECTOR_SIZE(&endpoint->inbound_auths);
+	ast_assert(0 < auth_size);
 
 	auths = ast_alloca(auth_size * sizeof(*auths));
 	verify_res = ast_alloca(auth_size * sizeof(*verify_res));
 
-	if (!auths) {
+	artificial_endpoint = ast_sip_get_artificial_endpoint();
+	if (!artificial_endpoint) {
+		/* Should not happen except possibly if we are shutting down. */
 		return AST_SIP_AUTHENTICATION_ERROR;
 	}
 
-	if (endpoint == artificial_endpoint) {
+	is_artificial = endpoint == artificial_endpoint;
+	ao2_ref(artificial_endpoint, -1);
+	if (is_artificial) {
+		ast_assert(auth_size == 1);
 		auths[0] = ast_sip_get_artificial_auth();
-	} else if (ast_sip_retrieve_auths(&endpoint->inbound_auths, auths)) {
-		res = AST_SIP_AUTHENTICATION_ERROR;
-		goto cleanup;
+		if (!auths[0]) {
+			/* Should not happen except possibly if we are shutting down. */
+			return AST_SIP_AUTHENTICATION_ERROR;
+		}
+	} else {
+		memset(auths, 0, auth_size * sizeof(*auths));
+		if (ast_sip_retrieve_auths(&endpoint->inbound_auths, auths)) {
+			res = AST_SIP_AUTHENTICATION_ERROR;
+			goto cleanup;
+		}
 	}
 
-	for (i = 0; i < auth_size; ++i) {
-		if (ast_strlen_zero(auths[i]->realm)) {
-			ast_string_field_set(auths[i], realm, default_realm);
+	/* Setup shallow copy of auths */
+	if (ast_strlen_zero(default_realm)) {
+		auths_shallow = auths;
+	} else {
+		/*
+		 * Set default realm on a shallow copy of the authentication
+		 * objects that don't have a realm set.
+		 */
+		auths_shallow = ast_alloca(auth_size * sizeof(*auths_shallow));
+		for (idx = 0; idx < auth_size; ++idx) {
+			if (ast_strlen_zero(auths[idx]->realm)) {
+				/*
+				 * Make a shallow copy and set the default realm on it.
+				 *
+				 * The stack allocation is OK here.  Normally this will
+				 * loop one time.  If you have multiple auths then you
+				 * shouldn't need more auths than the normal complement
+				 * of fingers and toes.  Otherwise, you should check
+				 * your sanity for setting up your system up that way.
+				 */
+				auths_shallow[idx] = ast_alloca(sizeof(**auths_shallow));
+				memcpy(auths_shallow[idx], auths[idx], sizeof(**auths_shallow));
+				*((char **) (&auths_shallow[idx]->realm)) = default_realm;
+				ast_debug(3, "Using default realm '%s' on incoming auth '%s'.\n",
+					default_realm, ast_sorcery_object_get_id(auths_shallow[idx]));
+			} else {
+				auths_shallow[idx] = auths[idx];
+			}
 		}
-		verify_res[i] = verify(auths[i], rdata, tdata->pool);
-		if (verify_res[i] == AUTH_SUCCESS) {
+	}
+
+	for (idx = 0; idx < auth_size; ++idx) {
+		verify_res[idx] = verify(auths_shallow[idx], rdata, tdata->pool);
+		if (verify_res[idx] == AUTH_SUCCESS) {
 			res = AST_SIP_AUTHENTICATION_SUCCESS;
 			goto cleanup;
 		}
-		if (verify_res[i] == AUTH_FAIL) {
+		if (verify_res[idx] == AUTH_FAIL) {
 			failures++;
 		}
 	}
 
-	for (i = 0; i < auth_size; ++i) {
-		challenge(auths[i]->realm, tdata, rdata, verify_res[i] == AUTH_STALE);
+	for (idx = 0; idx < auth_size; ++idx) {
+		challenge(auths_shallow[idx]->realm, tdata, rdata, verify_res[idx] == AUTH_STALE);
 	}
 
 	if (failures == auth_size) {