diff options
author | Joshua Colp <jcolp@digium.com> | 2017-10-26 18:45:40 -0500 |
---|---|---|
committer | Gerrit Code Review <gerrit2@gerrit.digium.api> | 2017-10-26 18:45:40 -0500 |
commit | 99f998c69d2aac92938a932b1669fc707c152962 (patch) | |
tree | 37f68ce15d790d22373e6e95421e0903cc0a7af5 /res | |
parent | 4f2717bab0a6aecc38083b22eb96e3c847fa32fc (diff) | |
parent | 9e1fbab382aec4b8e131cd9276c80f66ac52ba7b (diff) |
Merge "res_pjsip: Add 'ip' as a valid option to 'identify_by' on endpoint."
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip.c | 25 | ||||
-rw-r--r-- | res/res_pjsip/pjsip_configuration.c | 9 | ||||
-rw-r--r-- | res/res_pjsip_endpoint_identifier_ip.c | 7 |
3 files changed, 30 insertions, 11 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index f81d34ca4..7499ded3e 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -268,15 +268,17 @@ <configOption name="ice_support" default="no"> <synopsis>Enable the ICE mechanism to help traverse NAT</synopsis> </configOption> - <configOption name="identify_by" default="username,location"> + <configOption name="identify_by" default="username,ip"> <synopsis>Way(s) for Endpoint to be identified</synopsis> <description><para> Endpoints and aors can be identified in multiple ways. Currently, the supported options are <literal>username</literal>, which matches the endpoint or aor id based on - the username and domain in the From header (or To header for aors), and + the username and domain in the From header (or To header for aors), <literal>auth_username</literal>, which matches the endpoint or aor id based on the - username and realm in the Authentication header. In all cases, if an exact match - on both username and domain/realm fails, the match will be retried with just the username. + username and realm in the Authentication header, and <literal>ip</literal> which matches + an endpoint based on the source IP address. In the <literal>username</literal> and + <literal>auth_username</literal> cases, if an exact match on both username and + domain/realm fails, the match will be retried with just the username. </para> <note><para> Identification by auth_username has some security considerations because an @@ -292,14 +294,19 @@ configuration object. </para></note> <note><para>Endpoints can also be identified by IP address; however, that method - of identification is not handled by this configuration option. See the documentation - for the <literal>identify</literal> configuration section for more details on that - method of endpoint identification. If this option is set and an <literal>identify</literal> - configuration section exists for the endpoint, then the endpoint can be identified in - multiple ways.</para></note> + of identification is not configured but simply allowed by this configuration option. + See the documentation for the <literal>identify</literal> configuration section for + more details on that method of endpoint identification.</para></note> + <note><para> + This option controls both how an endpoint is matched for incoming traffic and also how + an AoR is determined if a registration occurs. If <literal>ip</literal> is set alone + then incoming registration will not find an AoR and the registration attempt will fail. + If you want to allow incoming registrations to succeed you must set a second identify + method such as <literal>username</literal> in this case.</para></note> <enumlist> <enum name="username" /> <enum name="auth_username" /> + <enum name="ip" /> </enumlist> </description> </configOption> diff --git a/res/res_pjsip/pjsip_configuration.c b/res/res_pjsip/pjsip_configuration.c index 653cb98ac..6db5b3898 100644 --- a/res/res_pjsip/pjsip_configuration.c +++ b/res/res_pjsip/pjsip_configuration.c @@ -582,8 +582,10 @@ static int ident_handler(const struct aco_option *opt, struct ast_variable *var, if (!strcasecmp(val, "username")) { method = AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME; - } else if (!strcasecmp(val, "auth_username")) { + } else if (!strcasecmp(val, "auth_username")) { method = AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME; + } else if (!strcasecmp(val, "ip")) { + method = AST_SIP_ENDPOINT_IDENTIFY_BY_IP; } else { ast_log(LOG_ERROR, "Unrecognized identification method %s specified for endpoint %s\n", val, ast_sorcery_object_get_id(endpoint)); @@ -628,6 +630,9 @@ static int ident_to_str(const void *obj, const intptr_t *args, char **buf) case AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME : method = "auth_username"; break; + case AST_SIP_ENDPOINT_IDENTIFY_BY_IP : + method = "ip"; + break; default: continue; } @@ -1901,7 +1906,7 @@ int ast_res_pjsip_initialize_configuration(void) ast_sorcery_object_field_register(sip_sorcery, "endpoint", "aors", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, aors)); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "media_address", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, media.address)); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "bind_rtp_to_media_address", "no", OPT_BOOL_T, 1, STRFLDSET(struct ast_sip_endpoint, media.bind_rtp_to_media_address)); - ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username", ident_handler, ident_to_str, NULL, 0, 0); + ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "identify_by", "username,ip", ident_handler, ident_to_str, NULL, 0, 0); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "direct_media", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.direct_media.enabled)); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "direct_media_method", "invite", direct_media_method_handler, direct_media_method_to_str, NULL, 0, 0); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "connected_line_method", "invite", connected_line_method_handler, connected_line_method_to_str, NULL, 0, 0); diff --git a/res/res_pjsip_endpoint_identifier_ip.c b/res/res_pjsip_endpoint_identifier_ip.c index 30bfc2618..8b92cef27 100644 --- a/res/res_pjsip_endpoint_identifier_ip.c +++ b/res/res_pjsip_endpoint_identifier_ip.c @@ -227,7 +227,14 @@ static struct ast_sip_endpoint *ip_identify(pjsip_rx_data *rdata) } endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", match->endpoint_name); + if (endpoint) { + if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_IP)) { + ast_debug(3, "Endpoint '%s' found for '%s' but 'ip' method not supported'\n", match->endpoint_name, + ast_sockaddr_stringify(&addr)); + ao2_cleanup(endpoint); + return NULL; + } ast_debug(3, "Retrieved endpoint %s\n", ast_sorcery_object_get_id(endpoint)); } else { ast_log(LOG_WARNING, "Identify section '%s' points to endpoint '%s' but endpoint could not be looked up\n", |