diff options
| -rw-r--r-- | CHANGES | 1 | ||||
| -rw-r--r-- | channels/chan_sip.c | 717 | ||||
| -rw-r--r-- | channels/sip/include/security_events.h | 43 | ||||
| -rw-r--r-- | channels/sip/include/sip.h | 46 | ||||
| -rw-r--r-- | channels/sip/security_events.c | 398 | ||||
| -rw-r--r-- | configs/logger.conf.sample | 2 | ||||
| -rw-r--r-- | include/asterisk/event_defs.h | 7 | ||||
| -rw-r--r-- | include/asterisk/security_events_defs.h | 76 | ||||
| -rw-r--r-- | main/event.c | 4 | ||||
| -rw-r--r-- | main/security_events.c | 54 |
10 files changed, 999 insertions, 349 deletions
@@ -214,6 +214,7 @@ SIP Changes ----------- * Add T38 support for REJECTED state where T.38 Negotiation is explicitly rejected. * Add option encryption_taglen to set auth taglen only 32 and 80 are supported currently. + * SIP now generates security events using the Security Events Framework for REGISTER and INVITE. Queue changes ------------- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 3d64c8493..adad2b009 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -276,6 +276,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/xml.h" #include "sip/include/dialog.h" #include "sip/include/dialplan_functions.h" +#include "sip/include/security_events.h" /*** DOCUMENTATION @@ -1434,7 +1435,6 @@ static void sip_destroy_peer_fn(void *peer); static void set_peer_defaults(struct sip_peer *peer); static struct sip_peer *temp_peer(const char *name); static void register_peer_exten(struct sip_peer *peer, int onoff); -static struct sip_peer *find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int forcenamematch, int devstate_only, int transport); static int sip_poke_peer_s(const void *data); static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, struct sip_peer *p, struct sip_request *req); static void reg_source_db(struct sip_peer *peer); @@ -1471,7 +1471,6 @@ static int find_sip_method(const char *msg); static unsigned int parse_allowed_methods(struct sip_request *req); static unsigned int set_pvt_allowed_methods(struct sip_pvt *pvt, struct sip_request *req); static int parse_request(struct sip_request *req); -static const char *get_header(const struct sip_request *req, const char *name); static const char *referstatus2str(enum referstatus rstatus) attribute_pure; static int method_match(enum sipmethod id, const char *name); static void parse_copy(struct sip_request *dst, const struct sip_request *src); @@ -1628,6 +1627,7 @@ struct ast_channel_tech sip_tech = { */ struct ast_channel_tech sip_tech_info; +/*------- CC Support -------- */ static int sip_cc_agent_init(struct ast_cc_agent *agent, struct ast_channel *chan); static int sip_cc_agent_start_offer_timer(struct ast_cc_agent *agent); static int sip_cc_agent_stop_offer_timer(struct ast_cc_agent *agent); @@ -2064,7 +2064,7 @@ static void sip_cc_monitor_destructor(void *private_data) static int sip_get_cc_information(struct sip_request *req, char *subscribe_uri, size_t size, enum ast_cc_service_type *service) { - char *call_info = ast_strdupa(get_header(req, "Call-Info")); + char *call_info = ast_strdupa(sip_get_header(req, "Call-Info")); char *uri; char *purpose; char *service_str; @@ -2308,18 +2308,18 @@ static const char *sip_reason_code_to_str(enum AST_REDIRECTING_REASON code) else if (!(peer->transports & tmpl->socket.type)) {\ ast_log(LOG_ERROR, \ "'%s' is not a valid transport for '%s'. we only use '%s'! ending call.\n", \ - get_transport(tmpl->socket.type), peer->name, get_transport_list(peer->transports) \ + sip_get_transport(tmpl->socket.type), peer->name, get_transport_list(peer->transports) \ ); \ ret = 1; \ } else if (peer->socket.type & SIP_TRANSPORT_TLS) { \ ast_log(LOG_WARNING, \ "peer '%s' HAS NOT USED (OR SWITCHED TO) TLS in favor of '%s' (but this was allowed in sip.conf)!\n", \ - peer->name, get_transport(tmpl->socket.type) \ + peer->name, sip_get_transport(tmpl->socket.type) \ ); \ } else { \ ast_debug(1, \ "peer '%s' has contacted us over %s even though we prefer %s.\n", \ - peer->name, get_transport(tmpl->socket.type), get_transport(peer->socket.type) \ + peer->name, sip_get_transport(tmpl->socket.type), sip_get_transport(peer->socket.type) \ ); \ }\ (ret); \ @@ -2695,7 +2695,7 @@ static void *_sip_tcp_helper_thread(struct sip_pvt *pvt, struct ast_tcptls_sessi copy_request(&reqcpy, &req); parse_request(&reqcpy); /* In order to know how much to read, we need the content-length header */ - if (sscanf(get_header(&reqcpy, "Content-Length"), "%30d", &cl)) { + if (sscanf(sip_get_header(&reqcpy, "Content-Length"), "%30d", &cl)) { while (cl > 0) { size_t bytes_read; if (!tcptls_session->client && !authenticated ) { @@ -2825,8 +2825,8 @@ cleanup: } #ifdef REF_DEBUG -#define ref_peer(arg1,arg2) _ref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__) -#define unref_peer(arg1,arg2) _unref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__) +#define sip_ref_peer(arg1,arg2) _ref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__) +#define sip_unref_peer(arg1,arg2) _unref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__) static struct sip_peer *_ref_peer(struct sip_peer *peer, char *tag, char *file, int line, const char *func) { if (peer) @@ -2848,13 +2848,13 @@ static struct sip_peer *_unref_peer(struct sip_peer *peer, char *tag, char *file * By handling them this way, we don't have to declare the * destructor on each call, which removes the chance of errors. */ -static void *unref_peer(struct sip_peer *peer, char *tag) +void *sip_unref_peer(struct sip_peer *peer, char *tag) { ao2_t_ref(peer, -1, tag); return NULL; } -static struct sip_peer *ref_peer(struct sip_peer *peer, char *tag) +struct sip_peer *sip_ref_peer(struct sip_peer *peer, char *tag) { ao2_t_ref(peer, 1, tag); return peer; @@ -2865,11 +2865,11 @@ static void peer_sched_cleanup(struct sip_peer *peer) { if (peer->pokeexpire != -1) { AST_SCHED_DEL_UNREF(sched, peer->pokeexpire, - unref_peer(peer, "removing poke peer ref")); + sip_unref_peer(peer, "removing poke peer ref")); } if (peer->expire != -1) { AST_SCHED_DEL_UNREF(sched, peer->expire, - unref_peer(peer, "remove register expire ref")); + sip_unref_peer(peer, "remove register expire ref")); } } @@ -3289,7 +3289,7 @@ static inline const char *get_transport_list(unsigned int transports) { } /*! \brief Return transport as string */ -static inline const char *get_transport(enum sip_transport t) +const char *sip_get_transport(enum sip_transport t) { switch (t) { case SIP_TRANSPORT_UDP: @@ -3342,7 +3342,7 @@ static inline const char *get_transport_pvt(struct sip_pvt *p) set_socket_transport(&p->socket, p->outboundproxy->transport); } - return get_transport(p->socket.type); + return sip_get_transport(p->socket.type); } /*! @@ -3515,7 +3515,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka } else if (!ast_sockaddr_is_any(&bindaddr)) { ast_sockaddr_copy(us, &bindaddr); } - ast_debug(3, "Setting SIP_TRANSPORT_%s with address %s\n", get_transport(p->socket.type), ast_sockaddr_stringify(us)); + ast_debug(3, "Setting SIP_TRANSPORT_%s with address %s\n", sip_get_transport(p->socket.type), ast_sockaddr_stringify(us)); } /*! \brief Append to SIP dialog history with arg list */ @@ -4167,7 +4167,7 @@ static int send_response(struct sip_pvt *p, struct sip_request *req, enum xmitty if (p->do_history) { struct sip_request tmp = { .rlPart1 = 0, }; parse_copy(&tmp, req); - append_history(p, reliable ? "TxRespRel" : "TxResp", "%s / %s - %s", tmp.data->str, get_header(&tmp, "CSeq"), + append_history(p, reliable ? "TxRespRel" : "TxResp", "%s / %s - %s", tmp.data->str, sip_get_header(&tmp, "CSeq"), (tmp.method == SIP_RESPONSE || tmp.method == SIP_UNKNOWN) ? REQ_OFFSET_TO_STR(&tmp, rlPart2) : sip_methods[tmp.method].text); deinit_req(&tmp); } @@ -4215,7 +4215,7 @@ static int send_request(struct sip_pvt *p, struct sip_request *req, enum xmittyp if (p->do_history) { struct sip_request tmp = { .rlPart1 = 0, }; parse_copy(&tmp, req); - append_history(p, reliable ? "TxReqRel" : "TxReq", "%s / %s - %s", tmp.data->str, get_header(&tmp, "CSeq"), sip_methods[tmp.method].text); + append_history(p, reliable ? "TxReqRel" : "TxReq", "%s / %s - %s", tmp.data->str, sip_get_header(&tmp, "CSeq"), sip_methods[tmp.method].text); deinit_req(&tmp); } res = (reliable) ? @@ -4855,9 +4855,9 @@ static struct sip_peer *realtime_peer(const char *newpeername, struct ast_sockad ast_copy_flags(&peer->flags[1], &global_flags[1], SIP_PAGE2_RTAUTOCLEAR|SIP_PAGE2_RTCACHEFRIENDS); if (ast_test_flag(&global_flags[1], SIP_PAGE2_RTAUTOCLEAR)) { AST_SCHED_REPLACE_UNREF(peer->expire, sched, sip_cfg.rtautoclear * 1000, expire_register, peer, - unref_peer(_data, "remove registration ref"), - unref_peer(peer, "remove registration ref"), - ref_peer(peer, "add registration ref")); + sip_unref_peer(_data, "remove registration ref"), + sip_unref_peer(peer, "remove registration ref"), + sip_ref_peer(peer, "add registration ref")); } ao2_t_link(peers, peer, "link peer into peers table"); if (!ast_sockaddr_isnull(&peer->addr)) { @@ -4917,7 +4917,7 @@ static int find_by_name(void *obj, void *arg, void *data, int flags) * \note Avoid using this function in new functions if there is a way to avoid it, * since it might cause a database lookup. */ -static struct sip_peer *find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport) +struct sip_peer *sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport) { struct sip_peer *p = NULL; struct sip_peer tmp_peer; @@ -4945,13 +4945,13 @@ static struct sip_peer *find_peer(const char *peer, struct ast_sockaddr *addr, i switch (which_objects) { case FINDUSERS: if (!(p->type & SIP_TYPE_USER)) { - unref_peer(p, "Wrong type of realtime SIP endpoint"); + sip_unref_peer(p, "Wrong type of realtime SIP endpoint"); return NULL; } break; case FINDPEERS: if (!(p->type & SIP_TYPE_PEER)) { - unref_peer(p, "Wrong type of realtime SIP endpoint"); + sip_unref_peer(p, "Wrong type of realtime SIP endpoint"); return NULL; } break; @@ -5321,7 +5321,7 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc dialog->timer_t1 = global_t1; /* Default SIP retransmission timer T1 (RFC 3261) */ dialog->timer_b = global_timer_b; /* Default SIP transaction timer B (RFC 3261) */ - peer = find_peer(peername, NULL, TRUE, FINDPEERS, FALSE, 0); + peer = sip_find_peer(peername, NULL, TRUE, FINDPEERS, FALSE, 0); if (peer) { int res; @@ -5332,8 +5332,8 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc if (!ast_sockaddr_isnull(remote_address)) { ast_sockaddr_copy(&dialog->sa, remote_address); } - dialog->relatedpeer = ref_peer(peer, "create_addr: setting dialog's relatedpeer pointer"); - unref_peer(peer, "create_addr: unref peer from find_peer hashtab lookup"); + dialog->relatedpeer = sip_ref_peer(peer, "create_addr: setting dialog's relatedpeer pointer"); + sip_unref_peer(peer, "create_addr: unref peer from sip_find_peer hashtab lookup"); return res; } @@ -5669,7 +5669,7 @@ void __sip_destroy(struct sip_pvt *p, int lockowner, int lockdialoglist) p->relatedpeer->call = dialog_unref(p->relatedpeer->call, "unset the relatedpeer->call field in tandem with relatedpeer field itself"); if (p->relatedpeer) - p->relatedpeer = unref_peer(p->relatedpeer,"unsetting a dialog relatedpeer field in sip_destroy"); + p->relatedpeer = sip_unref_peer(p->relatedpeer,"unsetting a dialog relatedpeer field in sip_destroy"); if (p->registry) { if (p->registry->call == p) @@ -5810,7 +5810,7 @@ static int update_call_counter(struct sip_pvt *fup, int event) /* Check the list of devices */ if (fup->relatedpeer) { - p = ref_peer(fup->relatedpeer, "ref related peer for update_call_counter"); + p = sip_ref_peer(fup->relatedpeer, "ref related peer for update_call_counter"); inuse = &p->inUse; call_limit = &p->call_limit; inringing = &p->inRinging; @@ -5878,7 +5878,7 @@ static int update_call_counter(struct sip_pvt *fup, int event) if (*call_limit > 0 ) { if (*inuse >= *call_limit) { ast_log(LOG_NOTICE, "Call %s %s '%s' rejected due to usage limit of %d\n", outgoing ? "to" : "from", "peer", name, *call_limit); - unref_peer(p, "update_call_counter: unref peer p, call limit exceeded"); + sip_unref_peer(p, "update_call_counter: unref peer p, call limit exceeded"); return -1; } } @@ -5928,7 +5928,7 @@ static int update_call_counter(struct sip_pvt *fup, int event) if (p) { ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", p->name); - unref_peer(p, "update_call_counter: unref_peer from call counter"); + sip_unref_peer(p, "update_call_counter: sip_unref_peer from call counter"); } return 0; } @@ -7227,14 +7227,14 @@ static const char *__get_header(const struct sip_request *req, const char *name, } } - /* Don't return NULL, so get_header is always a valid pointer */ + /* Don't return NULL, so sip_get_header is always a valid pointer */ return ""; } /*! \brief Get header from SIP request \return Always return something, so don't check for NULL because it won't happen :-) */ -static const char *get_header(const struct sip_request *req, const char *name) +const char *sip_get_header(const struct sip_request *req, const char *name) { int start = 0; return __get_header(req, name, &start); @@ -7499,11 +7499,11 @@ struct sip_pvt *sip_alloc(ast_string_field callid, struct ast_sockaddr *addr, * some information about it in the dialog. */ if (req) { struct sip_via *via; - const char *cseq = get_header(req, "Cseq"); + const char *cseq = sip_get_header(req, "Cseq"); unsigned int seqno; /* get branch parameter from initial Request that started this dialog */ - via = parse_via(get_header(req, "Via")); + via = parse_via(sip_get_header(req, "Via")); if (via) { /* only store the branch if it begins with the magic prefix "z9hG4bK", otherwise * it is not useful to us to have it */ @@ -7641,7 +7641,7 @@ struct sip_pvt *sip_alloc(ast_string_field callid, struct ast_sockaddr *addr, */ static int process_via(struct sip_pvt *p, const struct sip_request *req) { - struct sip_via *via = parse_via(get_header(req, "Via")); + struct sip_via *via = parse_via(sip_get_header(req, "Via")); if (!via) { ast_log(LOG_ERROR, "error processing via header\n"); @@ -7958,14 +7958,14 @@ static struct sip_pvt *find_call(struct sip_request *req, struct ast_sockaddr *a { char totag[128]; char fromtag[128]; - const char *callid = get_header(req, "Call-ID"); - const char *from = get_header(req, "From"); - const char *to = get_header(req, "To"); - const char *cseq = get_header(req, "Cseq"); + const char *callid = sip_get_header(req, "Call-ID"); + const char *from = sip_get_header(req, "From"); + const char *to = sip_get_header(req, "To"); + const char *cseq = sip_get_header(req, "Cseq"); struct sip_pvt *sip_pvt_ptr; unsigned int seqno; /* Call-ID, to, from and Cseq are required by RFC 3261. (Max-forwards and via too - ignored now) */ - /* get_header always returns non-NULL so we must use ast_strlen_zero() */ + /* sip_get_header always returns non-NULL so we must use ast_strlen_zero() */ if (ast_strlen_zero(callid) || ast_strlen_zero(to) || ast_strlen_zero(from) || ast_strlen_zero(cseq) || (sscanf(cseq, "%30u", &seqno) != 1)) { @@ -8038,14 +8038,14 @@ static struct sip_pvt *find_call(struct sip_request *req, struct ast_sockaddr *a args.seqno = seqno; /* get via header information. */ args.ruri = REQ_OFFSET_TO_STR(req, rlPart2); - via = parse_via(get_header(req, "Via")); + via = parse_via(sip_get_header(req, "Via")); if (via) { args.viasentby = via->sent_by; args.viabranch = via->branch; } /* determine if this is a Request with authentication credentials. */ - if (!ast_strlen_zero(get_header(req, "Authorization")) || - !ast_strlen_zero(get_header(req, "Proxy-Authorization"))) { + if (!ast_strlen_zero(sip_get_header(req, "Authorization")) || + !ast_strlen_zero(sip_get_header(req, "Proxy-Authorization"))) { args.authentication_present = 1; } /* if it is a response, get the response code */ @@ -8293,7 +8293,7 @@ static void mark_parsed_methods(unsigned int *methods, char *methods_str) */ static unsigned int parse_allowed_methods(struct sip_request *req) { - char *allow = ast_strdupa(get_header(req, "Allow")); + char *allow = ast_strdupa(sip_get_header(req, "Allow")); unsigned int allowed_methods = SIP_UNKNOWN; if (ast_strlen_zero(allow)) { @@ -8301,7 +8301,7 @@ static unsigned int parse_allowed_methods(struct sip_request *req) * place the phone's allowed methods in an Allow header. Instead, they place the * allowed methods in a methods= parameter in the Contact header. */ - char *contact = ast_strdupa(get_header(req, "Contact")); + char *contact = ast_strdupa(sip_get_header(req, "Contact")); char *methods = strstr(contact, ";methods="); if (ast_strlen_zero(methods)) { @@ -8506,7 +8506,7 @@ static int find_sdp(struct sip_request *req) int found_application_sdp = FALSE; int found_end_of_headers = FALSE; - content_length = get_header(req, "Content-Length"); + content_length = sip_get_header(req, "Content-Length"); if (!ast_strlen_zero(content_length)) { if (sscanf(content_length, "%30u", &x) != 1) { @@ -8520,7 +8520,7 @@ static int find_sdp(struct sip_request *req) return 0; } - content_type = get_header(req, "Content-Type"); + content_type = sip_get_header(req, "Content-Type"); /* if the body contains only SDP, this is easy */ if (!strncasecmp(content_type, "application/sdp", 15)) { @@ -9820,7 +9820,7 @@ static int add_content(struct sip_request *req, const char *line) /*! \brief Copy one header field from one request to another */ static int copy_header(struct sip_request *req, const struct sip_request *orig, const char *field) { - const char *tmp = get_header(orig, field); + const char *tmp = sip_get_header(orig, field); if (!ast_strlen_zero(tmp)) /* Add what we're responding to */ return add_header(req, field, tmp); @@ -10154,7 +10154,7 @@ static int respprep(struct sip_request *resp, struct sip_pvt *p, const char *msg if (msg[0] == '1' || msg[0] == '2') copy_all_header(resp, req, "Record-Route"); copy_header(resp, req, "From"); - ot = get_header(req, "To"); + ot = sip_get_header(req, "To"); if (!strcasestr(ot, "tag=") && strncmp(msg, "100", 3)) { /* Add the proper tag if we don't have it already. If they have specified their tag, use it. Otherwise, use our own tag */ @@ -10277,7 +10277,7 @@ static int reqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, in else { char *n; /* We have no URI, use To: or From: header as URI (depending on direction) */ - ast_copy_string(stripped, get_header(orig, is_outbound ? "To" : "From"), + ast_copy_string(stripped, sip_get_header(orig, is_outbound ? "To" : "From"), sizeof(stripped)); n = get_in_brackets(stripped); c = remove_uri_parameters(n); @@ -10293,8 +10293,8 @@ static int reqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, in } add_header_max_forwards(p, req); - ot = get_header(orig, "To"); - of = get_header(orig, "From"); + ot = sip_get_header(orig, "To"); + of = sip_get_header(orig, "From"); /* Add tag *unless* this is a CANCEL, in which case we need to send it exactly as our original request, including tag (or presumably lack thereof) */ @@ -10358,8 +10358,8 @@ static int __transmit_response(struct sip_pvt *p, const char *msg, const struct struct sip_request resp; int seqno = 0; - if (reliable && (sscanf(get_header(req, "CSeq"), "%30d ", &seqno) != 1)) { - ast_log(LOG_WARNING, "Unable to determine sequence number from '%s'\n", get_header(req, "CSeq")); + if (reliable && (sscanf(sip_get_header(req, "CSeq"), "%30d ", &seqno) != 1)) { + ast_log(LOG_WARNING, "Unable to determine sequence number from '%s'\n", sip_get_header(req, "CSeq")); return -1; } respprep(&resp, p, msg, req); @@ -10592,8 +10592,8 @@ static int transmit_response_with_auth(struct sip_pvt *p, const char *msg, const char tmp[512]; int seqno = 0; - if (reliable && (sscanf(get_header(req, "CSeq"), "%30d ", &seqno) != 1)) { - ast_log(LOG_WARNING, "Unable to determine sequence number from '%s'\n", get_header(req, "CSeq")); + if (reliable && (sscanf(sip_get_header(req, "CSeq"), "%30d ", &seqno) != 1)) { + ast_log(LOG_WARNING, "Unable to determine sequence number from '%s'\n", sip_get_header(req, "CSeq")); return -1; } /* Choose Realm */ @@ -10673,14 +10673,14 @@ static void get_realm(struct sip_pvt *p, const struct sip_request *req) !AST_LIST_EMPTY(&domain_list)) { /* Check From header first */ - if (!get_domain(get_header(req, "From"), domain, sizeof(domain))) { + if (!get_domain(sip_get_header(req, "From"), domain, sizeof(domain))) { if (check_sip_domain(domain, NULL, 0)) { ast_string_field_set(p, realm, domain); return; } } /* Check To header */ - if (!get_domain(get_header(req, "To"), domain, sizeof(domain))) { + if (!get_domain(sip_get_header(req, "To"), domain, sizeof(domain))) { if (check_sip_domain(domain, NULL, 0)) { ast_string_field_set(p, realm, domain); return; @@ -11572,8 +11572,8 @@ static int transmit_response_with_t38_sdp(struct sip_pvt *p, char *msg, struct s struct sip_request resp; int seqno; - if (sscanf(get_header(req, "CSeq"), "%30d ", &seqno) != 1) { - ast_log(LOG_WARNING, "Unable to get seqno from '%s'\n", get_header(req, "CSeq")); + if (sscanf(sip_get_header(req, "CSeq"), "%30d ", &seqno) != 1) { + ast_log(LOG_WARNING, "Unable to get seqno from '%s'\n", sip_get_header(req, "CSeq")); return -1; } respprep(&resp, p, msg, req); @@ -11653,8 +11653,8 @@ static int transmit_response_with_sdp(struct sip_pvt *p, const char *msg, const { struct sip_request resp; int seqno; - if (sscanf(get_header(req, "CSeq"), "%30d ", &seqno) != 1) { - ast_log(LOG_WARNING, "Unable to get seqno from '%s'\n", get_header(req, "CSeq")); + if (sscanf(sip_get_header(req, "CSeq"), "%30d ", &seqno) != 1) { + ast_log(LOG_WARNING, "Unable to get seqno from '%s'\n", sip_get_header(req, "CSeq")); return -1; } respprep(&resp, p, msg, req); @@ -11797,7 +11797,7 @@ static void extract_uri(struct sip_pvt *p, struct sip_request *req) char stripped[SIPBUFSIZE]; char *c; - ast_copy_string(stripped, get_header(req, "Contact"), sizeof(stripped)); + ast_copy_string(stripped, sip_get_header(req, "Contact"), sizeof(stripped)); c = get_in_brackets(stripped); /* Cut the URI at the at sign after the @, not in the username part */ c = remove_uri_parameters(c); @@ -11819,7 +11819,7 @@ static void build_contact(struct sip_pvt *p) } else { ast_string_field_build(p, our_contact, "<sip:%s%s%s;transport=%s>", user, ast_strlen_zero(user) ? "" : "@", ast_sockaddr_stringify_remote(&p->ourip), - get_transport(p->socket.type)); + sip_get_transport(p->socket.type)); } } @@ -12590,7 +12590,7 @@ static int transmit_state_notify(struct sip_pvt *p, int state, int full, int tim subscriptiontype = find_subscription_type(p->subscribed); - ast_copy_string(from, get_header(&p->initreq, "From"), sizeof(from)); + ast_copy_string(from, sip_get_header(&p->initreq, "From"), sizeof(from)); c = get_in_brackets(from); if (strncasecmp(c, "sip:", 4) && strncasecmp(c, "sips:", 5)) { ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c); @@ -12599,7 +12599,7 @@ static int transmit_state_notify(struct sip_pvt *p, int state, int full, int tim mfrom = remove_uri_parameters(c); - ast_copy_string(to, get_header(&p->initreq, "To"), sizeof(to)); + ast_copy_string(to, sip_get_header(&p->initreq, "To"), sizeof(to)); c = get_in_brackets(to); if (strncasecmp(c, "sip:", 4) && strncasecmp(c, "sips:", 5)) { ast_log(LOG_WARNING, "Huh? Not a SIP header (%s)?\n", c); @@ -12684,13 +12684,13 @@ static int transmit_notify_with_mwi(struct sip_pvt *p, int newmsgs, int oldmsgs, if (p->socket.type == SIP_TRANSPORT_UDP) { ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d\r\n", exten, domain, ourport); } else { - ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d;transport=%s\r\n", exten, domain, ourport, get_transport(p->socket.type)); + ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d;transport=%s\r\n", exten, domain, ourport, sip_get_transport(p->socket.type)); } } else { if (p->socket.type == SIP_TRANSPORT_UDP) { ast_str_append(&out, 0, "Message-Account: sip:%s@%s\r\n", exten, domain); } else { - ast_str_append(&out, 0, "Message-Account: sip:%s@%s;transport=%s\r\n", exten, domain, get_transport(p->socket.type)); + ast_str_append(&out, 0, "Message-Account: sip:%s@%s;transport=%s\r\n", exten, domain, sip_get_transport(p->socket.type)); } } /* Cisco has a bug in the SIP stack where it can't accept the @@ -12962,12 +12962,12 @@ static int sip_reg_timeout(const void *data) /* If the registration has timed out, maybe the IP changed. Force a refresh. */ ast_dnsmgr_refresh(r->dnsmgr); /* If we are resolving a peer, we have to make sure the refreshed address gets copied */ - if ((peer = find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0))) { + if ((peer = sip_find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0))) { ast_sockaddr_copy(&peer->addr, &r->us); if (r->portno) { ast_sockaddr_set_port(&peer->addr, r->portno); } - peer = unref_peer(peer, "unref after find_peer"); + peer = sip_unref_peer(peer, "unref after sip_find_peer"); } } @@ -13048,12 +13048,12 @@ static int transmit_register(struct sip_registry *r, int sipmethod, const char * if (r->dnsmgr == NULL) { char transport[MAXHOSTNAMELEN]; - peer = find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0); - snprintf(transport, sizeof(transport), "_%s._%s",get_srv_service(r->transport), get_srv_protocol(r->transport)); /* have to use static get_transport function */ + peer = sip_find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0); + snprintf(transport, sizeof(transport), "_%s._%s",get_srv_service(r->transport), get_srv_protocol(r->transport)); /* have to use static sip_get_transport function */ r->us.ss.ss_family = get_address_family_filter(&bindaddr); /* Filter address family */ ast_dnsmgr_lookup(peer ? peer->tohost : r->hostname, &r->us, &r->dnsmgr, sip_cfg.srvlookup ? transport : NULL); if (peer) { - peer = unref_peer(peer, "removing peer ref for dnsmgr_lookup"); + peer = sip_unref_peer(peer, "removing peer ref for dnsmgr_lookup"); } } @@ -13090,11 +13090,11 @@ static int transmit_register(struct sip_registry *r, int sipmethod, const char * /* It is possible that DNS is unavailable at the time the peer is created. Here, if * we've updated the address in the registry, we copy it to the peer so that * create_addr() can copy it to the dialog via create_addr_from_peer */ - if ((peer = find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0))) { + if ((peer = sip_find_peer(r->hostname, NULL, TRUE, FINDPEERS, FALSE, 0))) { if (ast_sockaddr_isnull(&peer->addr) && !(ast_sockaddr_isnull(&r->us))) { ast_sockaddr_copy(&peer->addr, &r->us); } - peer = unref_peer(peer, "unref after find_peer"); + peer = sip_unref_peer(peer, "unref after sip_find_peer"); } /* Find address to hostname */ @@ -13348,9 +13348,9 @@ static int transmit_refer(struct sip_pvt *p, const char *dest) /* Are we transfering an inbound or outbound call ? */ if (ast_test_flag(&p->flags[0], SIP_OUTGOING)) { - of = get_header(&p->initreq, "To"); + of = sip_get_header(&p->initreq, "To"); } else { - of = get_header(&p->initreq, "From"); + of = sip_get_header(&p->initreq, "From"); } ast_copy_string(from, of, sizeof(from)); @@ -13491,7 +13491,7 @@ static int transmit_request(struct sip_pvt *p, int sipmethod, int seqno, enum xm } /*! \brief return the request and response header for a 401 or 407 code */ -static void auth_headers(enum sip_auth_type code, char **header, char **respheader) +void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader) { if (code == WWW_AUTH) { /* 401 */ *header = "WWW-Authenticate"; @@ -13518,7 +13518,7 @@ static int transmit_request_with_auth(struct sip_pvt *p, int sipmethod, int seqn if(!build_reply_digest(p, sipmethod, digest, sizeof(digest))) { char *dummy, *response; enum sip_auth_type code = p->options ? p->options->auth_type : PROXY_AUTH; /* XXX force 407 if unknown */ - auth_headers(code, &dummy, &response); + sip_auth_headers(code, &dummy, &response); add_header(&resp, response, digest); } else { ast_log(LOG_WARNING, "No authentication available for call %s\n", p->callid); @@ -13620,7 +13620,7 @@ static int expire_register(const void *data) * in order to unlink from the peers_by_ip container correctly */ memset(&peer->addr, 0, sizeof(peer->addr)); - unref_peer(peer, "removing peer ref for expire_register"); + sip_unref_peer(peer, "removing peer ref for expire_register"); return 0; } @@ -13635,17 +13635,17 @@ static int sip_poke_peer_s(const void *data) foundpeer = ao2_find(peers, peer, OBJ_POINTER); if (!foundpeer) { - unref_peer(peer, "removing poke peer ref"); + sip_unref_peer(peer, "removing poke peer ref"); return 0; } else if (foundpeer->name != peer->name) { - unref_peer(foundpeer, "removing above peer ref"); - unref_peer(peer, "removing poke peer ref"); + sip_unref_peer(foundpeer, "removing above peer ref"); + sip_unref_peer(peer, "removing poke peer ref"); return 0; } - unref_peer(foundpeer, "removing above peer ref"); + sip_unref_peer(foundpeer, "removing above peer ref"); sip_poke_peer(peer, 0); - unref_peer(peer, "removing poke peer ref"); + sip_unref_peer(peer, "removing poke peer ref"); return 0; } @@ -13701,16 +13701,16 @@ static void reg_source_db(struct sip_peer *peer) if (sipsock < 0) { /* SIP isn't up yet, so schedule a poke only, pretty soon */ AST_SCHED_REPLACE_UNREF(peer->pokeexpire, sched, ast_random() % 5000 + 1, sip_poke_peer_s, peer, - unref_peer(_data, "removing poke peer ref"), - unref_peer(peer, "removing poke peer ref"), - ref_peer(peer, "adding poke peer ref")); + sip_unref_peer(_data, "removing poke peer ref"), + sip_unref_peer(peer, "removing poke peer ref"), + sip_ref_peer(peer, "adding poke peer ref")); } else { sip_poke_peer(peer, 0); } AST_SCHED_REPLACE_UNREF(peer->expire, sched, (expire + 10) * 1000, expire_register, peer, - unref_peer(_data, "remove registration ref"), - unref_peer(peer, "remove registration ref"), - ref_peer(peer, "add registration ref")); + sip_unref_peer(_data, "remove registration ref"), + sip_unref_peer(peer, "remove registration ref"), + sip_ref_peer(peer, "add registration ref")); register_peer_exten(peer, TRUE); } @@ -13721,7 +13721,7 @@ static int parse_ok_contact(struct sip_pvt *pvt, struct sip_request *req) char *c; /* Look for brackets */ - ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact)); + ast_copy_string(contact, sip_get_header(req, "Contact"), sizeof(contact)); c = get_in_brackets(contact); /* Save full contact to call pvt for later bye or re-invite */ @@ -13821,7 +13821,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st { char contact[SIPBUFSIZE]; char data[SIPBUFSIZE]; - const char *expires = get_header(req, "Expires"); + const char *expires = sip_get_header(req, "Expires"); int expire = atoi(expires); char *curi, *domain, *transport; int transport_type; @@ -13888,9 +13888,9 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st } else if (!strcasecmp(curi, "*") || !expire) { /* Unregister this peer */ /* This means remove all registrations and return OK */ AST_SCHED_DEL_UNREF(sched, peer->expire, - unref_peer(peer, "remove register expire ref")); + sip_unref_peer(peer, "remove register expire ref")); ast_verb(3, "Unregistered SIP '%s'\n", peer->name); - expire_register(ref_peer(peer,"add ref for explicit expire_register")); + expire_register(sip_ref_peer(peer,"add ref for explicit expire_register")); return PARSE_REGISTER_UPDATE; } @@ -13985,7 +13985,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st } AST_SCHED_DEL_UNREF(sched, peer->expire, - unref_peer(peer, "remove register expire ref")); + sip_unref_peer(peer, "remove register expire ref")); if (expire > max_expiry) { expire = max_expiry; @@ -13997,9 +13997,9 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st peer->expire = -1; } else { peer->expire = ast_sched_add(sched, (expire + 10) * 1000, expire_register, - ref_peer(peer, "add registration ref")); + sip_ref_peer(peer, "add registration ref")); if (peer->expire == -1) { - unref_peer(peer, "remote registration ref"); + sip_unref_peer(peer, "remote registration ref"); } } pvt->expiry = expire; @@ -14019,7 +14019,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st register_peer_exten(peer, 1); /* Save User agent */ - useragent = get_header(req, "User-Agent"); + useragent = sip_get_header(req, "User-Agent"); if (strcasecmp(useragent, peer->useragent)) { ast_string_field_set(peer, useragent, useragent); ast_verb(4, "Saved useragent \"%s\" for peer %s\n", peer->useragent, peer->name); @@ -14121,7 +14121,7 @@ static void build_route(struct sip_pvt *p, struct sip_request *req, int backward if (!head || (!ast_strlen_zero(head->hop) && strstr(head->hop, ";lr") == NULL) ) { /* 2nd append the Contact: if there is one */ /* Can be multiple Contact headers, comma separated values - we just take the first */ - contact = get_header(req, "Contact"); + contact = sip_get_header(req, "Contact"); if (!ast_strlen_zero(contact)) { ast_debug(2, "build_route: Contact hop: %s\n", contact); /* Look for <: delimited address */ @@ -14172,8 +14172,33 @@ static void set_nonce_randdata(struct sip_pvt *p, int forceupdate) } } -AST_THREADSTORAGE(check_auth_buf); -#define CHECK_AUTH_BUF_INITLEN 256 +/*! \brief Takes the digest response and parses it */ +void sip_digest_parser(char *c, struct digestkeys *keys) +{ + struct digestkeys *i = i; + + while(c && *(c = ast_skip_blanks(c)) ) { /* lookup for keys */ + for (i = keys; i->key != NULL; i++) { + const char *separator = ","; /* default */ + + if (strncasecmp(c, i->key, strlen(i->key)) != 0) { + continue; + } + /* Found. Skip keyword, take text in quotes or up to the separator. */ + c += strlen(i->key); + if (*c == '"') { /* in quotes. Skip first and look for last */ + c++; + separator = "\""; + } + i->s = c; + strsep(&c, separator); + break; + } + if (i->key == NULL) { /* not found, jump after space or comma */ + strsep(&c, " ,"); + } + } +} /*! \brief Check user authorization from peer definition Some actions, like REGISTER and INVITEs from peers require @@ -14197,11 +14222,7 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * int res; /* table of recognised keywords, and their value in the digest */ - enum keys { K_RESP, K_URI, K_USER, K_NONCE, K_LAST }; - struct x { - const char *key; - const char *s; - } *i, keys[] = { + struct digestkeys keys[] = { [K_RESP] = { "response=", "" }, [K_URI] = { "uri=", "" }, [K_USER] = { "username=", "" }, @@ -14210,8 +14231,9 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * }; /* Always OK if no secret */ - if (ast_strlen_zero(secret) && ast_strlen_zero(md5secret)) + if (ast_strlen_zero(secret) && ast_strlen_zero(md5secret)) { return AUTH_SUCCESSFUL; + } /* Always auth with WWW-auth since we're NOT a proxy */ /* Using proxy-auth in a B2BUA may block proxy authorization in the same transaction */ @@ -14219,11 +14241,11 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * /* * Note the apparent swap of arguments below, compared to other - * usages of auth_headers(). + * usages of sip_auth_headers(). */ - auth_headers(WWW_AUTH, &respheader, &reqheader); + sip_auth_headers(WWW_AUTH, &respheader, &reqheader); - authtoken = get_header(req, reqheader); + authtoken = sip_get_header(req, reqheader); if (ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) { /* This is a retransmitted invite/register/etc, don't reconstruct authentication information */ @@ -14262,27 +14284,7 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * c = buf->str; - while(c && *(c = ast_skip_blanks(c)) ) { /* lookup for keys */ - for (i = keys; i->key != NULL; i++) { - const char *separator = ","; /* default */ - - if (strncasecmp(c, i->key, strlen(i->key)) != 0) { - continue; - } - /* Found. Skip keyword, take text in quotes or up to the separator. */ - c += strlen(i->key); - if (*c == '"') { /* in quotes. Skip first and look for last */ - c++; - separator = "\""; - } - i->s = c; - strsep(&c, separator); - break; - } - if (i->key == NULL) { /* not found, jump after space or comma */ - strsep(&c, " ,"); - } - } + sip_digest_parser(c, keys); /* Verify that digest username matches the username we auth as */ if (strcmp(username, keys[K_USER].s)) { @@ -14328,7 +14330,7 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * if (wrongnonce) { if (good_response) { if (sipdebug) - ast_log(LOG_NOTICE, "Correct auth, but based on stale nonce received from '%s'\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Correct auth, but based on stale nonce received from '%s'\n", sip_get_header(req, "From")); /* We got working auth token, based on stale nonce . */ set_nonce_randdata(p, 0); transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, TRUE); @@ -14336,12 +14338,12 @@ static enum check_auth_result check_auth(struct sip_pvt *p, struct sip_request * /* Everything was wrong, so give the device one more try with a new challenge */ if (!req->ignore) { if (sipdebug) { - ast_log(LOG_NOTICE, "Bad authentication received from '%s'\n", get_header(req, "To")); + ast_log(LOG_NOTICE, "Bad authentication received from '%s'\n", sip_get_header(req, "To")); } set_nonce_randdata(p, 1); } else { if (sipdebug) { - ast_log(LOG_NOTICE, "Duplicate authentication received from '%s'\n", get_header(req, "To")); + ast_log(LOG_NOTICE, "Duplicate authentication received from '%s'\n", sip_get_header(req, "To")); } } transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, FALSE); @@ -14487,7 +14489,7 @@ static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct reqheader = "Authorization"; respheader = "WWW-Authenticate"; } - authtoken = get_header(req, reqheader); + authtoken = sip_get_header(req, reqheader); if (req->ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) { /* This is a retransmitted invite/register/etc, don't reconstruct authentication * information */ @@ -14593,7 +14595,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock terminate_uri(uri2); - ast_copy_string(tmp, get_header(req, "To"), sizeof(tmp)); + ast_copy_string(tmp, sip_get_header(req, "To"), sizeof(tmp)); c = get_in_brackets(tmp); c = remove_uri_parameters(c); @@ -14620,11 +14622,11 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock build_contact(p); if (req->ignore) { /* Expires is a special case, where we only want to load the peer if this isn't a deregistration attempt */ - const char *expires = get_header(req, "Expires"); + const char *expires = sip_get_header(req, "Expires"); int expire = atoi(expires); if (ast_strlen_zero(expires)) { /* No expires header; look in Contact */ - if ((expires = strcasestr(get_header(req, "Contact"), ";expires="))) { + if ((expires = strcasestr(sip_get_header(req, "Contact"), ";expires="))) { expire = atoi(expires + 9); } } @@ -14633,12 +14635,12 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock return 0; } } - peer = find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0); + peer = sip_find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0); if (!(peer && ast_apply_ha(peer->ha, addr))) { /* Peer fails ACL check */ if (peer) { - unref_peer(peer, "register_verify: unref_peer: from find_peer operation"); + sip_unref_peer(peer, "register_verify: sip_unref_peer: from sip_find_peer operation"); peer = NULL; res = AUTH_ACL_FAILED; } else { @@ -14830,7 +14832,7 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock } } if (peer) { - unref_peer(peer, "register_verify: unref_peer: tossing stack peer pointer at end of func"); + sip_unref_peer(peer, "register_verify: sip_unref_peer: tossing stack peer pointer at end of func"); } return res; @@ -14879,7 +14881,7 @@ static int get_pai(struct sip_pvt *p, struct sip_request *req) int callingpres = AST_PRES_ALLOWED_USER_NUMBER_NOT_SCREENED; char *start = NULL, *end = NULL, *uri = NULL; - ast_copy_string(pai, get_header(req, "P-Asserted-Identity"), sizeof(pai)); + ast_copy_string(pai, sip_get_header(req, "P-Asserted-Identity"), sizeof(pai)); if (ast_strlen_zero(pai)) { return 0; @@ -14931,7 +14933,7 @@ static int get_pai(struct sip_pvt *p, struct sip_request *req) return 0; } - ast_copy_string(privacy, get_header(req, "Privacy"), sizeof(privacy)); + ast_copy_string(privacy, sip_get_header(req, "Privacy"), sizeof(privacy)); if (!ast_strlen_zero(privacy) && strncmp(privacy, "id", 2)) { callingpres = AST_PRES_PROHIB_USER_NUMBER_NOT_SCREENED; } @@ -14974,7 +14976,7 @@ static int get_rpid(struct sip_pvt *p, struct sip_request *oreq) req = oreq; if (!req) req = &p->initreq; - ast_copy_string(tmp, get_header(req, "Remote-Party-ID"), sizeof(tmp)); + ast_copy_string(tmp, sip_get_header(req, "Remote-Party-ID"), sizeof(tmp)); if (ast_strlen_zero(tmp)) { return get_pai(p, req); } @@ -15063,7 +15065,7 @@ static int get_rdnis(struct sip_pvt *p, struct sip_request *oreq, char **name, c req = oreq ? oreq : &p->initreq; - ast_copy_string(tmp, get_header(req, "Diversion"), sizeof(tmp)); + ast_copy_string(tmp, sip_get_header(req, "Diversion"), sizeof(tmp)); if (ast_strlen_zero(tmp)) return -1; @@ -15193,7 +15195,7 @@ static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_re /* XXX Why is this done in get_destination? Isn't it already done? Needs to be checked */ - ast_copy_string(tmpf, get_header(req, "From"), sizeof(tmpf)); + ast_copy_string(tmpf, sip_get_header(req, "From"), sizeof(tmpf)); if (!ast_strlen_zero(tmpf)) { from = get_in_brackets(tmpf); if (parse_uri_legacy_check(from, "sip:,sips:", &from, NULL, &domain, NULL)) { @@ -15407,7 +15409,7 @@ static int get_refer_info(struct sip_pvt *transferer, struct sip_request *outgoi req = &transferer->initreq; } - p_refer_to = get_header(req, "Refer-To"); + p_refer_to = sip_get_header(req, "Refer-To"); if (ast_strlen_zero(p_refer_to)) { ast_log(LOG_WARNING, "Refer-To Header missing. Skipping transfer.\n"); return -2; /* Syntax error */ @@ -15424,7 +15426,7 @@ static int get_refer_info(struct sip_pvt *transferer, struct sip_request *outgoi } /* Get referred by header if it exists */ - p_referred_by = get_header(req, "Referred-By"); + p_referred_by = sip_get_header(req, "Referred-By"); /* Give useful transfer information to the dialplan */ if (transferer->owner) { @@ -15604,7 +15606,7 @@ static int get_also_info(struct sip_pvt *p, struct sip_request *oreq) referdata = p->refer; - ast_copy_string(tmp, get_header(req, "Also"), sizeof(tmp)); + ast_copy_string(tmp, sip_get_header(req, "Also"), sizeof(tmp)); c = get_in_brackets(tmp); if (parse_uri_legacy_check(c, "sip:,sips:", &c, NULL, &a, NULL)) { @@ -15662,7 +15664,7 @@ static attribute_unused void check_via_response(struct sip_pvt *p, struct sip_re char via[256]; char *cur, *opts; - ast_copy_string(via, get_header(req, "Via"), sizeof(via)); + ast_copy_string(via, sip_get_header(req, "Via"), sizeof(via)); /* Work on the leftmost value of the topmost Via header */ opts = strchr(via, ','); @@ -15694,7 +15696,7 @@ static void check_via(struct sip_pvt *p, struct sip_request *req) struct ast_sockaddr tmp; uint16_t port; - ast_copy_string(via, get_header(req, "Via"), sizeof(via)); + ast_copy_string(via, sip_get_header(req, "Via"), sizeof(via)); /* Work on the leftmost value of the topmost Via header */ c = strchr(via, ','); @@ -15761,14 +15763,14 @@ static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, /* For subscribes, match on device name only; for other methods, * match on IP address-port of the incoming request. */ - peer = find_peer(of, NULL, TRUE, FINDALLDEVICES, FALSE, 0); + peer = sip_find_peer(of, NULL, TRUE, FINDALLDEVICES, FALSE, 0); } else { /* First find devices based on username (avoid all type=peer's) */ - peer = find_peer(of, NULL, TRUE, FINDUSERS, FALSE, 0); + peer = sip_find_peer(of, NULL, TRUE, FINDUSERS, FALSE, 0); /* Then find devices based on IP */ if (!peer) { - peer = find_peer(NULL, &p->recv, TRUE, FINDPEERS, FALSE, p->socket.type); + peer = sip_find_peer(NULL, &p->recv, TRUE, FINDPEERS, FALSE, p->socket.type); } } @@ -15782,7 +15784,7 @@ static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, if (!ast_apply_ha(peer->ha, addr)) { ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of); - unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED"); + sip_unref_peer(peer, "sip_unref_peer: check_peer_ok: from sip_find_peer call, early return of AUTH_ACL_FAILED"); return AUTH_ACL_FAILED; } if (debug) @@ -15930,7 +15932,7 @@ static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, res = AUTH_RTP_FAILED; } } - unref_peer(peer, "check_peer_ok: unref_peer: tossing temp ptr to peer from find_peer"); + sip_unref_peer(peer, "check_peer_ok: sip_unref_peer: tossing temp ptr to peer from sip_find_peer"); return res; } @@ -15954,7 +15956,7 @@ static enum check_auth_result check_user_full(struct sip_pvt *p, struct sip_requ terminate_uri(uri2); /* trim extra stuff */ - ast_copy_string(from, get_header(req, "From"), sizeof(from)); + ast_copy_string(from, sip_get_header(req, "From"), sizeof(from)); /* XXX here tries to map the username for invite things */ memset(calleridname, 0, sizeof(calleridname)); @@ -16023,9 +16025,9 @@ static enum check_auth_result check_user_full(struct sip_pvt *p, struct sip_requ * Note2, at the moment we check both fields, though maybe we should * pick one or another depending on the request ? XXX */ - const char *hdr = get_header(req, "Authorization"); + const char *hdr = sip_get_header(req, "Authorization"); if (ast_strlen_zero(hdr)) - hdr = get_header(req, "Proxy-Authorization"); + hdr = sip_get_header(req, "Proxy-Authorization"); if ( !ast_strlen_zero(hdr) && (hdr = strstr(hdr, "username=\"")) ) { ast_copy_string(from, hdr + strlen("username=\""), sizeof(from)); @@ -16133,7 +16135,7 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a { struct ast_str *buf; struct ast_frame f; - const char *content_type = get_header(req, "Content-Type"); + const char *content_type = sip_get_header(req, "Content-Type"); struct ast_msg *msg; int res; char *from, *to; @@ -16200,10 +16202,10 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a } if (res < 0) { /* Something failed in authentication */ if (res == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From")); transmit_fake_auth_response(p, SIP_OPTIONS, req, XMIT_UNRELIABLE); } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From")); transmit_response(p, "403 Forbidden", req); } sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); @@ -16219,7 +16221,7 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a * it to the right context. */ - peer = find_peer(NULL, &p->recv, TRUE, FINDPEERS, 0, p->socket.type); + peer = sip_find_peer(NULL, &p->recv, TRUE, FINDPEERS, 0, p->socket.type); if (peer) { /* Only if no auth is required. */ if (ast_strlen_zero(peer->secret) && ast_strlen_zero(peer->md5secret)) { @@ -16229,7 +16231,7 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a ast_string_field_set(p, messagecontext, peer->messagecontext); } ast_string_field_set(p, peername, peer->name); - peer = unref_peer(peer, "from find_peer() in receive_message"); + peer = sip_unref_peer(peer, "from sip_find_peer() in receive_message"); } } @@ -16253,7 +16255,7 @@ static void receive_message(struct sip_pvt *p, struct sip_request *req, struct a } to = ast_strdupa(REQ_OFFSET_TO_STR(req, rlPart2)); - from = ast_strdupa(get_header(req, "From")); + from = ast_strdupa(sip_get_header(req, "From")); res = ast_msg_set_to(msg, "%s", to); res |= ast_msg_set_from(msg, "%s", get_in_brackets(from)); @@ -16319,7 +16321,7 @@ static char *sip_show_inuse(struct ast_cli_entry *e, int cmd, struct ast_cli_arg if (showall || peer->call_limit) ast_cli(a->fd, FORMAT2, peer->name, iused, ilimits); ao2_unlock(peer); - unref_peer(peer, "toss iterator pointer"); + sip_unref_peer(peer, "toss iterator pointer"); } ao2_iterator_destroy(&i); @@ -16433,7 +16435,7 @@ static char *sip_show_tcp(struct ast_cli_entry *e, int cmd, struct ast_cli_args while ((th = ao2_t_iterator_next(&i, "iterate through tcp threads for 'sip show tcp'"))) { ast_cli(a->fd, FORMAT, ast_sockaddr_stringify(&th->tcptls_session->remote_address), - get_transport(th->type), + sip_get_transport(th->type), (th->tcptls_session->client ? "Client" : "Server")); ao2_t_ref(th, -1, "decrement ref from iterator"); } @@ -16487,13 +16489,13 @@ static char *sip_show_users(struct ast_cli_entry *e, int cmd, struct ast_cli_arg ao2_lock(user); if (!(user->type & SIP_TYPE_USER)) { ao2_unlock(user); - unref_peer(user, "sip show users"); + sip_unref_peer(user, "sip show users"); continue; } if (havepattern && regexec(®exbuf, user->name, 0, NULL, 0)) { ao2_unlock(user); - unref_peer(user, "sip show users"); + sip_unref_peer(user, "sip show users"); continue; } @@ -16504,7 +16506,7 @@ static char *sip_show_users(struct ast_cli_entry *e, int cmd, struct ast_cli_arg AST_CLI_YESNO(user->ha != NULL), AST_CLI_YESNO(ast_test_flag(&user->flags[0], SIP_NAT_FORCE_RPORT))); ao2_unlock(user); - unref_peer(user, "sip show users"); + sip_unref_peer(user, "sip show users"); } ao2_iterator_destroy(&user_iter); @@ -16676,14 +16678,14 @@ static char *_sip_show_peers(int fd, int *total, struct mansession *s, const str if (!(peer->type & SIP_TYPE_PEER)) { ao2_unlock(peer); - unref_peer(peer, "unref peer because it's actually a user"); + sip_unref_peer(peer, "unref peer because it's actually a user"); continue; } if (havepattern && regexec(®exbuf, peer->name, 0, NULL, 0)) { objcount--; ao2_unlock(peer); - unref_peer(peer, "toss iterator peer ptr before continue"); + sip_unref_peer(peer, "toss iterator peer ptr before continue"); continue; } @@ -16703,7 +16705,7 @@ static char *_sip_show_peers(int fd, int *total, struct mansession *s, const str ao2_lock(peer); if (havepattern && regexec(®exbuf, peer->name, 0, NULL, 0)) { ao2_unlock(peer); - peer = peerarray[k] = unref_peer(peer, "toss iterator peer ptr before continue"); + peer = peerarray[k] = sip_unref_peer(peer, "toss iterator peer ptr before continue"); continue; } @@ -16775,7 +16777,7 @@ static char *_sip_show_peers(int fd, int *total, struct mansession *s, const str peer->description); } ao2_unlock(peer); - peer = peerarray[k] = unref_peer(peer, "toss iterator peer ptr"); + peer = peerarray[k] = sip_unref_peer(peer, "toss iterator peer ptr"); } if (!s) @@ -17083,7 +17085,7 @@ static char *sip_prune_realtime(struct ast_cli_entry *e, int cmd, struct ast_cli while ((pi = ao2_t_iterator_next(&i, "iterate thru peers table"))) { ao2_lock(pi); if (name && regexec(®exbuf, pi->name, 0, NULL, 0)) { - unref_peer(pi, "toss iterator peer ptr before continue"); + sip_unref_peer(pi, "toss iterator peer ptr before continue"); ao2_unlock(pi); continue; }; @@ -17092,7 +17094,7 @@ static char *sip_prune_realtime(struct ast_cli_entry *e, int cmd, struct ast_cli pruned++; } ao2_unlock(pi); - unref_peer(pi, "toss iterator peer ptr"); + sip_unref_peer(pi, "toss iterator peer ptr"); } ao2_iterator_destroy(&i); if (pruned) { @@ -17118,7 +17120,7 @@ static char *sip_prune_realtime(struct ast_cli_entry *e, int cmd, struct ast_cli } } else ast_cli(a->fd, "Peer '%s' pruned.\n", name); - unref_peer(peer, "sip_prune_realtime: unref_peer: tossing temp peer ptr"); + sip_unref_peer(peer, "sip_prune_realtime: sip_unref_peer: tossing temp peer ptr"); } else ast_cli(a->fd, "Peer '%s' not found.\n", name); } @@ -17245,9 +17247,9 @@ static char *_sip_qualify_peer(int type, int fd, struct mansession *s, const str return CLI_SHOWUSAGE; load_realtime = (argc == 5 && !strcmp(argv[4], "load")) ? TRUE : FALSE; - if ((peer = find_peer(argv[3], NULL, load_realtime, FINDPEERS, FALSE, 0))) { + if ((peer = sip_find_peer(argv[3], NULL, load_realtime, FINDPEERS, FALSE, 0))) { sip_poke_peer(peer, 1); - unref_peer(peer, "qualify: done with peer"); + sip_unref_peer(peer, "qualify: done with peer"); } else if (type == 0) { ast_cli(fd, "Peer '%s' not found\n", argv[3]); } else { @@ -17339,7 +17341,7 @@ static char *_sip_show_peer(int type, int fd, struct mansession *s, const struct return CLI_SHOWUSAGE; load_realtime = (argc == 5 && !strcmp(argv[4], "load")) ? TRUE : FALSE; - peer = find_peer(argv[3], NULL, load_realtime, FINDPEERS, FALSE, 0); + peer = sip_find_peer(argv[3], NULL, load_realtime, FINDPEERS, FALSE, 0); if (s) { /* Manager */ if (peer) { @@ -17445,7 +17447,7 @@ static char *_sip_show_peer(int type, int fd, struct mansession *s, const struct ast_cli(fd, " ToHost : %s\n", peer->tohost); ast_cli(fd, " Addr->IP : %s\n", ast_sockaddr_stringify(&peer->addr)); ast_cli(fd, " Defaddr->IP : %s\n", ast_sockaddr_stringify(&peer->defaddr)); - ast_cli(fd, " Prim.Transp. : %s\n", get_transport(peer->socket.type)); + ast_cli(fd, " Prim.Transp. : %s\n", sip_get_transport(peer->socket.type)); ast_cli(fd, " Allowed.Trsp : %s\n", get_transport_list(peer->transports)); if (!ast_strlen_zero(sip_cfg.regcontext)) ast_cli(fd, " Reg. exten : %s\n", peer->regexten); @@ -17494,7 +17496,7 @@ static char *_sip_show_peer(int type, int fd, struct mansession *s, const struct ast_cli(fd, " Use Reason : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_Q850_REASON))); ast_cli(fd, " Encryption : %s\n", AST_CLI_YESNO(ast_test_flag(&peer->flags[1], SIP_PAGE2_USE_SRTP))); ast_cli(fd, "\n"); - peer = unref_peer(peer, "sip_show_peer: unref_peer: done with peer ptr"); + peer = sip_unref_peer(peer, "sip_show_peer: sip_unref_peer: done with peer ptr"); } else if (peer && type == 1) { /* manager listing */ char buffer[256]; struct ast_str *mailbox_str = ast_str_alloca(512); @@ -17588,7 +17590,7 @@ static char *_sip_show_peer(int type, int fd, struct mansession *s, const struct astman_append(s, "SIP-Use-Reason-Header : %s\r\n", (ast_test_flag(&peer->flags[1], SIP_PAGE2_Q850_REASON)) ? "Y" : "N"); astman_append(s, "Description : %s\r\n", peer->description); - peer = unref_peer(peer, "sip_show_peer: unref_peer: done with peer"); + peer = sip_unref_peer(peer, "sip_show_peer: sip_unref_peer: done with peer"); } else { ast_cli(fd, "Peer %s not found.\n", argv[3]); @@ -17612,7 +17614,7 @@ static char *complete_sip_user(const char *word, int state) ao2_lock(user); if (!(user->type & SIP_TYPE_USER)) { ao2_unlock(user); - unref_peer(user, "complete sip user"); + sip_unref_peer(user, "complete sip user"); continue; } /* locking of the object is not required because only the name and flags are being compared */ @@ -17620,7 +17622,7 @@ static char *complete_sip_user(const char *word, int state) result = ast_strdup(user->name); } ao2_unlock(user); - unref_peer(user, "complete sip user"); + sip_unref_peer(user, "complete sip user"); if (result) { break; } @@ -17663,7 +17665,7 @@ static char *sip_show_user(struct ast_cli_entry *e, int cmd, struct ast_cli_args /* Load from realtime storage? */ load_realtime = (a->argc == 5 && !strcmp(a->argv[4], "load")) ? TRUE : FALSE; - if ((user = find_peer(a->argv[3], NULL, load_realtime, FINDUSERS, FALSE, 0))) { + if ((user = sip_find_peer(a->argv[3], NULL, load_realtime, FINDUSERS, FALSE, 0))) { ao2_lock(user); ast_cli(a->fd, "\n\n"); ast_cli(a->fd, " * Name : %s\n", user->name); @@ -17705,7 +17707,7 @@ static char *sip_show_user(struct ast_cli_entry *e, int cmd, struct ast_cli_args ast_cli(a->fd, "\n"); ao2_unlock(user); - unref_peer(user, "sip show user"); + sip_unref_peer(user, "sip show user"); } else { ast_cli(a->fd, "User %s not found.\n", a->argv[3]); ast_cli(a->fd, "\n"); @@ -17831,16 +17833,16 @@ static char *sip_unregister(struct ast_cli_entry *e, int cmd, struct ast_cli_arg if (a->argc != 3) return CLI_SHOWUSAGE; - if ((peer = find_peer(a->argv[2], NULL, load_realtime, FINDPEERS, TRUE, 0))) { + if ((peer = sip_find_peer(a->argv[2], NULL, load_realtime, FINDPEERS, TRUE, 0))) { if (peer->expire > 0) { AST_SCHED_DEL_UNREF(sched, peer->expire, - unref_peer(peer, "remove register expire ref")); - expire_register(ref_peer(peer, "ref for expire_register")); + sip_unref_peer(peer, "remove register expire ref")); + expire_register(sip_ref_peer(peer, "ref for expire_register")); ast_cli(a->fd, "Unregistered peer \'%s\'\n\n", a->argv[2]); } else { ast_cli(a->fd, "Peer %s not registered\n", a->argv[2]); } - unref_peer(peer, "sip_unregister: unref_peer via sip_unregister: done with peer from find_peer call"); + sip_unref_peer(peer, "sip_unregister: sip_unref_peer via sip_unregister: done with peer from sip_find_peer call"); } else { ast_cli(a->fd, "Peer unknown: \'%s\'. Not unregistered.\n", a->argv[2]); } @@ -18140,7 +18142,7 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_ ast_cli(a->fd, "\nDefault Settings:\n"); ast_cli(a->fd, "-----------------\n"); ast_cli(a->fd, " Allowed transports: %s\n", get_transport_list(default_transports)); - ast_cli(a->fd, " Outbound transport: %s\n", get_transport(default_primary_transport)); + ast_cli(a->fd, " Outbound transport: %s\n", sip_get_transport(default_primary_transport)); ast_cli(a->fd, " Context: %s\n", sip_cfg.default_context); ast_cli(a->fd, " Force rport: %s\n", AST_CLI_YESNO(ast_test_flag(&global_flags[0], SIP_NAT_FORCE_RPORT))); ast_cli(a->fd, " DTMF: %s\n", dtmfmode2str(ast_test_flag(&global_flags[0], SIP_DTMF))); @@ -18372,7 +18374,7 @@ static char *complete_sip_peer(const char *word, int state, int flags2) (!flags2 || ast_test_flag(&peer->flags[1], flags2)) && ++which > state) result = ast_strdup(peer->name); - unref_peer(peer, "toss iterator peer ptr before break"); + sip_unref_peer(peer, "toss iterator peer ptr before break"); if (result) { break; } @@ -18397,10 +18399,10 @@ static char *complete_sip_registered_peer(const char *word, int state, int flags ++which > state && peer->expire > 0) result = ast_strdup(peer->name); if (result) { - unref_peer(peer, "toss iterator peer ptr before break"); + sip_unref_peer(peer, "toss iterator peer ptr before break"); break; } - unref_peer(peer, "toss iterator peer ptr"); + sip_unref_peer(peer, "toss iterator peer ptr"); } ao2_iterator_destroy(&i); return result; @@ -18694,7 +18696,7 @@ static void handle_request_info(struct sip_pvt *p, struct sip_request *req) { char buf[1024] = ""; unsigned int event; - const char *c = get_header(req, "Content-Type"); + const char *c = sip_get_header(req, "Content-Type"); /* Need to check the media/type */ if (!strcasecmp(c, "application/dtmf-relay") || @@ -18820,7 +18822,7 @@ static void handle_request_info(struct sip_pvt *p, struct sip_request *req) } transmit_response(p, "200 OK", req); return; - } else if (!ast_strlen_zero(c = get_header(req, "X-ClientCode"))) { + } else if (!ast_strlen_zero(c = sip_get_header(req, "X-ClientCode"))) { /* Client code (from SNOM phone) */ if (ast_test_flag(&p->flags[0], SIP_USECLIENTCODE)) { if (p->owner && p->owner->cdr) { @@ -18834,7 +18836,7 @@ static void handle_request_info(struct sip_pvt *p, struct sip_request *req) transmit_response(p, "403 Forbidden", req); } return; - } else if (!ast_strlen_zero(c = get_header(req, "Record"))) { + } else if (!ast_strlen_zero(c = sip_get_header(req, "Record"))) { /* INFO messages generated by some phones to start/stop recording on phone calls. OEJ: I think this should be something that is enabled/disabled @@ -18869,7 +18871,7 @@ static void handle_request_info(struct sip_pvt *p, struct sip_request *req) ast_debug(1, "Got a Request to Record the channel, state %s\n", c); transmit_response(p, "200 OK", req); return; - } else if (ast_strlen_zero(c = get_header(req, "Content-Length")) || !strcasecmp(c, "0")) { + } else if (ast_strlen_zero(c = sip_get_header(req, "Content-Length")) || !strcasecmp(c, "0")) { /* This is probably just a packet making sure the signalling is still up, just send back a 200 OK */ transmit_response(p, "200 OK", req); return; @@ -18899,7 +18901,7 @@ static char *sip_do_debug_ip(int fd, const char *arg) /*! \brief Turn on SIP debugging for a given peer */ static char *sip_do_debug_peer(int fd, const char *arg) { - struct sip_peer *peer = find_peer(arg, NULL, TRUE, FINDPEERS, FALSE, 0); + struct sip_peer *peer = sip_find_peer(arg, NULL, TRUE, FINDPEERS, FALSE, 0); if (!peer) { ast_cli(fd, "No such peer '%s'\n", arg); } else if (ast_sockaddr_isnull(&peer->addr)) { @@ -18910,7 +18912,7 @@ static char *sip_do_debug_peer(int fd, const char *arg) sipdebug |= sip_debug_console; } if (peer) { - unref_peer(peer, "sip_do_debug_peer: unref_peer, from find_peer call"); + sip_unref_peer(peer, "sip_do_debug_peer: sip_unref_peer, from sip_find_peer call"); } return CLI_SUCCESS; } @@ -19078,7 +19080,7 @@ static int do_register_auth(struct sip_pvt *p, struct sip_request *req, enum sip char digest[1024]; p->authtries++; - auth_headers(code, &header, &respheader); + sip_auth_headers(code, &header, &respheader); memset(digest, 0, sizeof(digest)); if (reply_digest(p, req, header, SIP_REGISTER, digest, sizeof(digest))) { /* There's nothing to use for authentication */ @@ -19105,7 +19107,7 @@ static int do_proxy_auth(struct sip_pvt *p, struct sip_request *req, enum sip_au return -2; p->authtries++; - auth_headers(code, &header, &respheader); + sip_auth_headers(code, &header, &respheader); ast_debug(2, "Auth attempt %d on %s\n", p->authtries, sip_methods[sipmethod].text); memset(digest, 0, sizeof(digest)); if (reply_digest(p, req, header, sipmethod, digest, sizeof(digest) )) { @@ -19141,7 +19143,7 @@ static int reply_digest(struct sip_pvt *p, struct sip_request *req, char *header { NULL, 0 }, }; - ast_copy_string(tmp, get_header(req, header), sizeof(tmp)); + ast_copy_string(tmp, sip_get_header(req, header), sizeof(tmp)); if (ast_strlen_zero(tmp)) return -1; if (strncasecmp(tmp, "Digest ", strlen("Digest "))) { @@ -19396,7 +19398,7 @@ static int function_sippeer(struct ast_channel *chan, const char *cmd, char *dat else colname = "ip"; - if (!(peer = find_peer(data, NULL, TRUE, FINDPEERS, FALSE, 0))) + if (!(peer = sip_find_peer(data, NULL, TRUE, FINDPEERS, FALSE, 0))) return -1; if (!strcasecmp(colname, "ip")) { @@ -19468,7 +19470,7 @@ static int function_sippeer(struct ast_channel *chan, const char *cmd, char *dat buf[0] = '\0'; } - unref_peer(peer, "unref_peer from function_sippeer, just before return"); + sip_unref_peer(peer, "sip_unref_peer from function_sippeer, just before return"); return 0; } @@ -19563,7 +19565,7 @@ static void change_redirecting_information(struct sip_pvt *p, struct sip_request res = get_rdnis(p, req, &redirecting_from_name, &redirecting_from_number, &reason); if (res == -1) { if (is_response) { - get_name_and_number(get_header(req, "TO"), &redirecting_from_name, &redirecting_from_number); + get_name_and_number(sip_get_header(req, "TO"), &redirecting_from_name, &redirecting_from_number); } else { return; } @@ -19576,7 +19578,7 @@ static void change_redirecting_information(struct sip_pvt *p, struct sip_request if (is_response) { parse_moved_contact(p, req, &redirecting_to_name, &redirecting_to_number, set_call_forward); } else { - get_name_and_number(get_header(req, "TO"), &redirecting_to_name, &redirecting_to_number); + get_name_and_number(sip_get_header(req, "TO"), &redirecting_to_name, &redirecting_to_number); } if (!ast_strlen_zero(redirecting_from_number)) { @@ -19631,7 +19633,7 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char char *domain; enum sip_transport transport = SIP_TRANSPORT_UDP; - ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact)); + ast_copy_string(contact, sip_get_header(req, "Contact"), sizeof(contact)); if ((separator = strchr(contact, ','))) *separator = '\0'; @@ -19673,13 +19675,13 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char *separator = '\0'; if ((host = strchr(contact_number, '@'))) { *host++ = '\0'; - ast_debug(2, "Found promiscuous redirection to 'SIP/%s::::%s@%s'\n", contact_number, get_transport(transport), host); + ast_debug(2, "Found promiscuous redirection to 'SIP/%s::::%s@%s'\n", contact_number, sip_get_transport(transport), host); if (p->owner) - ast_string_field_build(p->owner, call_forward, "SIP/%s::::%s@%s", contact_number, get_transport(transport), host); + ast_string_field_build(p->owner, call_forward, "SIP/%s::::%s@%s", contact_number, sip_get_transport(transport), host); } else { - ast_debug(2, "Found promiscuous redirection to 'SIP/::::%s@%s'\n", get_transport(transport), contact_number); + ast_debug(2, "Found promiscuous redirection to 'SIP/::::%s@%s'\n", sip_get_transport(transport), contact_number); if (p->owner) - ast_string_field_build(p->owner, call_forward, "SIP/::::%s@%s", get_transport(transport), contact_number); + ast_string_field_build(p->owner, call_forward, "SIP/::::%s@%s", sip_get_transport(transport), contact_number); } } else { separator = strchr(contact, '@'); @@ -19807,7 +19809,7 @@ static void handle_response_update(struct sip_pvt *p, int resp, const char *rest p->options->auth_type = (resp == 401 ? WWW_AUTH : PROXY_AUTH); } if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, resp, SIP_UPDATE, 1)) { - ast_log(LOG_NOTICE, "Failed to authenticate on UPDATE to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on UPDATE to '%s'\n", sip_get_header(&p->initreq, "From")); } } @@ -19838,7 +19840,7 @@ static void cc_handle_publish_error(struct sip_pvt *pvt, const int resp, struct * XXX Ideally this logic could be placed into its own function so that SUBSCRIBE, * PUBLISH, and REGISTER could all benefit from the same shared code. */ - min_expires = get_header(req, "Min-Expires"); + min_expires = sip_get_header(req, "Min-Expires"); if (ast_strlen_zero(min_expires)) { pvt->expiry *= 2; if (pvt->expiry < 0) { @@ -19864,7 +19866,7 @@ static void cc_handle_publish_error(struct sip_pvt *pvt, const int resp, struct static void handle_response_publish(struct sip_pvt *p, int resp, const char *rest, struct sip_request *req, int seqno) { struct sip_epa_entry *epa_entry = p->epa_entry; - const char *etag = get_header(req, "Sip-ETag"); + const char *etag = sip_get_header(req, "Sip-ETag"); ast_assert(epa_entry != NULL); @@ -19874,7 +19876,7 @@ static void handle_response_publish(struct sip_pvt *p, int resp, const char *res p->options->auth_type = (resp == 401 ? WWW_AUTH : PROXY_AUTH); } if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, resp, SIP_PUBLISH, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on PUBLISH to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on PUBLISH to '%s'\n", sip_get_header(&p->initreq, "From")); pvt_set_needdestroy(p, "Failed to authenticate on PUBLISH"); sip_alreadygone(p); } @@ -20174,7 +20176,7 @@ static void handle_response_invite(struct sip_pvt *p, int resp, const char *rest /* Check for Session-Timers related headers */ if (st_get_mode(p, 0) != SESSION_TIMER_MODE_REFUSE && p->outgoing_call == TRUE && !reinvite) { - p_hdrval = (char*)get_header(req, "Session-Expires"); + p_hdrval = (char*)sip_get_header(req, "Session-Expires"); if (!ast_strlen_zero(p_hdrval)) { /* UAS supports Session-Timers */ enum st_refresher tmp_st_ref = SESSION_TIMER_REFRESHER_AUTO; @@ -20224,7 +20226,7 @@ static void handle_response_invite(struct sip_pvt *p, int resp, const char *rest if (p->authtries < MAX_AUTHTRIES) p->invitestate = INV_CALLING; if (p->authtries == MAX_AUTHTRIES || do_proxy_auth(p, req, resp, SIP_INVITE, 1)) { - ast_log(LOG_NOTICE, "Failed to authenticate on INVITE to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on INVITE to '%s'\n", sip_get_header(&p->initreq, "From")); pvt_set_needdestroy(p, "failed to authenticate on INVITE"); sip_alreadygone(p); if (p->owner) @@ -20236,7 +20238,7 @@ static void handle_response_invite(struct sip_pvt *p, int resp, const char *rest case 403: /* Forbidden */ /* First we ACK */ xmitres = transmit_request(p, SIP_ACK, seqno, XMIT_UNRELIABLE, FALSE); - ast_log(LOG_WARNING, "Received response: \"Forbidden\" from '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_WARNING, "Received response: \"Forbidden\" from '%s'\n", sip_get_header(&p->initreq, "From")); if (!req->ignore && p->owner) { ast_set_hangupsource(p->owner, p->owner->name, 0); ast_queue_control(p->owner, AST_CONTROL_CONGESTION); @@ -20390,7 +20392,7 @@ static void handle_response_notify(struct sip_pvt *p, int resp, const char *rest pvt_set_needdestroy(p, "unable to authenticate NOTIFY"); } if (p->authtries > 1 || do_proxy_auth(p, req, resp, SIP_NOTIFY, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on NOTIFY to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on NOTIFY to '%s'\n", sip_get_header(&p->initreq, "From")); pvt_set_needdestroy(p, "failed to authenticate NOTIFY"); } break; @@ -20442,7 +20444,7 @@ static void handle_response_subscribe(struct sip_pvt *p, int resp, const char *r case 407: ast_string_field_set(p, theirtag, NULL); if (p->authtries > 1 || do_proxy_auth(p, req, resp, SIP_SUBSCRIBE, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on SUBSCRIBE to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on SUBSCRIBE to '%s'\n", sip_get_header(&p->initreq, "From")); p->mwi->call = NULL; ASTOBJ_UNREF(p->mwi, sip_subscribe_mwi_destroy); pvt_set_needdestroy(p, "failed to authenticate SUBSCRIBE"); @@ -20510,7 +20512,7 @@ static void handle_response_refer(struct sip_pvt *p, int resp, const char *rest, pvt_set_needdestroy(p, "unable to authenticate REFER"); } if (p->authtries > 1 || do_proxy_auth(p, req, resp, SIP_REFER, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on REFER to '%s'\n", get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on REFER to '%s'\n", sip_get_header(&p->initreq, "From")); p->refer->status = REFER_NOAUTH; if (p->owner) { ast_queue_control_data(p->owner, AST_CONTROL_TRANSFER, &message, sizeof(message)); @@ -20610,7 +20612,7 @@ static int handle_response_register(struct sip_pvt *p, int resp, const char *res break; case 407: /* Proxy auth */ if (p->authtries == MAX_AUTHTRIES || do_register_auth(p, req, resp)) { - ast_log(LOG_NOTICE, "Failed to authenticate on REGISTER to '%s' (tries '%d')\n", get_header(&p->initreq, "From"), p->authtries); + ast_log(LOG_NOTICE, "Failed to authenticate on REGISTER to '%s' (tries '%d')\n", sip_get_header(&p->initreq, "From"), p->authtries); pvt_set_needdestroy(p, "failed to authenticate REGISTER"); } break; @@ -20623,7 +20625,7 @@ static int handle_response_register(struct sip_pvt *p, int resp, const char *res } break; case 423: /* Interval too brief */ - r->expiry = atoi(get_header(req, "Min-Expires")); + r->expiry = atoi(sip_get_header(req, "Min-Expires")); ast_log(LOG_WARNING, "Got 423 Interval too brief for service %s@%s, minimum is %d seconds\n", p->registry->username, p->registry->hostname, r->expiry); AST_SCHED_DEL_UNREF(sched, r->timeout, registry_unref(r, "reg ptr unref from handle_response_register 423")); if (r->call) { @@ -20678,7 +20680,7 @@ static int handle_response_register(struct sip_pvt *p, int resp, const char *res expires = 0; /* XXX todo: try to save the extra call */ - if (!ast_strlen_zero(get_header(req, "Contact"))) { + if (!ast_strlen_zero(sip_get_header(req, "Contact"))) { const char *contact = NULL; const char *tmptmp = NULL; int start = 0; @@ -20701,7 +20703,7 @@ static int handle_response_register(struct sip_pvt *p, int resp, const char *res } if (!expires) - expires=atoi(get_header(req, "expires")); + expires=atoi(sip_get_header(req, "expires")); if (!expires) expires=default_expiry; @@ -20727,7 +20729,7 @@ static int handle_response_register(struct sip_pvt *p, int resp, const char *res /*! \brief Handle qualification responses (OPTIONS) */ static void handle_response_peerpoke(struct sip_pvt *p, int resp, struct sip_request *req) { - struct sip_peer *peer = /* ref_peer( */ p->relatedpeer /* , "bump refcount on p, as it is being used in this function(handle_response_peerpoke)")*/ ; /* hope this is already refcounted! */ + struct sip_peer *peer = /* sip_ref_peer( */ p->relatedpeer /* , "bump refcount on p, as it is being used in this function(handle_response_peerpoke)")*/ ; /* hope this is already refcounted! */ int statechanged, is_reachable, was_reachable; int pingtime = ast_tvdiff_ms(ast_tvnow(), peer->ps); @@ -20774,9 +20776,9 @@ static void handle_response_peerpoke(struct sip_pvt *p, int resp, struct sip_req AST_SCHED_REPLACE_UNREF(peer->pokeexpire, sched, is_reachable ? peer->qualifyfreq : DEFAULT_FREQ_NOTOK, sip_poke_peer_s, peer, - unref_peer(_data, "removing poke peer ref"), - unref_peer(peer, "removing poke peer ref"), - ref_peer(peer, "adding poke peer ref")); + sip_unref_peer(_data, "removing poke peer ref"), + sip_unref_peer(peer, "removing poke peer ref"), + sip_ref_peer(peer, "adding poke peer ref")); } /*! @@ -20836,7 +20838,7 @@ static int do_message_auth(struct sip_pvt *p, int resp, const char *rest, struct } ++p->authtries; - auth_headers((resp == 401 ? WWW_AUTH : PROXY_AUTH), &header, &respheader); + sip_auth_headers((resp == 401 ? WWW_AUTH : PROXY_AUTH), &header, &respheader); memset(digest, 0, sizeof(digest)); if (reply_digest(p, req, header, SIP_MESSAGE, digest, sizeof(digest))) { /* There's nothing to use for authentication */ @@ -20924,7 +20926,7 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc { struct ast_channel *owner; int sipmethod; - const char *c = get_header(req, "Cseq"); + const char *c = sip_get_header(req, "Cseq"); /* GCC 4.2 complains if I try to cast c as a char * when passing it to ast_skip_nonblanks, so make a copy of it */ char *c_copy = ast_strdupa(c); /* Skip the Cseq and its subsequent spaces */ @@ -20940,7 +20942,7 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc const char *rp = NULL, *rh = NULL; owner->hangupcause = 0; - if (ast_test_flag(&p->flags[1], SIP_PAGE2_Q850_REASON) && (rh = get_header(req, "Reason"))) { + if (ast_test_flag(&p->flags[1], SIP_PAGE2_Q850_REASON) && (rh = sip_get_header(req, "Reason"))) { rh = ast_skip_blanks(rh); if (!strncasecmp(rh, "Q.850", 5)) { rp = strstr(rh, "cause="); @@ -21077,11 +21079,11 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc msg, ast_sockaddr_stringify(&p->recv)); pvt_set_needdestroy(p, "unable to authenticate BYE"); } else if ((p->authtries == MAX_AUTHTRIES) || do_proxy_auth(p, req, resp, sipmethod, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, sip_get_header(&p->initreq, "From")); pvt_set_needdestroy(p, "failed to authenticate BYE"); } } else { - ast_log(LOG_WARNING, "Got authentication request (%d) on %s to '%s'\n", resp, sip_methods[sipmethod].text, get_header(req, "To")); + ast_log(LOG_WARNING, "Got authentication request (%d) on %s to '%s'\n", resp, sip_methods[sipmethod].text, sip_get_header(req, "To")); pvt_set_needdestroy(p, "received 407 response"); } break; @@ -21324,7 +21326,7 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc handle_response_invite(p, resp, rest, req, seqno); else if (sipmethod == SIP_BYE) { if (p->authtries == MAX_AUTHTRIES || do_proxy_auth(p, req, resp, sipmethod, 0)) { - ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, get_header(&p->initreq, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate on %s to '%s'\n", msg, sip_get_header(&p->initreq, "From")); pvt_set_needdestroy(p, "failed to authenticate BYE"); } } @@ -21676,7 +21678,7 @@ static const char *gettag(const struct sip_request *req, const char *header, cha if (!tagbuf) return NULL; tagbuf[0] = '\0'; /* reset the buffer */ - thetag = get_header(req, header); + thetag = sip_get_header(req, header); thetag = strcasestr(thetag, ";tag="); if (thetag) { thetag += 5; @@ -21719,7 +21721,7 @@ static int handle_cc_notify(struct sip_pvt *pvt, struct sip_request *req) /* It's open! Yay! */ uri = get_body(req, "cc-URI", ':'); if (ast_strlen_zero(uri)) { - uri = get_in_brackets((char *)get_header(req, "From")); + uri = get_in_brackets((char *)sip_get_header(req, "From")); } ast_string_field_set(monitor_instance, notify_uri, uri); @@ -21752,7 +21754,7 @@ static int handle_request_notify(struct sip_pvt *p, struct sip_request *req, str /* This is mostly a skeleton for future improvements */ /* Mostly created to return proper answers on notifications on outbound REFER's */ int res = 0; - const char *event = get_header(req, "Event"); + const char *event = sip_get_header(req, "Event"); char *sep; if( (sep = strchr(event, ';')) ) { /* XXX bug here - overwriting string ? */ @@ -21780,7 +21782,7 @@ static int handle_request_notify(struct sip_pvt *p, struct sip_request *req, str Check if we have an owner of this event */ /* Check the content type */ - if (strncasecmp(get_header(req, "Content-Type"), "message/sipfrag", strlen("message/sipfrag"))) { + if (strncasecmp(sip_get_header(req, "Content-Type"), "message/sipfrag", strlen("message/sipfrag"))) { /* We need a sipfrag */ transmit_response(p, "400 Bad request", req); sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); @@ -21875,11 +21877,11 @@ static int handle_request_notify(struct sip_pvt *p, struct sip_request *req, str char *c = ast_strdupa(get_body(req, "Voice-Message", ':')); if (!p->mwi) { - struct sip_peer *peer = find_peer(NULL, &p->recv, TRUE, FINDPEERS, FALSE, p->socket.type); + struct sip_peer *peer = sip_find_peer(NULL, &p->recv, TRUE, FINDPEERS, FALSE, p->socket.type); if (peer) { mailbox = ast_strdupa(peer->unsolicited_mailbox); - unref_peer(peer, "removing unsolicited mwi ref"); + sip_unref_peer(peer, "removing unsolicited mwi ref"); } } else { mailbox = p->mwi->mailbox; @@ -21947,10 +21949,10 @@ static int handle_request_options(struct sip_pvt *p, struct sip_request *req, st } if (res < 0) { /* Something failed in authentication */ if (res == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From")); transmit_fake_auth_response(p, SIP_OPTIONS, req, XMIT_UNRELIABLE); } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From")); transmit_response(p, "403 Forbidden", req); } sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); @@ -22184,7 +22186,7 @@ static int sip_t38_abort(const void *data) */ static int handle_request_update(struct sip_pvt *p, struct sip_request *req) { - if (ast_strlen_zero(get_header(req, "X-Asterisk-rpid-update"))) { + if (ast_strlen_zero(sip_get_header(req, "X-Asterisk-rpid-update"))) { transmit_response(p, "501 Method Not Implemented", req); return 0; } @@ -22222,7 +22224,7 @@ static int handle_request_update(struct sip_pvt *p, struct sip_request *req) */ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int debug, int seqno, struct ast_sockaddr *addr, int *recount, const char *e, int *nounlock) { - int res = 1; + int res = INV_REQ_SUCCESS; int gotdest; const char *p_replaces; char *replace_id = NULL; @@ -22254,14 +22256,14 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int /* Find out what they support */ if (!p->sipoptions) { - const char *supported = get_header(req, "Supported"); + const char *supported = sip_get_header(req, "Supported"); if (!ast_strlen_zero(supported)) { p->sipoptions = parse_sip_options(supported, NULL, 0); } } /* Find out what they require */ - required = get_header(req, "Require"); + required = sip_get_header(req, "Require"); if (!ast_strlen_zero(required)) { char unsupported[256] = { 0, }; required_profile = parse_sip_options(required, unsupported, ARRAY_LEN(unsupported)); @@ -22274,7 +22276,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int p->invitestate = INV_COMPLETED; if (!p->lastinvite) sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } } @@ -22302,7 +22304,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int transmit_response(p, "482 Loop Detected", req); p->invitestate = INV_COMPLETED; sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); - res = 0; + res = INV_REQ_FAILED; goto request_invite_cleanup; } else { /*! This is a spiral. What we need to do is to just change the outgoing INVITE @@ -22329,7 +22331,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int */ ast_string_field_set(p->owner, call_forward, peerorhost); ast_queue_control(p->owner, AST_CONTROL_BUSY); - res = 0; + res = INV_REQ_FAILED; goto request_invite_cleanup; } } @@ -22368,12 +22370,12 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int transmit_response_reliable(p, "491 Request Pending", req); ast_debug(1, "Got INVITE on call where we already have pending INVITE, deferring that - %s\n", p->callid); /* Don't destroy dialog here */ - res = 0; + res = INV_REQ_FAILED; goto request_invite_cleanup; } } - p_replaces = get_header(req, "Replaces"); + p_replaces = sip_get_header(req, "Replaces"); if (!ast_strlen_zero(p_replaces)) { /* We have a replaces header */ char *ptr; @@ -22386,7 +22388,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int ast_debug(3, "INVITE w Replaces on existing call? Refusing action. [%s]\n", p->callid); transmit_response_reliable(p, "400 Bad request", req); /* The best way to not not accept the transfer */ /* Do not destroy existing call */ - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } @@ -22401,7 +22403,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int append_history(p, "Xfer", "INVITE/Replace Failed. Out of memory."); sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); p->invitestate = INV_COMPLETED; - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } @@ -22502,7 +22504,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int } refer_locked = 0; p->invitestate = INV_COMPLETED; - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } } @@ -22555,7 +22557,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int /* Handle SDP here if we already have an owner */ if (find_sdp(req)) { if (process_sdp(p, req, SDP_T38_INITIATE)) { - if (!ast_strlen_zero(get_header(req, "Content-Encoding"))) { + if (!ast_strlen_zero(sip_get_header(req, "Content-Encoding"))) { /* Asterisk does not yet support any Content-Encoding methods. Always * attempt to process the sdp, but return a 415 if a Content-Encoding header * was present after processing failed. */ @@ -22565,7 +22567,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int } if (!p->lastinvite) sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } ast_queue_control(p->owner, AST_CONTROL_SRCUPDATE); @@ -22596,29 +22598,27 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int res = check_user_full(p, req, SIP_INVITE, e, XMIT_RELIABLE, addr, &authpeer); if (res == AUTH_CHALLENGE_SENT) { p->invitestate = INV_COMPLETED; /* Needs to restart in another INVITE transaction */ - res = 0; goto request_invite_cleanup; } if (res < 0) { /* Something failed in authentication */ if (res == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From")); transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE); } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From")); transmit_response_reliable(p, "403 Forbidden", req); } p->invitestate = INV_COMPLETED; sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); - res = 0; goto request_invite_cleanup; } /* Successful authentication and peer matching so record the peer related to this pvt (for easy access to peer settings) */ if (p->relatedpeer) { - p->relatedpeer = unref_peer(p->relatedpeer,"unsetting the relatedpeer field in the dialog, before it is set to something else."); + p->relatedpeer = sip_unref_peer(p->relatedpeer,"unsetting the relatedpeer field in the dialog, before it is set to something else."); } if (authpeer) { - p->relatedpeer = ref_peer(authpeer, "setting dialog's relatedpeer pointer"); + p->relatedpeer = sip_ref_peer(authpeer, "setting dialog's relatedpeer pointer"); } /* If T38 is needed but not present, then make it magically appear */ if (ast_test_flag(&p->flags[1], SIP_PAGE2_T38SUPPORT) && !p->udptl) { @@ -22640,7 +22640,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int /* Asterisk does not yet support any Content-Encoding methods. Always * attempt to process the sdp, but return a 415 if a Content-Encoding header * was present after processing fails. */ - if (!ast_strlen_zero(get_header(req, "Content-Encoding"))) { + if (!ast_strlen_zero(sip_get_header(req, "Content-Encoding"))) { transmit_response_reliable(p, "415 Unsupported Media type", req); } else { /* Unacceptable codecs */ @@ -22649,7 +22649,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int p->invitestate = INV_COMPLETED; sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); ast_debug(1, "No compatible codecs for this SIP call.\n"); - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } } else { /* No SDP in invite, call control session */ @@ -22676,8 +22676,10 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int transmit_response_reliable(p, "480 Temporarily Unavailable (Call limit) ", req); sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); p->invitestate = INV_COMPLETED; + + res = AUTH_SESSION_LIMIT; } - res = 0; + goto request_invite_cleanup; } gotdest = get_destination(p, NULL, &cc_recall_core_id); /* Get destination right away */ @@ -22716,7 +22718,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int p->invitestate = INV_COMPLETED; update_call_counter(p, DEC_CALL_LIMIT); sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); - res = 0; + res = INV_REQ_FAILED; goto request_invite_cleanup; } else { @@ -22770,7 +22772,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int } /* Session-Timers */ - if ((p->sipoptions & SIP_OPT_TIMER) && !ast_strlen_zero(get_header(req, "Session-Expires"))) { + if ((p->sipoptions & SIP_OPT_TIMER) && !ast_strlen_zero(sip_get_header(req, "Session-Expires"))) { /* The UAC has requested session-timers for this session. Negotiate the session refresh interval and who will be the refresher */ ast_debug(2, "Incoming INVITE with 'timer' option supported and \"Session-Expires\" header.\n"); @@ -22780,7 +22782,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int sip_st_alloc(p); /* Parse the Session-Expires header */ - p_uac_se_hdr = get_header(req, "Session-Expires"); + p_uac_se_hdr = sip_get_header(req, "Session-Expires"); rtn = parse_session_expires(p_uac_se_hdr, &uac_max_se, &st_ref); if (rtn != 0) { transmit_response_reliable(p, "400 Session-Expires Invalid Syntax", req); @@ -22788,12 +22790,12 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int if (!p->lastinvite) { sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } /* Parse the Min-SE header */ - p_uac_min_se = get_header(req, "Min-SE"); + p_uac_min_se = sip_get_header(req, "Min-SE"); if (!ast_strlen_zero(p_uac_min_se)) { rtn = parse_minse(p_uac_min_se, &uac_min_se); if (rtn != 0) { @@ -22802,7 +22804,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int if (!p->lastinvite) { sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } } @@ -22817,7 +22819,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int if (!p->lastinvite) { sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } @@ -22848,7 +22850,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int if (!p->lastinvite) { sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } - res = -1; + res = INV_REQ_ERROR; goto request_invite_cleanup; } break; @@ -22929,7 +22931,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int ast_hangup(c); sip_pvt_lock(p); /* pvt is expected to remain locked on return, so re-lock it */ - res = 0; + res = INV_REQ_FAILED; goto request_invite_cleanup; } else { /* Go and take over the target call */ @@ -22980,6 +22982,7 @@ static int handle_request_invite(struct sip_pvt *p, struct sip_request *req, int ast_log(LOG_WARNING, "Failed to start PBX (call limit reached) \n"); p->invitestate = INV_COMPLETED; transmit_response_reliable(p, "480 Temporarily Unavailable", req); + res = AUTH_SESSION_LIMIT; break; case AST_PBX_SUCCESS: /* nothing to do */ @@ -23081,7 +23084,7 @@ request_invite_cleanup: } } if (authpeer) { - authpeer = unref_peer(authpeer, "unref_peer, from handle_request_invite authpeer"); + authpeer = sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_invite authpeer"); } return res; @@ -23911,7 +23914,7 @@ static int handle_request_bye(struct sip_pvt *p, struct sip_request *req) stop_media_flows(p); /* Immediately stop RTP, VRTP and UDPTL as applicable */ stop_session_timer(p); /* Stop Session-Timer */ - if (!ast_strlen_zero(get_header(req, "Also"))) { + if (!ast_strlen_zero(sip_get_header(req, "Also"))) { ast_log(LOG_NOTICE, "Client '%s' using deprecated BYE/Also transfer method. Ask vendor to support REFER instead\n", ast_sockaddr_stringify(&p->recv)); if (ast_strlen_zero(p->context)) @@ -23947,7 +23950,7 @@ static int handle_request_bye(struct sip_pvt *p, struct sip_request *req) ast_clear_flag(&p->flags[1], SIP_PAGE2_DIALOG_ESTABLISHED); /* Find out what they require */ - required = get_header(req, "Require"); + required = sip_get_header(req, "Require"); if (!ast_strlen_zero(required)) { char unsupported[256] = { 0, }; parse_sip_options(required, unsupported, ARRAY_LEN(unsupported)); @@ -24010,10 +24013,10 @@ static int sip_msg_send(const struct ast_msg *msg, const char *to, const char *f } if (!ast_strlen_zero(from)) { - if ((peer_ptr = find_peer(from, NULL, 0, 1, 0, 0))) { + if ((peer_ptr = sip_find_peer(from, NULL, 0, 1, 0, 0))) { ast_string_field_set(pvt, fromname, S_OR(peer_ptr->cid_name, peer_ptr->name)); ast_string_field_set(pvt, fromuser, S_OR(peer_ptr->cid_num, peer_ptr->name)); - unref_peer(peer_ptr, "unref_peer, from sip_msg_send, find_peer"); + sip_unref_peer(peer_ptr, "sip_unref_peer, from sip_msg_send, sip_find_peer"); } else if (strchr(from, '<')) { /* from is callerid-style */ char *sender; char *name = NULL, *location = NULL, *user = NULL, *domain = NULL; @@ -24226,8 +24229,8 @@ static int sip_pidf_validate(struct sip_request *req, struct ast_xml_doc **pidf_ { struct ast_xml_doc *doc; int content_length; - const char *content_length_str = get_header(req, "Content-Length"); - const char *content_type = get_header(req, "Content-Type"); + const char *content_length_str = sip_get_header(req, "Content-Length"); + const char *content_type = sip_get_header(req, "Content-Type"); char pidf_body[SIPBUFSIZE]; int res; @@ -24477,11 +24480,11 @@ static int handle_sip_publish_remove(struct sip_pvt *p, struct sip_request *req, static int handle_request_publish(struct sip_pvt *p, struct sip_request *req, struct ast_sockaddr *addr, const int seqno, const char *uri) { - const char *etag = get_header(req, "SIP-If-Match"); - const char *event = get_header(req, "Event"); + const char *etag = sip_get_header(req, "SIP-If-Match"); + const char *event = sip_get_header(req, "Event"); struct event_state_compositor *esc; enum sip_publish_type publish_type; - const char *expires_str = get_header(req, "Expires"); + const char *expires_str = sip_get_header(req, "Expires"); int expires_int; int auth_result; int handler_result = -1; @@ -24504,10 +24507,10 @@ static int handle_request_publish(struct sip_pvt *p, struct sip_request *req, st return 0; } else if (auth_result < 0) { if (auth_result == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From")); transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE); } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", sip_get_header(req, "From")); transmit_response_reliable(p, "403 Forbidden", req); } sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); @@ -24579,7 +24582,7 @@ static int handle_cc_subscribe(struct sip_pvt *p, struct sip_request *req) char *param_separator; struct ast_cc_agent *agent; struct sip_cc_agent_pvt *agent_pvt; - const char *expires_str = get_header(req, "Expires"); + const char *expires_str = sip_get_header(req, "Expires"); int expires = -1; /* Just need it to be non-zero */ if (!ast_strlen_zero(expires_str)) { @@ -24638,7 +24641,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, int res = 0; int firststate = AST_EXTENSION_REMOVED; struct sip_peer *authpeer = NULL; - const char *eventheader = get_header(req, "Event"); /* Get Event package name */ + const char *eventheader = sip_get_header(req, "Event"); /* Get Event package name */ int resubscribe = (p->subscribed != NONE) && !req->ignore; char *temp, *event; @@ -24669,7 +24672,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, } if (!req->ignore && !resubscribe) { /* Set up dialog, new subscription */ - const char *to = get_header(req, "To"); + const char *to = sip_get_header(req, "To"); char totag[128]; set_pvt_allowed_methods(p, req); @@ -24721,10 +24724,10 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, return 0; if (res < 0) { if (res == AUTH_FAKE_AUTH) { - ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", sip_get_header(req, "From")); transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE); } else { - ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From")); + ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", sip_get_header(req, "From")); transmit_response_reliable(p, "403 Forbidden", req); } @@ -24743,7 +24746,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, transmit_response(p, "403 Forbidden (policy)", req); pvt_set_needdestroy(p, "subscription not allowed"); if (authpeer) - unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 1)"); + sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 1)"); return 0; } @@ -24764,7 +24767,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, } pvt_set_needdestroy(p, "subscription target not found"); if (authpeer) - unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 2)"); + sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 2)"); return 0; } @@ -24780,7 +24783,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, const char *unknown_acceptheader = NULL; if (authpeer) /* We do not need the authpeer any more */ - authpeer = unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 2)"); + authpeer = sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 2)"); /* Header from Xten Eye-beam Accept: multipart/related, application/rlmi+xml, application/pidf+xml, application/xpidf+xml */ accept = __get_header(req, "Accept", &start); @@ -24866,7 +24869,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, ast_debug(2, "Received SIP mailbox subscription for unknown format: %s\n", acceptheader); pvt_set_needdestroy(p, "unknown format"); if (authpeer) - unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 3)"); + sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 3)"); return 0; } /* Looks like they actually want a mailbox status @@ -24879,7 +24882,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, pvt_set_needdestroy(p, "received 404 response"); ast_log(LOG_NOTICE, "Received SIP subscribe for peer without mailbox: %s\n", S_OR(authpeer->name, "")); if (authpeer) - unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 4)"); + sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 4)"); return 0; } @@ -24897,8 +24900,8 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, dialog_unref(authpeer->mwipvt, "Unref previously stored mwipvt dialog pointer"); authpeer->mwipvt = dialog_ref(p, "setting peers' mwipvt to p"); /* Link from peer to pvt UH- should this be dialog_ref()? */ if (p->relatedpeer) - unref_peer(p->relatedpeer, "Unref previously stored relatedpeer ptr"); - p->relatedpeer = ref_peer(authpeer, "setting dialog's relatedpeer pointer"); /* already refcounted...Link from pvt to peer UH- should this be dialog_ref()? */ + sip_unref_peer(p->relatedpeer, "Unref previously stored relatedpeer ptr"); + p->relatedpeer = sip_ref_peer(authpeer, "setting dialog's relatedpeer pointer"); /* already refcounted...Link from pvt to peer UH- should this be dialog_ref()? */ /* Do not release authpeer here */ } else if (!strcmp(event, "call-completion")) { handle_cc_subscribe(p, req); @@ -24907,13 +24910,13 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, ast_debug(2, "Received SIP subscribe for unknown event package: %s\n", event); pvt_set_needdestroy(p, "unknown event package"); if (authpeer) - unref_peer(authpeer, "unref_peer, from handle_request_subscribe (authpeer 5)"); + sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 5)"); return 0; } /* At this point, if we have an authpeer we should unref it. */ if (authpeer) { - authpeer = unref_peer(authpeer, "unref pointer into (*authpeer)"); + authpeer = sip_unref_peer(authpeer, "unref pointer into (*authpeer)"); } /* Add subscription for extension state from the PBX core */ @@ -24929,7 +24932,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req, if (!req->ignore && p) p->lastinvite = seqno; if (p && !p->needdestroy) { - p->expiry = atoi(get_header(req, "Expires")); + p->expiry = atoi(sip_get_header(req, "Expires")); /* check if the requested expiry-time is within the approved limits from sip.conf */ if (p->expiry > max_expiry) { @@ -25005,6 +25008,7 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, s if (sipdebug) ast_debug(4, "Initializing initreq for method %s - callid %s\n", sip_methods[req->method].text, p->callid); check_via(p, req); + if ((res = register_verify(p, addr, req, e)) < 0) { const char *reason; @@ -25030,24 +25034,28 @@ static int handle_request_register(struct sip_pvt *p, struct sip_request *req, s case AUTH_BAD_TRANSPORT: reason = "Device not configured to use this transport type"; break; + case AUTH_RTP_FAILED: + reason = "RTP initialization failed"; + break; default: reason = "Unknown failure"; break; } ast_log(LOG_NOTICE, "Registration from '%s' failed for '%s' - %s\n", - get_header(req, "To"), ast_sockaddr_stringify(addr), + sip_get_header(req, "To"), ast_sockaddr_stringify(addr), reason); - append_history(p, "RegRequest", "Failed : Account %s : %s", get_header(req, "To"), reason); + append_history(p, "RegRequest", "Failed : Account %s : %s", sip_get_header(req, "To"), reason); } else { req->authenticated = 1; - append_history(p, "RegRequest", "Succeeded : Account %s", get_header(req, "To")); + append_history(p, "RegRequest", "Succeeded : Account %s", sip_get_header(req, "To")); } - if (res < 1) { + if (res != AUTH_CHALLENGE_SENT) { /* Destroy the session, but keep us around for just a bit in case they don't get our 200 OK */ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT); } + return res; } @@ -25081,12 +25089,12 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as /* RFC 3261 - 8.1.1 A valid SIP request must contain To, From, CSeq, Call-ID and Via. * 8.2.6.2 Response must have To, From, Call-ID CSeq, and Via related to the request, * so we can check to make sure these fields exist for all requests and responses */ - cseq = get_header(req, "Cseq"); + cseq = sip_get_header(req, "Cseq"); cmd = REQ_OFFSET_TO_STR(req, header[0]); /* Save the via_pos so we can check later that responses only have 1 Via header */ via = __get_header(req, "Via", &via_pos); /* This must exist already because we've called find_call by now */ - callid = get_header(req, "Call-ID"); + callid = sip_get_header(req, "Call-ID"); /* Must have Cseq */ if (ast_strlen_zero(cmd) || ast_strlen_zero(cseq) || ast_strlen_zero(via)) { @@ -25109,7 +25117,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as e = ast_skip_blanks(REQ_OFFSET_TO_STR(req, rlPart2)); /* Save useragent of the client */ - useragent = get_header(req, "User-Agent"); + useragent = sip_get_header(req, "User-Agent"); if (!ast_strlen_zero(useragent)) ast_string_field_set(p, useragent, useragent); @@ -25256,6 +25264,26 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as break; case SIP_INVITE: res = handle_request_invite(p, req, debug, seqno, addr, recount, e, nounlock); + + if (res < 9) { + sip_report_security_event(p, req, res); + } + + switch (res) { + case INV_REQ_SUCCESS: + res = 1; + break; + case INV_REQ_FAILED: + res = 0; + break; + case INV_REQ_ERROR: + res = -1; + break; + default: + res = 0; + break; + } + break; case SIP_REFER: res = handle_request_refer(p, req, debug, seqno, nounlock); @@ -25277,6 +25305,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as break; case SIP_REGISTER: res = handle_request_register(p, req, addr, e); + sip_report_security_event(p, req, res); break; case SIP_INFO: if (req->debug) @@ -25393,7 +25422,7 @@ static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr) lws2sws(req->data); /* Fix multiline headers */ if (req->debug) { ast_verbose("\n<--- SIP read from %s:%s --->\n%s\n<------------->\n", - get_transport(req->socket.type), ast_sockaddr_stringify(addr), req->data->str); + sip_get_transport(req->socket.type), ast_sockaddr_stringify(addr), req->data->str); } if (parse_request(req) == -1) { /* Bad packet, can't parse */ @@ -25432,7 +25461,7 @@ static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr) } if (p->do_history) /* This is a request or response, note what it was for */ - append_history(p, "Rx", "%s / %s / %s", req->data->str, get_header(req, "CSeq"), REQ_OFFSET_TO_STR(req, rlPart2)); + append_history(p, "Rx", "%s / %s / %s", req->data->str, sip_get_header(req, "CSeq"), REQ_OFFSET_TO_STR(req, rlPart2)); if (handle_incoming(p, req, addr, &recount, &nounlock) == -1) { /* Request failed */ @@ -26175,7 +26204,7 @@ static void proc_422_rsp(struct sip_pvt *p, struct sip_request *rsp) const char *p_hdrval; int minse; - p_hdrval = get_header(rsp, "Min-SE"); + p_hdrval = sip_get_header(rsp, "Min-SE"); if (ast_strlen_zero(p_hdrval)) { ast_log(LOG_WARNING, "422 response without a Min-SE header %s\n", p_hdrval); return; @@ -26295,12 +26324,12 @@ static int sip_poke_noanswer(const void *data) /* Try again quickly */ AST_SCHED_REPLACE_UNREF(peer->pokeexpire, sched, DEFAULT_FREQ_NOTOK, sip_poke_peer_s, peer, - unref_peer(_data, "removing poke peer ref"), - unref_peer(peer, "removing poke peer ref"), - ref_peer(peer, "adding poke peer ref")); + sip_unref_peer(_data, "removing poke peer ref"), + sip_unref_peer(peer, "removing poke peer ref"), + sip_ref_peer(peer, "adding poke peer ref")); /* Release the ref held by the running scheduler entry */ - unref_peer(peer, "release peer poke noanswer ref"); + sip_unref_peer(peer, "release peer poke noanswer ref"); return 0; } @@ -26319,7 +26348,7 @@ static int sip_poke_peer(struct sip_peer *peer, int force) /* IF we have no IP, or this isn't to be monitored, return immediately after clearing things out */ AST_SCHED_DEL_UNREF(sched, peer->pokeexpire, - unref_peer(peer, "removing poke peer ref")); + sip_unref_peer(peer, "removing poke peer ref")); peer->lastms = 0; if (peer->call) { @@ -26364,11 +26393,11 @@ static int sip_poke_peer(struct sip_peer *peer, int force) ao2_t_link(dialogs, p, "Linking in under new name"); AST_SCHED_DEL_UNREF(sched, peer->pokeexpire, - unref_peer(peer, "removing poke peer ref")); + sip_unref_peer(peer, "removing poke peer ref")); if (p->relatedpeer) - p->relatedpeer = unref_peer(p->relatedpeer,"unsetting the relatedpeer field in the dialog, before it is set to something else."); - p->relatedpeer = ref_peer(peer, "setting the relatedpeer field in the dialog"); + p->relatedpeer = sip_unref_peer(p->relatedpeer,"unsetting the relatedpeer field in the dialog, before it is set to something else."); + p->relatedpeer = sip_ref_peer(peer, "setting the relatedpeer field in the dialog"); ast_set_flag(&p->flags[0], SIP_OUTGOING); #ifdef VOCAL_DATA_HACK ast_copy_string(p->username, "__VOCAL_DATA_SHOULD_READ_THE_SIP_SPEC__", sizeof(p->username)); @@ -26379,12 +26408,12 @@ static int sip_poke_peer(struct sip_peer *peer, int force) peer->ps = ast_tvnow(); if (xmitres == XMIT_ERROR) { /* Immediately unreachable, network problems */ - sip_poke_noanswer(ref_peer(peer, "add ref for peerexpire (fake, for sip_poke_noanswer to remove)")); + sip_poke_noanswer(sip_ref_peer(peer, "add ref for peerexpire (fake, for sip_poke_noanswer to remove)")); } else if (!force) { AST_SCHED_REPLACE_UNREF(peer->pokeexpire, sched, peer->maxms * 2, sip_poke_noanswer, peer, - unref_peer(_data, "removing poke peer ref"), - unref_peer(peer, "removing poke peer ref"), - ref_peer(peer, "adding poke peer ref")); + sip_unref_peer(_data, "removing poke peer ref"), + sip_unref_peer(peer, "removing poke peer ref"), + sip_ref_peer(peer, "adding poke peer ref")); } dialog_unref(p, "unref dialog at end of sip_poke_peer, obtained from sip_alloc, just before it goes out of scope"); return 0; @@ -26438,14 +26467,14 @@ static int sip_devicestate(void *data) ast_debug(3, "Checking device state for peer %s\n", host); - /* If find_peer asks for a realtime peer, then this breaks rtautoclear. This + /* If sip_find_peer asks for a realtime peer, then this breaks rtautoclear. This * is because when a peer tries to autoexpire, the last thing it does is to * queue up an event telling the system that the devicestate has changed * (presumably to unavailable). If we ask for a realtime peer here, this would * load it BACK into memory, thus defeating the point of trying to clear dead * hosts out of memory. */ - if ((p = find_peer(host, NULL, FALSE, FINDALLDEVICES, TRUE, 0))) { + if ((p = sip_find_peer(host, NULL, FALSE, FINDALLDEVICES, TRUE, 0))) { if (!(ast_sockaddr_isnull(&p->addr) && ast_sockaddr_isnull(&p->defaddr))) { /* we have an address for the peer */ @@ -26484,7 +26513,7 @@ static int sip_devicestate(void *data) /* there is no address, it's unavailable */ res = AST_DEVICE_UNAVAILABLE; } - unref_peer(p, "unref_peer, from sip_devicestate, release ref from find_peer"); + sip_unref_peer(p, "sip_unref_peer, from sip_devicestate, release ref from sip_find_peer"); } else { res = AST_DEVICE_UNKNOWN; } @@ -27281,8 +27310,8 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str struct ast_str *fullcontact = ast_str_alloca(512); if (!realtime || ast_test_flag(&global_flags[1], SIP_PAGE2_RTCACHEFRIENDS)) { - /* Note we do NOT use find_peer here, to avoid realtime recursion */ - /* We also use a case-sensitive comparison (unlike find_peer) so + /* Note we do NOT use sip_find_peer here, to avoid realtime recursion */ + /* We also use a case-sensitive comparison (unlike sip_find_peer) so that case changes made to the peer name will be properly handled during reload */ @@ -27502,13 +27531,13 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str } else { /* Non-dynamic. Make sure we become that way if we're not */ AST_SCHED_DEL_UNREF(sched, peer->expire, - unref_peer(peer, "removing register expire ref")); + sip_unref_peer(peer, "removing register expire ref")); peer->host_dynamic = FALSE; srvlookup = v->value; } } else if (!strcasecmp(v->name, "defaultip")) { if (!ast_strlen_zero(v->value) && ast_get_ip(&peer->defaddr, v->value)) { - unref_peer(peer, "unref_peer: from build_peer defaultip"); + sip_unref_peer(peer, "sip_unref_peer: from build_peer defaultip"); return NULL; } } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { @@ -27855,7 +27884,7 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str peer->addr.ss.ss_family = get_address_family_filter(&bindaddr); /* Filter address family */ if (ast_dnsmgr_lookup(_srvlookup, &peer->addr, &peer->dnsmgr, sip_cfg.srvlookup && !peer->portinuri ? transport : NULL)) { ast_log(LOG_ERROR, "srvlookup failed for host: %s, on peer %s, removing peer\n", _srvlookup, peer->name); - unref_peer(peer, "getting rid of a peer pointer"); + sip_unref_peer(peer, "getting rid of a peer pointer"); return NULL; } @@ -27907,7 +27936,7 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str /* Startup regular pokes */ if (!devstate_only && realtime && peer->lastms > 0) { - ref_peer(peer, "schedule qualify"); + sip_ref_peer(peer, "schedule qualify"); sip_poke_peer(peer, 0); } @@ -28915,7 +28944,7 @@ static int reload_config(enum channelreloadreason reason) ao2_t_link(peers_by_ip, peer, "link peer into peers_by_ip table"); } - unref_peer(peer, "unref_peer: from reload_config"); + sip_unref_peer(peer, "sip_unref_peer: from reload_config"); peer_count++; } } @@ -28988,7 +29017,7 @@ static int reload_config(enum channelreloadreason reason) if ((peer->type & SIP_TYPE_PEER) && !ast_sockaddr_isnull(&peer->addr)) { ao2_t_link(peers_by_ip, peer, "link peer into peers_by_ip table"); } - unref_peer(peer, "unref the result of the build_peer call. Now, the links from the tables are the only ones left."); + sip_unref_peer(peer, "unref the result of the build_peer call. Now, the links from the tables are the only ones left."); peer_count++; } } @@ -29507,7 +29536,7 @@ static int sip_sipredirect(struct sip_pvt *p, const char *dest) char *local_to_header; char to_header[256]; - ast_copy_string(to_header, get_header(&p->initreq, "To"), sizeof(to_header)); + ast_copy_string(to_header, sip_get_header(&p->initreq, "To"), sizeof(to_header)); if (ast_strlen_zero(to_header)) { ast_log(LOG_ERROR, "Cannot retrieve the 'To' header from the original SIP request!\n"); return 0; @@ -29572,11 +29601,11 @@ static void sip_poke_all_peers(void) num++; } AST_SCHED_REPLACE_UNREF(peer->pokeexpire, sched, ms, sip_poke_peer_s, peer, - unref_peer(_data, "removing poke peer ref"), - unref_peer(peer, "removing poke peer ref"), - ref_peer(peer, "adding poke peer ref")); + sip_unref_peer(_data, "removing poke peer ref"), + sip_unref_peer(peer, "removing poke peer ref"), + sip_ref_peer(peer, "adding poke peer ref")); ao2_unlock(peer); - unref_peer(peer, "toss iterator peer ptr"); + sip_unref_peer(peer, "toss iterator peer ptr"); } ao2_iterator_destroy(&i); } diff --git a/channels/sip/include/security_events.h b/channels/sip/include/security_events.h new file mode 100644 index 000000000..cee2fa707 --- /dev/null +++ b/channels/sip/include/security_events.h @@ -0,0 +1,43 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2011, Digium, Inc. + * + * Michael L. Young <elgueromexicano@gmail.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! + * \file + * + * \brief Generate security events in the SIP channel + * + * \author Michael L. Young <elgueromexicano@gmail.com> + */ + +#include "sip.h" + +#ifndef _SIP_SECURITY_EVENTS_H +#define _SIP_SECURITY_EVENTS_H + +void sip_report_invalid_peer(const struct sip_pvt *p); +void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname); +void sip_report_inval_password(const struct sip_pvt *p, const char *responsechallenge, const char *responsehash); +void sip_report_auth_success(const struct sip_pvt *p, uint32_t *using_password); +void sip_report_session_limit(const struct sip_pvt *p); +void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response); +void sip_report_chal_sent(const struct sip_pvt *p); +void sip_report_inval_transport(const struct sip_pvt *p, const char *transport); +void sip_digest_parser(char *c, struct digestkeys *keys); +int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res); + +#endif diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h index 7e0f2d261..baec6eee2 100644 --- a/channels/sip/include/sip.h +++ b/channels/sip/include/sip.h @@ -33,6 +33,7 @@ #include "asterisk/app.h" #include "asterisk/astobj.h" #include "asterisk/indications.h" +#include "asterisk/security_events.h" #ifndef FALSE #define FALSE 0 @@ -42,7 +43,7 @@ #define TRUE 1 #endif -/* Arguments for find_peer */ +/* Arguments for sip_find_peer */ #define FINDUSERS (1 << 0) #define FINDPEERS (1 << 1) #define FINDALLDEVICES (FINDUSERS | FINDPEERS) @@ -359,6 +360,8 @@ #define SIP_PAGE3_FLAGS_TO_COPY \ (SIP_PAGE3_SNOM_AOC | SIP_PAGE3_SRTP_TAG_32) +#define CHECK_AUTH_BUF_INITLEN 256 + /*@}*/ /*----------------------------------------------------------*/ @@ -381,6 +384,19 @@ enum sip_result { AST_FAILURE = -1, /*!< Failure code */ }; +/*! \brief The results from handling an invite request + * + * \note Start at these values so we do not conflict with + * check_auth_results values when returning from + * handle_request_invite. check_auth_results only returned during + * authentication routines + * */ +enum inv_req_result { + INV_REQ_SUCCESS = 11, /*!< Success code */ + INV_REQ_FAILED = 10, /*!< Failure code */ + INV_REQ_ERROR = 9, /*!< Error code */ +}; + /*! \brief States for the INVITE transaction, not the dialog * \note this is for the INVITE that sets up the dialog */ @@ -472,7 +488,8 @@ enum check_auth_result { AUTH_PEER_NOT_DYNAMIC = -6, AUTH_ACL_FAILED = -7, AUTH_BAD_TRANSPORT = -8, - AUTH_RTP_FAILED = 9, + AUTH_RTP_FAILED = -9, + AUTH_SESSION_LIMIT = -10, }; /*! \brief States for outbound registrations (with register= lines in sip.conf */ @@ -633,6 +650,13 @@ enum sip_tcptls_alert { TCPTLS_ALERT_STOP, /*!< \brief A request to stop the tcp_handler thread */ }; +enum digest_keys { + K_RESP, + K_URI, + K_USER, + K_NONCE, + K_LAST +}; /*----------------------------------------------------------*/ /*---- STRUCTS ----*/ @@ -1797,4 +1821,22 @@ static const struct cfsip_options { { SIP_OPT_TARGET_DIALOG,NOT_SUPPORTED, "tdialog" }, }; +struct digestkeys { + const char *key; + const char *s; +}; + +AST_THREADSTORAGE(check_auth_buf); + +/*----------------------------------------------------------*/ +/*---- FUNCTIONS ----*/ +/*----------------------------------------------------------*/ + +struct sip_peer *sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport); +void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader); +const char *sip_get_header(const struct sip_request *req, const char *name); +const char *sip_get_transport(enum sip_transport t); +void *sip_unref_peer(struct sip_peer *peer, char *tag); +struct sip_peer *sip_ref_peer(struct sip_peer *peer, char *tag); + #endif diff --git a/channels/sip/security_events.c b/channels/sip/security_events.c new file mode 100644 index 000000000..8af4f29f9 --- /dev/null +++ b/channels/sip/security_events.c @@ -0,0 +1,398 @@ +/* + * Asterisk -- An open source telephony toolkit. + * + * Copyright (C) 2011, Digium, Inc. + * + * Michael L. Young <elgueromexicano@gmail.com> + * + * See http://www.asterisk.org for more information about + * the Asterisk project. Please do not directly contact + * any of the maintainers of this project for assistance; + * the project provides a web site, mailing lists and IRC + * channels for your use. + * + * This program is free software, distributed under the terms of + * the GNU General Public License Version 2. See the LICENSE file + * at the top of the source tree. + */ + +/*! + * \file + * + * \brief Generate security events in the SIP channel + * + * \author Michael L. Young <elgueromexicano@gmail.com> + */ + +#include "asterisk.h" + +ASTERISK_FILE_VERSION(__FILE__, "$Revision$") + +#include "include/sip.h" +#include "include/security_events.h" + +/*! \brief Determine transport type used to receive request*/ + +static enum ast_security_event_transport_type security_event_get_transport(const struct sip_pvt *p) +{ + int res = 0; + + switch (p->socket.type) { + case SIP_TRANSPORT_UDP: + return AST_SECURITY_EVENT_TRANSPORT_UDP; + case SIP_TRANSPORT_TCP: + return AST_SECURITY_EVENT_TRANSPORT_TCP; + case SIP_TRANSPORT_TLS: + return AST_SECURITY_EVENT_TRANSPORT_TLS; + } + + return res; +} + +static struct sockaddr_in *security_event_encode_sin_local(const struct sip_pvt *p, struct sockaddr_in *sin_local) +{ + ast_sockaddr_to_sin(&p->ourip, sin_local); + + return sin_local; +} + +static struct sockaddr_in *security_event_encode_sin_remote(const struct sip_pvt *p, struct sockaddr_in *sin_remote) +{ + ast_sockaddr_to_sin(&p->sa, sin_remote); + + return sin_remote; +} + +void sip_report_invalid_peer(const struct sip_pvt *p) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_inval_acct_id inval_acct_id = { + .common.event_type = AST_SECURITY_EVENT_INVAL_ACCT_ID, + .common.version = AST_SECURITY_EVENT_INVAL_ACCT_ID_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&inval_acct_id)); +} + +void sip_report_failed_acl(const struct sip_pvt *p, const char *aclname) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_failed_acl failed_acl_event = { + .common.event_type = AST_SECURITY_EVENT_FAILED_ACL, + .common.version = AST_SECURITY_EVENT_FAILED_ACL_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + .acl_name = aclname, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&failed_acl_event)); +} + +void sip_report_inval_password(const struct sip_pvt *p, const char *response_challenge, const char *response_hash) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_inval_password inval_password = { + .common.event_type = AST_SECURITY_EVENT_INVAL_PASSWORD, + .common.version = AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + + .challenge = p->randdata, + .received_challenge = response_challenge, + .received_hash = response_hash, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&inval_password)); +} + +void sip_report_auth_success(const struct sip_pvt *p, uint32_t *using_password) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_successful_auth successful_auth = { + .common.event_type = AST_SECURITY_EVENT_SUCCESSFUL_AUTH, + .common.version = AST_SECURITY_EVENT_SUCCESSFUL_AUTH_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + .using_password = using_password, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&successful_auth)); +} + +void sip_report_session_limit(const struct sip_pvt *p) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_session_limit session_limit = { + .common.event_type = AST_SECURITY_EVENT_SESSION_LIMIT, + .common.version = AST_SECURITY_EVENT_SESSION_LIMIT_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&session_limit)); +} + +void sip_report_failed_challenge_response(const struct sip_pvt *p, const char *response, const char *expected_response) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + char account_id[256]; + + struct ast_security_event_chal_resp_failed chal_resp_failed = { + .common.event_type = AST_SECURITY_EVENT_CHAL_RESP_FAILED, + .common.version = AST_SECURITY_EVENT_CHAL_RESP_FAILED_VERSION, + .common.service = "SIP", + .common.account_id = account_id, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + + .challenge = p->randdata, + .response = response, + .expected_response = expected_response, + }; + + if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ + ast_copy_string(account_id, p->from, sizeof(account_id)); + } else { + ast_copy_string(account_id, p->exten, sizeof(account_id)); + } + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&chal_resp_failed)); +} + +void sip_report_chal_sent(const struct sip_pvt *p) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + char account_id[256]; + + struct ast_security_event_chal_sent chal_sent = { + .common.event_type = AST_SECURITY_EVENT_CHAL_SENT, + .common.version = AST_SECURITY_EVENT_CHAL_SENT_VERSION, + .common.service = "SIP", + .common.account_id = account_id, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + + .challenge = p->randdata, + }; + + if (!ast_strlen_zero(p->from)) { /* When dialing, show account making call */ + ast_copy_string(account_id, p->from, sizeof(account_id)); + } else { + ast_copy_string(account_id, p->exten, sizeof(account_id)); + } + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&chal_sent)); +} + +void sip_report_inval_transport(const struct sip_pvt *p, const char *transport) +{ + char session_id[32]; + struct sockaddr_in sin_local; + struct sockaddr_in sin_remote; + + struct ast_security_event_inval_transport inval_transport = { + .common.event_type = AST_SECURITY_EVENT_INVAL_TRANSPORT, + .common.version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, + .common.service = "SIP", + .common.account_id = p->exten, + .common.local_addr = { + .sin = security_event_encode_sin_local(p, &sin_local), + .transport = security_event_get_transport(p) + }, + .common.remote_addr = { + .sin = security_event_encode_sin_remote(p, &sin_remote), + .transport = security_event_get_transport(p) + }, + .common.session_id = session_id, + + .transport = transport, + }; + + snprintf(session_id, sizeof(session_id), "%p", p); + + ast_security_event_report(AST_SEC_EVT(&inval_transport)); +} + +int sip_report_security_event(const struct sip_pvt *p, const struct sip_request *req, const int res) { + + struct sip_peer *peer_report; + enum check_auth_result res_report = res; + struct ast_str *buf; + char *c; + const char *authtoken; + char *reqheader, *respheader; + int result = 0; + char aclname[256]; + struct digestkeys keys[] = { + [K_RESP] = { "response=", "" }, + [K_URI] = { "uri=", "" }, + [K_USER] = { "username=", "" }, + [K_NONCE] = { "nonce=", "" }, + [K_LAST] = { NULL, NULL} + }; + + peer_report = sip_find_peer(p->exten, NULL, TRUE, FINDPEERS, FALSE, 0); + + switch(res_report) { + case AUTH_DONT_KNOW: + break; + case AUTH_SUCCESSFUL: + if (peer_report) { + if (ast_strlen_zero(peer_report->secret) && ast_strlen_zero(peer_report->md5secret)) { + sip_report_auth_success(p, (uint32_t *) 0); + } else { + sip_report_auth_success(p, (uint32_t *) 1); + } + } + break; + case AUTH_CHALLENGE_SENT: + sip_report_chal_sent(p); + break; + case AUTH_SECRET_FAILED: + case AUTH_USERNAME_MISMATCH: + sip_auth_headers(WWW_AUTH, &respheader, &reqheader); + authtoken = sip_get_header(req, reqheader); + buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN); + ast_str_set(&buf, 0, "%s", authtoken); + c = buf->str; + + sip_digest_parser(c, keys); + + if (res_report == AUTH_SECRET_FAILED) { + sip_report_inval_password(p, keys[K_NONCE].s, keys[K_RESP].s); + } else { + if (peer_report) { + sip_report_failed_challenge_response(p, keys[K_USER].s, peer_report->username); + } + } + break; + case AUTH_NOT_FOUND: + /* with sip_cfg.alwaysauthreject on, generates 2 events */ + sip_report_invalid_peer(p); + break; + case AUTH_FAKE_AUTH: + break; + case AUTH_UNKNOWN_DOMAIN: + snprintf(aclname, sizeof(aclname), "domain_must_match"); + sip_report_failed_acl(p, aclname); + break; + case AUTH_PEER_NOT_DYNAMIC: + snprintf(aclname, sizeof(aclname), "peer_not_dynamic"); + sip_report_failed_acl(p, aclname); + break; + case AUTH_ACL_FAILED: + /* with sip_cfg.alwaysauthreject on, generates 2 events */ + snprintf(aclname, sizeof(aclname), "device_must_match_acl"); + sip_report_failed_acl(p, aclname); + break; + case AUTH_BAD_TRANSPORT: + sip_report_inval_transport(p, sip_get_transport(req->socket.type)); + break; + case AUTH_RTP_FAILED: + break; + case AUTH_SESSION_LIMIT: + sip_report_session_limit(p); + break; + } + + if (peer_report) { + sip_unref_peer(peer_report, "sip_report_security_event: sip_unref_peer: from handle_incoming"); + } + + return result; +} + diff --git a/configs/logger.conf.sample b/configs/logger.conf.sample index 87e8f4229..af1f90c0b 100644 --- a/configs/logger.conf.sample +++ b/configs/logger.conf.sample @@ -76,6 +76,7 @@ ; verbose ; dtmf ; fax +; security ; ; Special filename "console" represents the system console ; @@ -104,6 +105,7 @@ ; you are in the process of debugging a specific issue. ; ;debug => debug +;security => security console => notice,warning,error ;console => notice,warning,error,debug messages => notice,warning,error diff --git a/include/asterisk/event_defs.h b/include/asterisk/event_defs.h index 073d67bc6..4d1892256 100644 --- a/include/asterisk/event_defs.h +++ b/include/asterisk/event_defs.h @@ -283,8 +283,13 @@ enum ast_event_ie_type { AST_EVENT_IE_CHALLENGE = 0x0032, AST_EVENT_IE_RESPONSE = 0x0033, AST_EVENT_IE_EXPECTED_RESPONSE = 0x0034, + AST_EVENT_IE_RECEIVED_CHALLENGE = 0x0035, + AST_EVENT_IE_RECEIVED_HASH = 0x0036, + AST_EVENT_IE_USING_PASSWORD = 0x0037, + AST_EVENT_IE_ATTEMPTED_TRANSPORT = 0x0038, + /*! \brief Must be the last IE value +1 */ - AST_EVENT_IE_TOTAL = 0x0035, + AST_EVENT_IE_TOTAL = 0x0039, }; /*! diff --git a/include/asterisk/security_events_defs.h b/include/asterisk/security_events_defs.h index e39cf312d..61134e29c 100644 --- a/include/asterisk/security_events_defs.h +++ b/include/asterisk/security_events_defs.h @@ -111,7 +111,17 @@ enum ast_security_event_type { * \brief An attempt at basic password authentication failed */ AST_SECURITY_EVENT_INVAL_PASSWORD, - /* \brief This _must_ stay at the end. */ + /*! + * \brief Challenge was sent out, informational + */ + AST_SECURITY_EVENT_CHAL_SENT, + /*! + * \brief An attempt to contact a peer on an invalid transport. + */ + AST_SECURITY_EVENT_INVAL_TRANSPORT, + /*! + * \brief This _must_ stay at the end. + */ AST_SECURITY_EVENT_NUM_TYPES }; @@ -393,6 +403,11 @@ struct ast_security_event_successful_auth { * \note Account ID required */ struct ast_security_event_common common; + /*! + * \brief Using password - if a password was used or not + * \note required, 0 = no, 1 = yes + */ + uint32_t *using_password; }; /*! @@ -455,12 +470,69 @@ struct ast_security_event_inval_password { * \brief Event descriptor version * \note This _must_ be changed if this event descriptor is changed. */ - #define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION 1 + #define AST_SECURITY_EVENT_INVAL_PASSWORD_VERSION 2 + /*! + * \brief Common security event descriptor elements + * \note Account ID required + */ + struct ast_security_event_common common; + /*! + * \brief Challenge provided + * \note required + */ + const char *challenge; + /*! + * \brief Challenge received + * \note required + */ + const char *received_challenge; + /*! + * \brief Hash received + * \note required + */ + const char *received_hash; +}; + +/*! + * \brief A challenge was sent out + */ +struct ast_security_event_chal_sent { + /*! + * \brief Event descriptor version + * \note This _must_ be changed if this event descriptor is changed. + */ + #define AST_SECURITY_EVENT_CHAL_SENT_VERSION 1 /*! * \brief Common security event descriptor elements * \note Account ID required */ struct ast_security_event_common common; + /*! + * \brief Challenge sent + * \note required + */ + const char *challenge; +}; + +/*! + * \brief Attempt to contact peer on invalid transport + */ +struct ast_security_event_inval_transport { + /*! + * \brief Event descriptor version + * \note This _must_ be changed if this event descriptor is changed. + */ + #define AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION 1 + /*! + * \brief Common security event descriptor elements + * \note Account ID required + */ + struct ast_security_event_common common; + /*! + * \brief Attempted transport + * \note required + */ + const char *transport; }; #if defined(__cplusplus) || defined(c_plusplus) diff --git a/main/event.c b/main/event.c index a62e73637..fc1d668e6 100644 --- a/main/event.c +++ b/main/event.c @@ -264,6 +264,10 @@ static const struct ie_map { [AST_EVENT_IE_CHALLENGE] = { AST_EVENT_IE_PLTYPE_STR, "Challenge" }, [AST_EVENT_IE_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "Response" }, [AST_EVENT_IE_EXPECTED_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "ExpectedResponse" }, + [AST_EVENT_IE_RECEIVED_CHALLENGE] = { AST_EVENT_IE_PLTYPE_STR, "ReceivedChallenge" }, + [AST_EVENT_IE_RECEIVED_HASH] = { AST_EVENT_IE_PLTYPE_STR, "ReceivedHash" }, + [AST_EVENT_IE_USING_PASSWORD] = { AST_EVENT_IE_PLTYPE_UINT, "UsingPassword" }, + }; const char *ast_event_get_type_name(const struct ast_event *event) diff --git a/main/security_events.c b/main/security_events.c index d1e2ac0cc..ed05ebfa0 100644 --- a/main/security_events.c +++ b/main/security_events.c @@ -265,6 +265,7 @@ static const struct { { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) }, { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) }, { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) }, + { AST_EVENT_IE_USING_PASSWORD, SEC_EVT_FIELD(successful_auth, using_password) }, { AST_EVENT_IE_END, 0 } }, .optional_ies = { @@ -335,6 +336,55 @@ static const struct { { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) }, { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) }, { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) }, + { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(inval_password, challenge) }, + { AST_EVENT_IE_RECEIVED_CHALLENGE, SEC_EVT_FIELD(inval_password, received_challenge) }, + { AST_EVENT_IE_RECEIVED_HASH, SEC_EVT_FIELD(inval_password, received_hash) }, + { AST_EVENT_IE_END, 0 } + }, + .optional_ies = { + { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) }, + { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) }, + { AST_EVENT_IE_END, 0 } + }, +}, + +[AST_SECURITY_EVENT_CHAL_SENT] = { + .name = "ChallengeSent", + .version = AST_SECURITY_EVENT_CHAL_SENT_VERSION, + .severity = AST_SECURITY_EVENT_SEVERITY_INFO, + .required_ies = { + { AST_EVENT_IE_EVENT_TV, 0 }, + { AST_EVENT_IE_SEVERITY, 0 }, + { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) }, + { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) }, + { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) }, + { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) }, + { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) }, + { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) }, + { AST_EVENT_IE_CHALLENGE, SEC_EVT_FIELD(chal_sent, challenge) }, + { AST_EVENT_IE_END, 0 } + }, + .optional_ies = { + { AST_EVENT_IE_MODULE, SEC_EVT_FIELD(common, module) }, + { AST_EVENT_IE_SESSION_TV, SEC_EVT_FIELD(common, session_tv) }, + { AST_EVENT_IE_END, 0 } + }, +}, + +[AST_SECURITY_EVENT_INVAL_TRANSPORT] = { + .name = "InvalidTransport", + .version = AST_SECURITY_EVENT_INVAL_TRANSPORT_VERSION, + .severity = AST_SECURITY_EVENT_SEVERITY_ERROR, + .required_ies = { + { AST_EVENT_IE_EVENT_TV, 0 }, + { AST_EVENT_IE_SEVERITY, 0 }, + { AST_EVENT_IE_SERVICE, SEC_EVT_FIELD(common, service) }, + { AST_EVENT_IE_EVENT_VERSION, SEC_EVT_FIELD(common, version) }, + { AST_EVENT_IE_ACCOUNT_ID, SEC_EVT_FIELD(common, account_id) }, + { AST_EVENT_IE_SESSION_ID, SEC_EVT_FIELD(common, session_id) }, + { AST_EVENT_IE_LOCAL_ADDR, SEC_EVT_FIELD(common, local_addr) }, + { AST_EVENT_IE_REMOTE_ADDR, SEC_EVT_FIELD(common, remote_addr) }, + { AST_EVENT_IE_ATTEMPTED_TRANSPORT, SEC_EVT_FIELD(inval_transport, transport) }, { AST_EVENT_IE_END, 0 } }, .optional_ies = { @@ -500,6 +550,9 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm case AST_EVENT_IE_CHALLENGE: case AST_EVENT_IE_RESPONSE: case AST_EVENT_IE_EXPECTED_RESPONSE: + case AST_EVENT_IE_RECEIVED_CHALLENGE: + case AST_EVENT_IE_RECEIVED_HASH: + case AST_EVENT_IE_ATTEMPTED_TRANSPORT: { const char *str; @@ -519,6 +572,7 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm break; } case AST_EVENT_IE_EVENT_VERSION: + case AST_EVENT_IE_USING_PASSWORD: { uint32_t val; val = *((const uint32_t *)(((const char *) sec) + ie_type->offset)); |