1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
|
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2013, Digium, Inc.
*
* Mark Michelson <mmichelson@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*** MODULEINFO
<depend>pjproject</depend>
<depend>res_pjsip</depend>
<support_level>core</support_level>
***/
#include "asterisk.h"
#include <pjsip.h>
#include "asterisk/res_pjsip.h"
#include "asterisk/module.h"
static int get_from_header(pjsip_rx_data *rdata, char *username, size_t username_size, char *domain, size_t domain_size)
{
pjsip_uri *from = rdata->msg_info.from->uri;
pjsip_sip_uri *sip_from;
if (!PJSIP_URI_SCHEME_IS_SIP(from) && !PJSIP_URI_SCHEME_IS_SIPS(from)) {
return -1;
}
sip_from = (pjsip_sip_uri *) pjsip_uri_get_uri(from);
ast_copy_pj_str(username, &sip_from->user, username_size);
ast_copy_pj_str(domain, &sip_from->host, domain_size);
return 0;
}
static pjsip_authorization_hdr *get_auth_header(pjsip_rx_data *rdata, char *username,
size_t username_size, char *realm, size_t realm_size, pjsip_authorization_hdr *start)
{
pjsip_authorization_hdr *header;
header = pjsip_msg_find_hdr(rdata->msg_info.msg, PJSIP_H_AUTHORIZATION, start);
if (!header || pj_stricmp2(&header->scheme, "digest")) {
return NULL;
}
ast_copy_pj_str(username, &header->credential.digest.username, username_size);
ast_copy_pj_str(realm, &header->credential.digest.realm, realm_size);
return header;
}
static int find_transport_state_in_use(void *obj, void *arg, int flags)
{
struct ast_sip_transport_state *transport_state = obj;
pjsip_rx_data *rdata = arg;
if (transport_state->transport == rdata->tp_info.transport
|| (transport_state->factory
&& !pj_strcmp(&transport_state->factory->addr_name.host, &rdata->tp_info.transport->local_name.host)
&& transport_state->factory->addr_name.port == rdata->tp_info.transport->local_name.port)) {
return CMP_MATCH;
}
return 0;
}
#define DOMAIN_NAME_LEN 255
#define USERNAME_LEN 255
static struct ast_sip_endpoint *find_endpoint(pjsip_rx_data *rdata, char *endpoint_name,
char *domain_name)
{
struct ast_sip_endpoint *endpoint;
if (!ast_sip_get_disable_multi_domain()) {
struct ast_sip_domain_alias *alias;
struct ao2_container *transport_states;
struct ast_sip_transport_state *transport_state = NULL;
struct ast_sip_transport *transport = NULL;
char id[DOMAIN_NAME_LEN + USERNAME_LEN + sizeof("@")];
/* Attempt to find the endpoint given the name and domain provided */
snprintf(id, sizeof(id), "%s@%s", endpoint_name, domain_name);
endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id);
if (endpoint) {
return endpoint;
}
/* See if an alias exists for the domain provided */
alias = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "domain_alias",
domain_name);
if (alias) {
snprintf(id, sizeof(id), "%s@%s", endpoint_name, alias->domain);
ao2_ref(alias, -1);
endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id);
if (endpoint) {
return endpoint;
}
}
/* See if the transport this came in on has a provided domain */
if ((transport_states = ast_sip_get_transport_states())
&& (transport_state = ao2_callback(transport_states, 0, find_transport_state_in_use, rdata))
&& (transport = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "transport", transport_state->id))
&& !ast_strlen_zero(transport->domain)) {
snprintf(id, sizeof(id), "%s@%s", endpoint_name, transport->domain);
endpoint = ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", id);
}
ao2_cleanup(transport);
ao2_cleanup(transport_state);
ao2_cleanup(transport_states);
if (endpoint) {
return endpoint;
}
}
/* Fall back to no domain */
return ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), "endpoint", endpoint_name);
}
static struct ast_sip_endpoint *username_identify(pjsip_rx_data *rdata)
{
char username[USERNAME_LEN + 1];
char domain[DOMAIN_NAME_LEN + 1];
struct ast_sip_endpoint *endpoint;
if (get_from_header(rdata, username, sizeof(username), domain, sizeof(domain))) {
return NULL;
}
/*
* We may want to be matched without any user options getting
* in the way.
*/
AST_SIP_USER_OPTIONS_TRUNCATE_CHECK(username);
ast_debug(3, "Attempting identify by From username '%s' domain '%s'\n", username, domain);
endpoint = find_endpoint(rdata, username, domain);
if (!endpoint) {
ast_debug(3, "Endpoint not found for From username '%s' domain '%s'\n", username, domain);
return NULL;
}
if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_USERNAME)) {
ast_debug(3, "Endpoint found for '%s' but 'username' method not supported'\n", username);
ao2_cleanup(endpoint);
return NULL;
}
ast_debug(3, "Identified by From username '%s' domain '%s'\n", username, domain);
return endpoint;
}
static struct ast_sip_endpoint *auth_username_identify(pjsip_rx_data *rdata)
{
char username[USERNAME_LEN + 1], realm[DOMAIN_NAME_LEN + 1];
struct ast_sip_endpoint *endpoint;
pjsip_authorization_hdr *auth_header = NULL;
while ((auth_header = get_auth_header(rdata, username, sizeof(username), realm, sizeof(realm),
auth_header ? auth_header->next : NULL))) {
ast_debug(3, "Attempting identify by Authorization username '%s' realm '%s'\n", username,
realm);
endpoint = find_endpoint(rdata, username, realm);
if (!endpoint) {
ast_debug(3, "Endpoint not found for Authentication username '%s' realm '%s'\n",
username, realm);
ao2_cleanup(endpoint);
continue;
}
if (!(endpoint->ident_method & AST_SIP_ENDPOINT_IDENTIFY_BY_AUTH_USERNAME)) {
ast_debug(3, "Endpoint found for '%s' but 'auth_username' method not supported'\n",
username);
ao2_cleanup(endpoint);
continue;
}
ast_debug(3, "Identified by Authorization username '%s' realm '%s'\n", username, realm);
return endpoint;
}
return NULL;
}
static struct ast_sip_endpoint_identifier username_identifier = {
.identify_endpoint = username_identify,
};
static struct ast_sip_endpoint_identifier auth_username_identifier = {
.identify_endpoint = auth_username_identify,
};
static int load_module(void)
{
ast_sip_register_endpoint_identifier_with_name(&username_identifier, "username");
ast_sip_register_endpoint_identifier_with_name(&auth_username_identifier, "auth_username");
return AST_MODULE_LOAD_SUCCESS;
}
static int unload_module(void)
{
ast_sip_unregister_endpoint_identifier(&auth_username_identifier);
ast_sip_unregister_endpoint_identifier(&username_identifier);
return 0;
}
AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP username endpoint identifier",
.support_level = AST_MODULE_SUPPORT_CORE,
.load = load_module,
.unload = unload_module,
.load_pri = AST_MODPRI_CHANNEL_DEPEND - 4,
.requires = "res_pjsip",
);
|
