forks
/
asterisk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
asterisk/res/res_pjsip/config_auth.c

436 lines
12 KiB
C
Raw Permalink Normal View History

v18.15.1
2023-05-25 18:45:57 +00:00
/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2013, Digium, Inc.
*
* Mark Michelson <mmichelson@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
#include "asterisk.h"
#include <pjsip.h>
#include <pjlib.h>
#include "asterisk/res_pjsip.h"
#include "asterisk/logger.h"
#include "asterisk/sorcery.h"
#include "asterisk/cli.h"
#include "include/res_pjsip_private.h"
#include "asterisk/res_pjsip_cli.h"
static void auth_destroy(void *obj)
{
struct ast_sip_auth *auth = obj;
ast_string_field_free_memory(auth);
}
static void *auth_alloc(const char *name)
{
struct ast_sip_auth *auth = ast_sorcery_generic_alloc(sizeof(*auth), auth_destroy);
if (!auth) {
return NULL;
}
if (ast_string_field_init(auth, 64)) {
ao2_cleanup(auth);
return NULL;
}
return auth;
}
static int auth_type_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
{
struct ast_sip_auth *auth = obj;
if (!strcasecmp(var->value, "userpass")) {
auth->type = AST_SIP_AUTH_TYPE_USER_PASS;
} else if (!strcasecmp(var->value, "md5")) {
auth->type = AST_SIP_AUTH_TYPE_MD5;
} else if (!strcasecmp(var->value, "google_oauth")) {
#ifdef HAVE_PJSIP_OAUTH_AUTHENTICATION
auth->type = AST_SIP_AUTH_TYPE_GOOGLE_OAUTH;
#else
ast_log(LOG_WARNING, "OAuth support is not available in the version of PJSIP in use\n");
return -1;
#endif
} else {
ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",
var->value, var->name);
return -1;
}
return 0;
}
static const char *auth_types_map[] = {
[AST_SIP_AUTH_TYPE_USER_PASS] = "userpass",
[AST_SIP_AUTH_TYPE_MD5] = "md5",
[AST_SIP_AUTH_TYPE_GOOGLE_OAUTH] = "google_oauth"
};
const char *ast_sip_auth_type_to_str(enum ast_sip_auth_type type)
{
return ARRAY_IN_BOUNDS(type, auth_types_map) ?
auth_types_map[type] : "";
}
static int auth_type_to_str(const void *obj, const intptr_t *args, char **buf)
{
const struct ast_sip_auth *auth = obj;
*buf = ast_strdup(ast_sip_auth_type_to_str(auth->type));
return 0;
}
static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
{
struct ast_sip_auth *auth = obj;
int res = 0;
if (ast_strlen_zero(auth->auth_user)) {
ast_log(LOG_ERROR, "No authentication username for auth '%s'\n",
ast_sorcery_object_get_id(auth));
return -1;
}
switch (auth->type) {
case AST_SIP_AUTH_TYPE_MD5:
if (ast_strlen_zero(auth->md5_creds)) {
ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred "
"specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
res = -1;
} else if (strlen(auth->md5_creds) != PJSIP_MD5STRLEN) {
ast_log(LOG_ERROR, "'md5' authentication requires digest of size '%d', but "
"digest is '%d' in size for auth '%s'\n", PJSIP_MD5STRLEN, (int)strlen(auth->md5_creds),
ast_sorcery_object_get_id(auth));
res = -1;
}
break;
case AST_SIP_AUTH_TYPE_GOOGLE_OAUTH:
if (ast_strlen_zero(auth->refresh_token)
|| ast_strlen_zero(auth->oauth_clientid)
|| ast_strlen_zero(auth->oauth_secret)) {
ast_log(LOG_ERROR, "'google_oauth' authentication specified but refresh_token,"
" oauth_clientid, or oauth_secret not specified for auth '%s'\n",
ast_sorcery_object_get_id(auth));
res = -1;
}
break;
case AST_SIP_AUTH_TYPE_USER_PASS:
case AST_SIP_AUTH_TYPE_ARTIFICIAL:
break;
}
return res;
}
int ast_sip_for_each_auth(const struct ast_sip_auth_vector *vector,
ao2_callback_fn on_auth, void *arg)
{
int i;
if (!vector || !AST_VECTOR_SIZE(vector)) {
return 0;
}
for (i = 0; i < AST_VECTOR_SIZE(vector); ++i) {
/* AST_VECTOR_GET is safe to use since the vector is immutable */
RAII_VAR(struct ast_sip_auth *, auth, ast_sorcery_retrieve_by_id(
ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE,
AST_VECTOR_GET(vector,i)), ao2_cleanup);
if (!auth) {
continue;
}
if (on_auth(auth, arg, 0)) {
return -1;
}
}
return 0;
}
static int sip_auth_to_ami(const struct ast_sip_auth *auth,
struct ast_str **buf)
{
return ast_sip_sorcery_object_to_ami(auth, buf);
}
static int format_ami_auth_handler(void *obj, void *arg, int flags)
{
const struct ast_sip_auth *auth = obj;
struct ast_sip_ami *ami = arg;
const struct ast_sip_endpoint *endpoint = ami->arg;
RAII_VAR(struct ast_str *, buf,
ast_sip_create_ami_event("AuthDetail", ami), ast_free);
if (!buf) {
return -1;
}
if (sip_auth_to_ami(auth, &buf)) {
return -1;
}
if (endpoint) {
ast_str_append(&buf, 0, "EndpointName: %s\r\n",
ast_sorcery_object_get_id(endpoint));
}
astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
ami->count++;
return 0;
}
int ast_sip_format_auths_ami(const struct ast_sip_auth_vector *auths,
struct ast_sip_ami *ami)
{
return ast_sip_for_each_auth(auths, format_ami_auth_handler, ami);
}
static int format_ami_endpoint_auth(const struct ast_sip_endpoint *endpoint,
struct ast_sip_ami *ami)
{
ami->arg = (void *)endpoint;
if (ast_sip_format_auths_ami(&endpoint->inbound_auths, ami)) {
return -1;
}
return ast_sip_format_auths_ami(&endpoint->outbound_auths, ami);
}
static struct ast_sip_endpoint_formatter endpoint_auth_formatter = {
.format_ami = format_ami_endpoint_auth
};
static struct ao2_container *cli_get_auths(void)
{
struct ao2_container *auths;
auths = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "auth",
AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
return auths;
}
static int format_ami_authlist_handler(void *obj, void *arg, int flags)
{
struct ast_sip_auth *auth = obj;
struct ast_sip_ami *ami = arg;
struct ast_str *buf;
buf = ast_sip_create_ami_event("AuthList", ami);
if (!buf) {
return CMP_STOP;
}
sip_auth_to_ami(auth, &buf);
astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
ami->count++;
ast_free(buf);
return 0;
}
static int ami_show_auths(struct mansession *s, const struct message *m)
{
struct ast_sip_ami ami = { .s = s, .m = m, .action_id = astman_get_header(m, "ActionID"), };
struct ao2_container *auths;
auths = cli_get_auths();
if (!auths) {
astman_send_error(s, m, "Could not get Auths\n");
return 0;
}
if (!ao2_container_count(auths)) {
astman_send_error(s, m, "No Auths found\n");
ao2_ref(auths, -1);
return 0;
}
astman_send_listack(s, m, "A listing of Auths follows, presented as AuthList events",
"start");
ao2_callback(auths, OBJ_NODATA, format_ami_authlist_handler, &ami);
astman_send_list_complete_start(s, m, "AuthListComplete", ami.count);
astman_send_list_complete_end(s);
ao2_ref(auths, -1);
return 0;
}
static struct ao2_container *cli_get_container(const char *regex)
{
RAII_VAR(struct ao2_container *, container, NULL, ao2_cleanup);
struct ao2_container *s_container;
container = ast_sorcery_retrieve_by_regex(ast_sip_get_sorcery(), "auth", regex);
if (!container) {
return NULL;
}
s_container = ao2_container_alloc_list(AO2_ALLOC_OPT_LOCK_NOLOCK, 0,
ast_sorcery_object_id_sort, ast_sorcery_object_id_compare);
if (!s_container) {
return NULL;
}
if (ao2_container_dup(s_container, container, 0)) {
ao2_ref(s_container, -1);
return NULL;
}
return s_container;
}
static int cli_iterator(void *container, ao2_callback_fn callback, void *args)
{
return ast_sip_for_each_auth(container, callback, args);
}
static void *cli_retrieve_by_id(const char *id)
{
return ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, id);
}
static int cli_print_header(void *obj, void *arg, int flags)
{
struct ast_sip_cli_context *context = arg;
int indent = CLI_INDENT_TO_SPACES(context->indent_level);
int filler = CLI_MAX_WIDTH - indent - 20;
ast_assert(context->output_buffer != NULL);
ast_str_append(&context->output_buffer, 0,
"%*s: <AuthId/UserName%*.*s>\n", indent, "I/OAuth", filler, filler,
CLI_HEADER_FILLER);
return 0;
}
static int cli_print_body(void *obj, void *arg, int flags)
{
struct ast_sip_auth *auth = obj;
struct ast_sip_cli_context *context = arg;
char title[32];
ast_assert(context->output_buffer != NULL);
snprintf(title, sizeof(title), "%sAuth",
context->auth_direction ? context->auth_direction : "");
ast_str_append(&context->output_buffer, 0, "%*s: %s/%s\n",
CLI_INDENT_TO_SPACES(context->indent_level), title,
ast_sorcery_object_get_id(auth), auth->auth_user);
if (context->show_details
|| (context->show_details_only_level_0 && context->indent_level == 0)) {
ast_str_append(&context->output_buffer, 0, "\n");
ast_sip_cli_print_sorcery_objectset(auth, context, 0);
}
return 0;
}
static struct ast_cli_entry cli_commands[] = {
AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "List PJSIP Auths",
.command = "pjsip list auths",
.usage = "Usage: pjsip list auths [ like <pattern> ]\n"
" List the configured PJSIP Auths\n"
" Optional regular expression pattern is used to filter the list.\n"),
AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auths",
.command = "pjsip show auths",
.usage = "Usage: pjsip show auths [ like <pattern> ]\n"
" Show the configured PJSIP Auths\n"
" Optional regular expression pattern is used to filter the list.\n"),
AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auth",
.command = "pjsip show auth",
.usage = "Usage: pjsip show auth <id>\n"
" Show the configured PJSIP Auth\n"),
};
static struct ast_sip_cli_formatter_entry *cli_formatter;
/*! \brief Initialize sorcery with auth support */
int ast_sip_initialize_sorcery_auth(void)
{
struct ast_sorcery *sorcery = ast_sip_get_sorcery();
ast_sorcery_apply_default(sorcery, SIP_SORCERY_AUTH_TYPE, "config", "pjsip.conf,criteria=type=auth");
if (ast_sorcery_object_register(sorcery, SIP_SORCERY_AUTH_TYPE, auth_alloc, NULL, auth_apply)) {
return -1;
}
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "type", "",
OPT_NOOP_T, 0, 0);
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "username",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_user));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "password",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_pass));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "refresh_token",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, refresh_token));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "oauth_clientid",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, oauth_clientid));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "oauth_secret",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, oauth_secret));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "md5_cred",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, md5_creds));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "realm",
"", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));
ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",
"32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));
ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",
"userpass", auth_type_handler, auth_type_to_str, NULL, 0, 0);
ast_sip_register_endpoint_formatter(&endpoint_auth_formatter);
cli_formatter = ao2_alloc(sizeof(struct ast_sip_cli_formatter_entry), NULL);
if (!cli_formatter) {
ast_log(LOG_ERROR, "Unable to allocate memory for cli formatter\n");
return -1;
}
cli_formatter->name = SIP_SORCERY_AUTH_TYPE;
cli_formatter->print_header = cli_print_header;
cli_formatter->print_body = cli_print_body;
cli_formatter->get_container = cli_get_container;
cli_formatter->iterate = cli_iterator;
cli_formatter->get_id = ast_sorcery_object_get_id;
cli_formatter->retrieve_by_id = cli_retrieve_by_id;
ast_sip_register_cli_formatter(cli_formatter);
ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
if (ast_manager_register_xml("PJSIPShowAuths", EVENT_FLAG_SYSTEM, ami_show_auths)) {
return -1;
}
return 0;
}
int ast_sip_destroy_sorcery_auth(void)
{
ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
ast_sip_unregister_cli_formatter(cli_formatter);
ast_sip_unregister_endpoint_formatter(&endpoint_auth_formatter);
ast_manager_unregister("PJSIPShowAuths");
return 0;
}