config_auth.c 9.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343
  1. /*
  2. * Asterisk -- An open source telephony toolkit.
  3. *
  4. * Copyright (C) 2013, Digium, Inc.
  5. *
  6. * Mark Michelson <mmichelson@digium.com>
  7. *
  8. * See http://www.asterisk.org for more information about
  9. * the Asterisk project. Please do not directly contact
  10. * any of the maintainers of this project for assistance;
  11. * the project provides a web site, mailing lists and IRC
  12. * channels for your use.
  13. *
  14. * This program is free software, distributed under the terms of
  15. * the GNU General Public License Version 2. See the LICENSE file
  16. * at the top of the source tree.
  17. */
  18. #include "asterisk.h"
  19. #include <pjsip.h>
  20. #include <pjlib.h>
  21. #include "asterisk/res_pjsip.h"
  22. #include "asterisk/logger.h"
  23. #include "asterisk/sorcery.h"
  24. #include "asterisk/cli.h"
  25. #include "include/res_pjsip_private.h"
  26. #include "asterisk/res_pjsip_cli.h"
  27. static void auth_destroy(void *obj)
  28. {
  29. struct ast_sip_auth *auth = obj;
  30. ast_string_field_free_memory(auth);
  31. }
  32. static void *auth_alloc(const char *name)
  33. {
  34. struct ast_sip_auth *auth = ast_sorcery_generic_alloc(sizeof(*auth), auth_destroy);
  35. if (!auth) {
  36. return NULL;
  37. }
  38. if (ast_string_field_init(auth, 64)) {
  39. ao2_cleanup(auth);
  40. return NULL;
  41. }
  42. return auth;
  43. }
  44. static int auth_type_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
  45. {
  46. struct ast_sip_auth *auth = obj;
  47. if (!strcasecmp(var->value, "userpass")) {
  48. auth->type = AST_SIP_AUTH_TYPE_USER_PASS;
  49. } else if (!strcasecmp(var->value, "md5")) {
  50. auth->type = AST_SIP_AUTH_TYPE_MD5;
  51. } else {
  52. ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",
  53. var->value, var->name);
  54. return -1;
  55. }
  56. return 0;
  57. }
  58. static const char *auth_types_map[] = {
  59. [AST_SIP_AUTH_TYPE_USER_PASS] = "userpass",
  60. [AST_SIP_AUTH_TYPE_MD5] = "md5"
  61. };
  62. const char *ast_sip_auth_type_to_str(enum ast_sip_auth_type type)
  63. {
  64. return ARRAY_IN_BOUNDS(type, auth_types_map) ?
  65. auth_types_map[type] : "";
  66. }
  67. static int auth_type_to_str(const void *obj, const intptr_t *args, char **buf)
  68. {
  69. const struct ast_sip_auth *auth = obj;
  70. *buf = ast_strdup(ast_sip_auth_type_to_str(auth->type));
  71. return 0;
  72. }
  73. static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
  74. {
  75. struct ast_sip_auth *auth = obj;
  76. int res = 0;
  77. if (ast_strlen_zero(auth->auth_user)) {
  78. ast_log(LOG_ERROR, "No authentication username for auth '%s'\n",
  79. ast_sorcery_object_get_id(auth));
  80. return -1;
  81. }
  82. switch (auth->type) {
  83. case AST_SIP_AUTH_TYPE_MD5:
  84. if (ast_strlen_zero(auth->md5_creds)) {
  85. ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred "
  86. "specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
  87. res = -1;
  88. } else if (strlen(auth->md5_creds) != PJSIP_MD5STRLEN) {
  89. ast_log(LOG_ERROR, "'md5' authentication requires digest of size '%d', but "
  90. "digest is '%d' in size for auth '%s'\n", PJSIP_MD5STRLEN, (int)strlen(auth->md5_creds),
  91. ast_sorcery_object_get_id(auth));
  92. res = -1;
  93. }
  94. break;
  95. case AST_SIP_AUTH_TYPE_USER_PASS:
  96. case AST_SIP_AUTH_TYPE_ARTIFICIAL:
  97. break;
  98. }
  99. return res;
  100. }
  101. int ast_sip_for_each_auth(const struct ast_sip_auth_vector *vector,
  102. ao2_callback_fn on_auth, void *arg)
  103. {
  104. int i;
  105. if (!vector || !AST_VECTOR_SIZE(vector)) {
  106. return 0;
  107. }
  108. for (i = 0; i < AST_VECTOR_SIZE(vector); ++i) {
  109. /* AST_VECTOR_GET is safe to use since the vector is immutable */
  110. RAII_VAR(struct ast_sip_auth *, auth, ast_sorcery_retrieve_by_id(
  111. ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE,
  112. AST_VECTOR_GET(vector,i)), ao2_cleanup);
  113. if (!auth) {
  114. continue;
  115. }
  116. if (on_auth(auth, arg, 0)) {
  117. return -1;
  118. }
  119. }
  120. return 0;
  121. }
  122. static int sip_auth_to_ami(const struct ast_sip_auth *auth,
  123. struct ast_str **buf)
  124. {
  125. return ast_sip_sorcery_object_to_ami(auth, buf);
  126. }
  127. static int format_ami_auth_handler(void *obj, void *arg, int flags)
  128. {
  129. const struct ast_sip_auth *auth = obj;
  130. struct ast_sip_ami *ami = arg;
  131. const struct ast_sip_endpoint *endpoint = ami->arg;
  132. RAII_VAR(struct ast_str *, buf,
  133. ast_sip_create_ami_event("AuthDetail", ami), ast_free);
  134. if (!buf) {
  135. return -1;
  136. }
  137. if (sip_auth_to_ami(auth, &buf)) {
  138. return -1;
  139. }
  140. if (endpoint) {
  141. ast_str_append(&buf, 0, "EndpointName: %s\r\n",
  142. ast_sorcery_object_get_id(endpoint));
  143. }
  144. astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
  145. ami->count++;
  146. return 0;
  147. }
  148. int ast_sip_format_auths_ami(const struct ast_sip_auth_vector *auths,
  149. struct ast_sip_ami *ami)
  150. {
  151. return ast_sip_for_each_auth(auths, format_ami_auth_handler, ami);
  152. }
  153. static int format_ami_endpoint_auth(const struct ast_sip_endpoint *endpoint,
  154. struct ast_sip_ami *ami)
  155. {
  156. ami->arg = (void *)endpoint;
  157. if (ast_sip_format_auths_ami(&endpoint->inbound_auths, ami)) {
  158. return -1;
  159. }
  160. return ast_sip_format_auths_ami(&endpoint->outbound_auths, ami);
  161. }
  162. static struct ast_sip_endpoint_formatter endpoint_auth_formatter = {
  163. .format_ami = format_ami_endpoint_auth
  164. };
  165. static struct ao2_container *cli_get_container(void)
  166. {
  167. RAII_VAR(struct ao2_container *, container, NULL, ao2_cleanup);
  168. struct ao2_container *s_container;
  169. container = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "auth",
  170. AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);
  171. if (!container) {
  172. return NULL;
  173. }
  174. s_container = ao2_container_alloc_list(AO2_ALLOC_OPT_LOCK_NOLOCK, 0,
  175. ast_sorcery_object_id_sort, ast_sorcery_object_id_compare);
  176. if (!s_container) {
  177. return NULL;
  178. }
  179. if (ao2_container_dup(s_container, container, 0)) {
  180. ao2_ref(s_container, -1);
  181. return NULL;
  182. }
  183. return s_container;
  184. }
  185. static int cli_iterator(void *container, ao2_callback_fn callback, void *args)
  186. {
  187. return ast_sip_for_each_auth(container, callback, args);
  188. }
  189. static void *cli_retrieve_by_id(const char *id)
  190. {
  191. return ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, id);
  192. }
  193. static int cli_print_header(void *obj, void *arg, int flags)
  194. {
  195. struct ast_sip_cli_context *context = arg;
  196. int indent = CLI_INDENT_TO_SPACES(context->indent_level);
  197. int filler = CLI_MAX_WIDTH - indent - 20;
  198. ast_assert(context->output_buffer != NULL);
  199. ast_str_append(&context->output_buffer, 0,
  200. "%*s: <AuthId/UserName%*.*s>\n", indent, "I/OAuth", filler, filler,
  201. CLI_HEADER_FILLER);
  202. return 0;
  203. }
  204. static int cli_print_body(void *obj, void *arg, int flags)
  205. {
  206. struct ast_sip_auth *auth = obj;
  207. struct ast_sip_cli_context *context = arg;
  208. char title[32];
  209. ast_assert(context->output_buffer != NULL);
  210. snprintf(title, sizeof(title), "%sAuth",
  211. context->auth_direction ? context->auth_direction : "");
  212. ast_str_append(&context->output_buffer, 0, "%*s: %s/%s\n",
  213. CLI_INDENT_TO_SPACES(context->indent_level), title,
  214. ast_sorcery_object_get_id(auth), auth->auth_user);
  215. if (context->show_details
  216. || (context->show_details_only_level_0 && context->indent_level == 0)) {
  217. ast_str_append(&context->output_buffer, 0, "\n");
  218. ast_sip_cli_print_sorcery_objectset(auth, context, 0);
  219. }
  220. return 0;
  221. }
  222. static struct ast_cli_entry cli_commands[] = {
  223. AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "List PJSIP Auths",
  224. .command = "pjsip list auths",
  225. .usage = "Usage: pjsip list auths\n"
  226. " List the configured PJSIP Auths\n"),
  227. AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auths",
  228. .command = "pjsip show auths",
  229. .usage = "Usage: pjsip show auths\n"
  230. " Show the configured PJSIP Auths\n"),
  231. AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auth",
  232. .command = "pjsip show auth",
  233. .usage = "Usage: pjsip show auth <id>\n"
  234. " Show the configured PJSIP Auth\n"),
  235. };
  236. static struct ast_sip_cli_formatter_entry *cli_formatter;
  237. /*! \brief Initialize sorcery with auth support */
  238. int ast_sip_initialize_sorcery_auth(void)
  239. {
  240. struct ast_sorcery *sorcery = ast_sip_get_sorcery();
  241. ast_sorcery_apply_default(sorcery, SIP_SORCERY_AUTH_TYPE, "config", "pjsip.conf,criteria=type=auth");
  242. if (ast_sorcery_object_register(sorcery, SIP_SORCERY_AUTH_TYPE, auth_alloc, NULL, auth_apply)) {
  243. return -1;
  244. }
  245. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "type", "",
  246. OPT_NOOP_T, 0, 0);
  247. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "username",
  248. "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_user));
  249. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "password",
  250. "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_pass));
  251. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "md5_cred",
  252. "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, md5_creds));
  253. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "realm",
  254. "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));
  255. ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",
  256. "32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));
  257. ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",
  258. "userpass", auth_type_handler, auth_type_to_str, NULL, 0, 0);
  259. ast_sip_register_endpoint_formatter(&endpoint_auth_formatter);
  260. cli_formatter = ao2_alloc(sizeof(struct ast_sip_cli_formatter_entry), NULL);
  261. if (!cli_formatter) {
  262. ast_log(LOG_ERROR, "Unable to allocate memory for cli formatter\n");
  263. return -1;
  264. }
  265. cli_formatter->name = SIP_SORCERY_AUTH_TYPE;
  266. cli_formatter->print_header = cli_print_header;
  267. cli_formatter->print_body = cli_print_body;
  268. cli_formatter->get_container = cli_get_container;
  269. cli_formatter->iterate = cli_iterator;
  270. cli_formatter->get_id = ast_sorcery_object_get_id;
  271. cli_formatter->retrieve_by_id = cli_retrieve_by_id;
  272. ast_sip_register_cli_formatter(cli_formatter);
  273. ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));
  274. return 0;
  275. }
  276. int ast_sip_destroy_sorcery_auth(void)
  277. {
  278. ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
  279. ast_sip_unregister_cli_formatter(cli_formatter);
  280. return 0;
  281. }