Module: sems Branch: master Commit: 9ee77a0594f1f71ea0002355fe810fdfa80c9b34 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sems/?a=commit;h=9ee77a0594f1f71ea0002355fe810fdfa80c9b34
Author: Stefan Sayer <[email protected]> Committer: Stefan Sayer <[email protected]> Date: Thu Aug 1 19:10:46 2013 +0200 sbc: SIP UAS authentication for B leg (uas_auth_bleg_enabled) Notes: - All of those profile options must be set uas_auth_bleg_realm uas_auth_bleg_user uas_auth_bleg_pwd - On realm mismatch, it is not authenticated - URI is not checked against the Authorization URI Conflicts: apps/sbc/SBC.cpp apps/sbc/SBC.h apps/sbc/SBCCallProfile.cpp apps/sbc/SBCCallProfile.h apps/sbc/etc/transparent.sbcprofile.conf Conflicts: apps/sbc/SBC.cpp apps/sbc/SBC.h apps/sbc/SBCCallProfile.cpp apps/sbc/SBCCallProfile.h apps/sbc/etc/transparent.sbcprofile.conf --- apps/sbc/SBC.cpp | 1 - apps/sbc/SBCCallLeg.cpp | 60 ++++++++++++++++++++++++++++- apps/sbc/SBCCallLeg.h | 3 + apps/sbc/SBCCallProfile.cpp | 16 +++++++- apps/sbc/SBCCallProfile.h | 2 + apps/sbc/etc/transparent.sbcprofile.conf | 6 +++ 6 files changed, 83 insertions(+), 5 deletions(-) diff --git a/apps/sbc/SBC.cpp b/apps/sbc/SBC.cpp index 3be644c..b5b24f5 100644 --- a/apps/sbc/SBC.cpp +++ b/apps/sbc/SBC.cpp @@ -817,4 +817,3 @@ bool SBCFactory::CCRoute(const AmSipRequest& req, return true; } - diff --git a/apps/sbc/SBCCallLeg.cpp b/apps/sbc/SBCCallLeg.cpp index 0224181..e308c8a 100644 --- a/apps/sbc/SBCCallLeg.cpp +++ b/apps/sbc/SBCCallLeg.cpp @@ -121,7 +121,7 @@ SBCCallLeg::SBCCallLeg(const SBCCallProfile& call_profile, AmSipDialog* p_dlg, AmSipSubscription* p_subs) : CallLeg(p_dlg,p_subs), m_state(BB_Init), - auth(NULL), + auth(NULL), auth_di(NULL), call_profile(call_profile), cc_timer_id(SBC_TIMER_ID_CALL_TIMERS_START), ext_cc_timer_id(SBC_TIMER_ID_CALL_TIMERS_END + 1), @@ -148,7 +148,7 @@ SBCCallLeg::SBCCallLeg(const SBCCallProfile& call_profile, AmSipDialog* p_dlg, // B leg constructor (from SBCCalleeSession) SBCCallLeg::SBCCallLeg(SBCCallLeg* caller, AmSipDialog* p_dlg, AmSipSubscription* p_subs) - : auth(NULL), + : auth(NULL), auth_di(NULL), call_profile(caller->getCallProfile()), CallLeg(caller,p_dlg,p_subs), ext_cc_timer_id(SBC_TIMER_ID_CALL_TIMERS_END + 1), @@ -197,7 +197,7 @@ SBCCallLeg::SBCCallLeg(SBCCallLeg* caller, AmSipDialog* p_dlg, SBCCallLeg::SBCCallLeg(AmSipDialog* p_dlg, AmSipSubscription* p_subs) : CallLeg(p_dlg,p_subs), m_state(BB_Init), - auth(NULL), + auth(NULL), auth_di(NULL), cc_timer_id(SBC_TIMER_ID_CALL_TIMERS_START), cc_started(false), logger(NULL) @@ -331,6 +331,18 @@ void SBCCallLeg::applyBProfile() } } + if (call_profile.uas_auth_bleg_enabled) { + AmDynInvokeFactory* fact = AmPlugIn::instance()->getFactory4Di("uac_auth"); + if (NULL != fact) { + AmDynInvoke* di_inst = fact->getInstance(); + if(NULL != di_inst) { + setAuthDI(di_inst); + } + } else { + ERROR("B-leg UAS auth enabled (uas_auth_bleg_enabled), but uac_auth module not loaded!\n"); + } + } + if (call_profile.sst_enabled_value) { if(applySSTCfg(call_profile.sst_b_cfg,NULL) < 0) { throw AmSession::Exception(500, SIP_REPLY_SERVER_INTERNAL_ERROR); @@ -519,6 +531,48 @@ void SBCCallLeg::onSipRequest(const AmSipRequest& req) { if ((*i)->onInDialogRequest(this, req) == StopProcessing) return; } + if (call_profile.uas_auth_bleg_enabled && NULL != auth_di) { + AmArg di_args, di_ret; + try { + DBG("Auth: checking authentication\n"); + di_args.push((AmObject*)&req); + di_args.push(call_profile.uas_auth_bleg_credentials.realm); + di_args.push(call_profile.uas_auth_bleg_credentials.user); + di_args.push(call_profile.uas_auth_bleg_credentials.pwd); + auth_di->invoke("checkAuth", di_args, di_ret); + + if (di_ret.size() >= 3) { + if (di_ret[0].asInt() != 200) { + DBG("Auth: replying %u %s - hdrs: '%s'\n", + di_ret[0].asInt(), di_ret[1].asCStr(), di_ret[2].asCStr()); + dlg->reply(req, di_ret[0].asInt(), di_ret[1].asCStr(), NULL, di_ret[2].asCStr()); + return; + } else { + DBG("Successfully authenticated request.\n"); + } + } else { + ERROR("internal: no proper result from checkAuth: '%s'\n", AmArg::print(di_ret).c_str()); + } + + } catch (const AmDynInvoke::NotImplemented& ni) { + ERROR("not implemented DI function 'checkAuth'\n"); + dlg->reply(req, 500, SIP_REPLY_SERVER_INTERNAL_ERROR, NULL, "", SIP_FLAGS_VERBATIM); + return; + } catch (const AmArg::OutOfBoundsException& oob) { + ERROR("out of bounds in DI call 'checkAuth'\n"); + dlg->reply(req, 500, SIP_REPLY_SERVER_INTERNAL_ERROR, NULL, "", SIP_FLAGS_VERBATIM); + return; + } catch (const AmArg::TypeMismatchException& oob) { + ERROR("type mismatch in DI call checkAuth\n"); + dlg->reply(req, 500, SIP_REPLY_SERVER_INTERNAL_ERROR, NULL, "", SIP_FLAGS_VERBATIM); + return; + } catch (...) { + ERROR("unexpected Exception in DI call checkAuth\n"); + dlg->reply(req, 500, SIP_REPLY_SERVER_INTERNAL_ERROR, NULL, "", SIP_FLAGS_VERBATIM); + return; + } + } + if (fwd && req.method == SIP_METH_INVITE) { DBG("replying 100 Trying to INVITE to be fwd'ed\n"); dlg->reply(req, 100, SIP_REPLY_TRYING); diff --git a/apps/sbc/SBCCallLeg.h b/apps/sbc/SBCCallLeg.h index 80d87aa..8ae9e50 100644 --- a/apps/sbc/SBCCallLeg.h +++ b/apps/sbc/SBCCallLeg.h @@ -69,6 +69,7 @@ class SBCCallLeg : public CallLeg, public CredentialHolder // auth AmSessionEventHandler* auth; + AmDynInvoke* auth_di; /** Storage for remembered payload IDs from SDP offer to be put correctly into * SDP answer (we avoid with this parsing SDP offer again when processing the @@ -156,6 +157,8 @@ class SBCCallLeg : public CallLeg, public CredentialHolder UACAuthCred* getCredentials(); void setAuthHandler(AmSessionEventHandler* h) { auth = h; } + void setAuthDI(AmDynInvoke* di_inst) { auth_di = di_inst; } + bool initCCExtModules(const CCInterfaceListT& cc_module_list, const vector<AmDynInvoke*>& cc_module_di); bool initPendingCCExtModules(); void addPendingCCExtModule(const string& cc_name, const string& cc_module, const map<string, string>& cc_values); diff --git a/apps/sbc/SBCCallProfile.cpp b/apps/sbc/SBCCallProfile.cpp index 663318f..28a88d4 100644 --- a/apps/sbc/SBCCallProfile.cpp +++ b/apps/sbc/SBCCallProfile.cpp @@ -250,6 +250,11 @@ bool SBCCallProfile::readFromConfiguration(const string& name, auth_aleg_credentials.user = cfg.getParameter("auth_aleg_user"); auth_aleg_credentials.pwd = cfg.getParameter("auth_aleg_pwd"); + uas_auth_bleg_enabled = cfg.getParameter("enable_bleg_uas_auth", "no") == "yes"; + uas_auth_bleg_credentials.realm = cfg.getParameter("uas_auth_bleg_realm"); + uas_auth_bleg_credentials.user = cfg.getParameter("uas_auth_bleg_user"); + uas_auth_bleg_credentials.pwd = cfg.getParameter("uas_auth_bleg_pwd"); + if (!cfg.getParameter("call_control").empty()) { vector<string> cc_sections = explode(cfg.getParameter("call_control"), ","); for (vector<string>::iterator it = @@ -257,7 +262,6 @@ bool SBCCallProfile::readFromConfiguration(const string& name, DBG("reading call control '%s'\n", it->c_str()); cc_interfaces.push_back(CCInterface(*it)); CCInterface& cc_if = cc_interfaces.back(); - cc_if.cc_module = cfg.getParameter(*it + "_module"); AmArg mandatory_values; @@ -529,6 +533,7 @@ bool SBCCallProfile::readFromConfiguration(const string& name, INFO("SBC: SIP auth %sabled\n", auth_enabled?"en":"dis"); INFO("SBC: SIP auth for A leg %sabled\n", auth_aleg_enabled?"en":"dis"); + INFO("SBC: SIP UAS auth for B leg %sabled\n", uas_auth_bleg_enabled?"en":"dis"); if (cc_interfaces.size()) { string cc_if_names; @@ -814,6 +819,15 @@ bool SBCCallProfile::evaluate(ParamReplacerCtx& ctx, "auth_aleg_pwd", req); } + if (uas_auth_bleg_enabled) { + uas_auth_bleg_credentials.realm = + ctx.replaceParameters(uas_auth_bleg_credentials.realm, "uas_auth_bleg_realm", req); + uas_auth_bleg_credentials.user = + ctx.replaceParameters(uas_auth_bleg_credentials.user, "uas_auth_bleg_user", req); + uas_auth_bleg_credentials.pwd = + ctx.replaceParameters(uas_auth_bleg_credentials.pwd, "uas_auth_bleg_pwd", req); + } + fix_replaces_inv = ctx.replaceParameters(fix_replaces_inv, "fix_replaces_inv", req); fix_replaces_ref = ctx.replaceParameters(fix_replaces_ref, "fix_replaces_ref", req); diff --git a/apps/sbc/SBCCallProfile.h b/apps/sbc/SBCCallProfile.h index 2e29d10..483de92 100644 --- a/apps/sbc/SBCCallProfile.h +++ b/apps/sbc/SBCCallProfile.h @@ -172,6 +172,8 @@ struct SBCCallProfile bool auth_aleg_enabled; UACAuthCred auth_aleg_credentials; + bool uas_auth_bleg_enabled; + UACAuthCred uas_auth_bleg_credentials; CCInterfaceListT cc_interfaces; diff --git a/apps/sbc/etc/transparent.sbcprofile.conf b/apps/sbc/etc/transparent.sbcprofile.conf index 5697c7b..c2692ae 100644 --- a/apps/sbc/etc/transparent.sbcprofile.conf +++ b/apps/sbc/etc/transparent.sbcprofile.conf @@ -89,6 +89,12 @@ #auth_aleg_user=$P(au) #auth_aleg_pwd=$P(ap) +## UAS auth for B leg +#uas_auth_bleg_enabled=yes +#uas_auth_bleg_realm=$P(sr) +#uas_auth_bleg_user=$P(su) +#uas_auth_bleg_pwd=$P(sp) + ## call timer #enable_call_timer=yes #call_timer=60 _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
