mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-04 20:04:50 +00:00
res_pjsip: mediasec: Add Security-Client headers after 401
When using mediasec, requests sent after a 401 must still contain the
Security-Client header according to
draft-dawes-sipcore-mediasec-parameter.
Resolves: #48
(cherry picked from commit f3cc1e7fbd)
This commit is contained in:
Maximilian Fridrich
committed by
Asterisk Development Team
Asterisk Development Team
parent
ea564b640d
commit
9cfda39d36
@@ -256,6 +256,13 @@ static int timers_to_str(const void *obj, const intptr_t *args, char **buf)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int security_mechanism_to_str(const void *obj, const intptr_t *args, char **buf)
|
||||
{
|
||||
const struct ast_sip_endpoint *endpoint = obj;
|
||||
|
||||
return ast_sip_security_mechanisms_to_str(&endpoint->security_mechanisms, 0, buf);
|
||||
}
|
||||
|
||||
static int security_mechanism_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
|
||||
{
|
||||
struct ast_sip_endpoint *endpoint = obj;
|
||||
@@ -263,6 +270,20 @@ static int security_mechanism_handler(const struct aco_option *opt, struct ast_v
|
||||
return ast_sip_security_mechanism_vector_init(&endpoint->security_mechanisms, var->value);
|
||||
}
|
||||
|
||||
static const char *security_negotiation_map[] = {
|
||||
[AST_SIP_SECURITY_NEG_NONE] = "no",
|
||||
[AST_SIP_SECURITY_NEG_MEDIASEC] = "mediasec",
|
||||
};
|
||||
|
||||
static int security_negotiation_to_str(const void *obj, const intptr_t *args, char **buf)
|
||||
{
|
||||
const struct ast_sip_endpoint *endpoint = obj;
|
||||
if (ARRAY_IN_BOUNDS(endpoint->security_negotiation, security_negotiation_map)) {
|
||||
*buf = ast_strdup(security_negotiation_map[endpoint->security_negotiation]);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ast_sip_set_security_negotiation(enum ast_sip_security_negotiation *security_negotiation, const char *val) {
|
||||
if (!strcasecmp("no", val)) {
|
||||
*security_negotiation = AST_SIP_SECURITY_NEG_NONE;
|
||||
@@ -2262,8 +2283,8 @@ int ast_res_pjsip_initialize_configuration(void)
|
||||
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "allow_unauthenticated_options", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, allow_unauthenticated_options));
|
||||
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "geoloc_incoming_call_profile", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, geoloc_incoming_call_profile));
|
||||
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "geoloc_outgoing_call_profile", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, geoloc_outgoing_call_profile));
|
||||
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "security_mechanisms", "", security_mechanism_handler, NULL, NULL, 0, 0);
|
||||
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "security_negotiation", "no", security_negotiation_handler, NULL, NULL, 0, 0);
|
||||
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "security_mechanisms", "", security_mechanism_handler, security_mechanism_to_str, NULL, 0, 0);
|
||||
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "security_negotiation", "no", security_negotiation_handler, security_negotiation_to_str, NULL, 0, 0);
|
||||
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "send_aoc", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, send_aoc));
|
||||
|
||||
if (ast_sip_initialize_sorcery_transport()) {
|
||||
|
||||
@@ -137,8 +137,8 @@ static char *ast_sip_security_mechanism_type_to_str(enum ast_sip_security_mechan
|
||||
}
|
||||
}
|
||||
|
||||
static int ast_sip_security_mechanism_to_str(const struct ast_sip_security_mechanism *security_mechanism, int add_qvalue, char **buf) {
|
||||
char tmp[64];
|
||||
static int security_mechanism_to_str(const struct ast_sip_security_mechanism *security_mechanism, int add_qvalue, char **buf)
|
||||
{
|
||||
size_t size;
|
||||
size_t buf_size = 128;
|
||||
int i;
|
||||
@@ -152,22 +152,50 @@ static int ast_sip_security_mechanism_to_str(const struct ast_sip_security_mecha
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
strncat(ret, ast_sip_security_mechanism_type_to_str(security_mechanism->type), buf_size - strlen(ret) - 1);
|
||||
snprintf(ret, buf_size - 1, "%s", ast_sip_security_mechanism_type_to_str(security_mechanism->type));
|
||||
if (add_qvalue) {
|
||||
snprintf(tmp, sizeof(tmp), ";q=%f.4", security_mechanism->qvalue);
|
||||
strncat(ret, tmp, buf_size - strlen(ret) - 1);
|
||||
snprintf(ret + strlen(ret), buf_size - 1, ";q=%f.4", security_mechanism->qvalue);
|
||||
}
|
||||
|
||||
size = AST_VECTOR_SIZE(&security_mechanism->mechanism_parameters);
|
||||
for (i = 0; i < size; ++i) {
|
||||
snprintf(tmp, sizeof(tmp), ";%s", AST_VECTOR_GET(&security_mechanism->mechanism_parameters, i));
|
||||
strncat(ret, tmp, buf_size - strlen(ret) - 1);
|
||||
snprintf(ret + strlen(ret), buf_size - 1, ";%s", AST_VECTOR_GET(&security_mechanism->mechanism_parameters, i));
|
||||
}
|
||||
|
||||
*buf = ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ast_sip_security_mechanisms_to_str(const struct ast_sip_security_mechanism_vector *security_mechanisms, int add_qvalue, char **buf)
|
||||
{
|
||||
size_t vec_size;
|
||||
struct ast_sip_security_mechanism *mech;
|
||||
char *tmp_buf;
|
||||
char ret[512];
|
||||
size_t i;
|
||||
|
||||
if (!security_mechanisms) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
vec_size = AST_VECTOR_SIZE(security_mechanisms);
|
||||
ret[0] = '\0';
|
||||
|
||||
for (i = 0; i < vec_size; ++i) {
|
||||
mech = AST_VECTOR_GET(security_mechanisms, i);
|
||||
if (security_mechanism_to_str(mech, add_qvalue, &tmp_buf)) {
|
||||
continue;
|
||||
}
|
||||
snprintf(ret + strlen(ret), sizeof(ret) - 1, "%s%s",
|
||||
tmp_buf, i == vec_size - 1 ? "" : ", ");
|
||||
ast_free(tmp_buf);
|
||||
}
|
||||
|
||||
*buf = ast_strdup(ret);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
void ast_sip_remove_headers_by_name_and_value(pjsip_msg *msg, const pj_str_t *hdr_name, const char* value)
|
||||
{
|
||||
struct pjsip_generic_string_hdr *hdr = pjsip_msg_find_hdr_by_name(msg, hdr_name, NULL);
|
||||
@@ -186,7 +214,7 @@ void ast_sip_remove_headers_by_name_and_value(pjsip_msg *msg, const pj_str_t *hd
|
||||
* \brief Parses a string representing a q_value to a float.
|
||||
*
|
||||
* Valid q values must be in the range from 0.0 to 1.0 inclusively.
|
||||
*
|
||||
*
|
||||
* \param q_value
|
||||
* \retval The parsed qvalue or -1.0 on failure.
|
||||
*/
|
||||
@@ -234,9 +262,10 @@ int ast_sip_str_to_security_mechanism(struct ast_sip_security_mechanism **securi
|
||||
err = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
if (!strncmp(param, "q=0", 4) || !strncmp(param, "q=1", 4)) {
|
||||
if (!strncmp(param, "q=", 2)) {
|
||||
mech->qvalue = parse_qvalue(¶m[2]);
|
||||
if (mech->qvalue < 0.0) {
|
||||
err = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
continue;
|
||||
@@ -279,7 +308,7 @@ int ast_sip_add_security_headers(struct ast_sip_security_mechanism_vector *secur
|
||||
mech_cnt = AST_VECTOR_SIZE(security_mechanisms);
|
||||
for (i = 0; i < mech_cnt; ++i) {
|
||||
mech = AST_VECTOR_GET(security_mechanisms, i);
|
||||
if (ast_sip_security_mechanism_to_str(mech, add_qvalue, &buf)) {
|
||||
if (security_mechanism_to_str(mech, add_qvalue, &buf)) {
|
||||
continue;
|
||||
}
|
||||
ast_sip_add_header(tdata, header_name, buf);
|
||||
|
||||
Reference in New Issue
Block a user