kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 04:11:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_pjsip: mediasec: Add Security-Client headers after 401

Browse Source 
When using mediasec, requests sent after a 401 must still contain the
Security-Client header according to
draft-dawes-sipcore-mediasec-parameter.

Resolves: #48
(cherry picked from commit f3cc1e7fbd)
This commit is contained in:
Maximilian Fridrich
2023-05-02 10:55:39 +02:00
committed by Asterisk Development Team
parent ea564b640d
commit 9cfda39d36
5 changed files with 175 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
res/res_pjsip_rfc3329.c
View File

@@ -34,18 +34,40 @@
#include "asterisk/causes.h"
#include "asterisk/threadpool.h"
/*! \brief Private data structure used with the modules's datastore */
struct rfc3329_store_data {
int last_rx_status_code;
};
static void datastore_destroy_cb(void *data)
{
struct rfc3329_store_data *d = data;
if (d) {
ast_free(d);
}
}
/*! \brief The channel datastore the module uses to store state */
static const struct ast_datastore_info rfc3329_store_datastore = {
.type = "rfc3329_store",
.destroy = datastore_destroy_cb
};
static void rfc3329_incoming_response(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
{
RAII_VAR(struct ast_datastore *, datastore, ast_sip_session_get_datastore(session, "rfc3329_store"), ao2_cleanup);
static const pj_str_t str_security_server = { "Security-Server", 15 };
struct ast_sip_contact_status *contact_status = NULL;
struct ast_sip_security_mechanism *mech;
struct rfc3329_store_data *store_data;
pjsip_generic_string_hdr *header;
char buf[128];
char *hdr_val;
char *mechanism;
if (!session || !session->endpoint || !session->endpoint->security_negotiation
|| !session->contact || !(contact_status = ast_sip_get_contact_status(session->contact))) {
|| !session->contact || !(contact_status = ast_sip_get_contact_status(session->contact))
|| !session->inv_session->dlg) {
return;
}
@@ -54,6 +76,17 @@ static void rfc3329_incoming_response(struct ast_sip_session *session, struct pj
goto out;
}
if (!datastore
&& (datastore = ast_sip_session_alloc_datastore(&rfc3329_store_datastore, "rfc3329_store"))
&& (store_data = ast_calloc(1, sizeof(struct rfc3329_store_data)))) {
store_data->last_rx_status_code = rdata->msg_info.msg->line.status.code;
datastore->data = store_data;
ast_sip_session_add_datastore(session, datastore);
} else {
ast_log(AST_LOG_WARNING, "Could not store session data. Still attempting requests, but they might be missing necessary headers.\n");
}
header = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &str_security_server, NULL);
for (; header;
header = pjsip_msg_find_hdr_by_name(rdata->msg_info.msg, &str_security_server, header->next)) {
@@ -73,12 +106,14 @@ out:
ao2_cleanup(contact_status);
}
static void add_outgoing_request_headers(struct ast_sip_endpoint *endpoint, struct ast_sip_contact *contact, struct pjsip_tx_data *tdata)
static void add_outgoing_request_headers(struct ast_sip_endpoint *endpoint, struct ast_sip_contact *contact, struct pjsip_tx_data *tdata,
struct ast_datastore *datastore)
{
static const pj_str_t security_verify = { "Security-Verify", 15 };
struct pjsip_generic_string_hdr *hdr = NULL;
struct ast_sip_contact_status *contact_status = NULL;
struct rfc3329_store_data *store_data;
if (endpoint->security_negotiation != AST_SIP_SECURITY_NEG_MEDIASEC) {
return;
}
@@ -94,23 +129,26 @@ static void add_outgoing_request_headers(struct ast_sip_endpoint *endpoint, stru
if (AST_VECTOR_SIZE(&contact_status->security_mechanisms) && hdr == NULL) {
/* Add Security-Verify headers (with q-value) */
ast_sip_add_security_headers(&contact_status->security_mechanisms, "Security-Verify", 0, tdata);
} else if (!hdr && AST_VECTOR_SIZE(&endpoint->security_mechanisms)) {
/* Add Security-Client headers (no q-value) */
ast_sip_add_security_headers(&endpoint->security_mechanisms, "Security-Client", 0, tdata);
}
if (datastore) {
store_data = datastore->data;
if (store_data->last_rx_status_code == 401) {
/* Add Security-Client headers (no q-value) */
ast_sip_add_security_headers(&endpoint->security_mechanisms, "Security-Client", 0, tdata);
}
}
ao2_unlock(contact_status);
ast_sip_add_header(tdata, "Require", "mediasec");
ast_sip_add_header(tdata, "Proxy-Require", "mediasec");
ao2_cleanup(contact_status);
}
static void rfc3329_outgoing_request(struct ast_sip_session *session, struct pjsip_tx_data *tdata)
{
RAII_VAR(struct ast_datastore *, datastore, ast_sip_session_get_datastore(session, "rfc3329_store"), ao2_cleanup);
if (session->contact == NULL) {
return;
}
add_outgoing_request_headers(session->endpoint, session->contact, tdata);
add_outgoing_request_headers(session->endpoint, session->contact, tdata, datastore);
}
static struct ast_sip_session_supplement rfc3329_supplement = {
@@ -120,7 +158,7 @@ static struct ast_sip_session_supplement rfc3329_supplement = {
static void rfc3329_options_request(struct ast_sip_endpoint *endpoint, struct ast_sip_contact *contact, struct pjsip_tx_data *tdata)
{
add_outgoing_request_headers(endpoint, contact, tdata);
add_outgoing_request_headers(endpoint, contact, tdata, NULL);
}
static struct ast_sip_supplement rfc3329_options_supplement = {
@@ -138,10 +176,11 @@ static int load_module(void)
static int unload_module(void)
{
ast_sip_session_unregister_supplement(&rfc3329_supplement);
ast_sip_unregister_supplement(&rfc3329_options_supplement);
return 0;
}
AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP RFC 3329 Support (partial)",
AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP RFC3329 Support (partial)",
.support_level = AST_MODULE_SUPPORT_CORE,
.load = load_module,
.unload = unload_module,