config_auth.c

Go to the documentation of this file.

/*
 * Asterisk -- An open source telephony toolkit.
 *
 * Copyright (C) 2013, Digium, Inc.
 *
 * Mark Michelson <[email protected]>
 *
 * See http://www.asterisk.org for more information about
 * the Asterisk project. Please do not directly contact
 * any of the maintainers of this project for assistance;
 * the project provides a web site, mailing lists and IRC
 * channels for your use.
 *
 * This program is free software, distributed under the terms of
 * the GNU General Public License Version 2. See the LICENSE file
 * at the top of the source tree.
 */

#include "asterisk.h"

#include <pjsip.h>
#include <pjlib.h>
#include "asterisk/res_pjsip.h"
#include "asterisk/logger.h"
#include "asterisk/sorcery.h"
#include "asterisk/cli.h"
#include "include/res_pjsip_private.h"
#include "asterisk/res_pjsip_cli.h"

static void auth_destroy(void *obj)
{
   struct ast_sip_auth *auth = obj;
   ast_string_field_free_memory(auth);
}

static void *auth_alloc(const char *name)
{
   struct ast_sip_auth *auth = ast_sorcery_generic_alloc(sizeof(*auth), auth_destroy);

   if (!auth) {
      return NULL;
   }

   if (ast_string_field_init(auth, 64)) {
      ao2_cleanup(auth);
      return NULL;
   }

   return auth;
}

static int auth_type_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
{
   struct ast_sip_auth *auth = obj;
   if (!strcasecmp(var->value, "userpass")) {
      auth->type = AST_SIP_AUTH_TYPE_USER_PASS;
   } else if (!strcasecmp(var->value, "md5")) {
      auth->type = AST_SIP_AUTH_TYPE_MD5;
   } else if (!strcasecmp(var->value, "google_oauth")) {
#ifdef HAVE_PJSIP_OAUTH_AUTHENTICATION
      auth->type = AST_SIP_AUTH_TYPE_GOOGLE_OAUTH;
#else
      ast_log(LOG_WARNING, "OAuth support is not available in the version of PJSIP in use\n");
      return -1;
#endif
   } else {
      ast_log(LOG_WARNING, "Unknown authentication storage type '%s' specified for %s\n",
            var->value, var->name);
      return -1;
   }
   return 0;
}

static const char *auth_types_map[] = {
   [AST_SIP_AUTH_TYPE_USER_PASS] = "userpass",
   [AST_SIP_AUTH_TYPE_MD5] = "md5",
   [AST_SIP_AUTH_TYPE_GOOGLE_OAUTH] = "google_oauth"
};

const char *ast_sip_auth_type_to_str(enum ast_sip_auth_type type)
{
   return ARRAY_IN_BOUNDS(type, auth_types_map) ?
      auth_types_map[type] : "";
}

static int auth_type_to_str(const void *obj, const intptr_t *args, char **buf)
{
   const struct ast_sip_auth *auth = obj;
   *buf = ast_strdup(ast_sip_auth_type_to_str(auth->type));
   return 0;
}

static int auth_apply(const struct ast_sorcery *sorcery, void *obj)
{
   struct ast_sip_auth *auth = obj;
   int res = 0;

   if (ast_strlen_zero(auth->auth_user)) {
      ast_log(LOG_ERROR, "No authentication username for auth '%s'\n",
            ast_sorcery_object_get_id(auth));
      return -1;
   }

   switch (auth->type) {
   case AST_SIP_AUTH_TYPE_MD5:
      if (ast_strlen_zero(auth->md5_creds)) {
         ast_log(LOG_ERROR, "'md5' authentication specified but no md5_cred "
               "specified for auth '%s'\n", ast_sorcery_object_get_id(auth));
         res = -1;
      } else if (strlen(auth->md5_creds) != PJSIP_MD5STRLEN) {
         ast_log(LOG_ERROR, "'md5' authentication requires digest of size '%d', but "
            "digest is '%d' in size for auth '%s'\n", PJSIP_MD5STRLEN, (int)strlen(auth->md5_creds),
            ast_sorcery_object_get_id(auth));
         res = -1;
      }
      break;
   case AST_SIP_AUTH_TYPE_GOOGLE_OAUTH:
      if (ast_strlen_zero(auth->refresh_token)
         || ast_strlen_zero(auth->oauth_clientid)
         || ast_strlen_zero(auth->oauth_secret)) {
         ast_log(LOG_ERROR, "'google_oauth' authentication specified but refresh_token,"
            " oauth_clientid, or oauth_secret not specified for auth '%s'\n",
            ast_sorcery_object_get_id(auth));
         res = -1;
      }
      break;
   case AST_SIP_AUTH_TYPE_USER_PASS:
   case AST_SIP_AUTH_TYPE_ARTIFICIAL:
      break;
   }

   return res;
}

int ast_sip_for_each_auth(const struct ast_sip_auth_vector *vector,
           ao2_callback_fn on_auth, void *arg)
{
   int i;

   if (!vector || !AST_VECTOR_SIZE(vector)) {
      return 0;
   }

   for (i = 0; i < AST_VECTOR_SIZE(vector); ++i) {
      /* AST_VECTOR_GET is safe to use since the vector is immutable */
      RAII_VAR(struct ast_sip_auth *, auth, ast_sorcery_retrieve_by_id(
             ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE,
             AST_VECTOR_GET(vector,i)), ao2_cleanup);

      if (!auth) {
         continue;
      }

      if (on_auth(auth, arg, 0)) {
         return -1;
      }
   }

   return 0;
}

static int sip_auth_to_ami(const struct ast_sip_auth *auth,
            struct ast_str **buf)
{
   return ast_sip_sorcery_object_to_ami(auth, buf);
}

static int format_ami_auth_handler(void *obj, void *arg, int flags)
{
   const struct ast_sip_auth *auth = obj;
   struct ast_sip_ami *ami = arg;
   const struct ast_sip_endpoint *endpoint = ami->arg;
   RAII_VAR(struct ast_str *, buf,
       ast_sip_create_ami_event("AuthDetail", ami), ast_free);

   if (!buf) {
      return -1;
   }

   if (sip_auth_to_ami(auth, &buf)) {
      return -1;
   }

   if (endpoint) {
      ast_str_append(&buf, 0, "EndpointName: %s\r\n",
             ast_sorcery_object_get_id(endpoint));
   }

   astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
   ami->count++;

   return 0;
}

int ast_sip_format_auths_ami(const struct ast_sip_auth_vector *auths,
              struct ast_sip_ami *ami)
{
   return ast_sip_for_each_auth(auths, format_ami_auth_handler, ami);
}

static int format_ami_endpoint_auth(const struct ast_sip_endpoint *endpoint,
                struct ast_sip_ami *ami)
{
   ami->arg = (void *)endpoint;
   if (ast_sip_format_auths_ami(&endpoint->inbound_auths, ami)) {
      return -1;
   }

   return ast_sip_format_auths_ami(&endpoint->outbound_auths, ami);
}

static struct ast_sip_endpoint_formatter endpoint_auth_formatter = {
   .format_ami = format_ami_endpoint_auth
};

static struct ao2_container *cli_get_auths(void)
{
   struct ao2_container *auths;

   auths = ast_sorcery_retrieve_by_fields(ast_sip_get_sorcery(), "auth",
         AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL);

   return auths;
}

static int format_ami_authlist_handler(void *obj, void *arg, int flags)
{
   struct ast_sip_auth *auth = obj;
   struct ast_sip_ami *ami = arg;
   struct ast_str *buf;

   buf = ast_sip_create_ami_event("AuthList", ami);
   if (!buf) {
      return CMP_STOP;
   }

   sip_auth_to_ami(auth, &buf);

   astman_append(ami->s, "%s\r\n", ast_str_buffer(buf));
   ami->count++;

   ast_free(buf);

   return 0;
}

static int ami_show_auths(struct mansession *s, const struct message *m)
{
   struct ast_sip_ami ami = { .s = s, .m = m, .action_id = astman_get_header(m, "ActionID"), };
   struct ao2_container *auths;

   auths = cli_get_auths();
   if (!auths) {
      astman_send_error(s, m, "Could not get Auths\n");
      return 0;
   }

   if (!ao2_container_count(auths)) {
      astman_send_error(s, m, "No Auths found\n");
      ao2_ref(auths, -1);
      return 0;
   }

   astman_send_listack(s, m, "A listing of Auths follows, presented as AuthList events",
         "start");

   ao2_callback(auths, OBJ_NODATA, format_ami_authlist_handler, &ami);

   astman_send_list_complete_start(s, m, "AuthListComplete", ami.count);
   astman_send_list_complete_end(s);

   ao2_ref(auths, -1);

   return 0;
}

static struct ao2_container *cli_get_container(const char *regex)
{
   RAII_VAR(struct ao2_container *, container, NULL, ao2_cleanup);
   struct ao2_container *s_container;

   container = ast_sorcery_retrieve_by_regex(ast_sip_get_sorcery(), "auth", regex);
   if (!container) {
      return NULL;
   }

   s_container = ao2_container_alloc_list(AO2_ALLOC_OPT_LOCK_NOLOCK, 0,
      ast_sorcery_object_id_sort, ast_sorcery_object_id_compare);
   if (!s_container) {
      return NULL;
   }

   if (ao2_container_dup(s_container, container, 0)) {
      ao2_ref(s_container, -1);
      return NULL;
   }

   return s_container;
}

static int cli_iterator(void *container, ao2_callback_fn callback, void *args)
{
   return ast_sip_for_each_auth(container, callback, args);
}

static void *cli_retrieve_by_id(const char *id)
{
   return ast_sorcery_retrieve_by_id(ast_sip_get_sorcery(), SIP_SORCERY_AUTH_TYPE, id);
}

static int cli_print_header(void *obj, void *arg, int flags)
{
   struct ast_sip_cli_context *context = arg;
   int indent = CLI_INDENT_TO_SPACES(context->indent_level);
   int filler = CLI_MAX_WIDTH - indent - 20;

   ast_assert(context->output_buffer != NULL);

   ast_str_append(&context->output_buffer, 0,
      "%*s:  <AuthId/UserName%*.*s>\n", indent, "I/OAuth", filler, filler,
      CLI_HEADER_FILLER);

   return 0;
}

static int cli_print_body(void *obj, void *arg, int flags)
{
   struct ast_sip_auth *auth = obj;
   struct ast_sip_cli_context *context = arg;
   char title[32];

   ast_assert(context->output_buffer != NULL);

   snprintf(title, sizeof(title), "%sAuth",
      context->auth_direction ? context->auth_direction : "");

   ast_str_append(&context->output_buffer, 0, "%*s:  %s/%s\n",
      CLI_INDENT_TO_SPACES(context->indent_level), title,
      ast_sorcery_object_get_id(auth), auth->auth_user);

   if (context->show_details
      || (context->show_details_only_level_0 && context->indent_level == 0)) {
      ast_str_append(&context->output_buffer, 0, "\n");
      ast_sip_cli_print_sorcery_objectset(auth, context, 0);
   }

   return 0;
}

static struct ast_cli_entry cli_commands[] = {
   AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "List PJSIP Auths",
      .command = "pjsip list auths",
      .usage = "Usage: pjsip list auths [ like <pattern> ]\n"
            "       List the configured PJSIP Auths\n"
            "       Optional regular expression pattern is used to filter the list.\n"),
   AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auths",
      .command = "pjsip show auths",
      .usage = "Usage: pjsip show auths [ like <pattern> ]\n"
            "       Show the configured PJSIP Auths\n"
            "       Optional regular expression pattern is used to filter the list.\n"),
   AST_CLI_DEFINE(ast_sip_cli_traverse_objects, "Show PJSIP Auth",
      .command = "pjsip show auth",
      .usage = "Usage: pjsip show auth <id>\n"
             "       Show the configured PJSIP Auth\n"),
};

static struct ast_sip_cli_formatter_entry *cli_formatter;

/*! \brief Initialize sorcery with auth support */
int ast_sip_initialize_sorcery_auth(void)
{
   struct ast_sorcery *sorcery = ast_sip_get_sorcery();

   ast_sorcery_apply_default(sorcery, SIP_SORCERY_AUTH_TYPE, "config", "pjsip.conf,criteria=type=auth");

   if (ast_sorcery_object_register(sorcery, SIP_SORCERY_AUTH_TYPE, auth_alloc, NULL, auth_apply)) {
      return -1;
   }

   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "type", "",
         OPT_NOOP_T, 0, 0);
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "username",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_user));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "password",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, auth_pass));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "refresh_token",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, refresh_token));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "oauth_clientid",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, oauth_clientid));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "oauth_secret",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, oauth_secret));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "md5_cred",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, md5_creds));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "realm",
         "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_auth, realm));
   ast_sorcery_object_field_register(sorcery, SIP_SORCERY_AUTH_TYPE, "nonce_lifetime",
         "32", OPT_UINT_T, 0, FLDSET(struct ast_sip_auth, nonce_lifetime));
   ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_AUTH_TYPE, "auth_type",
         "userpass", auth_type_handler, auth_type_to_str, NULL, 0, 0);

   ast_sip_register_endpoint_formatter(&endpoint_auth_formatter);

   cli_formatter = ao2_alloc(sizeof(struct ast_sip_cli_formatter_entry), NULL);
   if (!cli_formatter) {
      ast_log(LOG_ERROR, "Unable to allocate memory for cli formatter\n");
      return -1;
   }
   cli_formatter->name = SIP_SORCERY_AUTH_TYPE;
   cli_formatter->print_header = cli_print_header;
   cli_formatter->print_body = cli_print_body;
   cli_formatter->get_container = cli_get_container;
   cli_formatter->iterate = cli_iterator;
   cli_formatter->get_id = ast_sorcery_object_get_id;
   cli_formatter->retrieve_by_id = cli_retrieve_by_id;

   ast_sip_register_cli_formatter(cli_formatter);
   ast_cli_register_multiple(cli_commands, ARRAY_LEN(cli_commands));

   if (ast_manager_register_xml("PJSIPShowAuths", EVENT_FLAG_SYSTEM, ami_show_auths)) {
      return -1;
   }

   return 0;
}

int ast_sip_destroy_sorcery_auth(void)
{
   ast_cli_unregister_multiple(cli_commands, ARRAY_LEN(cli_commands));
   ast_sip_unregister_cli_formatter(cli_formatter);
   ast_sip_unregister_endpoint_formatter(&endpoint_auth_formatter);

   ast_manager_unregister("PJSIPShowAuths");

   return 0;
}