kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 03:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

AST-2022-002 - res_stir_shaken/curl: Add ACL checks for Identity header.

Browse Source 
Adds a new configuration option, stir_shaken_profile, in pjsip.conf that
can be specified on a per endpoint basis. This option will reference a
stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be
specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along
with permit and deny lines in the object itself) that will be used to
limit what interfaces Asterisk will attempt to retrieve information from
when reading the Identity header.

ASTERISK-29476

Change-Id: I87fa61f78a9ea0cd42530691a30da3c781842406
This commit is contained in:
Ben Ford
2022-02-28 11:19:54 -06:00
committed by Joshua Colp
parent 39cd09c246
commit 11accf8064
13 changed files with 558 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
res/res_pjsip/pjsip_config.xml
View File

@@ -1424,6 +1424,13 @@
INVITEs, an Identity header will be added.</para>
</description>
</configOption>
<configOption name="stir_shaken_profile" default="">
<synopsis>STIR/SHAKEN profile containing additional configuration options</synopsis>
<description><para>
A STIR/SHAKEN profile that is defined in stir_shaken.conf. Contains
several options and rules used for STIR/SHAKEN.</para>
</description>
</configOption>
<configOption name="allow_unauthenticated_options" default="no">
<synopsis>Skip authentication when receiving OPTIONS requests</synopsis>
<description><para>

1
res/res_pjsip/pjsip_configuration.c
View File

@@ -2192,6 +2192,7 @@ int ast_res_pjsip_initialize_configuration(void)
"prefer: pending, operation: intersect, keep: all",
codec_prefs_handler, outgoing_answer_codec_prefs_to_str, NULL, 0, 0);
ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "stir_shaken", "off", stir_shaken_handler, stir_shaken_to_str, NULL, 0, 0);
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "stir_shaken_profile", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct ast_sip_endpoint, stir_shaken_profile));
ast_sorcery_object_field_register(sip_sorcery, "endpoint", "allow_unauthenticated_options", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, allow_unauthenticated_options));
if (ast_sip_initialize_sorcery_transport()) {