kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-04 03:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

New SIP Channel driver: Always Auth Reject

Browse Source 
If no matching endpoint is found for the incoming request Asterisk will respond
with a 401 Unauthorized (rejecting the request), but will first challenge if
no authorization creditials are given.

Changes also included moving ACL options into a new global 'security'
configuration section in res_sip.conf.

(closes issue ASTERISK-21433)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2554/


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393442 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin Harwell
2013-07-02 17:06:06 +00:00
parent de206baa99
commit a25a630659
10 changed files with 256 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
include/asterisk/res_sip.h
View File

@@ -237,6 +237,8 @@ enum ast_sip_auth_type {
AST_SIP_AUTH_TYPE_USER_PASS,
/*! Credentials stored as an MD5 sum */
AST_SIP_AUTH_TYPE_MD5,
/*! Credentials not stored this is a fake auth */
AST_SIP_AUTH_TYPE_ARTIFICIAL
};
#define SIP_SORCERY_AUTH_TYPE "auth"
@@ -481,6 +483,17 @@ struct ast_sip_endpoint_identifier {
struct ast_sip_endpoint *(*identify_endpoint)(pjsip_rx_data *rdata);
};
#define SIP_SORCERY_SECURITY_TYPE "security"
/*!
* \brief SIP security details and configuration.
*/
struct ast_sip_security {
SORCERY_OBJECT(details);
struct ast_acl_list *acl;
struct ast_acl_list *contact_acl;
};
/*!
* \brief Register a SIP service in Asterisk.
*
@@ -777,6 +790,16 @@ int ast_sip_initialize_sorcery_domain_alias(struct ast_sorcery *sorcery);
*/
int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery);
/*!
* \brief Initialize security support on a sorcery instance
*
* \param sorcery The sorcery instance
*
* \retval -1 failure
* \retval 0 success
*/
int ast_sip_initialize_sorcery_security(struct ast_sorcery *sorcery);
/*!
* \brief Callback called when an outbound request with authentication credentials is to be sent in dialog
*
@@ -825,6 +848,27 @@ int ast_sip_dialog_setup_outbound_authentication(pjsip_dialog *dlg, const struct
*/
int ast_sip_initialize_distributor(void);
/*!
* \brief Destruct the distributor module.
*
* Unregisters pjsip modules and cleans up any allocated resources.
*/
void ast_sip_destroy_distributor(void);
/*!
* \brief Retrieves a reference to the artificial auth.
*
* \retval The artificial auth
*/
struct ast_sip_auth *ast_sip_get_artificial_auth(void);
/*!
* \brief Retrieves a reference to the artificial endpoint.
*
* \retval The artificial endpoint
*/
struct ast_sip_endpoint *ast_sip_get_artificial_endpoint(void);
/*!
* \page Threading model for SIP
*