kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-29 18:19:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3939686cdd2f198c5779621d18f0a79a7739976
asterisk/res/stasis_http/config.c
David M. Lee 9ba976b19c ARI authentication. 
This patch adds authentication support to ARI.

Two authentication methods are supported. The first is HTTP Basic
authentication, as specified in RFC 2617[1]. The second is by simply
passing the username and password as an ?api_key query parameter
(which allows swagger-ui[2] to authenticate more easily).

ARI usernames and passwords are configured in the ari.conf file
(formerly known as stasis_http.conf). The user may be set to
`read_only`, which will prohibit the user from issuing POST, DELETE,
etc. Also, the user's password may be specified in either plaintext,
or encrypted using the crypt() function.

Several other notes about the patch.

 * A few command line commands for seeing ARI config and status were
   also added.
 * The configuration parsing grew big enough that I extracted it to
   its own file.

 [1]: http://www.ietf.org/rfc/rfc2617.txt [2]:
 https://github.com/wordnik/swagger-ui

(closes issue ASTERISK-21277)
Review: https://reviewboard.asterisk.org/r/2649/



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@393530 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2013-07-03 16:33:13 +00:00

342 lines
8.1 KiB
C
Raw Blame History

/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 2013, Digium, Inc.
*
* David M. Lee, II <dlee@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*! \file
*
* \brief Config framework stuffz for ARI.
* \author David M. Lee, II <dlee@digium.com>
*/
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/config_options.h"
#include "internal.h"
/*! \brief Locking container for safe configuration access. */
static AO2_GLOBAL_OBJ_STATIC(confs);
/*! \brief Mapping of the stasis http conf struct's globals to the
* general context in the config file. */
static struct aco_type general_option = {
.type = ACO_GLOBAL,
.name = "general",
.item_offset = offsetof(struct ari_conf, general),
.category = "^general$",
.category_match = ACO_WHITELIST,
};
static struct aco_type *general_options[] = ACO_TYPES(&general_option);
/*! \brief Encoding format handler converts from boolean to enum. */
static int encoding_format_handler(const struct aco_option *opt,
struct ast_variable *var, void *obj)
{
struct ari_conf_general *general = obj;
if (!strcasecmp(var->name, "pretty")) {
general->format = ast_true(var->value) ?
AST_JSON_PRETTY : AST_JSON_COMPACT;
} else {
return -1;
}
return 0;
}
/*! \brief Parses the ari_password_format enum from a config file */
static int password_format_handler(const struct aco_option *opt,
struct ast_variable *var, void *obj)
{
struct ari_conf_user *user = obj;
if (strcasecmp(var->value, "plain") == 0) {
user->password_format = ARI_PASSWORD_FORMAT_PLAIN;
} else if (strcasecmp(var->value, "crypt") == 0) {
user->password_format = ARI_PASSWORD_FORMAT_CRYPT;
} else {
return -1;
}
return 0;
}
/*! \brief Destructor for \ref ari_conf_user */
static void user_dtor(void *obj)
{
struct ari_conf_user *user = obj;
ast_debug(3, "Disposing of user %s\n", user->username);
ast_free(user->username);
}
/*! \brief Allocate an \ref ari_conf_user for config parsing */
static void *user_alloc(const char *cat)
{
RAII_VAR(struct ari_conf_user *, user, NULL, ao2_cleanup);
const char *username;
if (!cat) {
return NULL;
}
username = strchr(cat, '-') + 1;
if (!username) {
ast_log(LOG_ERROR, "Invalid user category '%s'\n", cat);
return NULL;
}
ast_debug(3, "Allocating user %s\n", cat);
user = ao2_alloc_options(sizeof(*user), user_dtor,
AO2_ALLOC_OPT_LOCK_NOLOCK);
if (!user) {
return NULL;
}
user->username = ast_strdup(username);
if (!user->username) {
return NULL;
}
ao2_ref(user, +1);
return user;
}
/*! \brief Sorting function for use with red/black tree */
static int user_sort_cmp(const void *obj_left, const void *obj_right, int flags)
{
const struct ari_conf_user *user_left = obj_left;
if (flags & OBJ_PARTIAL_KEY) {
const char *key_right = obj_right;
return strncasecmp(user_left->username, key_right,
strlen(key_right));
} else if (flags & OBJ_KEY) {
const char *key_right = obj_right;
return strcasecmp(user_left->username, key_right);
} else {
const struct ari_conf_user *user_right = obj_right;
const char *key_right = user_right->username;
return strcasecmp(user_left->username, key_right);
}
}
/*! \brief \ref aco_type item_find function */
static void *user_find(struct ao2_container *tmp_container, const char *cat)
{
const char *username;
if (!cat) {
return NULL;
}
username = strchr(cat, '-') + 1;
return ao2_find(tmp_container, username, OBJ_KEY);
}
static struct aco_type user_option = {
.type = ACO_ITEM,
.name = "user",
.category_match = ACO_WHITELIST,
.category = "^user-.+$",
.item_alloc = user_alloc,
.item_find = user_find,
.item_offset = offsetof(struct ari_conf, users),
};
static struct aco_type *user[] = ACO_TYPES(&user_option);
/*! \brief \ref ari_conf destructor. */
static void conf_destructor(void *obj)
{
struct ari_conf *cfg = obj;
ao2_cleanup(cfg->general);
ao2_cleanup(cfg->users);
}
/*! \brief Allocate an \ref ari_conf for config parsing */
static void *conf_alloc(void)
{
RAII_VAR(struct ari_conf *, cfg, NULL, ao2_cleanup);
cfg = ao2_alloc_options(sizeof(*cfg), conf_destructor,
AO2_ALLOC_OPT_LOCK_NOLOCK);
if (!cfg) {
return NULL;
}
cfg->general = ao2_alloc_options(sizeof(*cfg->general), NULL,
AO2_ALLOC_OPT_LOCK_NOLOCK);
if (!cfg->general) {
return NULL;
}
cfg->users = ao2_container_alloc_rbtree(AO2_ALLOC_OPT_LOCK_NOLOCK,
AO2_CONTAINER_ALLOC_OPT_DUPS_REPLACE, user_sort_cmp, NULL);
ao2_ref(cfg, +1);
return cfg;
}
#define CONF_FILENAME "ari.conf"
/*! \brief The conf file that's processed for the module. */
static struct aco_file conf_file = {
/*! The config file name. */
.filename = CONF_FILENAME,
/*! The mapping object types to be processed. */
.types = ACO_TYPES(&general_option, &user_option),
};
CONFIG_INFO_STANDARD(cfg_info, confs, conf_alloc,
.files = ACO_FILES(&conf_file));
struct ari_conf *ari_config_get(void)
{
struct ari_conf *res = ao2_global_obj_ref(confs);
if (!res) {
ast_log(LOG_ERROR,
"Error obtaining config from " CONF_FILENAME "\n");
}
return res;
}
struct ari_conf_user *ari_config_validate_user(const char *username,
const char *password)
{
RAII_VAR(struct ari_conf *, conf, NULL, ao2_cleanup);
RAII_VAR(struct ari_conf_user *, user, NULL, ao2_cleanup);
int is_valid = 0;
conf = ari_config_get();
if (!conf) {
return NULL;
}
user = ao2_find(conf->users, username, OBJ_KEY);
if (!user) {
return NULL;
}
if (ast_strlen_zero(user->password)) {
ast_log(LOG_WARNING,
"User '%s' missing password; authentication failed\n",
user->username);
return NULL;
}
switch (user->password_format) {
case ARI_PASSWORD_FORMAT_PLAIN:
is_valid = strcmp(password, user->password) == 0;
break;
case ARI_PASSWORD_FORMAT_CRYPT:
is_valid = ast_crypt_validate(password, user->password);
break;
}
if (!is_valid) {
return NULL;
}
ao2_ref(user, +1);
return user;
}
/*! \brief Callback to validate a user object */
static int validate_user_cb(void *obj, void *arg, int flags)
{
struct ari_conf_user *user = obj;
if (ast_strlen_zero(user->password)) {
ast_log(LOG_WARNING, "User '%s' missing password\n",
user->username);
}
return 0;
}
/*! \brief Load (or reload) configuration. */
static int process_config(int reload)
{
RAII_VAR(struct ari_conf *, conf, NULL, ao2_cleanup);
switch (aco_process_config(&cfg_info, reload)) {
case ACO_PROCESS_ERROR:
return -1;
case ACO_PROCESS_OK:
case ACO_PROCESS_UNCHANGED:
break;
}
conf = ari_config_get();
if (!conf) {
ast_assert(0); /* We just configured; it should be there */
return -1;
}
if (ao2_container_count(conf->users) == 0) {
ast_log(LOG_ERROR, "No configured users for ARI\n");
}
ao2_callback(conf->users, OBJ_NODATA, validate_user_cb, NULL);
return 0;
}
int ari_config_init(void)
{
if (aco_info_init(&cfg_info)) {
aco_info_destroy(&cfg_info);
return -1;
}
aco_option_register(&cfg_info, "enabled", ACO_EXACT, general_options,
"yes", OPT_BOOL_T, 1,
FLDSET(struct ari_conf_general, enabled));
aco_option_register_custom(&cfg_info, "pretty", ACO_EXACT,
general_options, "no", encoding_format_handler, 0);
aco_option_register(&cfg_info, "auth_realm", ACO_EXACT, general_options,
"Asterisk REST Interface", OPT_CHAR_ARRAY_T, 0,
FLDSET(struct ari_conf_general, auth_realm),
ARI_AUTH_REALM_LEN);
aco_option_register(&cfg_info, "read_only", ACO_EXACT, user,
"no", OPT_BOOL_T, 1,
FLDSET(struct ari_conf_user, read_only));
aco_option_register(&cfg_info, "password", ACO_EXACT, user,
"", OPT_CHAR_ARRAY_T, 0,
FLDSET(struct ari_conf_user, password), ARI_PASSWORD_LEN);
aco_option_register_custom(&cfg_info, "password_format", ACO_EXACT,
user, "plain", password_format_handler, 0);
return process_config(0);
}
int ari_config_reload(void)
{
return process_config(1);
}
void ari_config_destroy(void)
{
aco_info_destroy(&cfg_info);
ao2_global_obj_release(confs);
}
Reference in New Issue View Git Blame Copy Permalink