res/res_pjsip_outbound_authenticator_digest.c

   1 /*
   2  * Asterisk -- An open source telephony toolkit.
   3  *
   4  * Copyright (C) 2013, Digium, Inc.
   5  *
   6  * Mark Michelson <mmichelson@digium.com>
   7  *
   8  * See http://www.asterisk.org for more information about
   9  * the Asterisk project. Please do not directly contact
  10  * any of the maintainers of this project for assistance;
  11  * the project provides a web site, mailing lists and IRC
  12  * channels for your use.
  13  *
  14  * This program is free software, distributed under the terms of
  15  * the GNU General Public License Version 2. See the LICENSE file
  16  * at the top of the source tree.
  17  */
  18
  19 /*** MODULEINFO
  20         <depend>pjproject</depend>
  21         <depend>res_pjsip</depend>
  22         <support_level>core</support_level>
  23  ***/
  24
  25 #include "asterisk.h"
  26
  27 #include <pjsip.h>
  28
  29 #include "asterisk/res_pjsip.h"
  30 #include "asterisk/logger.h"
  31 #include "asterisk/module.h"
  32 #include "asterisk/strings.h"
  33
  34 static int set_outbound_authentication_credentials(pjsip_auth_clt_sess *auth_sess, const struct ast_sip_auth_array *array)
  35 {
  36         struct ast_sip_auth **auths = ast_alloca(array->num * sizeof(*auths));
  37         pjsip_cred_info *auth_creds = ast_alloca(array->num * sizeof(*auth_creds));
  38         int res = 0;
  39         int i;
  40
  41         if (ast_sip_retrieve_auths(array, auths)) {
  42                 res = -1;
  43                 goto cleanup;
  44         }
  45
  46         for (i = 0; i < array->num; ++i) {
  47                 pj_cstr(&auth_creds[i].realm, auths[i]->realm);
  48                 pj_cstr(&auth_creds[i].username, auths[i]->auth_user);
  49                 pj_cstr(&auth_creds[i].scheme, "digest");
  50                 switch (auths[i]->type) {
  51                 case AST_SIP_AUTH_TYPE_USER_PASS:
  52                         pj_cstr(&auth_creds[i].data, auths[i]->auth_pass);
  53                         auth_creds[i].data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
  54                         break;
  55                 case AST_SIP_AUTH_TYPE_MD5:
  56                         pj_cstr(&auth_creds[i].data, auths[i]->md5_creds);
  57                         auth_creds[i].data_type = PJSIP_CRED_DATA_DIGEST;
  58                         break;
  59                 case AST_SIP_AUTH_TYPE_ARTIFICIAL:
  60                         ast_log(LOG_ERROR, "Trying to set artificial outbound auth credentials shouldn't happen.\n");
  61                         break;
  62                 }
  63         }
  64
  65         pjsip_auth_clt_set_credentials(auth_sess, array->num, auth_creds);
  66
  67 cleanup:
  68         ast_sip_cleanup_auths(auths, array->num);
  69         return res;
  70 }
  71
  72 static int digest_create_request_with_auth(const struct ast_sip_auth_array *auths, pjsip_rx_data *challenge,
  73                 pjsip_transaction *tsx, pjsip_tx_data **new_request)
  74 {
  75         pjsip_auth_clt_sess auth_sess;
  76
  77         if (pjsip_auth_clt_init(&auth_sess, ast_sip_get_pjsip_endpoint(),
  78                                 tsx->pool, 0) != PJ_SUCCESS) {
  79                 ast_log(LOG_WARNING, "Failed to initialize client authentication session\n");
  80                 return -1;
  81         }
  82
  83         if (set_outbound_authentication_credentials(&auth_sess, auths)) {
  84                 ast_log(LOG_WARNING, "Failed to set authentication credentials\n");
  85                 return -1;
  86         }
  87
  88         switch (pjsip_auth_clt_reinit_req(&auth_sess, challenge,
  89                                 tsx->last_tx, new_request)) {
  90         case PJ_SUCCESS:
  91                 return 0;
  92         case PJSIP_ENOCREDENTIAL:
  93                 ast_log(LOG_WARNING, "Unable to create request with auth."
  94                                 "No auth credentials for any realms in challenge.\n");
  95                 break;
  96         case PJSIP_EAUTHSTALECOUNT:
  97                 ast_log(LOG_WARNING, "Unable to create request with auth."
  98                                 "Number of stale retries exceeded\n");
  99                 break;
 100         case PJSIP_EFAILEDCREDENTIAL:
 101                 ast_log(LOG_WARNING, "Authentication credentials not accepted by server\n");
 102                 break;
 103         default:
 104                 ast_log(LOG_WARNING, "Unable to create request with auth. Unknown failure\n");
 105                 break;
 106         }
 107
 108         return -1;
 109 }
 110
 111 static struct ast_sip_outbound_authenticator digest_authenticator = {
 112         .create_request_with_auth = digest_create_request_with_auth,
 113 };
 114
 115 static int load_module(void)
 116 {
 117         if (ast_sip_register_outbound_authenticator(&digest_authenticator)) {
 118                 return AST_MODULE_LOAD_DECLINE;
 119         }
 120         return AST_MODULE_LOAD_SUCCESS;
 121 }
 122
 123 static int unload_module(void)
 124 {
 125         ast_sip_unregister_outbound_authenticator(&digest_authenticator);
 126         return 0;
 127 }
 128
 129 AST_MODULE_INFO(ASTERISK_GPL_KEY, AST_MODFLAG_LOAD_ORDER, "PJSIP authentication resource",
 130                 .load = load_module,
 131                 .unload = unload_module,
 132                 .load_pri = AST_MODPRI_CHANNEL_DEPEND,
 133 );