Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
A
asterisk
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Issue analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Voice
asterisk
Commits
911252d7
Commit
911252d7
authored
8 years ago
by
zuul
Committed by
Gerrit Code Review
8 years ago
Browse files
Options
Downloads
Plain Diff
Merge "res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation."
parents
1774f778
6f15500c
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
res/res_pjsip_authenticator_digest.c
+73
-32
73 additions, 32 deletions
res/res_pjsip_authenticator_digest.c
with
73 additions
and
32 deletions
res/res_pjsip_authenticator_digest.c
+
73
−
32
View file @
911252d7
...
...
@@ -87,46 +87,46 @@ static void auth_store_cleanup(void *data)
AST_THREADSTORAGE_CUSTOM
(
auth_store
,
NULL
,
auth_store_cleanup
);
/*!
* \brief Store authentication information in thread-local storage
* \brief Store
shallow copy
authentication information in thread-local storage
*/
static
int
store_auth
(
struct
ast_sip_auth
*
auth
)
static
int
store_auth
(
const
struct
ast_sip_auth
*
auth
)
{
struct
ast_sip_auth
**
pointing
;
const
struct
ast_sip_auth
**
pointing
;
pointing
=
ast_threadstorage_get
(
&
auth_store
,
sizeof
(
pointing
));
if
(
!
pointing
||
*
pointing
)
{
if
(
!
pointing
)
{
return
-
1
;
}
ao2_ref
(
auth
,
+
1
);
*
pointing
=
auth
;
return
0
;
}
/*!
* \brief Remove authentication information from thread-local storage
* \brief Remove
shallow copy
authentication information from thread-local storage
*/
static
int
remove_auth
(
void
)
{
struct
ast_sip_auth
**
pointing
;
pointing
=
ast_threadstorage_get
(
&
auth_store
,
sizeof
(
pointing
));
if
(
!
pointing
)
{
return
-
1
;
}
ao2_cleanup
(
*
pointing
);
*
pointing
=
NULL
;
return
0
;
}
/*!
* \brief Retrieve authentication information from thread-local storage
* \brief Retrieve
shallow copy
authentication information from thread-local storage
*/
static
struct
ast_sip_auth
*
get_auth
(
void
)
static
const
struct
ast_sip_auth
*
get_auth
(
void
)
{
struct
ast_sip_auth
**
auth
;
auth
=
ast_threadstorage_get
(
&
auth_store
,
sizeof
(
auth
));
if
(
auth
&&
*
auth
)
{
ao2_ref
(
*
auth
,
+
1
);
if
(
auth
)
{
return
*
auth
;
}
return
NULL
;
...
...
@@ -150,7 +150,9 @@ static struct ast_sip_auth *get_auth(void)
static
pj_status_t
digest_lookup
(
pj_pool_t
*
pool
,
const
pj_str_t
*
realm
,
const
pj_str_t
*
acc_name
,
pjsip_cred_info
*
info
)
{
RAII_VAR
(
struct
ast_sip_auth
*
,
auth
,
get_auth
(),
ao2_cleanup
);
const
struct
ast_sip_auth
*
auth
;
auth
=
get_auth
();
if
(
!
auth
)
{
return
PJSIP_SC_FORBIDDEN
;
}
...
...
@@ -312,7 +314,7 @@ enum digest_verify_result {
* \return CMP_MATCH on successful authentication
* \return 0 on failed authentication
*/
static
int
verify
(
struct
ast_sip_auth
*
auth
,
pjsip_rx_data
*
rdata
,
pj_pool_t
*
pool
)
static
int
verify
(
const
struct
ast_sip_auth
*
auth
,
pjsip_rx_data
*
rdata
,
pj_pool_t
*
pool
)
{
pj_status_t
authed
;
int
response_code
;
...
...
@@ -329,9 +331,7 @@ static int verify(struct ast_sip_auth *auth, pjsip_rx_data *rdata, pj_pool_t *po
setup_auth_srv
(
pool
,
&
auth_server
,
auth
->
realm
);
store_auth
(
auth
);
authed
=
pjsip_auth_srv_verify
(
&
auth_server
,
rdata
,
&
response_code
);
remove_auth
();
if
(
authed
==
PJ_SUCCESS
)
{
...
...
@@ -389,47 +389,88 @@ static enum ast_sip_check_auth_result digest_check_auth(struct ast_sip_endpoint
pjsip_rx_data
*
rdata
,
pjsip_tx_data
*
tdata
)
{
struct
ast_sip_auth
**
auths
;
struct
ast_sip_auth
**
auths_shallow
;
enum
digest_verify_result
*
verify_res
;
struct
ast_sip_endpoint
*
artificial_endpoint
;
enum
ast_sip_check_auth_result
res
;
int
i
;
int
idx
;
int
is_artificial
;
int
failures
=
0
;
size_t
auth_size
;
RAII_VAR
(
struct
ast_sip_endpoint
*
,
artificial_endpoint
,
ast_sip_get_artificial_endpoint
(),
ao2_cleanup
);
auth_size
=
AST_VECTOR_SIZE
(
&
endpoint
->
inbound_auths
);
ast_assert
(
0
<
auth_size
);
auths
=
ast_alloca
(
auth_size
*
sizeof
(
*
auths
));
verify_res
=
ast_alloca
(
auth_size
*
sizeof
(
*
verify_res
));
if
(
!
auths
)
{
artificial_endpoint
=
ast_sip_get_artificial_endpoint
();
if
(
!
artificial_endpoint
)
{
/* Should not happen except possibly if we are shutting down. */
return
AST_SIP_AUTHENTICATION_ERROR
;
}
if
(
endpoint
==
artificial_endpoint
)
{
is_artificial
=
endpoint
==
artificial_endpoint
;
ao2_ref
(
artificial_endpoint
,
-
1
);
if
(
is_artificial
)
{
ast_assert
(
auth_size
==
1
);
auths
[
0
]
=
ast_sip_get_artificial_auth
();
}
else
if
(
ast_sip_retrieve_auths
(
&
endpoint
->
inbound_auths
,
auths
))
{
res
=
AST_SIP_AUTHENTICATION_ERROR
;
goto
cleanup
;
if
(
!
auths
[
0
])
{
/* Should not happen except possibly if we are shutting down. */
return
AST_SIP_AUTHENTICATION_ERROR
;
}
}
else
{
memset
(
auths
,
0
,
auth_size
*
sizeof
(
*
auths
));
if
(
ast_sip_retrieve_auths
(
&
endpoint
->
inbound_auths
,
auths
))
{
res
=
AST_SIP_AUTHENTICATION_ERROR
;
goto
cleanup
;
}
}
for
(
i
=
0
;
i
<
auth_size
;
++
i
)
{
if
(
ast_strlen_zero
(
auths
[
i
]
->
realm
))
{
ast_string_field_set
(
auths
[
i
],
realm
,
default_realm
);
/* Setup shallow copy of auths */
if
(
ast_strlen_zero
(
default_realm
))
{
auths_shallow
=
auths
;
}
else
{
/*
* Set default realm on a shallow copy of the authentication
* objects that don't have a realm set.
*/
auths_shallow
=
ast_alloca
(
auth_size
*
sizeof
(
*
auths_shallow
));
for
(
idx
=
0
;
idx
<
auth_size
;
++
idx
)
{
if
(
ast_strlen_zero
(
auths
[
idx
]
->
realm
))
{
/*
* Make a shallow copy and set the default realm on it.
*
* The stack allocation is OK here. Normally this will
* loop one time. If you have multiple auths then you
* shouldn't need more auths than the normal complement
* of fingers and toes. Otherwise, you should check
* your sanity for setting up your system up that way.
*/
auths_shallow
[
idx
]
=
ast_alloca
(
sizeof
(
**
auths_shallow
));
memcpy
(
auths_shallow
[
idx
],
auths
[
idx
],
sizeof
(
**
auths_shallow
));
*
((
char
**
)
(
&
auths_shallow
[
idx
]
->
realm
))
=
default_realm
;
ast_debug
(
3
,
"Using default realm '%s' on incoming auth '%s'.
\n
"
,
default_realm
,
ast_sorcery_object_get_id
(
auths_shallow
[
idx
]));
}
else
{
auths_shallow
[
idx
]
=
auths
[
idx
];
}
}
verify_res
[
i
]
=
verify
(
auths
[
i
],
rdata
,
tdata
->
pool
);
if
(
verify_res
[
i
]
==
AUTH_SUCCESS
)
{
}
for
(
idx
=
0
;
idx
<
auth_size
;
++
idx
)
{
verify_res
[
idx
]
=
verify
(
auths_shallow
[
idx
],
rdata
,
tdata
->
pool
);
if
(
verify_res
[
idx
]
==
AUTH_SUCCESS
)
{
res
=
AST_SIP_AUTHENTICATION_SUCCESS
;
goto
cleanup
;
}
if
(
verify_res
[
i
]
==
AUTH_FAIL
)
{
if
(
verify_res
[
i
dx
]
==
AUTH_FAIL
)
{
failures
++
;
}
}
for
(
i
=
0
;
i
<
auth_size
;
++
i
)
{
challenge
(
auths
[
i
]
->
realm
,
tdata
,
rdata
,
verify_res
[
i
]
==
AUTH_STALE
);
for
(
i
dx
=
0
;
i
dx
<
auth_size
;
++
i
dx
)
{
challenge
(
auths
_shallow
[
idx
]
->
realm
,
tdata
,
rdata
,
verify_res
[
i
dx
]
==
AUTH_STALE
);
}
if
(
failures
==
auth_size
)
{
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
