[mod_sofia] Deprecate the auth-subscriptions profile param by setting it to be enable...

author Dhruv Gupta <87171798+dhruvecosmob@users.noreply.github.com>

Thu, 30 Sep 2021 21:37:03 +0000 (03:07 +0530)

committer Andrey Volk <andywolk@gmail.com>

Thu, 30 Sep 2021 21:40:24 +0000 (00:40 +0300)
author Dhruv Gupta <87171798+dhruvecosmob@users.noreply.github.com>
Thu, 30 Sep 2021 21:37:03 +0000 (03:07 +0530)
committer Andrey Volk <andywolk@gmail.com>
Thu, 30 Sep 2021 21:40:24 +0000 (00:40 +0300)
diff --git a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml

index 3166094a273f4763fe232e1b235f7c1d6343fb32..37e0937aeb1b0f5124fd037ced06d1f616c5f60e 100644 (file)
--- a/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
+++ b/src/mod/endpoints/mod_sofia/conf/sofia.conf.xml
@@ -330,6 +330,14 @@
               disable-auth-messages param has higher priority than the deprecated auth-messages param. -->
          <!-- <param name="disable-auth-messages" value="true"/> -->
  
+        <!-- NOTICE: auth-subscriptions was deprecated and authentication is enabled by default now.
+             See disable-auth-subscriptions param for more details. -->
+        <!-- <param name="auth-subscriptions" value="false"/> -->
+        <!-- Uncomment to stop authentication on subscriptions packets.
+             By default authentication is enabled.
+             disable-auth-subscriptions param has higher priority than the deprecated auth-subscriptions param. -->
+        <!-- <param name="disable-auth-subscriptions" value="true"/> -->
+
          <!-- external_sip_ip
               Used as the public IP address for SDP.
               Can be an one of:
diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c

index 4af8d3d45138662d85f4d0da77c85bcfcb58db49..b5051dda767c4d909456195b9c86187bc8b067d4 100644 (file)
--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -4591,7 +4591,9 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                         } else {
                                 switch_memory_pool_t *pool = NULL;
                                 char *auth_messages_value = NULL;
-                               uint8_t disable_auth_flag = 0;
+                               char *auth_subscriptions_value = NULL;
+                               uint8_t disable_message_auth_flag = 0;
+                               uint8_t disable_subscription_auth_flag = 0;
  
                                 if (!xprofilename) {
                                         xprofilename = "unnamed";
@@ -5593,13 +5595,17 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                                         sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
                                                 }
  
-                                               disable_auth_flag = 1;
+                                               disable_message_auth_flag = 1;
                                         } else if (!strcasecmp(var, "auth-subscriptions")) {
+                                               auth_subscriptions_value = switch_core_strdup(profile->pool, val);
+                                       } else if (!strcasecmp(var, "disable-auth-subscriptions")) {
                                                 if (switch_true(val)) {
-                                                       sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
-                                               } else {
                                                         sofia_clear_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
+                                               } else {
+                                                       sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
                                                 }
+
+                                               disable_subscription_auth_flag = 1;
                                         } else if (!strcasecmp(var, "extended-info-parsing")) {
                                                 if (switch_true(val)) {
                                                         sofia_set_pflag(profile, PFLAG_EXTENDED_INFO_PARSING);
@@ -6104,7 +6110,7 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                         }
                                 }
  
-                               if (!disable_auth_flag) {
+                               if (!disable_message_auth_flag) {
                                         if (!auth_messages_value || switch_true(auth_messages_value)) {
                                                 sofia_set_pflag(profile, PFLAG_AUTH_MESSAGES);
                                         } else {
@@ -6112,6 +6118,14 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name)
                                         }
                                 }
  
+                               if (!disable_subscription_auth_flag) {
+                                       if (!auth_subscriptions_value || switch_true(auth_subscriptions_value)) {
+                                               sofia_set_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
+                                       } else {
+                                               sofia_clear_pflag(profile, PFLAG_AUTH_SUBSCRIPTIONS);
+                                       }
+                               }
+
                                 if (sofia_test_flag(profile, TFLAG_ZRTP_PASSTHRU) && !sofia_test_flag(profile, TFLAG_LATE_NEGOTIATION)) {
                                         switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "ZRTP passthrough implictly enables inbound-late-negotiation\n");
                                         sofia_set_flag(profile, TFLAG_LATE_NEGOTIATION);
diff --git a/src/mod/endpoints/mod_sofia/test/conf-sipp/freeswitch.xml b/src/mod/endpoints/mod_sofia/test/conf-sipp/freeswitch.xml

index dee105561bf480317048dd9e2642ff5687f60313..f75764a5f0b985ce5ba6cac9cf0021cf4a785e85 100644 (file)
--- a/src/mod/endpoints/mod_sofia/test/conf-sipp/freeswitch.xml
+++ b/src/mod/endpoints/mod_sofia/test/conf-sipp/freeswitch.xml
@@ -424,7 +424,7 @@
          <param name="outbound-codec-prefs" value="PCMU"/>
          <param name="rtp-timer-name" value="soft"/>
          <param name="local-network-acl" value="localnet.auto"/>
-        <param name="manage-presence" value="false"/>
+        <param name="manage-presence" value="true"/>
          <param name="inbound-codec-negotiation" value="generous"/>
          <param name="nonce-ttl" value="60"/>
          <param name="inbound-late-negotiation" value="true"/>
diff --git a/src/mod/endpoints/mod_sofia/test/sipp-based-tests.c b/src/mod/endpoints/mod_sofia/test/sipp-based-tests.c

index 03a0e4a654ab0ec473fff568341d5ce55c402265..5f24da0fa8f7611f700bf73a828f30c75144e40e 100644 (file)
--- a/src/mod/endpoints/mod_sofia/test/sipp-based-tests.c
+++ b/src/mod/endpoints/mod_sofia/test/sipp-based-tests.c
@@ -96,6 +96,18 @@ static int start_sipp_uas(const char *ip, int listen_port, const char *scenario_
  
         return sys_ret;
  }
+static int run_sipp(const char *ip, int remote_port, int listen_port, const char *dialed_number, const char *scenario_uac, const char *auth_password, const char *extra)
+{
+       char *cmd = switch_mprintf("sipp %s:%d -nr -p %d -m 1 -s %s -recv_timeout 10000 -timeout 10s -sf %s -au %s -ap %s -bg %s", ip, remote_port, listen_port, dialed_number, scenario_uac, dialed_number, auth_password, extra);
+       int sys_ret = switch_system(cmd, SWITCH_TRUE);
+
+       printf("%s\n", cmd);
+       switch_safe_free(cmd);
+       switch_sleep(1000 * 1000);
+
+       return sys_ret;
+}
+
  static void kill_sipp(void)
  {
         switch_system("pkill -x sipp", SWITCH_TRUE);
@@ -382,7 +394,7 @@ skiptest:
  
                         switch_event_bind("sofia", SWITCH_EVENT_CUSTOM, NULL, event_handler_reg_fail, NULL);
  
-                       sipp_ret = start_sipp_uas(local_ip_v4, 6080, "sipp-scenarios/uas_register_403.xml", "");
+                       sipp_ret = start_sipp_uas(local_ip_v4, 6080, "sipp-scenarios/uac_407_subscriber.xml", "-inf data.csv");
                         if (sipp_ret < 0 || sipp_ret == 127) {
                                 fst_requires(0); /* sipp not found */
                         }
@@ -401,6 +413,45 @@ skiptest:
                 }
                 FST_TEST_END()
  
+               FST_TEST_BEGIN(subscribe_auth_check)
+               {
+                       const char *local_ip_v4 = switch_core_get_variable("local_ip_v4");
+                       const char *auth_password = switch_core_get_variable("default_password");
+                       switch_cache_db_handle_t *dbh = NULL;
+                       char *dsn = "sofia_reg_internal";
+                       char count[20]="";
+                       char count1[20]="";
+                       int sipp_ret;
+
+                       /* check without 407 Proxy Authentication. If count not 0 fail case. */
+                       sipp_ret = run_sipp(local_ip_v4, 5060, 6091, "1001", "sipp-scenarios/uac_subscriber.xml", auth_password, "");
+                       if (sipp_ret < 0 || sipp_ret == 127) {
+                               fst_requires(0); /* sipp not found */
+                       }
+                       switch_sleep(100 * 1000);
+
+                       if (switch_cache_db_get_db_handle_dsn(&dbh, dsn) == SWITCH_STATUS_SUCCESS) {
+                               switch_cache_db_execute_sql2str(dbh, "select count(*) from  sip_subscriptions where contact like \"%1001%6091%\";", (char *)&count1, 20, NULL);
+                               switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Count : %s\n", count1);
+                       }
+                       fst_check_string_equals(count1, "0");
+
+                       /* check with 407  Proxy Authentication Required. If count not 1 fail case. */
+                       sipp_ret = run_sipp(local_ip_v4, 5060, 6090, "1001", "sipp-scenarios/uac_407_subscriber.xml", auth_password, "");
+                       if (sipp_ret < 0 || sipp_ret == 127) {
+                               fst_requires(0); /* sipp not found */
+                       }
+                       switch_sleep(100 * 1000);
+
+                       switch_cache_db_execute_sql2str(dbh, "select count(*) from  sip_subscriptions where contact like \"%1001%6090%\";", (char *)&count, 20, NULL);
+                       switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_INFO, "Count : %s\n", count);
+                       fst_check_string_equals(count, "1");
+
+                       /* sipp should timeout, attempt kill, just in case.*/
+                       kill_sipp();
+               }
+               FST_TEST_END()
+
                 FST_TEST_BEGIN(register_no_challange)
                 {
                         const char *local_ip_v4 = switch_core_get_variable("local_ip_v4");
diff --git a/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_407_subscriber.xml b/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_407_subscriber.xml

new file mode 100644 (file)

index 0000000..9e484fb
--- /dev/null
+++ b/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_407_subscriber.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<scenario name="UAC with challenge subscribe">
+
+  <send retrans="500">
+    <![CDATA[
+
+      SUBSCRIBE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: [service] <sip:[service]@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
+      To: sut <sip:[service]@[remote_ip]:[remote_port]>
+      Call-ID: [call_id]
+      CSeq: 1 SUBSCRIBE
+      Contact: sip:[service]@[local_ip]:[local_port]
+      Max-Forwards: 70
+      Event: presence
+         Allow: SUBSCRIBE
+         Expires: 120
+      Accept: application/simple-message-summary
+      Allow-Events: presence, kpml
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+  <recv response="407" rtd="true" auth="true"/>
+
+  <send retrans="500">
+    <![CDATA[
+
+      SUBSCRIBE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: [service] <sip:[service]@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
+      To: sut <sip:[service]@[remote_ip]:[remote_port]>
+      Call-ID: [call_id]
+      CSeq: 2 SUBSCRIBE
+      Contact: sip:[service]@[local_ip]:[local_port]
+      Max-Forwards: 70
+      Event: presence
+      Expires: 120
+      Allow: SUBSCRIBE
+      Accept: application/simple-message-summary
+      Allow-Events: presence, kpml
+      Content-Length: 0
+      [authentication]
+
+    ]]>
+  </send>
+
+</scenario>
+
diff --git a/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_subscriber.xml b/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_subscriber.xml

new file mode 100644 (file)

index 0000000..69107bd
--- /dev/null
+++ b/src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_subscriber.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<scenario name="UAC with subscribe only">
+
+  <send retrans="500">
+    <![CDATA[
+
+      SUBSCRIBE sip:[service]@[remote_ip]:[remote_port] SIP/2.0
+      Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
+      From: [service] <sip:[service]@[local_ip]:[local_port]>;tag=[pid]SIPpTag00[call_number]
+      To: sut <sip:[service]@[remote_ip]:[remote_port]>
+      Call-ID: [call_id]
+      CSeq: 1 SUBSCRIBE
+      Contact: sip:[service]@[local_ip]:[local_port]
+      Max-Forwards: 70
+      Event: presence
+         Allow: SUBSCRIBE
+         Expires: 120
+      Accept: application/simple-message-summary
+      Allow-Events: presence, kpml
+      Content-Length: 0
+
+    ]]>
+  </send>
+
+  <recv response="202" timeout="2000">
+  </recv>
+
+</scenario>
author	Dhruv Gupta <87171798+dhruvecosmob@users.noreply.github.com>
	Thu, 30 Sep 2021 21:37:03 +0000 (03:07 +0530)
committer	Andrey Volk <andywolk@gmail.com>
	Thu, 30 Sep 2021 21:40:24 +0000 (00:40 +0300)
src/mod/endpoints/mod_sofia/conf/sofia.conf.xml		patch \| blob \| blame \| history
src/mod/endpoints/mod_sofia/sofia.c		patch \| blob \| blame \| history
src/mod/endpoints/mod_sofia/test/conf-sipp/freeswitch.xml		patch \| blob \| blame \| history
src/mod/endpoints/mod_sofia/test/sipp-based-tests.c		patch \| blob \| blame \| history
src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_407_subscriber.xml	[new file with mode: 0644]	patch \| blob
src/mod/endpoints/mod_sofia/test/sipp-scenarios/uac_subscriber.xml	[new file with mode: 0644]	patch \| blob