Asterisk - The Open Source Telephony Project GIT-master-5963e62
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
profile_config.c
Go to the documentation of this file.
1/*
2 * Asterisk -- An open source telephony toolkit.
3 *
4 * Copyright (C) 2022, Sangoma Technologies Corporation
5 *
6 * Ben Ford <bford@sangoma.com>
7 *
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
13 *
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
17 */
18
19#include "asterisk.h"
20
21#include "asterisk/cli.h"
22#include "asterisk/sorcery.h"
23#include "asterisk/acl.h"
24#include "asterisk/stasis.h"
26
27#include "stir_shaken.h"
28
29#define CONFIG_TYPE "profile"
30
31#define DEFAULT_endpoint_behavior endpoint_behavior_OFF
32
33#define DEFAULT_ca_file NULL
34#define DEFAULT_ca_path NULL
35#define DEFAULT_crl_file NULL
36#define DEFAULT_crl_path NULL
37#define DEFAULT_untrusted_cert_file NULL
38#define DEFAULT_untrusted_cert_path NULL
39#define DEFAULT_cert_cache_dir NULL
40
41#define DEFAULT_curl_timeout 0
42#define DEFAULT_max_iat_age 0
43#define DEFAULT_max_date_header_age 0
44#define DEFAULT_max_cache_entry_age 0
45#define DEFAULT_max_cache_size 0
46
47#define DEFAULT_stir_shaken_failure_action stir_shaken_failure_action_NOT_SET
48#define DEFAULT_use_rfc9410_responses use_rfc9410_responses_NOT_SET
49#define DEFAULT_relax_x5u_port_scheme_restrictions relax_x5u_port_scheme_restrictions_NOT_SET
50#define DEFAULT_relax_x5u_path_restrictions relax_x5u_path_restrictions_NOT_SET
51#define DEFAULT_load_system_certs load_system_certs_NOT_SET
52#define DEFAULT_ignore_sip_date_header ignore_sip_date_header_NOT_SET
53
54#define DEFAULT_check_tn_cert_public_url check_tn_cert_public_url_NOT_SET
55#define DEFAULT_private_key_file NULL
56#define DEFAULT_public_cert_url NULL
57#define DEFAULT_attest_level attest_level_NOT_SET
58#define DEFAULT_unknown_tn_attest_level attest_level_NOT_SET
59#define DEFAULT_send_mky send_mky_NOT_SET
60
61static void profile_destructor(void *obj)
62{
63 struct profile_cfg *cfg = obj;
65
68
70
71 return;
72}
73
74static void *profile_alloc(const char *name)
75{
76 struct profile_cfg *profile;
77
78 profile = ast_sorcery_generic_alloc(sizeof(*profile), profile_destructor);
79 if (!profile) {
80 return NULL;
81 }
82
83 if (ast_string_field_init(profile, 2048)) {
84 ao2_ref(profile, -1);
85 return NULL;
86 }
87
88 /*
89 * The memory for the commons actually comes from cfg
90 * due to the weirdness of the STRFLDSET macro used with
91 * sorcery. We just use a token amount of memory in
92 * this call so the initialize doesn't fail.
93 */
94 if (ast_string_field_init(&profile->acfg_common, 8)) {
95 ao2_ref(profile, -1);
96 return NULL;
97 }
98
99 if (ast_string_field_init(&profile->vcfg_common, 8)) {
100 ao2_ref(profile, -1);
101 return NULL;
102 }
103
104 return profile;
105}
106
108{
111}
112
113struct profile_cfg *profile_get_cfg(const char *id)
114{
115 if (ast_strlen_zero(id)) {
116 return NULL;
117 }
119}
120
122{
123 return ast_sorcery_retrieve_by_fields(get_sorcery(), "eprofile",
125}
126
127struct profile_cfg *eprofile_get_cfg(const char *id)
128{
129 if (ast_strlen_zero(id)) {
130 return NULL;
131 }
132 return ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
133}
134
136 struct profile_cfg *base_profile)
137{
138 struct profile_cfg *eprofile;
139 struct profile_cfg *existing_eprofile;
142 const char *id = ast_sorcery_object_get_id(base_profile);
143 int rc = 0;
144
145 eprofile = ast_sorcery_alloc(get_sorcery(), "eprofile", id);
146 if (!eprofile) {
147 ast_log(LOG_ERROR, "%s: Unable to allocate memory for effective profile\n", id);
148 return NULL;
149 }
150
152 &vcfg->vcfg_common);
153 if (rc != 0) {
155 return NULL;
156 }
157
159 &base_profile->vcfg_common);
160 if (rc != 0) {
162 return NULL;
163 }
164
166 &acfg->acfg_common);
167 if (rc != 0) {
169 return NULL;
170 }
171
173 attest_level_NOT_SET, attest_level_UNKNOWN);
174
176 &base_profile->acfg_common);
177 if (rc != 0) {
179 return NULL;
180 }
181
183 attest_level_NOT_SET, attest_level_UNKNOWN);
184
185
187
188 if (eprofile->endpoint_behavior == endpoint_behavior_ON) {
189 if (acfg->global_disable && vcfg->global_disable) {
190 eprofile->endpoint_behavior = endpoint_behavior_OFF;
191 } else if (acfg->global_disable && !vcfg->global_disable) {
192 eprofile->endpoint_behavior = endpoint_behavior_VERIFY;
193 } else if (!acfg->global_disable && vcfg->global_disable) {
194 eprofile->endpoint_behavior = endpoint_behavior_ATTEST;
195 }
196 } else if (eprofile->endpoint_behavior == endpoint_behavior_ATTEST
197 && acfg->global_disable) {
198 eprofile->endpoint_behavior = endpoint_behavior_OFF;
199 } else if (eprofile->endpoint_behavior == endpoint_behavior_VERIFY
200 && vcfg->global_disable) {
201 eprofile->endpoint_behavior = endpoint_behavior_OFF;
202 }
203
204 existing_eprofile = ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
205 if (existing_eprofile) {
206 ao2_cleanup(existing_eprofile);
208 } else {
210 }
211
212 /*
213 * This triggers eprofile_apply. We _could_ just call
214 * eprofile_apply directly but this seems more keeping
215 * with how sorcery works.
216 */
218
219 return eprofile;
220}
221
222static int profile_apply(const struct ast_sorcery *sorcery, void *obj)
223{
224 struct profile_cfg *cfg = obj;
225 const char *id = ast_sorcery_object_get_id(cfg);
226
227 if (PROFILE_ALLOW_ATTEST(cfg)
228 && as_check_common_config(id, &cfg->acfg_common) != 0) {
229 return -1;
230 }
231
232 if (PROFILE_ALLOW_VERIFY(cfg)
233 && vs_check_common_config(id, &cfg->vcfg_common) !=0) {
234 return -1;
235 }
236
238 if (!cfg->eprofile) {
239 return -1;
240 }
241
242 return 0;
243}
244
245static int eprofile_apply(const struct ast_sorcery *sorcery, void *obj)
246{
247 struct profile_cfg *cfg = obj;
248 const char *id = ast_sorcery_object_get_id(cfg);
249
250 if (PROFILE_ALLOW_VERIFY(cfg) && !cfg->vcfg_common.tcs) {
251 ast_log(LOG_ERROR, "%s: Neither this profile nor default"
252 " verification options specify ca_file or ca_path\n", id);
253 return -1;
254 }
255
256 return 0;
257}
260
263
266
267static char *cli_profile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
268{
269 struct profile_cfg *profile;
270 struct config_object_cli_data data = {
271 .title = "Profile",
272 .object_type = config_object_type_profile,
273 };
274
275 switch(cmd) {
276 case CLI_INIT:
277 e->command = "stir_shaken show profile";
278 e->usage =
279 "Usage: stir_shaken show profile <id>\n"
280 " Show the stir/shaken profile settings for a given id\n";
281 return NULL;
282 case CLI_GENERATE:
283 if (a->pos == 3) {
285 } else {
286 return NULL;
287 }
288 }
289
290 if (a->argc != 4) {
291 return CLI_SHOWUSAGE;
292 }
293
294 profile = profile_get_cfg(a->argv[3]);
295 if (!profile) {
296 ast_log(LOG_ERROR,"Profile %s doesn't exist\n", a->argv[3]);
297 return CLI_FAILURE;
298 }
299 config_object_cli_show(profile, a, &data, 0);
300
301 ao2_cleanup(profile);
302
303 return CLI_SUCCESS;
304}
305
306static char *cli_profile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
307{
308 struct ao2_container *container;
309 struct config_object_cli_data data = {
310 .title = "Profile",
311 .object_type = config_object_type_profile,
312 };
313
314 switch(cmd) {
315 case CLI_INIT:
316 e->command = "stir_shaken show profiles";
317 e->usage =
318 "Usage: stir_shaken show profiles\n"
319 " Show all profiles for stir/shaken\n";
320 return NULL;
321 case CLI_GENERATE:
322 return NULL;
323 }
324
325 if (a->argc != 3) {
326 return CLI_SHOWUSAGE;
327 }
328
331 ast_cli(a->fd, "No stir/shaken profiles found\n");
333 return CLI_SUCCESS;
334 }
335
337 ao2_ref(container, -1);
338
339 return CLI_SUCCESS;
340}
341
342static char *cli_eprofile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
343{
344 struct profile_cfg *profile;
345 struct config_object_cli_data data = {
346 .title = "Effective Profile",
347 .object_type = config_object_type_profile,
348 };
349
350 switch(cmd) {
351 case CLI_INIT:
352 e->command = "stir_shaken show eprofile";
353 e->usage =
354 "Usage: stir_shaken show eprofile <id>\n"
355 " Show the stir/shaken eprofile settings for a given id\n";
356 return NULL;
357 case CLI_GENERATE:
358 if (a->pos == 3) {
360 } else {
361 return NULL;
362 }
363 }
364
365 if (a->argc != 4) {
366 return CLI_SHOWUSAGE;
367 }
368
369 profile = eprofile_get_cfg(a->argv[3]);
370 if (!profile) {
371 ast_log(LOG_ERROR,"Effective Profile %s doesn't exist\n", a->argv[3]);
372 return CLI_FAILURE;
373 }
374 config_object_cli_show(profile, a, &data, 0);
375
376 ao2_cleanup(profile);
377
378 return CLI_SUCCESS;
379}
380
381static char *cli_eprofile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
382{
383 struct ao2_container *container;
384 struct config_object_cli_data data = {
385 .title = "Effective Profile",
386 .object_type = config_object_type_profile,
387 };
388
389 switch(cmd) {
390 case CLI_INIT:
391 e->command = "stir_shaken show eprofiles";
392 e->usage =
393 "Usage: stir_shaken show eprofiles\n"
394 " Show all eprofiles for stir/shaken\n";
395 return NULL;
396 case CLI_GENERATE:
397 return NULL;
398 }
399
400 if (a->argc != 3) {
401 return CLI_SHOWUSAGE;
402 }
403
406 ast_cli(a->fd, "No stir/shaken eprofiles found\n");
408 return CLI_SUCCESS;
409 }
410
412 ao2_ref(container, -1);
413
414 return CLI_SUCCESS;
415}
416
418 AST_CLI_DEFINE(cli_profile_show, "Show stir/shaken profile by id"),
419 AST_CLI_DEFINE(cli_profile_show_all, "Show all stir/shaken profiles"),
420 AST_CLI_DEFINE(cli_eprofile_show, "Show stir/shaken eprofile by id"),
421 AST_CLI_DEFINE(cli_eprofile_show_all, "Show all stir/shaken eprofiles"),
422};
423
425{
426 struct ast_sorcery *sorcery = get_sorcery();
429 return 0;
430}
431
433{
436
437 return 0;
438}
439
441{
442 struct ast_sorcery *sorcery = get_sorcery();
443 enum ast_sorcery_apply_result apply_rc;
444
445 /*
446 * eprofile MUST be registered first because profile needs it.
447 */
448 apply_rc = ast_sorcery_apply_default(sorcery, "eprofile", "memory", NULL);
449 if (apply_rc != AST_SORCERY_APPLY_SUCCESS) {
450 abort();
451 }
454 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", "eprofile");
455 return -1;
456 }
457
458 ast_sorcery_object_field_register_nodoc(sorcery, "eprofile", "type", "", OPT_NOOP_T, 0, 0);
459 enum_option_register(sorcery, "eprofile", endpoint_behavior, _nodoc);
460 enum_option_register_ex(sorcery, "eprofile", unknown_tn_attest_level,
461 unknown_tn_attest_level, attest_level,_nodoc);
462
465
466 /*
467 * Now we can do profile
468 */
469 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=profile");
472 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
473 return -1;
474 }
475
477 enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
478 enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,
479 unknown_tn_attest_level, attest_level,);
480
483
485 ast_sorcery_load_object(sorcery, "eprofile");
486
489
490 return 0;
491}
Access Control of various sorts.
Asterisk main include file. File version handling, generic pbx functions.
#define ast_log
Definition: astobj2.c:42
int ao2_container_count(struct ao2_container *c)
Returns the number of elements in a container.
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
#define ao2_callback_data(container, flags, cb_fn, arg, data)
Definition: astobj2.h:1723
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
@ OBJ_NODATA
Definition: astobj2.h:1044
struct attestation_cfg * as_get_cfg(void)
int as_check_common_config(const char *id, struct attestation_cfg_common *acfg_common)
void acfg_cleanup(struct attestation_cfg_common *acfg_common)
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
Standard Command Line Interface.
#define CLI_SHOWUSAGE
Definition: cli.h:45
#define CLI_SUCCESS
Definition: cli.h:44
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30
#define AST_CLI_DEFINE(fn, txt,...)
Definition: cli.h:197
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
@ CLI_INIT
Definition: cli.h:152
@ CLI_GENERATE
Definition: cli.h:153
#define CLI_FAILURE
Definition: cli.h:46
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
char * config_object_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition: common_config.c:34
@ config_object_type_profile
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
struct verification_cfg * vs_get_cfg(void)
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
#define PROFILE_ALLOW_VERIFY(__profile)
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)
int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
#define PROFILE_ALLOW_ATTEST(__profile)
int vs_check_common_config(const char *id, struct verification_cfg_common *vcfg_common)
void vcfg_cleanup(struct verification_cfg_common *cfg)
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)
#define cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __not_set, __unknown)
cfg_enum_copy
@ OPT_NOOP_T
Type for a default handler that should do nothing.
static const char name[]
Definition: format_mp3.c:68
#define LOG_ERROR
generate_sorcery_enum_from_str(profile_cfg,, endpoint_behavior, UNKNOWN)
static char * cli_profile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
static void profile_destructor(void *obj)
generate_vcfg_common_sorcery_handlers(profile_cfg)
static int eprofile_apply(const struct ast_sorcery *sorcery, void *obj)
int profile_unload(void)
static struct profile_cfg * create_effective_profile(struct profile_cfg *base_profile)
int profile_load(void)
static void * profile_alloc(const char *name)
static char * cli_eprofile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
generate_sorcery_enum_to_str(profile_cfg,, endpoint_behavior)
generate_sorcery_enum_from_str_ex(profile_cfg,, unknown_tn_attest_level, attest_level, UNKNOWN)
struct profile_cfg * eprofile_get_cfg(const char *id)
struct ao2_container * eprofile_get_all(void)
struct profile_cfg * profile_get_cfg(const char *id)
struct ao2_container * profile_get_all(void)
static struct ast_cli_entry stir_shaken_profile_cli[]
static int profile_apply(const struct ast_sorcery *sorcery, void *obj)
int profile_reload(void)
static char * cli_profile_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
generate_sorcery_enum_to_str_ex(profile_cfg,, unknown_tn_attest_level, attest_level)
static char * cli_eprofile_show_all(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
#define CONFIG_TYPE
generate_acfg_common_sorcery_handlers(profile_cfg)
static struct ast_sorcery * sorcery
struct ao2_container * container
Definition: res_fax.c:531
@ UNKNOWN
Definition: res_pjsip.h:440
#define NULL
Definition: resample.c:96
Security Event Reporting API.
Sorcery Data Access Layer API.
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2317
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Definition: sorcery.h:987
@ AST_RETRIEVE_FLAG_MULTIPLE
Return all matching objects.
Definition: sorcery.h:120
@ AST_RETRIEVE_FLAG_ALL
Perform no matching, return all objects.
Definition: sorcery.h:123
int ast_sorcery_create(const struct ast_sorcery *sorcery, void *object)
Create and potentially persist an object using an available wizard.
Definition: sorcery.c:2062
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Definition: sorcery.c:1853
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
Definition: sorcery.h:837
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
Definition: sorcery.c:1393
#define ast_sorcery_internal_object_register(sorcery, type, alloc, transform, apply)
Register an internal, hidden object type.
Definition: sorcery.h:867
void * ast_sorcery_generic_alloc(size_t size, ao2_destructor_fn destructor)
Allocate a generic sorcery capable object.
Definition: sorcery.c:1728
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Definition: sorcery.h:955
void * ast_sorcery_alloc(const struct ast_sorcery *sorcery, const char *type, const char *id)
Allocate an object.
Definition: sorcery.c:1744
int ast_sorcery_update(const struct ast_sorcery *sorcery, void *object)
Update an object.
Definition: sorcery.c:2150
int ast_sorcery_objectset_apply(const struct ast_sorcery *sorcery, void *object, struct ast_variable *objectset)
Apply an object set (KVP list) to an object.
Definition: sorcery.c:1632
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Definition: sorcery.c:1457
#define ast_sorcery_apply_default(sorcery, type, name, data)
Definition: sorcery.h:476
void * ast_sorcery_retrieve_by_fields(const struct ast_sorcery *sorcery, const char *type, unsigned int flags, struct ast_variable *fields)
Retrieve an object or multiple objects using specific fields.
Definition: sorcery.c:1897
ast_sorcery_apply_result
Definition: sorcery.h:423
@ AST_SORCERY_APPLY_SUCCESS
Definition: sorcery.h:427
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Definition: stringfields.h:359
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Definition: stringfields.h:374
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
Generic container type.
descriptor for a cli entry.
Definition: cli.h:171
char * command
Definition: cli.h:186
const char * usage
Definition: cli.h:177
Full structure for sorcery.
Definition: sorcery.c:230
Profile configuration for stir/shaken.
enum endpoint_behavior_enum endpoint_behavior
struct attestation_cfg_common acfg_common
struct profile_cfg * eprofile
enum attest_level_enum unknown_tn_attest_level
struct verification_cfg_common vcfg_common
struct crypto_cert_store * tcs
static struct test_val a
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:947
#define ARRAY_LEN(a)
Definition: utils.h:672