res_stir_shaken.c File Reference

#include "asterisk.h"
#include "asterisk/app.h"
#include "asterisk/cli.h"
#include "asterisk/conversions.h"
#include "asterisk/module.h"
#include "asterisk/global_datastores.h"
#include "asterisk/pbx.h"
#include "res_stir_shaken/stir_shaken.h"

Include dependency graph for res_stir_shaken.c:

Go to the source code of this file.

Data Structures
struct	stir_datastore

Macros
#define	_TRACE_PREFIX_   "rss",__LINE__, ""
#define	TN_AUTH_LIST_LONG   "TNAuthorizationList"
#define	TN_AUTH_LIST_OID   "1.3.6.1.5.5.7.1.26"
#define	TN_AUTH_LIST_SHORT   "TNAuthList"

Functions
static void	__reg_module (void)
static void	__unreg_module (void)
struct ast_module *	AST_MODULE_SELF_SYM (void)
int	ast_stir_shaken_add_result_to_channel (struct ast_stir_shaken_vs_ctx *ctx)
	Add a STIR/SHAKEN verification result to a channel. More...
static int	check_for_old_config (void)
static int	func_read (struct ast_channel *chan, const char *function, char *data, char *buf, size_t len)
	Retrieves STIR/SHAKEN verification information for the channel via dialplan. Examples: More...
int	get_tn_auth_nid (void)
	Retrieves the OpenSSL NID for the TN Auth list extension. More...
static int	load_module (void)
static int	reload_module (void)
static void	stir_datastore_destroy_cb (void *data)
	The callback to destroy a stir_shaken_datastore. More...
static void	stir_datastore_free (struct stir_datastore *datastore)
	Frees a stir_shaken_datastore structure. More...
static int	unload_module (void)

Variables
static struct ast_module_info	__mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "STIR/SHAKEN Module for Asterisk" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND - 1, .requires = "res_curl", }
static const struct ast_module_info *	ast_module_info = &__mod_info
static const struct ast_datastore_info	stir_shaken_datastore_info
static struct ast_custom_function	stir_shaken_function
static int	tn_auth_list_nid

Macro Definition Documentation

_TRACE_PREFIX_

#define _TRACE_PREFIX_   "rss",__LINE__, ""

Definition at line 26 of file res_stir_shaken.c.

TN_AUTH_LIST_LONG

#define TN_AUTH_LIST_LONG   "TNAuthorizationList"

Definition at line 300 of file res_stir_shaken.c.

TN_AUTH_LIST_OID

#define TN_AUTH_LIST_OID   "1.3.6.1.5.5.7.1.26"

Definition at line 298 of file res_stir_shaken.c.

TN_AUTH_LIST_SHORT

#define TN_AUTH_LIST_SHORT   "TNAuthList"

Definition at line 299 of file res_stir_shaken.c.

Function Documentation

__reg_module()

static void __reg_module ( void  )

static

Definition at line 390 of file res_stir_shaken.c.

__unreg_module()

static void __unreg_module ( void  )

static

Definition at line 390 of file res_stir_shaken.c.

AST_MODULE_SELF_SYM()

struct ast_module * AST_MODULE_SELF_SYM

(

void

)

Definition at line 390 of file res_stir_shaken.c.

ast_stir_shaken_add_result_to_channel()

int ast_stir_shaken_add_result_to_channel

(

struct ast_stir_shaken_vs_ctx *

ctx

)

Add a STIR/SHAKEN verification result to a channel.

Parameters

ctx	VS context

Return values

-1	on failure
0	on success

Definition at line 89 of file res_stir_shaken.c.

{
    struct stir_datastore *stir_datastore;
    struct ast_datastore *chan_datastore;
    const char *chan_name;
 
    if (!ctx->chan) {
        ast_log(LOG_ERROR, "Channel is required to add STIR/SHAKEN verification\n");
        return -1;
    }
 
    chan_name = ast_channel_name(ctx->chan);
 
    if (!ctx->identity_hdr) {
        ast_log(LOG_ERROR, "No identity to add STIR/SHAKEN verification to channel "
            "%s\n", chan_name);
        return -1;
    }
 
    if (!ctx->attestation) {
        ast_log(LOG_ERROR, "Attestation cannot be NULL to add STIR/SHAKEN verification to "
            "channel %s\n", chan_name);
        return -1;
    }
 
    stir_datastore = ast_calloc(1, sizeof(*stir_datastore));
    if (!stir_datastore) {
        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore for "
            "channel %s\n", chan_name);
        return -1;
    }
 
    stir_datastore->identity = ast_strdup(ctx->identity_hdr);
    if (!stir_datastore->identity) {
        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
            "identity for channel %s\n", chan_name);
        stir_datastore_free(stir_datastore);
        return -1;
    }
 
    stir_datastore->attestation = ast_strdup(ctx->attestation);
    if (!stir_datastore->attestation) {
        ast_log(LOG_ERROR, "Failed to allocate space for STIR/SHAKEN datastore "
            "attestation for channel %s\n", chan_name);
        stir_datastore_free(stir_datastore);
        return -1;
    }
 
    stir_datastore->verify_result = ctx->failure_reason;
 
    chan_datastore = ast_datastore_alloc(&stir_shaken_datastore_info, NULL);
    if (!chan_datastore) {
        ast_log(LOG_ERROR, "Failed to allocate space for datastore for channel "
            "%s\n", chan_name);
        stir_datastore_free(stir_datastore);
        return -1;
    }
 
    chan_datastore->data = stir_datastore;
 
    ast_channel_lock(ctx->chan);
    ast_channel_datastore_add(ctx->chan, chan_datastore);
    ast_channel_unlock(ctx->chan);
 
    return 0;
}

References ast_calloc, ast_channel_datastore_add(), ast_channel_lock, ast_channel_name(), ast_channel_unlock, ast_datastore_alloc, ast_log, ast_strdup, stir_datastore::attestation, ast_stir_shaken_vs_ctx::attestation, ast_stir_shaken_vs_ctx::chan, ast_datastore::data, ast_stir_shaken_vs_ctx::failure_reason, stir_datastore::identity, ast_stir_shaken_vs_ctx::identity_hdr, LOG_ERROR, NULL, stir_datastore_free(), stir_shaken_datastore_info, and stir_datastore::verify_result.

Referenced by process_failure(), and stir_shaken_incoming_request().

check_for_old_config()

static int check_for_old_config ( void  )

static

Definition at line 302 of file res_stir_shaken.c.

{
    const char *error_msg = "There appears to be a 'stir_shaken.conf' file"
    " with old configuration options in it.  Please see the new config"
    " file format in the configs/samples/stir_shaken.conf.sample file"
    " in the source tree at https://github.com/asterisk/asterisk/raw/master/configs/samples/stir_shaken.conf.sample"
    " or visit https://docs.asterisk.org/Deployment/STIR-SHAKEN for more information.";
    RAII_VAR(struct ast_config *, cfg, NULL, ast_config_destroy);
    struct ast_flags config_flags = { 0 };
    char *cat = NULL;
 
    cfg = ast_config_load("stir_shaken.conf", config_flags);
    if (cfg == CONFIG_STATUS_FILEMISSING) {
        /*
         * They may be loading from realtime so the fact that there's
         * no stir-shaken.conf file isn't an issue for this purpose.
         */
        return AST_MODULE_LOAD_SUCCESS;
    } else if (cfg == CONFIG_STATUS_FILEINVALID) {
        cfg = NULL;
        ast_log(LOG_ERROR, "The stir_shaken.conf file is invalid\n");
        return AST_MODULE_LOAD_DECLINE;
    } else if (cfg == CONFIG_STATUS_FILEUNCHANGED) {
        /* This can never happen but is included for completeness */
        cfg = NULL;
        return AST_MODULE_LOAD_SUCCESS;
    }
 
    while ((cat = ast_category_browse(cfg, cat))) {
        const char *val;
        if (strcasecmp(cat, "general") == 0) {
            ast_log(LOG_ERROR, "%s\n", error_msg);
            return AST_MODULE_LOAD_DECLINE;
        }
        val = ast_variable_retrieve(cfg, cat, "type");
        if (val && (strcasecmp(val, "store") == 0 ||
            strcasecmp(val, "certificate") == 0)) {
            ast_log(LOG_ERROR, "%s\n", error_msg);
            return AST_MODULE_LOAD_DECLINE;
        }
    }
 
    return AST_MODULE_LOAD_SUCCESS;
}

References ast_category_browse(), ast_config_destroy(), ast_config_load, ast_log, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_variable_retrieve(), CONFIG_STATUS_FILEINVALID, CONFIG_STATUS_FILEMISSING, CONFIG_STATUS_FILEUNCHANGED, LOG_ERROR, NULL, and RAII_VAR.

Referenced by load_module().

func_read()

static int func_read ( struct ast_channel *  chan, const char *  function, char *  data, char *  buf, size_t  len  )

static

Retrieves STIR/SHAKEN verification information for the channel via dialplan. Examples:

STIR_SHAKEN(count) STIR_SHAKEN(0, identity) STIR_SHAKEN(1, attestation) STIR_SHAKEN(27, verify_result)

Return values

-1	on failure
0	on success

Definition at line 169 of file res_stir_shaken.c.

{
    struct stir_datastore *stir_datastore;
    struct ast_datastore *chan_datastore;
    char *parse;
    char *first;
    char *second;
    unsigned int target_index, current_index = 0;
    AST_DECLARE_APP_ARGS(args,
        AST_APP_ARG(first_param);
        AST_APP_ARG(second_param);
    );
 
    if (ast_strlen_zero(data)) {
        ast_log(LOG_WARNING, "%s requires at least one argument\n", function);
        return -1;
    }
 
    if (!chan) {
        ast_log(LOG_ERROR, "No channel for %s function\n", function);
        return -1;
    }
 
    parse = ast_strdupa(data);
 
    AST_STANDARD_APP_ARGS(args, parse);
 
    first = ast_strip(args.first_param);
    if (ast_strlen_zero(first)) {
        ast_log(LOG_ERROR, "An argument must be passed to %s\n", function);
        return -1;
    }
 
    second = ast_strip(args.second_param);
 
    /* Check if we are only looking for the number of STIR/SHAKEN verification results */
    if (!strcasecmp(first, "count")) {
        size_t count = 0;
 
        if (!ast_strlen_zero(second)) {
            ast_log(LOG_ERROR, "%s only takes 1 paramater for 'count'\n", function);
            return -1;
        }
 
        ast_channel_lock(chan);
        AST_LIST_TRAVERSE(ast_channel_datastores(chan), chan_datastore, entry) {
            if (chan_datastore->info != &stir_shaken_datastore_info) {
                continue;
            }
            count++;
        }
        ast_channel_unlock(chan);
 
        snprintf(buf, len, "%zu", count);
        return 0;
    }
 
    /* If we aren't doing a count, then there should be two parameters. The field
     * we are searching for will be the second parameter. The index is the first.
     */
    if (ast_strlen_zero(second)) {
        ast_log(LOG_ERROR, "Retrieving a value using %s requires two paramaters (index, value) "
            "- only index was given\n", function);
        return -1;
    }
 
    if (ast_str_to_uint(first, &target_index)) {
        ast_log(LOG_ERROR, "Failed to convert index %s to integer for function %s\n",
            first, function);
        return -1;
    }
 
    /* We don't store by uid for the datastore, so just search for the specified index */
    ast_channel_lock(chan);
    AST_LIST_TRAVERSE(ast_channel_datastores(chan), chan_datastore, entry) {
        if (chan_datastore->info != &stir_shaken_datastore_info) {
            continue;
        }
 
        if (current_index == target_index) {
            break;
        }
 
        current_index++;
    }
    ast_channel_unlock(chan);
    if (current_index != target_index || !chan_datastore) {
        ast_log(LOG_WARNING, "No STIR/SHAKEN results for index '%s'\n", first);
        return -1;
    }
    stir_datastore = chan_datastore->data;
 
    if (!strcasecmp(second, "identity")) {
        ast_copy_string(buf, stir_datastore->identity, len);
    } else if (!strcasecmp(second, "attestation")) {
        ast_copy_string(buf, stir_datastore->attestation, len);
    } else if (!strcasecmp(second, "verify_result")) {
        ast_copy_string(buf, vs_response_code_to_str(stir_datastore->verify_result), len);
    } else {
        ast_log(LOG_ERROR, "No such value '%s' for %s\n", second, function);
        return -1;
    }
 
    return 0;
}

References args, AST_APP_ARG, ast_channel_datastores(), ast_channel_lock, ast_channel_unlock, ast_copy_string(), AST_DECLARE_APP_ARGS, AST_LIST_TRAVERSE, ast_log, AST_STANDARD_APP_ARGS, ast_str_to_uint(), ast_strdupa, ast_strip(), ast_strlen_zero(), stir_datastore::attestation, buf, ast_datastore::data, first, stir_datastore::identity, ast_datastore::info, len(), LOG_ERROR, LOG_WARNING, stir_shaken_datastore_info, stir_datastore::verify_result, and vs_response_code_to_str().

get_tn_auth_nid()

int get_tn_auth_nid

(

void

)

Retrieves the OpenSSL NID for the TN Auth list extension.

Return values

The

NID

Definition at line 41 of file res_stir_shaken.c.

{
    return tn_auth_list_nid;
}

References tn_auth_list_nid.

Referenced by check_tn_auth_list().

load_module()

static int load_module ( void  )

static

Definition at line 347 of file res_stir_shaken.c.

{
    int res = 0;
 
    res = check_for_old_config();
    if (res != AST_MODULE_LOAD_SUCCESS) {
        return res;
    }
 
    res = crypto_load();
    if (res != AST_MODULE_LOAD_SUCCESS) {
        return res;
    }
 
    tn_auth_list_nid = crypto_register_x509_extension(TN_AUTH_LIST_OID,
        TN_AUTH_LIST_SHORT, TN_AUTH_LIST_LONG);
    if (tn_auth_list_nid < 0) {
        unload_module();
        return AST_MODULE_LOAD_DECLINE;
    }
 
    res = common_config_load();
    if (res != AST_MODULE_LOAD_SUCCESS) {
        unload_module();
        return res;
    }
 
    res = ast_custom_function_register(&stir_shaken_function);
    if (res != 0) {
        unload_module();
        return AST_MODULE_LOAD_DECLINE;
    }
 
    return AST_MODULE_LOAD_SUCCESS;
}

References ast_custom_function_register, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, check_for_old_config(), common_config_load(), crypto_load(), crypto_register_x509_extension(), stir_shaken_function, TN_AUTH_LIST_LONG, tn_auth_list_nid, TN_AUTH_LIST_OID, TN_AUTH_LIST_SHORT, and unload_module().

reload_module()

static int reload_module ( void  )

static

Definition at line 281 of file res_stir_shaken.c.

{
    return common_config_reload();
}

References common_config_reload().

stir_datastore_destroy_cb()

static void stir_datastore_destroy_cb ( void *  data )

static

The callback to destroy a stir_shaken_datastore.

Parameters

data	The stir_shaken_datastore

Definition at line 77 of file res_stir_shaken.c.

{
    struct stir_datastore *datastore = data;
    stir_datastore_free(datastore);
}

References stir_datastore_free().

stir_datastore_free()

static void stir_datastore_free ( struct stir_datastore *  datastore )

static

Frees a stir_shaken_datastore structure.

Parameters

datastore

The datastore to free

Definition at line 61 of file res_stir_shaken.c.

{
    if (!datastore) {
        return;
    }
 
    ast_free(datastore->identity);
    ast_free(datastore->attestation);
    ast_free(datastore);
}

References ast_free, stir_datastore::attestation, and stir_datastore::identity.

Referenced by ast_stir_shaken_add_result_to_channel(), and stir_datastore_destroy_cb().

unload_module()

static int unload_module ( void  )

static

Definition at line 286 of file res_stir_shaken.c.

{
    int res = 0;
 
    common_config_unload();
    crypto_unload();
 
    res |= ast_custom_function_unregister(&stir_shaken_function);
 
    return 0;
}

References ast_custom_function_unregister(), common_config_unload(), crypto_unload(), and stir_shaken_function.

Referenced by load_module().

Variable Documentation

__mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "STIR/SHAKEN Module for Asterisk" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CHANNEL_DEPEND - 1, .requires = "res_curl", }

static

Definition at line 390 of file res_stir_shaken.c.

ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info

static

Definition at line 390 of file res_stir_shaken.c.

stir_shaken_datastore_info

const struct ast_datastore_info stir_shaken_datastore_info

static

Initial value:

= {
    .type = "STIR/SHAKEN VERIFICATION",
    .destroy = stir_datastore_destroy_cb,
}

Definition at line 84 of file res_stir_shaken.c.

Referenced by ast_stir_shaken_add_result_to_channel(), and func_read().

stir_shaken_function

struct ast_custom_function stir_shaken_function

static

Initial value:

= {
    .name = "STIR_SHAKEN",
    .read = func_read,
}

Definition at line 276 of file res_stir_shaken.c.

Referenced by load_module(), and unload_module().

tn_auth_list_nid

int tn_auth_list_nid

static

Definition at line 39 of file res_stir_shaken.c.

Referenced by get_tn_auth_nid(), and load_module().