Ejemplo n.º 1
0
bool ZoneAdminRpcMethod::validCaller(const HttpRequestContext& requestContext,
                                const UtlString&          peerName,
                                XmlRpcResponse&           response,
                                const SipxRpc&            sipxRpcImpl,
                                const char*               callingMethod
                                )
{
   bool result = false;

   if (!peerName.isNull() && requestContext.isTrustedPeer(peerName))
   {
      // ssl says the connection is from the named host
      if (sipxRpcImpl.isAllowedPeer(peerName))
      {
         // sipXsupervisor says it is one of the allowed peers.
         result = true;
         OsSysLog::add(FAC_SUPERVISOR, PRI_DEBUG,
                       "ZoneAdminRpcMethod::validCaller '%s' peer authenticated for %s",
                       peerName.data(), callingMethod
                       );
      }
      else
      {
         // this peer is authenticated, but not configured, so provide a good error response
         UtlString faultMsg;
         faultMsg.append("Unconfigured calling host '");
         faultMsg.append(peerName);
         faultMsg.append("'");
         response.setFault(ZoneAdminRpcMethod::UnconfiguredPeer, faultMsg.data());

         OsSysLog::add(FAC_SUPERVISOR, PRI_ERR,
                       "%s failed - '%s' not a configured peer",
                       callingMethod, peerName.data()
                       );
      }
   }
   else
   {
      // ssl says not authenticated - provide only a generic error
      response.setFault(XmlRpcResponse::AuthenticationRequired, "TLS Peer Authentication Failure");

      OsSysLog::add(FAC_SUPERVISOR, PRI_ERR,
                    "%s failed: '%s' failed SSL authentication",
                    callingMethod, peerName.data()
                    );
   }

   return result;
}
Ejemplo n.º 2
0
/// Whether or not an HTTP request is from some allowed peer, and if so which one.
bool SipxRpc::isAllowedPeer(const HttpRequestContext& context, ///< the request to be checked
                            UtlString& peer                    ///< if allowed, the name of the peer
                            ) const
{
   bool isAllowed = false;
   peer.remove(0);

   UtlSListIterator allowedPeers(mAllowedPeers);
   UtlString* tryPeer;
   while (!isAllowed && (tryPeer = dynamic_cast<UtlString*>(allowedPeers())))
   {
      isAllowed = context.isTrustedPeer(*tryPeer);
   }
   if (isAllowed)
   {
      peer = *tryPeer;
   }
   return isAllowed;
}
Ejemplo n.º 3
0
/// Access check function
XmlRpcMethod::ExecutionStatus ConfigRPC_InDomainCallback::accessAllowed(
   const HttpRequestContext&  requestContext,
   ConfigRPC_Callback::Method method
                                                                        ) const
{
   XmlRpcMethod::ExecutionStatus isAllowed = (  requestContext.isTrustedPeer(mAllowedDomain)
                                              ? XmlRpcMethod::OK
                                              : XmlRpcMethod::FAILED
                                              );
   /*
    * - XmlRpcMethod::OK if allowed
    * - XmlRpcMethod::FAILED if not allowed,
    * - XmlRpcMethod::REQUIRE_AUTHENTICATION if authentication is missing or invalid.
    */
   if (XmlRpcMethod::FAILED == isAllowed)
   {
      Os::Logger::instance().log(FAC_KERNEL, PRI_WARNING,
                    "ConfigRPC_InDomainCallback disallowed configuration from untrusted peer"
                    );
   }
   return isAllowed;
}