bool ZoneAdminRpcMethod::validCaller(const HttpRequestContext& requestContext, const UtlString& peerName, XmlRpcResponse& response, const SipxRpc& sipxRpcImpl, const char* callingMethod ) { bool result = false; if (!peerName.isNull() && requestContext.isTrustedPeer(peerName)) { // ssl says the connection is from the named host if (sipxRpcImpl.isAllowedPeer(peerName)) { // sipXsupervisor says it is one of the allowed peers. result = true; OsSysLog::add(FAC_SUPERVISOR, PRI_DEBUG, "ZoneAdminRpcMethod::validCaller '%s' peer authenticated for %s", peerName.data(), callingMethod ); } else { // this peer is authenticated, but not configured, so provide a good error response UtlString faultMsg; faultMsg.append("Unconfigured calling host '"); faultMsg.append(peerName); faultMsg.append("'"); response.setFault(ZoneAdminRpcMethod::UnconfiguredPeer, faultMsg.data()); OsSysLog::add(FAC_SUPERVISOR, PRI_ERR, "%s failed - '%s' not a configured peer", callingMethod, peerName.data() ); } } else { // ssl says not authenticated - provide only a generic error response.setFault(XmlRpcResponse::AuthenticationRequired, "TLS Peer Authentication Failure"); OsSysLog::add(FAC_SUPERVISOR, PRI_ERR, "%s failed: '%s' failed SSL authentication", callingMethod, peerName.data() ); } return result; }
/// Whether or not an HTTP request is from some allowed peer, and if so which one. bool SipxRpc::isAllowedPeer(const HttpRequestContext& context, ///< the request to be checked UtlString& peer ///< if allowed, the name of the peer ) const { bool isAllowed = false; peer.remove(0); UtlSListIterator allowedPeers(mAllowedPeers); UtlString* tryPeer; while (!isAllowed && (tryPeer = dynamic_cast<UtlString*>(allowedPeers()))) { isAllowed = context.isTrustedPeer(*tryPeer); } if (isAllowed) { peer = *tryPeer; } return isAllowed; }
/// Access check function XmlRpcMethod::ExecutionStatus ConfigRPC_InDomainCallback::accessAllowed( const HttpRequestContext& requestContext, ConfigRPC_Callback::Method method ) const { XmlRpcMethod::ExecutionStatus isAllowed = ( requestContext.isTrustedPeer(mAllowedDomain) ? XmlRpcMethod::OK : XmlRpcMethod::FAILED ); /* * - XmlRpcMethod::OK if allowed * - XmlRpcMethod::FAILED if not allowed, * - XmlRpcMethod::REQUIRE_AUTHENTICATION if authentication is missing or invalid. */ if (XmlRpcMethod::FAILED == isAllowed) { Os::Logger::instance().log(FAC_KERNEL, PRI_WARNING, "ConfigRPC_InDomainCallback disallowed configuration from untrusted peer" ); } return isAllowed; }