res_pjsip_caller_id: Anonymize 'From' when caller id presentation is prohibited

Per RFC3325, the 'From' header is now anonymized on outgoing calls when caller id presentation is prohibited. TID = trust_id_outbound PRO = Set(CALLERID(pres)=prohib) USR = endpoint/from_user DOM = endpoint/from_domain PAI = YES(privacy=off), NO(not sent), PRI(privacy=full) (assumes send_pai=yes) Conditions |Result --------------------|---------------------------------------------------- TID PRO USR DOM |PAI FROM --------------------|---------------------------------------------------- Y Y abc def.ghi |PRI "Anonymous" <sip:abc@def.ghi> Y Y abc |PRI "Anonymous" <sip:abc@anonymous.invalid> Y Y def.ghi |PRI "Anonymous" <sip:anonymous@def.ghi> Y Y |PRI "Anonymous" <sip:anonymous@anonymous.invalid> Y N abc def.ghi |YES <sip:abc@def.ghi> Y N abc |YES <sip:abc@<ip_address>> Y N def.ghi |YES "Caller Name" <sip:<caller_exten>@def.ghi> Y N |YES "Caller Name" <sip:<caller_exten>@<ip_address>> N Y abc def.ghi |NO "Anonymous" <sip:abc@def.ghi> N Y abc |NO "Anonymous" <sip:abc@anonymous.invalid> N Y def.ghi |NO "Anonymous" <sip:anonymous@def.ghi> N Y |NO "Anonymous" <sip:anonymous@anonymous.invalid> N N abc def.ghi |YES <sip:abc@def.ghi> N N abc |YES <sip:abc@<ip_address>> N N def.ghi |YES "Caller Name" <sip:<caller_exten>@def.ghi> N N |YES "Caller Name" <sip:<caller_exten>@<ip_address>> ASTERISK-25791 #close Reported-by: Anthony Messina Change-Id: I2c82a5ca1413c2c00fb62ea95b0ae8e97af54dc9
9 years ago · 2b9849625c
parent afef0dc038
commit 2b9849625c
6 changed files with 151 additions and 78 deletions
--- a/5
+++ b/5
@ -215,6 +215,11 @@ Queue
 --- Functionality changes from Asterisk 13.7.0 to Asterisk 13.8.0 ------------
 ------------------------------------------------------------------------------

+res_pjsip_caller_id
+------------------
+ * Per RFC3325, the 'From' header is now anonymized on outgoing calls when
+   caller id presentation is prohibited.
+
 res_pjsip_config_wizard
 ------------------
 * A new command (pjsip export config_wizard primitives) has been added that
--- a/include/asterisk/res_pjsip.h
+++ b/include/asterisk/res_pjsip.h
@ -2247,4 +2247,14 @@ int ast_sip_set_tpselector_from_transport(const struct ast_sip_transport *transp
 */
 int ast_sip_set_tpselector_from_transport_name(const char *transport_name, pjsip_tpselector *selector);

+/*!
+ * \brief Set name and number information on an identity header.
+ *
+ * \param pool Memory pool to use for string duplication
+ * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
+ * \param id The identity information to apply to the header
+ */
+void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr,
+	const struct ast_party_id *id);
+
 #endif /* _RES_PJSIP_H */
--- a/include/asterisk/res_pjsip_session.h
+++ b/include/asterisk/res_pjsip_session.h
@ -151,6 +151,8 @@ struct ast_sip_session {
 	enum ast_sip_session_t38state t38state;
 	/*! The AOR associated with this session */
 	struct ast_sip_aor *aor;
+	/*! From header saved at invite creation */
+	pjsip_fromto_hdr *saved_from_hdr;
 };

 typedef int (*ast_sip_session_request_creation_cb)(struct ast_sip_session *session, pjsip_tx_data *tdata);
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@ -3898,6 +3898,35 @@ const char *ast_sip_get_host_ip_string(int af)
 	return NULL;
 }

+/*!
+ * \brief Set name and number information on an identity header.
+ *
+ * \param pool Memory pool to use for string duplication
+ * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
+ * \param id The identity information to apply to the header
+ */
+void ast_sip_modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const struct ast_party_id *id)
+{
+	pjsip_name_addr *id_name_addr;
+	pjsip_sip_uri *id_uri;
+
+	id_name_addr = (pjsip_name_addr *) id_hdr->uri;
+	id_uri = pjsip_uri_get_uri(id_name_addr->uri);
+
+	if (id->name.valid) {
+		int name_buf_len = strlen(id->name.str) * 2 + 1;
+		char *name_buf = ast_alloca(name_buf_len);
+
+		ast_escape_quoted(id->name.str, name_buf, name_buf_len);
+		pj_strdup2(pool, &id_name_addr->display, name_buf);
+	}
+
+	if (id->number.valid) {
+		pj_strdup2(pool, &id_uri->user, id->number.str);
+	}
+}
+
+
 static void remove_request_headers(pjsip_endpoint *endpt)
 {
 	const pjsip_hdr *request_headers = pjsip_endpt_get_request_headers(endpt);
--- a/res/res_pjsip_caller_id.c
+++ b/res/res_pjsip_caller_id.c
@ -396,34 +396,6 @@ static void caller_id_incoming_response(struct ast_sip_session *session, pjsip_r
 	update_incoming_connected_line(session, rdata);
 }

-/*!
- * \internal
- * \brief Set name and number information on an identity header.
- * \param pool Memory pool to use for string duplication
- * \param id_hdr A From, P-Asserted-Identity, or Remote-Party-ID header to modify
- * \param id The identity information to apply to the header
- */
-static void modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const struct ast_party_id *id)
-{
-	pjsip_name_addr *id_name_addr;
-	pjsip_sip_uri *id_uri;
-
-	id_name_addr = (pjsip_name_addr *) id_hdr->uri;
-	id_uri = pjsip_uri_get_uri(id_name_addr->uri);
-
-	if (id->name.valid) {
-		int name_buf_len = strlen(id->name.str) * 2 + 1;
-		char *name_buf = ast_alloca(name_buf_len);
-
-		ast_escape_quoted(id->name.str, name_buf, name_buf_len);
-		pj_strdup2(pool, &id_name_addr->display, name_buf);
-	}
-
-	if (id->number.valid) {
-		pj_strdup2(pool, &id_uri->user, id->number.str);
-	}
-}
-
 /*!
 * \internal
 * \brief Create an identity header for an outgoing message
@ -432,15 +404,12 @@ static void modify_id_header(pj_pool_t *pool, pjsip_fromto_hdr *id_hdr, const st
 * \param id The identification information for the new header
 * \return newly-created header
 */
-static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_tx_data *tdata, const struct ast_party_id *id)
+static pjsip_fromto_hdr *create_new_id_hdr(const pj_str_t *hdr_name, pjsip_fromto_hdr *base, pjsip_tx_data *tdata, const struct ast_party_id *id)
 {
 	pjsip_fromto_hdr *id_hdr;
-	pjsip_fromto_hdr *base;
 	pjsip_name_addr *id_name_addr;
 	pjsip_sip_uri *id_uri;

-	base = tdata->msg->type == PJSIP_REQUEST_MSG ? PJSIP_MSG_FROM_HDR(tdata->msg) :
-		PJSIP_MSG_TO_HDR(tdata->msg);
 	id_hdr = pjsip_from_hdr_create(tdata->pool);
 	id_hdr->type = PJSIP_H_OTHER;
 	pj_strdup(tdata->pool, &id_hdr->name, hdr_name);
@ -500,9 +469,10 @@ static void add_privacy_header(pjsip_tx_data *tdata, const struct ast_party_id *
 * \param tdata The message to add the header to
 * \param id The identification information used to populate the header
 */
-static void add_pai_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
+static void add_pai_header(const struct ast_sip_session *session, pjsip_tx_data *tdata, const struct ast_party_id *id)
 {
 	static const pj_str_t pj_pai_name = { "P-Asserted-Identity", 19 };
+	pjsip_fromto_hdr *base;
 	pjsip_fromto_hdr *pai_hdr;
 	pjsip_fromto_hdr *old_pai;

@ -523,13 +493,16 @@ static void add_pai_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
 		if (old_pai->type == PJSIP_H_OTHER) {
 			pj_list_erase(old_pai);
 		} else {
-			modify_id_header(tdata->pool, old_pai, id);
+			ast_sip_modify_id_header(tdata->pool, old_pai, id);
 			add_privacy_header(tdata, id);
 			return;
 		}
 	}

-	pai_hdr = create_new_id_hdr(&pj_pai_name, tdata, id);
+	base = tdata->msg->type == PJSIP_REQUEST_MSG ? session->saved_from_hdr :
+		PJSIP_MSG_TO_HDR(tdata->msg);
+
+	pai_hdr = create_new_id_hdr(&pj_pai_name, base, tdata, id);
 	if (!pai_hdr) {
 		return;
 	}
@ -602,9 +575,10 @@ static void add_privacy_params(pjsip_tx_data *tdata, pjsip_fromto_hdr *hdr, cons
 * \param tdata The message to add the header to
 * \param id The identification information used to populate the header
 */
-static void add_rpid_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
+static void add_rpid_header(const struct ast_sip_session *session, pjsip_tx_data *tdata, const struct ast_party_id *id)
 {
 	static const pj_str_t pj_rpid_name = { "Remote-Party-ID", 15 };
+	pjsip_fromto_hdr *base;
 	pjsip_fromto_hdr *rpid_hdr;
 	pjsip_fromto_hdr *old_rpid;

@ -625,13 +599,16 @@ static void add_rpid_header(pjsip_tx_data *tdata, const struct ast_party_id *id)
 		if (old_rpid->type == PJSIP_H_OTHER) {
 			pj_list_erase(old_rpid);
 		} else {
-			modify_id_header(tdata->pool, old_rpid, id);
+			ast_sip_modify_id_header(tdata->pool, old_rpid, id);
 			add_privacy_params(tdata, old_rpid, id);
 			return;
 		}
 	}

-	rpid_hdr = create_new_id_hdr(&pj_rpid_name, tdata, id);
+	base = tdata->msg->type == PJSIP_REQUEST_MSG ? session->saved_from_hdr :
+		PJSIP_MSG_TO_HDR(tdata->msg);
+
+	rpid_hdr = create_new_id_hdr(&pj_rpid_name, base, tdata, id);
 	if (!rpid_hdr) {
 		return;
 	}
@ -658,10 +635,10 @@ static void add_id_headers(const struct ast_sip_session *session, pjsip_tx_data
 		return;
 	}
 	if (session->endpoint->id.send_pai) {
-		add_pai_header(tdata, id);
+		add_pai_header(session, tdata, id);
 	}
 	if (session->endpoint->id.send_rpid) {
-		add_rpid_header(tdata, id);
+		add_rpid_header(session, tdata, id);
 	}
 }

@ -669,10 +646,9 @@ static void add_id_headers(const struct ast_sip_session *session, pjsip_tx_data
 * \internal
 * \brief Session supplement callback for outgoing INVITE requests
 *
- * For an initial INVITE request, we may change the From header to appropriately
- * reflect the identity information. On all INVITEs (initial and reinvite) we may
- * add other identity headers such as P-Asserted-Identity and Remote-Party-ID based
- * on configuration and privacy settings
+ * On all INVITEs (initial and reinvite) we may add other identity headers
+ * such as P-Asserted-Identity and Remote-Party-ID based on configuration
+ * and privacy settings
 *
 * \param session The session on which the INVITE will be sent
 * \param tdata The outbound INVITE request
@ -686,33 +662,12 @@ static void caller_id_outgoing_request(struct ast_sip_session *session, pjsip_tx
 		return;
 	}

-	/* Must do a deep copy unless we hold the channel lock the entire time. */
 	ast_party_id_init(&connected_id);
 	ast_channel_lock(session->channel);
 	effective_id = ast_channel_connected_effective_id(session->channel);
 	ast_party_id_copy(&connected_id, &effective_id);
 	ast_channel_unlock(session->channel);

-	if (session->inv_session->state < PJSIP_INV_STATE_CONFIRMED) {
-		/* Only change the From header on the initial outbound INVITE. Switching it
-		 * mid-call might confuse some UAs.
-		 */
-		pjsip_fromto_hdr *from;
-		pjsip_dialog *dlg;
-
-		from = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_FROM, tdata->msg->hdr.next);
-		dlg = session->inv_session->dlg;
-
-		if (ast_strlen_zero(session->endpoint->fromuser)
-			&& (session->endpoint->id.trust_outbound
-				|| (ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) == AST_PRES_ALLOWED)) {
-			modify_id_header(tdata->pool, from, &connected_id);
-			modify_id_header(dlg->pool, dlg->local.info, &connected_id);
-		}
-
-		ast_sip_add_usereqphone(session->endpoint, tdata->pool, from->uri);
-		ast_sip_add_usereqphone(session->endpoint, dlg->pool, dlg->local.info->uri);
-	}
 	add_id_headers(session, tdata, &connected_id);
 	ast_party_id_free(&connected_id);
 }
--- a/res/res_pjsip_session.c
+++ b/res/res_pjsip_session.c
@ -30,6 +30,7 @@

 #include "asterisk/res_pjsip.h"
 #include "asterisk/res_pjsip_session.h"
+#include "asterisk/callerid.h"
 #include "asterisk/datastore.h"
 #include "asterisk/module.h"
 #include "asterisk/logger.h"
@ -800,6 +801,75 @@ static pjmedia_sdp_session *generate_session_refresh_sdp(struct ast_sip_session
 	return create_local_sdp(inv_session, session, previous_sdp);
 }

+static void set_from_header(struct ast_sip_session *session)
+{
+	struct ast_party_id effective_id;
+	struct ast_party_id connected_id;
+	pj_pool_t *dlg_pool;
+	pjsip_fromto_hdr *dlg_info;
+	pjsip_name_addr *dlg_info_name_addr;
+	pjsip_sip_uri *dlg_info_uri;
+	int restricted;
+
+	if (!session->channel || session->saved_from_hdr) {
+		return;
+	}
+
+	/* We need to save off connected_id for RPID/PAI generation */
+	ast_party_id_init(&connected_id);
+	ast_channel_lock(session->channel);
+	effective_id = ast_channel_connected_effective_id(session->channel);
+	ast_party_id_copy(&connected_id, &effective_id);
+	ast_channel_unlock(session->channel);
+
+	restricted =
+		((ast_party_id_presentation(&connected_id) & AST_PRES_RESTRICTION) != AST_PRES_ALLOWED);
+
+	/* Now set up dlg->local.info so pjsip can correctly generate From */
+
+	dlg_pool = session->inv_session->dlg->pool;
+	dlg_info = session->inv_session->dlg->local.info;
+	dlg_info_name_addr = (pjsip_name_addr *) dlg_info->uri;
+	dlg_info_uri = pjsip_uri_get_uri(dlg_info_name_addr);
+
+	if (session->endpoint->id.trust_outbound || !restricted) {
+		ast_sip_modify_id_header(dlg_pool, dlg_info, &connected_id);
+	}
+
+	ast_party_id_free(&connected_id);
+
+	if (!ast_strlen_zero(session->endpoint->fromuser)) {
+		dlg_info_name_addr->display.ptr = NULL;
+		dlg_info_name_addr->display.slen = 0;
+		pj_strdup2(dlg_pool, &dlg_info_uri->user, session->endpoint->fromuser);
+	}
+
+	if (!ast_strlen_zero(session->endpoint->fromdomain)) {
+		pj_strdup2(dlg_pool, &dlg_info_uri->host, session->endpoint->fromdomain);
+	}
+
+	ast_sip_add_usereqphone(session->endpoint, dlg_pool, dlg_info->uri);
+
+	/* We need to save off the non-anonymized From for RPID/PAI generation (for domain) */
+	session->saved_from_hdr = pjsip_hdr_clone(dlg_pool, dlg_info);
+
+	/* In chan_sip, fromuser and fromdomain trump restricted so we only
+	 * anonymize if they're not set.
+	 */
+	if (restricted) {
+		/* fromuser doesn't provide a display name so we always set it */
+		pj_strdup2(dlg_pool, &dlg_info_name_addr->display, "Anonymous");
+
+		if (ast_strlen_zero(session->endpoint->fromuser)) {
+			pj_strdup2(dlg_pool, &dlg_info_uri->user, "anonymous");
+		}
+
+		if (ast_strlen_zero(session->endpoint->fromdomain)) {
+			pj_strdup2(dlg_pool, &dlg_info_uri->host, "anonymous.invalid");
+		}
+	}
+}
+
 int ast_sip_session_refresh(struct ast_sip_session *session,
 		ast_sip_session_request_creation_cb on_request_creation,
 		ast_sip_session_sdp_creation_cb on_sdp_creation,
@ -867,6 +937,12 @@ int ast_sip_session_refresh(struct ast_sip_session *session,
 		}
 	}

+	/*
+	 * We MUST call set_from_header() before pjsip_inv_(reinvite|update).  If we don't, the
+	 * From in the reINVITE/UPDATE will be wrong but the rest of the messages will be OK.
+	 */
+	set_from_header(session);
+
 	if (method == AST_SIP_SESSION_REFRESH_METHOD_INVITE) {
 		if (pjsip_inv_reinvite(inv_session, NULL, new_sdp, &tdata)) {
 			ast_log(LOG_WARNING, "Failed to create reinvite properly.\n");
@ -1082,6 +1158,7 @@ static pjsip_module session_reinvite_module = {
 	.on_rx_request = session_reinvite_on_rx_request,
 };

+
 void ast_sip_session_send_request_with_cb(struct ast_sip_session *session, pjsip_tx_data *tdata,
 		ast_sip_session_response_cb on_response)
 {
@ -1095,19 +1172,6 @@ void ast_sip_session_send_request_with_cb(struct ast_sip_session *session, pjsip
 	ast_sip_mod_data_set(tdata->pool, tdata->mod_data, session_module.id,
 			     MOD_DATA_ON_RESPONSE, on_response);

-	if (!ast_strlen_zero(session->endpoint->fromuser) ||
-		!ast_strlen_zero(session->endpoint->fromdomain)) {
-		pjsip_fromto_hdr *from = pjsip_msg_find_hdr(tdata->msg, PJSIP_H_FROM, tdata->msg->hdr.next);
-		pjsip_sip_uri *uri = pjsip_uri_get_uri(from->uri);
-
-		if (!ast_strlen_zero(session->endpoint->fromuser)) {
-			pj_strdup2(tdata->pool, &uri->user, session->endpoint->fromuser);
-		}
-		if (!ast_strlen_zero(session->endpoint->fromdomain)) {
-			pj_strdup2(tdata->pool, &uri->host, session->endpoint->fromdomain);
-		}
-	}
-
 	handle_outgoing_request(session, tdata);
 	internal_pjsip_inv_send_msg(session->inv_session, session->endpoint->transport, tdata);

@ -1133,9 +1197,17 @@ int ast_sip_session_create_invite(struct ast_sip_session *session, pjsip_tx_data
 #ifdef PJMEDIA_SDP_NEG_ANSWER_MULTIPLE_CODECS
 	pjmedia_sdp_neg_set_answer_multiple_codecs(session->inv_session->neg, PJ_TRUE);
 #endif
+
+	/*
+	 * We MUST call set_from_header() before pjsip_inv_invite.  If we don't, the
+	 * From in the initial INVITE will be wrong but the rest of the messages will be OK.
+	 */
+	set_from_header(session);
+
 	if (pjsip_inv_invite(session->inv_session, tdata) != PJ_SUCCESS) {
 		return -1;
 	}
+
 	return 0;
 }