aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b>2009-02-13 20:48:47 +0000
committerdvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b>2009-02-13 20:48:47 +0000
commit04402edd3377e0cd78d1fbd6bcef75499d044938 (patch)
treee44c756f1308145caf8af6fe658e4cdd44ccf76f
parent3f20910dd9914e9d59e84089cefae6984cbb7148 (diff)
Merged revisions 175597 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk ........ r175597 | dvossel | 2009-02-13 14:11:55 -0600 (Fri, 13 Feb 2009) | 4 lines Fixed iax2 key rotation backwards compatibility Turns key rotation back on by default. Added bit into encryption IE to indicate whether or not key rotation is supported or not. If it is not supported then it is not enabled, which insures backwards compatibility. This eliminates the need for the keyrotate option in iax.conf, so it has been removed. ........ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@175662 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat
-rw-r--r--channels/chan_iax2.c55
-rw-r--r--channels/iax2.h1
-rw-r--r--configs/iax.conf.sample5
3 files changed, 18 insertions, 43 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 4e0cf7c18..589907ff8 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -296,7 +296,6 @@ enum iax2_flags {
response, so that we've achieved a three-way handshake with
them before sending voice or anything else*/
IAX_ALLOWFWDOWNLOAD = (1 << 26), /*!< Allow the FWDOWNL command? */
- IAX_NOKEYROTATE = (1 << 27), /*!< Disable key rotation with encryption */
};
static int global_rtautoclear = 120;
@@ -1863,7 +1862,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s
iaxs[x]->pingid = iax2_sched_add(sched, ping_time * 1000, send_ping, (void *)(long)x);
iaxs[x]->lagid = iax2_sched_add(sched, lagrq_time * 1000, send_lagrq, (void *)(long)x);
iaxs[x]->amaflags = amaflags;
- ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+ ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
ast_string_field_set(iaxs[x], accountcode, accountcode);
ast_string_field_set(iaxs[x], mohinterpret, mohinterpret);
@@ -3474,7 +3473,7 @@ static int create_addr(const char *peername, struct ast_channel *c, struct socka
if (peer->maxms && ((peer->lastms > peer->maxms) || (peer->lastms < 0)))
goto return_unref;
- ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+ ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
cai->maxtime = peer->maxms;
cai->capability = peer->capability;
cai->encmethods = peer->encmethods;
@@ -3956,9 +3955,8 @@ static int iax2_key_rotate(const void *vpvt)
struct iax_ie_data ied = {
.pos = 0,
};
-
+
ast_mutex_lock(&iaxsl[pvt->callno]);
-
pvt->keyrotateid =
ast_sched_add(sched, 120000 + (ast_random() % 180001), iax2_key_rotate, vpvt);
@@ -4920,13 +4918,8 @@ static int iax2_send(struct chan_iax2_pvt *pvt, struct ast_frame *f, unsigned in
pvt->keyrotateid != -1 ? "" : "no "
);
#endif
-
if (pvt->keyrotateid == -1 && f->frametype == AST_FRAME_VOICE && IAX_CALLENCRYPTED(pvt)) {
- if (ast_test_flag(pvt, IAX_NOKEYROTATE)) {
- pvt->keyrotateid = -2;
- } else {
- iax2_key_rotate(pvt);
- }
+ iax2_key_rotate(pvt);
}
if ((ast_test_flag(pvt, IAX_TRUNK) ||
@@ -6090,7 +6083,6 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies
ast_copy_flags(iaxs[callno], user, IAX_CODEC_USER_FIRST);
ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOPREFS);
ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOCAP);
- ast_copy_flags(iaxs[callno], user, IAX_NOKEYROTATE);
iaxs[callno]->encmethods = user->encmethods;
/* Store the requested username if not specified */
if (ast_strlen_zero(iaxs[callno]->username))
@@ -6181,6 +6173,9 @@ static void merge_encryption(struct chan_iax2_pvt *p, unsigned int enc)
/* Select exactly one common encryption if there are any */
p->encmethods &= enc;
if (p->encmethods) {
+ if (!(p->encmethods & IAX_ENCRYPT_KEYROTATE)){ /* if key rotation is not supported, turn off keyrotation. */
+ p->keyrotateid = -2;
+ }
if (p->encmethods & IAX_ENCRYPT_AES128)
p->encmethods = IAX_ENCRYPT_AES128;
else
@@ -10194,7 +10189,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data
memset(&cai, 0, sizeof(cai));
cai.capability = iax2_capability;
- ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+ ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
/* Populate our address from the given */
if (create_addr(pds.peer, NULL, &sin, &cai)) {
@@ -10213,7 +10208,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data
}
/* If this is a trunk, update it now */
- ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+ ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
if (ast_test_flag(&cai, IAX_TRUNK)) {
int new_callno;
if ((new_callno = make_trunk(callno, 1)) != -1)
@@ -10553,9 +10548,6 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st
if (peer) {
if (firstpass) {
- if (ast_test_flag(&globalflags, IAX_NOKEYROTATE)) {
- ast_copy_flags(peer, &globalflags, IAX_NOKEYROTATE);
- }
ast_copy_flags(peer, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
peer->encmethods = iax2_encryption;
peer->adsi = adsi;
@@ -10605,12 +10597,7 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st
} else if (!strcasecmp(v->name, "auth")) {
peer->authmethods = get_auth_methods(v->value);
} else if (!strcasecmp(v->name, "encryption")) {
- peer->encmethods = get_encrypt_methods(v->value);
- } else if (!strcasecmp(v->name, "keyrotate")) {
- if (ast_false(v->value))
- ast_set_flag(peer, IAX_NOKEYROTATE);
- else
- ast_clear_flag(peer, IAX_NOKEYROTATE);
+ peer->encmethods |= get_encrypt_methods(v->value);
} else if (!strcasecmp(v->name, "transfer")) {
if (!strcasecmp(v->value, "mediaonly")) {
ast_set_flags_to(peer, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);
@@ -10820,7 +10807,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st
user->adsi = adsi;
ast_string_field_set(user, name, name);
ast_string_field_set(user, language, language);
- ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE);
+ ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP);
ast_clear_flag(user, IAX_HASCALLERID);
ast_string_field_set(user, cid_name, "");
ast_string_field_set(user, cid_num, "");
@@ -10865,12 +10852,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st
} else if (!strcasecmp(v->name, "auth")) {
user->authmethods = get_auth_methods(v->value);
} else if (!strcasecmp(v->name, "encryption")) {
- user->encmethods = get_encrypt_methods(v->value);
- } else if (!strcasecmp(v->name, "keyrotate")) {
- if (ast_false(v->value))
- ast_set_flag(user, IAX_NOKEYROTATE);
- else
- ast_clear_flag(user, IAX_NOKEYROTATE);
+ user->encmethods |= get_encrypt_methods(v->value);
} else if (!strcasecmp(v->name, "transfer")) {
if (!strcasecmp(v->value, "mediaonly")) {
ast_set_flags_to(user, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);
@@ -11122,7 +11104,9 @@ static int set_config(char *config_file, int reload)
/* Reset Global Flags */
memset(&globalflags, 0, sizeof(globalflags));
ast_set_flag(&globalflags, IAX_RTUPDATE);
- ast_set_flag(&globalflags, IAX_NOKEYROTATE); /* turn off key rotate by default since it breaks backwards compatibility at the moment. */
+
+ /* Turns on support for key rotation during encryption. */
+ iax2_encryption |= IAX_ENCRYPT_KEYROTATE;
#ifdef SO_NO_CHECK
nochecksums = 0;
#endif
@@ -11231,13 +11215,8 @@ static int set_config(char *config_file, int reload)
} else if (!strcasecmp(v->name, "authdebug"))
authdebug = ast_true(v->value);
else if (!strcasecmp(v->name, "encryption"))
- iax2_encryption = get_encrypt_methods(v->value);
- else if (!strcasecmp(v->name, "keyrotate")) {
- if (ast_false(v->value))
- ast_set_flag((&globalflags), IAX_NOKEYROTATE);
- else
- ast_clear_flag((&globalflags), IAX_NOKEYROTATE);
- } else if (!strcasecmp(v->name, "transfer")) {
+ iax2_encryption |= get_encrypt_methods(v->value);
+ else if (!strcasecmp(v->name, "transfer")) {
if (!strcasecmp(v->value, "mediaonly")) {
ast_set_flags_to((&globalflags), IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);
} else if (ast_true(v->value)) {
diff --git a/channels/iax2.h b/channels/iax2.h
index 98e7480db..2b79e91d0 100644
--- a/channels/iax2.h
+++ b/channels/iax2.h
@@ -187,6 +187,7 @@ enum {
#define IAX_AUTH_RSA (1 << 2)
#define IAX_ENCRYPT_AES128 (1 << 0)
+#define IAX_ENCRYPT_KEYROTATE (1 << 15) /*!< Keyrotation support */
#define IAX_META_TRUNK 1 /*!< Trunk meta-message */
#define IAX_META_VIDEO 2 /*!< Video frame */
diff --git a/configs/iax.conf.sample b/configs/iax.conf.sample
index dc3c46568..8c459cfa7 100644
--- a/configs/iax.conf.sample
+++ b/configs/iax.conf.sample
@@ -176,11 +176,6 @@ forcejitterbuffer=no
;
; encryption = yes
;
-; This is a compatibility option for older versions of IAX2 that do not support
-; key rotation with encryption. This option will disable the IAX_COMMAND_RTENC message.
-; default is on
-;
-; keyrotate=off
; This option defines the maximum size an IAX2 trunk can grow to. The default value is 128000 bytes which
; represents 40ms uncompressed linear with 200 channels. Depending on different things though
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 16:09:51 +0000