Merged revisions 175597 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ........ r175597 | dvossel | 2009-02-13 14:11:55 -0600 (Fri, 13 Feb 2009) | 4 lines Fixed iax2 key rotation backwards compatibility Turns key rotation back on by default. Added bit into encryption IE to indicate whether or not key rotation is supported or not. If it is not supported then it is not enabled, which insures backwards compatibility. This eliminates the need for the keyrotate option in iax.conf, so it has been removed. ........ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@175662 f38db490-d61c-443f-a65b-d21fe96a405b
author: dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-02-13 20:48:47 +0000
committer: dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-02-13 20:48:47 +0000
commit: 04402edd3377e0cd78d1fbd6bcef75499d044938 (patch)
tree: e44c756f1308145caf8af6fe658e4cdd44ccf76f /channels/chan_iax2.c
parent: 3f20910dd9914e9d59e84089cefae6984cbb7148 (diff)
1 files changed, 17 insertions, 38 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 4e0cf7c18..589907ff8 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -296,7 +296,6 @@ enum iax2_flags {
 						     response, so that we've achieved a three-way handshake with
 						     them before sending voice or anything else*/
 	IAX_ALLOWFWDOWNLOAD = (1 << 26),	/*!< Allow the FWDOWNL command? */
-	IAX_NOKEYROTATE = (1 << 27), /*!< Disable key rotation with encryption */
 };
 
 static int global_rtautoclear = 120;
@@ -1863,7 +1862,7 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s
 			iaxs[x]->pingid = iax2_sched_add(sched, ping_time * 1000, send_ping, (void *)(long)x);
 			iaxs[x]->lagid = iax2_sched_add(sched, lagrq_time * 1000, send_lagrq, (void *)(long)x);
 			iaxs[x]->amaflags = amaflags;
-			ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+			ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 			
 			ast_string_field_set(iaxs[x], accountcode, accountcode);
 			ast_string_field_set(iaxs[x], mohinterpret, mohinterpret);
@@ -3474,7 +3473,7 @@ static int create_addr(const char *peername, struct ast_channel *c, struct socka
 	if (peer->maxms && ((peer->lastms > peer->maxms) || (peer->lastms < 0)))
 		goto return_unref;
 
-	ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	cai->maxtime = peer->maxms;
 	cai->capability = peer->capability;
 	cai->encmethods = peer->encmethods;
@@ -3956,9 +3955,8 @@ static int iax2_key_rotate(const void *vpvt)
 	struct iax_ie_data ied = {
 		.pos = 0,	
 	};
-
+	
 	ast_mutex_lock(&iaxsl[pvt->callno]);
-
 	pvt->keyrotateid = 
 		ast_sched_add(sched, 120000 + (ast_random() % 180001), iax2_key_rotate, vpvt);
 
@@ -4920,13 +4918,8 @@ static int iax2_send(struct chan_iax2_pvt *pvt, struct ast_frame *f, unsigned in
 		pvt->keyrotateid != -1 ? "" : "no "
 	);
 #endif
-
 	if (pvt->keyrotateid == -1 && f->frametype == AST_FRAME_VOICE && IAX_CALLENCRYPTED(pvt)) {
-		if (ast_test_flag(pvt, IAX_NOKEYROTATE)) {
-			pvt->keyrotateid = -2;
-		} else {
-			iax2_key_rotate(pvt);
-		}
+		iax2_key_rotate(pvt);
 	}
 
 	if ((ast_test_flag(pvt, IAX_TRUNK) || 
@@ -6090,7 +6083,6 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_USER_FIRST);
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOPREFS);
 		ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOCAP);
-		ast_copy_flags(iaxs[callno], user, IAX_NOKEYROTATE);
 		iaxs[callno]->encmethods = user->encmethods;
 		/* Store the requested username if not specified */
 		if (ast_strlen_zero(iaxs[callno]->username))
@@ -6181,6 +6173,9 @@ static void merge_encryption(struct chan_iax2_pvt *p, unsigned int enc)
 	/* Select exactly one common encryption if there are any */
 	p->encmethods &= enc;
 	if (p->encmethods) {
+		if (!(p->encmethods & IAX_ENCRYPT_KEYROTATE)){ /* if key rotation is not supported, turn off keyrotation. */
+			p->keyrotateid = -2;
+		}
 		if (p->encmethods & IAX_ENCRYPT_AES128)
 			p->encmethods = IAX_ENCRYPT_AES128;
 		else
@@ -10194,7 +10189,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data
 	memset(&cai, 0, sizeof(cai));
 	cai.capability = iax2_capability;
 
-	ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(&cai, &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	
 	/* Populate our address from the given */
 	if (create_addr(pds.peer, NULL, &sin, &cai)) {
@@ -10213,7 +10208,7 @@ static struct ast_channel *iax2_request(const char *type, int format, void *data
 	}
 
 	/* If this is a trunk, update it now */
-	ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+	ast_copy_flags(iaxs[callno], &cai, IAX_TRUNK | IAX_SENDANI | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 	if (ast_test_flag(&cai, IAX_TRUNK)) {
 		int new_callno;
 		if ((new_callno = make_trunk(callno, 1)) != -1)
@@ -10553,9 +10548,6 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st
 
 	if (peer) {
 		if (firstpass) {
-			if (ast_test_flag(&globalflags, IAX_NOKEYROTATE)) {
-				ast_copy_flags(peer, &globalflags, IAX_NOKEYROTATE);
-			}
 			ast_copy_flags(peer, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF);
 			peer->encmethods = iax2_encryption;
 			peer->adsi = adsi;
@@ -10605,12 +10597,7 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st
 			} else if (!strcasecmp(v->name, "auth")) {
 				peer->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				peer->encmethods = get_encrypt_methods(v->value);
-			} else if (!strcasecmp(v->name, "keyrotate")) {
-				if (ast_false(v->value))
-					ast_set_flag(peer, IAX_NOKEYROTATE);
-				else
-					ast_clear_flag(peer, IAX_NOKEYROTATE);
+				peer->encmethods |= get_encrypt_methods(v->value);
 			} else if (!strcasecmp(v->name, "transfer")) {
 				if (!strcasecmp(v->value, "mediaonly")) {
 					ast_set_flags_to(peer, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
@@ -10820,7 +10807,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st
 			user->adsi = adsi;
 			ast_string_field_set(user, name, name);
 			ast_string_field_set(user, language, language);
-			ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE);	
+			ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP);	
 			ast_clear_flag(user, IAX_HASCALLERID);
 			ast_string_field_set(user, cid_name, "");
 			ast_string_field_set(user, cid_num, "");
@@ -10865,12 +10852,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st
 			} else if (!strcasecmp(v->name, "auth")) {
 				user->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				user->encmethods = get_encrypt_methods(v->value);
-			} else if (!strcasecmp(v->name, "keyrotate")) {
-				if (ast_false(v->value))
-					ast_set_flag(user, IAX_NOKEYROTATE);
-				else
-					ast_clear_flag(user, IAX_NOKEYROTATE);
+				user->encmethods |= get_encrypt_methods(v->value);
 			} else if (!strcasecmp(v->name, "transfer")) {
 				if (!strcasecmp(v->value, "mediaonly")) {
 					ast_set_flags_to(user, IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
@@ -11122,7 +11104,9 @@ static int set_config(char *config_file, int reload)
 	/* Reset Global Flags */
 	memset(&globalflags, 0, sizeof(globalflags));
 	ast_set_flag(&globalflags, IAX_RTUPDATE);
-	ast_set_flag(&globalflags, IAX_NOKEYROTATE); /* turn off key rotate by default since it breaks backwards compatibility at the moment. */
+	
+	/* Turns on support for key rotation during encryption. */
+	iax2_encryption |= IAX_ENCRYPT_KEYROTATE;
 #ifdef SO_NO_CHECK
 	nochecksums = 0;
 #endif
@@ -11231,13 +11215,8 @@ static int set_config(char *config_file, int reload)
 		} else if (!strcasecmp(v->name, "authdebug"))
 			authdebug = ast_true(v->value);
 		else if (!strcasecmp(v->name, "encryption"))
-			iax2_encryption = get_encrypt_methods(v->value);
-		else if (!strcasecmp(v->name, "keyrotate")) {
-			if (ast_false(v->value))
-				ast_set_flag((&globalflags), IAX_NOKEYROTATE);
-			else
-				ast_clear_flag((&globalflags), IAX_NOKEYROTATE);
-		} else if (!strcasecmp(v->name, "transfer")) {
+			iax2_encryption |= get_encrypt_methods(v->value);
+		else if (!strcasecmp(v->name, "transfer")) {
 			if (!strcasecmp(v->value, "mediaonly")) {
 				ast_set_flags_to((&globalflags), IAX_NOTRANSFER|IAX_TRANSFERMEDIA, IAX_TRANSFERMEDIA);	
 			} else if (ast_true(v->value)) {
author	dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-02-13 20:48:47 +0000
committer	dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-02-13 20:48:47 +0000
commit	04402edd3377e0cd78d1fbd6bcef75499d044938 (patch)
tree	e44c756f1308145caf8af6fe658e4cdd44ccf76f /channels/chan_iax2.c
parent	3f20910dd9914e9d59e84089cefae6984cbb7148 (diff)