aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/app_externalivr.c9
-rw-r--r--channels/chan_sip.c62
-rw-r--r--include/asterisk/tcptls.h63
-rw-r--r--main/http.c41
-rw-r--r--main/manager.c40
-rw-r--r--main/tcptls.c257
6 files changed, 240 insertions, 232 deletions
diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
index a73a19dfb..20eda9b43 100644
--- a/apps/app_externalivr.c
+++ b/apps/app_externalivr.c
@@ -46,6 +46,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/app.h"
#include "asterisk/utils.h"
#include "asterisk/tcptls.h"
+#include "asterisk/astobj2.h"
static const char *app = "ExternalIVR";
@@ -419,7 +420,7 @@ static int app_exec(struct ast_channel *chan, void *data)
}
if (!strncmp(app_args[0], "ivr://", 6)) {
- struct server_args ivr_desc = {
+ struct ast_tcptls_session_args ivr_desc = {
.accept_fd = -1,
.name = "IVR",
};
@@ -438,9 +439,9 @@ static int app_exec(struct ast_channel *chan, void *data)
}
ast_gethostbyname(hostname, &hp);
- ivr_desc.sin.sin_family = AF_INET;
- ivr_desc.sin.sin_port = htons(port);
- memmove(&ivr_desc.sin.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
+ ivr_desc.local_address.sin_family = AF_INET;
+ ivr_desc.local_address.sin_port = htons(port);
+ memcpy(&ivr_desc.local_address.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
ser = ast_tcptls_client_start(&ivr_desc);
if (!ser) {
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 57ed9b6f5..4e65bb770 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -2260,7 +2260,7 @@ static struct ast_tls_config sip_tls_cfg;
static struct ast_tls_config default_tls_cfg;
/*! \brief The TCP server definition */
-static struct server_args sip_tcp_desc = {
+static struct ast_tcptls_session_args sip_tcp_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = NULL,
@@ -2271,7 +2271,7 @@ static struct server_args sip_tcp_desc = {
};
/*! \brief The TCP/TLS server definition */
-static struct server_args sip_tls_desc = {
+static struct ast_tcptls_session_args sip_tls_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = &sip_tls_cfg,
@@ -2417,7 +2417,7 @@ static void *_sip_tcp_helper_thread(struct sip_pvt *pvt, struct ast_tcptls_sessi
}
}
req.socket.ser = ser;
- handle_request_do(&req, &ser->requestor);
+ handle_request_do(&req, &ser->remote_address);
}
cleanup:
@@ -2459,7 +2459,7 @@ static void *unref_peer(struct sip_peer *peer, char *tag)
static struct sip_peer *ref_peer(struct sip_peer *peer, char *tag)
{
- ao2_t_ref(peer, 1,tag);
+ ao2_t_ref(peer, 1, tag);
return peer;
}
@@ -12376,8 +12376,8 @@ static char *sip_show_tcp(struct ast_cli_entry *e, int cmd, struct ast_cli_args
ast_cli(a->fd, FORMAT2, "Host", "Port", "Transport", "Type");
AST_LIST_LOCK(&threadl);
AST_LIST_TRAVERSE(&threadl, th, list) {
- ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->requestor.sin_addr),
- ntohs(th->ser->requestor.sin_port),
+ ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->remote_address.sin_addr),
+ ntohs(th->ser->remote_address.sin_port),
get_transport(th->type),
(th->ser->client ? "Client" : "Server"));
@@ -13636,16 +13636,16 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_
ast_cli(a->fd, " UDP SIP Port: %d\n", ntohs(bindaddr.sin_port));
ast_cli(a->fd, " UDP Bindaddress: %s\n", ast_inet_ntoa(bindaddr.sin_addr));
ast_cli(a->fd, " TCP SIP Port: ");
- if (sip_tcp_desc.sin.sin_family == AF_INET) {
- ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.sin.sin_port));
- ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.sin.sin_addr));
+ if (sip_tcp_desc.local_address.sin_family == AF_INET) {
+ ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.local_address.sin_port));
+ ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr));
} else {
ast_cli(a->fd, "Disabled\n");
}
ast_cli(a->fd, " TLS SIP Port: ");
if (default_tls_cfg.enabled != FALSE) {
- ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.sin.sin_port));
- ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.sin.sin_addr));
+ ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.local_address.sin_port));
+ ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.local_address.sin_addr));
} else {
ast_cli(a->fd, "Disabled\n");
}
@@ -19376,9 +19376,9 @@ static struct ast_tcptls_session_instance *sip_tcp_locate(struct sockaddr_in *s)
AST_LIST_LOCK(&threadl);
AST_LIST_TRAVERSE(&threadl, th, list) {
- if ((s->sin_family == th->ser->requestor.sin_family) &&
- (s->sin_addr.s_addr == th->ser->requestor.sin_addr.s_addr) &&
- (s->sin_port == th->ser->requestor.sin_port)) {
+ if ((s->sin_family == th->ser->remote_address.sin_family) &&
+ (s->sin_addr.s_addr == th->ser->remote_address.sin_addr.s_addr) &&
+ (s->sin_port == th->ser->remote_address.sin_port)) {
AST_LIST_UNLOCK(&threadl);
return th->ser;
}
@@ -19393,7 +19393,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
struct sip_socket *s = &p->socket;
static const char name[] = "SIP socket";
struct ast_tcptls_session_instance *ser;
- struct server_args ca = {
+ struct ast_tcptls_session_args ca = {
.name = name,
.accept_fd = -1,
};
@@ -19410,9 +19410,9 @@ static int sip_prepare_socket(struct sip_pvt *p)
return s->fd;
}
- ca.sin = *(sip_real_dst(p));
+ ca.remote_address = *(sip_real_dst(p));
- if ((ser = sip_tcp_locate(&ca.sin))) {
+ if ((ser = sip_tcp_locate(&ca.remote_address))) { /* Check if we have a thread handling a socket connected to this IP/port */
s->fd = ser->fd;
if (s->ser) {
ao2_ref(s->ser, -1);
@@ -21344,16 +21344,16 @@ static int reload_config(enum channelreloadreason reason)
}
/* Initialize tcp sockets */
- memset(&sip_tcp_desc.sin, 0, sizeof(sip_tcp_desc.sin));
- memset(&sip_tls_desc.sin, 0, sizeof(sip_tls_desc.sin));
+ memset(&sip_tcp_desc.local_address, 0, sizeof(sip_tcp_desc.local_address));
+ memset(&sip_tls_desc.local_address, 0, sizeof(sip_tls_desc.local_address));
ast_free_ha(global_contact_ha);
global_contact_ha = NULL;
default_tls_cfg.enabled = FALSE; /* Default: Disable TLS */
- sip_tcp_desc.sin.sin_port = htons(STANDARD_SIP_PORT);
- sip_tls_desc.sin.sin_port = htons(STANDARD_TLS_PORT);
+ sip_tcp_desc.local_address.sin_port = htons(STANDARD_SIP_PORT);
+ sip_tls_desc.local_address.sin_port = htons(STANDARD_TLS_PORT);
if (reason != CHANNEL_MODULE_LOAD) {
ast_debug(4, "--------------- SIP reload started\n");
@@ -21566,17 +21566,17 @@ static int reload_config(enum channelreloadreason reason)
} else if (!strcasecmp(v->name, "t1min")) {
global_t1min = atoi(v->value);
} else if (!strcasecmp(v->name, "tcpenable")) {
- sip_tcp_desc.sin.sin_family = ast_false(v->value) ? 0 : AF_INET;
+ sip_tcp_desc.local_address.sin_family = ast_false(v->value) ? 0 : AF_INET;
ast_debug(2, "Enabling TCP socket for listening\n");
} else if (!strcasecmp(v->name, "tcpbindaddr")) {
- int family = sip_tcp_desc.sin.sin_family;
- if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.sin))
+ int family = sip_tcp_desc.local_address.sin_family;
+ if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.local_address))
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
- sip_tcp_desc.sin.sin_family = family;
+ sip_tcp_desc.local_address.sin_family = family;
ast_debug(2, "Setting TCP socket address to %s\n", v->value);
} else if (!strcasecmp(v->name, "tlsenable")) {
default_tls_cfg.enabled = ast_true(v->value) ? TRUE : FALSE;
- sip_tls_desc.sin.sin_family = AF_INET;
+ sip_tls_desc.local_address.sin_family = AF_INET;
} else if (!strcasecmp(v->name, "tlscertfile")) {
ast_free(default_tls_cfg.certfile);
default_tls_cfg.certfile = ast_strdup(v->value);
@@ -21594,7 +21594,7 @@ static int reload_config(enum channelreloadreason reason)
} else if (!strcasecmp(v->name, "tlsdontverifyserver")) {
ast_set2_flag(&default_tls_cfg.flags, ast_true(v->value), AST_SSL_DONT_VERIFY_SERVER);
} else if (!strcasecmp(v->name, "tlsbindaddr")) {
- if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.sin))
+ if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.local_address))
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
} else if (!strcasecmp(v->name, "dynamic_exclude_static") || !strcasecmp(v->name, "dynamic_excludes_static")) {
global_dynamic_exclude_static = ast_true(v->value);
@@ -22089,12 +22089,12 @@ static int reload_config(enum channelreloadreason reason)
ast_log(LOG_NOTICE, "Can't add wildcard IP address to domain list, please add IP address to domain manually.\n");
/* If TCP is running on a different IP than UDP, then add it too */
- if (sip_tcp_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.sin))
- add_sip_domain(ast_inet_ntoa(sip_tcp_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+ if (sip_tcp_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.local_address))
+ add_sip_domain(ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
/* If TLS is running on a differen IP than UDP and TCP, then add that too */
- if (sip_tls_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.sin) && inaddrcmp(&sip_tcp_desc.sin, &sip_tls_desc.sin))
- add_sip_domain(ast_inet_ntoa(sip_tls_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
+ if (sip_tls_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.local_address) && inaddrcmp(&sip_tcp_desc.local_address, &sip_tls_desc.local_address))
+ add_sip_domain(ast_inet_ntoa(sip_tls_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
/* Our extern IP address, if configured */
if (externip.sin_addr.s_addr)
diff --git a/include/asterisk/tcptls.h b/include/asterisk/tcptls.h
index a345200e9..6fb6d4b63 100644
--- a/include/asterisk/tcptls.h
+++ b/include/asterisk/tcptls.h
@@ -45,12 +45,10 @@
*
*/
-
-#ifndef _ASTERISK_SERVER_H
-#define _ASTERISK_SERVER_H
+#ifndef _ASTERISK_TCPTLS_H
+#define _ASTERISK_TCPTLS_H
#include "asterisk/utils.h"
-#include "asterisk/astobj2.h"
#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
#define DO_SSL /* comment in/out if you want to support ssl */
@@ -90,7 +88,7 @@ struct ast_tls_config {
/*!
* The following code implements a generic mechanism for starting
* services on a TCP or TLS socket.
- * The service is configured in the struct server_args, and
+ * The service is configured in the struct session_args, and
* then started by calling server_start(desc) on the descriptor.
* server_start() first verifies if an instance of the service is active,
* and in case shuts it down. Then, if the service must be started, creates
@@ -105,38 +103,19 @@ struct ast_tls_config {
* running the session, whose body is desc->worker_fn(). The argument of
* worker_fn() is a struct ast_tcptls_session_instance, which contains the address
* of the other party, a pointer to desc, the file descriptors (fd) on which
- * we can do a select/poll (but NOT IO/, and a FILE *on which we can do I/O.
+ * we can do a select/poll (but NOT I/O), and a FILE *on which we can do I/O.
* We have both because we want to support plain and SSL sockets, and
- * going through a FILE *lets us provide the encryption/decryption
+ * going through a FILE * lets us provide the encryption/decryption
* on the stream without using an auxiliary thread.
- *
- * NOTE: in order to let other parts of asterisk use these services,
- * we need to do the following:
- * + move struct ast_tcptls_session_instance and struct server_args to
- * a common header file, together with prototypes for
- * server_start() and server_root().
*/
/*! \brief
- * describes a server instance
- */
-struct ast_tcptls_session_instance {
- FILE *f; /* fopen/funopen result */
- int fd; /* the socket returned by accept() */
- SSL *ssl; /* ssl state */
-/* iint (*ssl_setup)(SSL *); */
- int client;
- struct sockaddr_in requestor;
- struct server_args *parent;
- ast_mutex_t lock;
-};
-
-/*! \brief
* arguments for the accepting thread
*/
-struct server_args {
- struct sockaddr_in sin;
- struct sockaddr_in oldsin;
+struct ast_tcptls_session_args {
+ struct sockaddr_in local_address;
+ struct sockaddr_in old_local_address;
+ struct sockaddr_in remote_address;
char hostname[MAXHOSTNAMELEN]; /*!< only necessary for SSL clients so we can compare to common name */
struct ast_tls_config *tls_cfg; /*!< points to the SSL configuration if any */
int accept_fd;
@@ -148,6 +127,20 @@ struct server_args {
const char *name;
};
+/*
+ * describes a server instance
+ */
+struct ast_tcptls_session_instance {
+ FILE *f; /* fopen/funopen result */
+ int fd; /* the socket returned by accept() */
+ SSL *ssl; /* ssl state */
+/* iint (*ssl_setup)(SSL *); */
+ int client;
+ struct sockaddr_in remote_address;
+ struct ast_tcptls_session_args *parent;
+ ast_mutex_t lock;
+};
+
#if defined(HAVE_FUNOPEN)
#define HOOK_T int
#define LEN_T int
@@ -156,16 +149,14 @@ struct server_args {
#define LEN_T size_t
#endif
-struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc);
+struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc);
void *ast_tcptls_server_root(void *);
-void ast_tcptls_server_start(struct server_args *desc);
-void ast_tcptls_server_stop(struct server_args *desc);
+void ast_tcptls_server_start(struct ast_tcptls_session_args *desc);
+void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc);
int ast_ssl_setup(struct ast_tls_config *cfg);
-void *ast_make_file_from_fd(void *data);
-
HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
-#endif /* _ASTERISK_SERVER_H */
+#endif /* _ASTERISK_TCPTLS_H */
diff --git a/main/http.c b/main/http.c
index 7601158bb..79c897e2c 100644
--- a/main/http.c
+++ b/main/http.c
@@ -50,6 +50,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/ast_version.h"
#include "asterisk/manager.h"
#include "asterisk/_private.h"
+#include "asterisk/astobj2.h"
#define MAX_PREFIX 80
@@ -65,7 +66,7 @@ static void *httpd_helper_thread(void *arg);
/*!
* we have up to two accepting threads, one for http, one for https
*/
-static struct server_args http_desc = {
+static struct ast_tcptls_session_args http_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = NULL,
@@ -75,7 +76,7 @@ static struct server_args http_desc = {
.worker_fn = httpd_helper_thread,
};
-static struct server_args https_desc = {
+static struct ast_tcptls_session_args https_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = &http_tls_cfg,
@@ -254,13 +255,13 @@ static struct ast_str *httpstatus_callback(struct ast_tcptls_session_instance *s
"<h2>&nbsp;&nbsp;Asterisk&trade; HTTP Status</h2></td></tr>\r\n");
ast_str_append(&out, 0, "<tr><td><i>Prefix</i></td><td><b>%s</b></td></tr>\r\n", prefix);
ast_str_append(&out, 0, "<tr><td><i>Bind Address</i></td><td><b>%s</b></td></tr>\r\n",
- ast_inet_ntoa(http_desc.oldsin.sin_addr));
+ ast_inet_ntoa(http_desc.old_local_address.sin_addr));
ast_str_append(&out, 0, "<tr><td><i>Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
- ntohs(http_desc.oldsin.sin_port));
+ ntohs(http_desc.old_local_address.sin_port));
if (http_tls_cfg.enabled) {
ast_str_append(&out, 0, "<tr><td><i>SSL Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
- ntohs(https_desc.oldsin.sin_port));
+ ntohs(https_desc.old_local_address.sin_port));
}
ast_str_append(&out, 0, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
@@ -856,11 +857,11 @@ static int __ast_http_load(int reload)
}
/* default values */
- memset(&http_desc.sin, 0, sizeof(http_desc.sin));
- http_desc.sin.sin_port = htons(8088);
+ memset(&http_desc.local_address, 0, sizeof(http_desc.local_address));
+ http_desc.local_address.sin_port = htons(8088);
- memset(&https_desc.sin, 0, sizeof(https_desc.sin));
- https_desc.sin.sin_port = htons(8089);
+ memset(&https_desc.local_address, 0, sizeof(https_desc.local_address));
+ https_desc.local_address.sin_port = htons(8089);
http_tls_cfg.enabled = 0;
if (http_tls_cfg.certfile) {
@@ -886,7 +887,7 @@ static int __ast_http_load(int reload)
} else if (!strcasecmp(v->name, "sslenable")) {
http_tls_cfg.enabled = ast_true(v->value);
} else if (!strcasecmp(v->name, "sslbindport")) {
- https_desc.sin.sin_port = htons(atoi(v->value));
+ https_desc.local_address.sin_port = htons(atoi(v->value));
} else if (!strcasecmp(v->name, "sslcert")) {
ast_free(http_tls_cfg.certfile);
http_tls_cfg.certfile = ast_strdup(v->value);
@@ -896,17 +897,17 @@ static int __ast_http_load(int reload)
} else if (!strcasecmp(v->name, "enablestatic")) {
newenablestatic = ast_true(v->value);
} else if (!strcasecmp(v->name, "bindport")) {
- http_desc.sin.sin_port = htons(atoi(v->value));
+ http_desc.local_address.sin_port = htons(atoi(v->value));
} else if (!strcasecmp(v->name, "sslbindaddr")) {
if ((hp = ast_gethostbyname(v->value, &ahp))) {
- memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
+ memcpy(&https_desc.local_address.sin_addr, hp->h_addr, sizeof(https_desc.local_address.sin_addr));
have_sslbindaddr = 1;
} else {
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
}
} else if (!strcasecmp(v->name, "bindaddr")) {
if ((hp = ast_gethostbyname(v->value, &ahp))) {
- memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
+ memcpy(&http_desc.local_address.sin_addr, hp->h_addr, sizeof(http_desc.local_address.sin_addr));
} else {
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
}
@@ -928,10 +929,10 @@ static int __ast_http_load(int reload)
}
if (!have_sslbindaddr) {
- https_desc.sin.sin_addr = http_desc.sin.sin_addr;
+ https_desc.local_address.sin_addr = http_desc.local_address.sin_addr;
}
if (enabled) {
- http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
+ http_desc.local_address.sin_family = https_desc.local_address.sin_family = AF_INET;
}
if (strcmp(prefix, newprefix)) {
ast_copy_string(prefix, newprefix, sizeof(prefix));
@@ -966,16 +967,16 @@ static char *handle_show_http(struct ast_cli_entry *e, int cmd, struct ast_cli_a
}
ast_cli(a->fd, "HTTP Server Status:\n");
ast_cli(a->fd, "Prefix: %s\n", prefix);
- if (!http_desc.oldsin.sin_family) {
+ if (!http_desc.old_local_address.sin_family) {
ast_cli(a->fd, "Server Disabled\n\n");
} else {
ast_cli(a->fd, "Server Enabled and Bound to %s:%d\n\n",
- ast_inet_ntoa(http_desc.oldsin.sin_addr),
- ntohs(http_desc.oldsin.sin_port));
+ ast_inet_ntoa(http_desc.old_local_address.sin_addr),
+ ntohs(http_desc.old_local_address.sin_port));
if (http_tls_cfg.enabled) {
ast_cli(a->fd, "HTTPS Server Enabled and Bound to %s:%d\n\n",
- ast_inet_ntoa(https_desc.oldsin.sin_addr),
- ntohs(https_desc.oldsin.sin_port));
+ ast_inet_ntoa(https_desc.old_local_address.sin_addr),
+ ntohs(https_desc.old_local_address.sin_port));
}
}
diff --git a/main/manager.c b/main/manager.c
index 35e8b1657..60933239b 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -3104,7 +3104,7 @@ static void *session_do(void *data)
/* these fields duplicate those in the 'ser' structure */
s->fd = ser->fd;
s->f = ser->f;
- s->sin = ser->requestor;
+ s->sin = ser->remote_address;
AST_LIST_HEAD_INIT_NOLOCK(&s->datastores);
@@ -3695,7 +3695,7 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *v
}
static struct ast_str *generic_http_callback(enum output_format format,
- struct sockaddr_in *requestor, const char *uri, enum ast_http_method method,
+ struct sockaddr_in *remote_address, const char *uri, enum ast_http_method method,
struct ast_variable *params, int *status,
char **title, int *contentlength)
{
@@ -3724,7 +3724,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
*status = 500;
goto generic_callback_out;
}
- s->sin = *requestor;
+ s->sin = *remote_address;
s->fd = -1;
s->waiting_thread = AST_PTHREADT_NULL;
s->send_events = 0;
@@ -3870,17 +3870,17 @@ generic_callback_out:
static struct ast_str *manager_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
{
- return generic_http_callback(FORMAT_HTML, &ser->requestor, uri, method, params, status, title, contentlength);
+ return generic_http_callback(FORMAT_HTML, &ser->remote_address, uri, method, params, status, title, contentlength);
}
static struct ast_str *mxml_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
{
- return generic_http_callback(FORMAT_XML, &ser->requestor, uri, method, params, status, title, contentlength);
+ return generic_http_callback(FORMAT_XML, &ser->remote_address, uri, method, params, status, title, contentlength);
}
static struct ast_str *rawman_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
{
- return generic_http_callback(FORMAT_RAW, &ser->requestor, uri, method, params, status, title, contentlength);
+ return generic_http_callback(FORMAT_RAW, &ser->remote_address, uri, method, params, status, title, contentlength);
}
struct ast_http_uri rawmanuri = {
@@ -3923,7 +3923,7 @@ static void purge_old_stuff(void *data)
}
struct ast_tls_config ami_tls_cfg;
-static struct server_args ami_desc = {
+static struct ast_tcptls_session_args ami_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = NULL,
@@ -3934,7 +3934,7 @@ static struct server_args ami_desc = {
.worker_fn = session_do, /* thread handling the session */
};
-static struct server_args amis_desc = {
+static struct ast_tcptls_session_args amis_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
.tls_cfg = &ami_tls_cfg,
@@ -4010,10 +4010,10 @@ static int __init_manager(int reload)
}
/* default values */
- memset(&ami_desc.sin, 0, sizeof(struct sockaddr_in));
- memset(&amis_desc.sin, 0, sizeof(amis_desc.sin));
- amis_desc.sin.sin_port = htons(5039);
- ami_desc.sin.sin_port = htons(DEFAULT_MANAGER_PORT);
+ memset(&ami_desc.local_address, 0, sizeof(struct sockaddr_in));
+ memset(&amis_desc.local_address, 0, sizeof(amis_desc.local_address));
+ amis_desc.local_address.sin_port = htons(5039);
+ ami_desc.local_address.sin_port = htons(DEFAULT_MANAGER_PORT);
ami_tls_cfg.enabled = 0;
if (ami_tls_cfg.certfile)
@@ -4028,10 +4028,10 @@ static int __init_manager(int reload)
if (!strcasecmp(var->name, "sslenable"))
ami_tls_cfg.enabled = ast_true(val);
else if (!strcasecmp(var->name, "sslbindport"))
- amis_desc.sin.sin_port = htons(atoi(val));
+ amis_desc.local_address.sin_port = htons(atoi(val));
else if (!strcasecmp(var->name, "sslbindaddr")) {
if ((hp = ast_gethostbyname(val, &ahp))) {
- memcpy(&amis_desc.sin.sin_addr, hp->h_addr, sizeof(amis_desc.sin.sin_addr));
+ memcpy(&amis_desc.local_address.sin_addr, hp->h_addr, sizeof(amis_desc.local_address.sin_addr));
have_sslbindaddr = 1;
} else {
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val);
@@ -4049,11 +4049,11 @@ static int __init_manager(int reload)
} else if (!strcasecmp(var->name, "webenabled")) {
webmanager_enabled = ast_true(val);
} else if (!strcasecmp(var->name, "port")) {
- ami_desc.sin.sin_port = htons(atoi(val));
+ ami_desc.local_address.sin_port = htons(atoi(val));
} else if (!strcasecmp(var->name, "bindaddr")) {
- if (!inet_aton(val, &ami_desc.sin.sin_addr)) {
+ if (!inet_aton(val, &ami_desc.local_address.sin_addr)) {
ast_log(LOG_WARNING, "Invalid address '%s' specified, using 0.0.0.0\n", val);
- memset(&ami_desc.sin.sin_addr, 0, sizeof(ami_desc.sin.sin_addr));
+ memset(&ami_desc.local_address.sin_addr, 0, sizeof(ami_desc.local_address.sin_addr));
}
} else if (!strcasecmp(var->name, "allowmultiplelogin")) {
allowmultiplelogin = ast_true(val);
@@ -4072,11 +4072,11 @@ static int __init_manager(int reload)
}
if (manager_enabled)
- ami_desc.sin.sin_family = AF_INET;
+ ami_desc.local_address.sin_family = AF_INET;
if (!have_sslbindaddr)
- amis_desc.sin.sin_addr = ami_desc.sin.sin_addr;
+ amis_desc.local_address.sin_addr = ami_desc.local_address.sin_addr;
if (ami_tls_cfg.enabled)
- amis_desc.sin.sin_family = AF_INET;
+ amis_desc.local_address.sin_family = AF_INET;
AST_RWLIST_WRLOCK(&users);
diff --git a/main/tcptls.c b/main/tcptls.c
index f51a44701..43fdd5dbe 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -42,6 +42,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/strings.h"
#include "asterisk/options.h"
#include "asterisk/manager.h"
+#include "asterisk/astobj2.h"
/*! \brief
* replacement read/write functions for SSL support.
@@ -117,9 +118,110 @@ static void session_instance_destructor(void *obj)
ast_mutex_destroy(&i->lock);
}
+/*! \brief
+* creates a FILE * from the fd passed by the accept thread.
+* This operation is potentially expensive (certificate verification),
+* so we do it in the child thread context.
+*/
+static void *handle_tls_connection(void *data)
+{
+ struct ast_tcptls_session_instance *ser = data;
+#ifdef DO_SSL
+ int (*ssl_setup)(SSL *) = (ser->client) ? SSL_connect : SSL_accept;
+ int ret;
+ char err[256];
+#endif
+
+ /*
+ * open a FILE * as appropriate.
+ */
+ if (!ser->parent->tls_cfg)
+ ser->f = fdopen(ser->fd, "w+");
+#ifdef DO_SSL
+ else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
+ SSL_set_fd(ser->ssl, ser->fd);
+ if ((ret = ssl_setup(ser->ssl)) <= 0) {
+ ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
+ } else {
+#if defined(HAVE_FUNOPEN) /* the BSD interface */
+ ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
+
+#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
+ static const cookie_io_functions_t cookie_funcs = {
+ ssl_read, ssl_write, NULL, ssl_close
+ };
+ ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
+#else
+ /* could add other methods here */
+ ast_debug(2, "no ser->f methods attempted!");
+#endif
+ if ((ser->client && !ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
+ || (!ser->client && ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
+ X509 *peer;
+ long res;
+ peer = SSL_get_peer_certificate(ser->ssl);
+ if (!peer)
+ ast_log(LOG_WARNING, "No peer SSL certificate\n");
+ res = SSL_get_verify_result(ser->ssl);
+ if (res != X509_V_OK)
+ ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
+ if (!ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
+ ASN1_STRING *str;
+ unsigned char *str2;
+ X509_NAME *name = X509_get_subject_name(peer);
+ int pos = -1;
+ int found = 0;
+
+ for (;;) {
+ /* Walk the certificate to check all available "Common Name" */
+ /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
+ pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
+ if (pos < 0)
+ break;
+ str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
+ ASN1_STRING_to_UTF8(&str2, str);
+ if (str2) {
+ if (!strcasecmp(ser->parent->hostname, (char *) str2))
+ found = 1;
+ ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", ser->parent->hostname, str2);
+ OPENSSL_free(str2);
+ }
+ if (found)
+ break;
+ }
+ if (!found) {
+ ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", ser->parent->hostname);
+ if (peer)
+ X509_free(peer);
+ fclose(ser->f);
+ return NULL;
+ }
+ }
+ if (peer)
+ X509_free(peer);
+ }
+ }
+ if (!ser->f) /* no success opening descriptor stacking */
+ SSL_free(ser->ssl);
+ }
+#endif /* DO_SSL */
+
+ if (!ser->f) {
+ close(ser->fd);
+ ast_log(LOG_WARNING, "FILE * open failed!\n");
+ ao2_ref(ser, -1);
+ return NULL;
+ }
+
+ if (ser && ser->parent->worker_fn)
+ return ser->parent->worker_fn(ser);
+ else
+ return ser;
+}
+
void *ast_tcptls_server_root(void *data)
{
- struct server_args *desc = data;
+ struct ast_tcptls_session_args *desc = data;
int fd;
struct sockaddr_in sin;
socklen_t sinlen;
@@ -135,7 +237,7 @@ void *ast_tcptls_server_root(void *data)
if (i <= 0)
continue;
sinlen = sizeof(sin);
- fd = accept(desc->accept_fd, (struct sockaddr *)&sin, &sinlen);
+ fd = accept(desc->accept_fd, (struct sockaddr *) &sin, &sinlen);
if (fd < 0) {
if ((errno != EAGAIN) && (errno != EINTR))
ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
@@ -154,11 +256,11 @@ void *ast_tcptls_server_root(void *data)
fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
ser->fd = fd;
ser->parent = desc;
- memcpy(&ser->requestor, &sin, sizeof(ser->requestor));
+ memcpy(&ser->remote_address, &sin, sizeof(ser->remote_address));
ser->client = 0;
- if (ast_pthread_create_detached_background(&launched, NULL, ast_make_file_from_fd, ser)) {
+ if (ast_pthread_create_detached_background(&launched, NULL, handle_tls_connection, ser)) {
ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
close(ser->fd);
ao2_ref(ser, -1);
@@ -225,18 +327,19 @@ int ast_ssl_setup(struct ast_tls_config *cfg)
/*! \brief A generic client routine for a TCP client
* and starts a thread for handling accept()
*/
-struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc)
+struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc)
{
int flags;
+ int x = 1;
struct ast_tcptls_session_instance *ser = NULL;
/* Do nothing if nothing has changed */
- if(!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
+ if(!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return NULL;
}
- desc->oldsin = desc->sin;
+ desc->old_local_address = desc->local_address;
if (desc->accept_fd != -1)
close(desc->accept_fd);
@@ -248,10 +351,23 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
return NULL;
}
- if (connect(desc->accept_fd, (const struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
+ /* if a local address was specified, bind to it so the connection will
+ originate from the desired address */
+ if (desc->local_address.sin_family != 0) {
+ setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+ if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
+ ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
+ desc->name,
+ ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
+ strerror(errno));
+ goto error;
+ }
+ }
+
+ if (connect(desc->accept_fd, (const struct sockaddr *) &desc->remote_address, sizeof(desc->remote_address))) {
ast_log(LOG_ERROR, "Unable to connect %s to %s:%d: %s\n",
desc->name,
- ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+ ast_inet_ntoa(desc->remote_address.sin_addr), ntohs(desc->remote_address.sin_port),
strerror(errno));
goto error;
}
@@ -267,7 +383,7 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
ser->fd = desc->accept_fd;
ser->parent = desc;
ser->parent->worker_fn = NULL;
- memcpy(&ser->requestor, &desc->sin, sizeof(ser->requestor));
+ memcpy(&ser->remote_address, &desc->local_address, sizeof(ser->remote_address));
ser->client = 1;
@@ -277,7 +393,7 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *
}
ao2_ref(ser, +1);
- if (!ast_make_file_from_fd(ser))
+ if (!handle_tls_connection(ser))
goto error;
return ser;
@@ -295,18 +411,18 @@ error:
* which does the socket/bind/listen and starts a thread for handling
* accept().
*/
-void ast_tcptls_server_start(struct server_args *desc)
+void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
{
int flags;
int x = 1;
/* Do nothing if nothing has changed */
- if (!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
+ if (!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
ast_debug(1, "Nothing changed in %s\n", desc->name);
return;
}
- desc->oldsin = desc->sin;
+ desc->old_local_address = desc->local_address;
/* Shutdown a running server if there is one */
if (desc->master != AST_PTHREADT_NULL) {
@@ -319,8 +435,9 @@ void ast_tcptls_server_start(struct server_args *desc)
close(desc->accept_fd);
/* If there's no new server, stop here */
- if (desc->sin.sin_family == 0)
+ if (desc->local_address.sin_family == 0) {
return;
+ }
desc->accept_fd = socket(AF_INET, SOCK_STREAM, 0);
if (desc->accept_fd < 0) {
@@ -330,10 +447,10 @@ void ast_tcptls_server_start(struct server_args *desc)
}
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
- if (bind(desc->accept_fd, (struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
+ if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
desc->name,
- ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+ ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
strerror(errno));
goto error;
}
@@ -346,7 +463,7 @@ void ast_tcptls_server_start(struct server_args *desc)
if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
ast_log(LOG_ERROR, "Unable to launch thread for %s on %s:%d: %s\n",
desc->name,
- ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
+ ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
strerror(errno));
goto error;
}
@@ -358,7 +475,7 @@ error:
}
/*! \brief Shutdown a running server if there is one */
-void ast_tcptls_server_stop(struct server_args *desc)
+void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc)
{
if (desc->master != AST_PTHREADT_NULL) {
pthread_cancel(desc->master);
@@ -369,105 +486,3 @@ void ast_tcptls_server_stop(struct server_args *desc)
close(desc->accept_fd);
desc->accept_fd = -1;
}
-
-/*! \brief
-* creates a FILE * from the fd passed by the accept thread.
-* This operation is potentially expensive (certificate verification),
-* so we do it in the child thread context.
-*/
-void *ast_make_file_from_fd(void *data)
-{
- struct ast_tcptls_session_instance *ser = data;
-#ifdef DO_SSL
- int (*ssl_setup)(SSL *) = (ser->client) ? SSL_connect : SSL_accept;
- int ret;
- char err[256];
-#endif
-
- /*
- * open a FILE * as appropriate.
- */
- if (!ser->parent->tls_cfg)
- ser->f = fdopen(ser->fd, "w+");
-#ifdef DO_SSL
- else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
- SSL_set_fd(ser->ssl, ser->fd);
- if ((ret = ssl_setup(ser->ssl)) <= 0) {
- ast_verb(2, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
- } else {
-#if defined(HAVE_FUNOPEN) /* the BSD interface */
- ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
-
-#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
- static const cookie_io_functions_t cookie_funcs = {
- ssl_read, ssl_write, NULL, ssl_close
- };
- ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
-#else
- /* could add other methods here */
- ast_debug(2, "no ser->f methods attempted!");
-#endif
- if ((ser->client && !ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
- || (!ser->client && ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
- X509 *peer;
- long res;
- peer = SSL_get_peer_certificate(ser->ssl);
- if (!peer)
- ast_log(LOG_WARNING, "No peer SSL certificate\n");
- res = SSL_get_verify_result(ser->ssl);
- if (res != X509_V_OK)
- ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
- if (!ast_test_flag(&ser->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
- ASN1_STRING *str;
- unsigned char *str2;
- X509_NAME *name = X509_get_subject_name(peer);
- int pos = -1;
- int found = 0;
-
- for (;;) {
- /* Walk the certificate to check all available "Common Name" */
- /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
- pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
- if (pos < 0)
- break;
- str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
- ASN1_STRING_to_UTF8(&str2, str);
- if (str2) {
- if (!strcasecmp(ser->parent->hostname, (char *) str2))
- found = 1;
- ast_debug(3, "SSL Common Name compare s1='%s' s2='%s'\n", ser->parent->hostname, str2);
- OPENSSL_free(str2);
- }
- if (found)
- break;
- }
- if (!found) {
- ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", ser->parent->hostname);
- if (peer)
- X509_free(peer);
- fclose(ser->f);
- return NULL;
- }
- }
- if (peer)
- X509_free(peer);
- }
- }
- if (!ser->f) /* no success opening descriptor stacking */
- SSL_free(ser->ssl);
- }
-#endif /* DO_SSL */
-
- if (!ser->f) {
- close(ser->fd);
- ast_log(LOG_WARNING, "FILE * open failed!\n");
- ao2_ref(ser, -1);
- return NULL;
- }
-
- if (ser && ser->parent->worker_fn)
- return ser->parent->worker_fn(ser);
- else
- return ser;
-}
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 07:44:19 +0000