[asterisk-commits] tilghman: branch group/ast_storage r48354 - in
/team/group/ast_storage: ./ co...
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Thu Dec 7 10:09:47 MST 2006
Author: tilghman
Date: Thu Dec 7 11:09:46 2006
New Revision: 48354
URL: http://svn.digium.com/view/asterisk?view=rev&rev=48354
Log:
Merged revisions 48350-48351 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r48350 | murf | 2006-12-07 10:03:56 -0600 (Thu, 07 Dec 2006) | 115 lines
Merged revisions 47986,47995,47997,48001,48003-48004,48008-48014,48016,48018-48019 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r47986 | oej | 2006-11-24 07:00:19 -0700 (Fri, 24 Nov 2006) | 6 lines
Doxygen update
- Document cause codes
- Document a bit more on channel variables - global, predefined and local
- Fix some doxygen in channel.h. Adding one comment for two definitions does not
work. They won't be copied to each.
................
r47995 | murf | 2006-11-24 10:40:49 -0700 (Fri, 24 Nov 2006) | 1 line
This fix inspired by a patch supplied in bug 8189, which points out problems with the PLC code
................
r47997 | murf | 2006-11-24 11:17:25 -0700 (Fri, 24 Nov 2006) | 1 line
removed the svnmerge-integrated property from trunk; it's confusing svnmerge in newly created branches
................
r48001 | rizzo | 2006-11-25 02:02:42 -0700 (Sat, 25 Nov 2006) | 5 lines
set pointers to NULL after freeing memory to avoid multiple free()
probably 1.4/1.2 issue as well if someone can look into that.
................
r48003 | oej | 2006-11-25 02:45:57 -0700 (Sat, 25 Nov 2006) | 9 lines
- Adding comment on suspicious memory allocation. Seems like it's never freed, but I don't
have a clear understanding of the frame allocation/deallocation, so I just mark this
for investigation. (Reported by Ed Guy). We're trying to see if a free() hurts...
- Doxygen comments on p2p rtp bridge stuff. I am a bit worried about shortcutting
rtcp this way, but will need feedback from rtcp gurus. This should work for
video calls too, and possibly UDPTL.
................
r48004 | oej | 2006-11-25 02:48:30 -0700 (Sat, 25 Nov 2006) | 2 lines
Changing ERROR to lesser level. Imported from 1.2/1.4
................
r48008 | rizzo | 2006-11-25 10:37:04 -0700 (Sat, 25 Nov 2006) | 7 lines
generalize a bit the functions used to create an tcp socket
and then run a service on it.
The code in manager.c does essentially the same things,
so we will be able to reuse the code in here (probably
moving it to netsock.c or another appropriate library file).
................
r48009 | mattf | 2006-11-25 13:30:04 -0700 (Sat, 25 Nov 2006) | 1 line
Updates to show linkset command
................
r48010 | mattf | 2006-11-25 13:54:38 -0700 (Sat, 25 Nov 2006) | 2 lines
Add ss7 show linkset command
................
r48011 | mattf | 2006-11-25 14:32:33 -0700 (Sat, 25 Nov 2006) | 1 line
Make sure we don't send a group reset on a group larger than 32 CICs
................
r48012 | mattf | 2006-11-25 14:35:23 -0700 (Sat, 25 Nov 2006) | 1 line
bug fix
................
r48013 | mattf | 2006-11-25 14:46:58 -0700 (Sat, 25 Nov 2006) | 1 line
Make compiler happier
................
r48014 | mattf | 2006-11-25 14:50:42 -0700 (Sat, 25 Nov 2006) | 1 line
Little fix so we use the right message
................
r48016 | murf | 2006-11-25 17:15:42 -0700 (Sat, 25 Nov 2006) | 9 lines
Merged revisions 48015 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r48015 | murf | 2006-11-25 17:01:34 -0700 (Sat, 25 Nov 2006) | 1 line
A little bit of func_cdr documentation upgrade-- no bug# involved, although 8221 may have inspired it.
........
................
r48018 | murf | 2006-11-25 17:31:13 -0700 (Sat, 25 Nov 2006) | 9 lines
Merged revisions 48017 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r48017 | murf | 2006-11-25 17:26:16 -0700 (Sat, 25 Nov 2006) | 1 line
might as well also document the raw values of the flag vars
........
................
r48019 | russell | 2006-11-25 23:55:33 -0700 (Sat, 25 Nov 2006) | 6 lines
- Add some comments on thread storage with a brief explanation of what it is
as well as what the motivation is for using it.
- Add a comment by the declaration of ast_inet_ntoa() noting that this function
is not reentrant, and the result of a previous call to the function is no
longer valid after calling it again.
................
................
r48351 | rizzo | 2006-12-07 10:42:29 -0600 (Thu, 07 Dec 2006) | 19 lines
- Generalize the function ssl_setup() so that the certificate info
are passed as an argument.
- Update the code in main/http.c to use the new interface
(the diff is large but mostly mechanical, due to the name change of
several variables);
- And since now it is trivial, implement "AMI over TLS", and document
the possible options in manager.conf
- And since the test client (openssl s_client -connect host:port )
does not generate \r\n as a line terminator, make get_input()
also accept just a \n as a line terminator (Mac users: do you
also need the \r-only version ?)
The option parsing in manager.conf is not very efficient, and needs
to be cleaned up and made similar to what we have in http.conf
................
Modified:
team/group/ast_storage/ (props changed)
team/group/ast_storage/configs/manager.conf.sample
team/group/ast_storage/include/asterisk/http.h
team/group/ast_storage/main/http.c
team/group/ast_storage/main/manager.c
Propchange: team/group/ast_storage/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Thu Dec 7 11:09:46 2006
@@ -1,1 +1,1 @@
-/trunk:1-48346
+/trunk:1-48353
Modified: team/group/ast_storage/configs/manager.conf.sample
URL: http://svn.digium.com/view/asterisk/team/group/ast_storage/configs/manager.conf.sample?view=diff&rev=48354&r1=48353&r2=48354
==============================================================================
--- team/group/ast_storage/configs/manager.conf.sample (original)
+++ team/group/ast_storage/configs/manager.conf.sample Thu Dec 7 11:09:46 2006
@@ -26,6 +26,18 @@
port = 5038
;httptimeout = 60
bindaddr = 0.0.0.0
+
+; Parameters that control AMI over TLS. ("enabled" must be set too).
+; You can open a connection to this socket with e.g.
+;
+; openssl s_client -connect my_host:5039
+;
+; sslenable=no ; set to YES to enable it
+; sslbindport=5039 ; the port to bind to
+; sslbindaddr=0.0.0.0 ; address to bind to, default to bindaddr
+; sslcert=/tmp/asterisk.pem ; path to the certificate.
+
+
;displayconnects = yes
;
; Add a Unix epoch timestamp to events (not action responses)
Modified: team/group/ast_storage/include/asterisk/http.h
URL: http://svn.digium.com/view/asterisk/team/group/ast_storage/include/asterisk/http.h?view=diff&rev=48354&r1=48353&r2=48354
==============================================================================
--- team/group/ast_storage/include/asterisk/http.h (original)
+++ team/group/ast_storage/include/asterisk/http.h Thu Dec 7 11:09:46 2006
@@ -60,8 +60,20 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#else
-typedef struct {} SSL; /* so we can define a pointer to it */
+/* declare dummy types so we can define a pointer to them */
+typedef struct {} SSL;
+typedef struct {} SSL_CTX;
#endif /* DO_SSL */
+
+/* SSL support */
+#define AST_CERTFILE "asterisk.pem"
+
+struct tls_config {
+ int enabled;
+ char *certfile;
+ char *cipher;
+ SSL_CTX *ssl_ctx;
+};
/*!
* The following code implements a generic mechanism for starting
@@ -111,7 +123,7 @@
struct server_args {
struct sockaddr_in sin;
struct sockaddr_in oldsin;
- int is_ssl; /* is this an SSL accept ? */
+ struct tls_config *tls_cfg; /* points to the SSL configuration if any */
int accept_fd;
int poll_timeout;
pthread_t master;
@@ -123,7 +135,7 @@
void *server_root(void *);
void server_start(struct server_args *desc);
-int ssl_setup(void);
+int ssl_setup(struct tls_config *cfg);
/*! \brief HTTP Callbacks take the socket, the method and the path as arguments and should
return the content, allocated with malloc(). Status should be changed to reflect
Modified: team/group/ast_storage/main/http.c
URL: http://svn.digium.com/view/asterisk/team/group/ast_storage/main/http.c?view=diff&rev=48354&r1=48353&r2=48354
==============================================================================
--- team/group/ast_storage/main/http.c (original)
+++ team/group/ast_storage/main/http.c Thu Dec 7 11:09:46 2006
@@ -73,26 +73,13 @@
*
* We declare most of ssl support variables unconditionally,
* because their number is small and this simplifies the code.
- *
- * NOTE: the ssl-support variables (ssl_ctx, do_ssl, certfile, cipher)
- * and their setup should be moved to a more central place, e.g. asterisk.conf
- * and the source files that processes it. Similarly, ssl_setup() should
- * be run earlier in the startup process so modules have it available.
*/
#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
#define DO_SSL /* comment in/out if you want to support ssl */
#endif
-#ifdef DO_SSL
-static SSL_CTX* ssl_ctx;
-#endif /* DO_SSL */
-
-/* SSL support */
-#define AST_CERTFILE "asterisk.pem"
-static int do_ssl;
-static char *certfile;
-static char *cipher;
+static struct tls_config http_tls_cfg;
static void *httpd_helper_thread(void *arg);
@@ -102,7 +89,7 @@
static struct server_args http_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
- .is_ssl = 0,
+ .tls_cfg = NULL,
.poll_timeout = -1,
.name = "http server",
.accept_fn = server_root,
@@ -112,7 +99,7 @@
static struct server_args https_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
- .is_ssl = 1,
+ .tls_cfg = &http_tls_cfg,
.poll_timeout = -1,
.name = "https server",
.accept_fn = server_root,
@@ -250,7 +237,7 @@
ast_inet_ntoa(http_desc.oldsin.sin_addr));
ast_build_string(&c, &reslen, "<tr><td><i>Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
ntohs(http_desc.oldsin.sin_port));
- if (do_ssl)
+ if (http_tls_cfg.enabled)
ast_build_string(&c, &reslen, "<tr><td><i>SSL Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
ntohs(https_desc.oldsin.sin_port));
ast_build_string(&c, &reslen, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
@@ -482,10 +469,10 @@
/*
* open a FILE * as appropriate.
*/
- if (!ser->parent->is_ssl)
+ if (!ser->parent->tls_cfg)
ser->f = fdopen(ser->fd, "w+");
#ifdef DO_SSL
- else if ( (ser->ssl = SSL_new(ssl_ctx)) ) {
+ else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
SSL_set_fd(ser->ssl, ser->fd);
if (SSL_accept(ser->ssl) == 0)
ast_verbose(" error setting up ssl connection");
@@ -702,32 +689,32 @@
return buf;
}
-int ssl_setup(void)
+int ssl_setup(struct tls_config *cfg)
{
#ifndef DO_SSL
- do_ssl = 0;
+ cfg->enabled = 0;
return 0;
#else
- if (!do_ssl)
+ if (!cfg->enabled)
return 0;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
- ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
- if (!ast_strlen_zero(certfile)) {
- if (SSL_CTX_use_certificate_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) == 0 ||
- SSL_CTX_use_PrivateKey_file(ssl_ctx, certfile, SSL_FILETYPE_PEM) == 0 ||
- SSL_CTX_check_private_key(ssl_ctx) == 0 ) {
- ast_verbose("ssl cert error <%s>", certfile);
+ cfg->ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
+ if (!ast_strlen_zero(cfg->certfile)) {
+ if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
+ SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
+ SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) {
+ ast_verbose("ssl cert error <%s>", cfg->certfile);
sleep(2);
- do_ssl = 0;
+ cfg->enabled = 0;
return 0;
}
}
- if (!ast_strlen_zero(cipher)) {
- if (SSL_CTX_set_cipher_list(ssl_ctx, cipher) == 0 ) {
- ast_verbose("ssl cipher error <%s>", cipher);
+ if (!ast_strlen_zero(cfg->cipher)) {
+ if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
+ ast_verbose("ssl cipher error <%s>", cfg->cipher);
sleep(2);
- do_ssl = 0;
+ cfg->enabled = 0;
return 0;
}
}
@@ -824,13 +811,13 @@
strcpy(newprefix, DEFAULT_PREFIX);
cfg = ast_config_load("http.conf");
- do_ssl = 0;
- if (certfile)
- free(certfile);
- certfile = ast_strdup(AST_CERTFILE);
- if (cipher)
- free(cipher);
- cipher = ast_strdup("");
+ http_tls_cfg.enabled = 0;
+ if (http_tls_cfg.certfile)
+ free(http_tls_cfg.certfile);
+ http_tls_cfg.certfile = ast_strdup(AST_CERTFILE);
+ if (http_tls_cfg.cipher)
+ free(http_tls_cfg.cipher);
+ http_tls_cfg.cipher = ast_strdup("");
if (cfg) {
v = ast_variable_browse(cfg, "general");
@@ -838,15 +825,15 @@
if (!strcasecmp(v->name, "enabled"))
enabled = ast_true(v->value);
else if (!strcasecmp(v->name, "sslenable"))
- do_ssl = ast_true(v->value);
+ http_tls_cfg.enabled = ast_true(v->value);
else if (!strcasecmp(v->name, "sslbindport"))
https_desc.sin.sin_port = htons(atoi(v->value));
else if (!strcasecmp(v->name, "sslcert")) {
- free(certfile);
- certfile = ast_strdup(v->value);
+ free(http_tls_cfg.certfile);
+ http_tls_cfg.certfile = ast_strdup(v->value);
} else if (!strcasecmp(v->name, "sslcipher")) {
- free(cipher);
- cipher = ast_strdup(v->value);
+ free(http_tls_cfg.cipher);
+ http_tls_cfg.cipher = ast_strdup(v->value);
}
else if (!strcasecmp(v->name, "enablestatic"))
newenablestatic = ast_true(v->value);
@@ -886,7 +873,7 @@
ast_copy_string(prefix, newprefix, sizeof(prefix));
enablestatic = newenablestatic;
server_start(&http_desc);
- if (ssl_setup())
+ if (ssl_setup(https_desc.tls_cfg))
server_start(&https_desc);
return 0;
}
@@ -904,7 +891,7 @@
ast_cli(fd, "Server Enabled and Bound to %s:%d\n\n",
ast_inet_ntoa(http_desc.oldsin.sin_addr),
ntohs(http_desc.oldsin.sin_port));
- if (do_ssl)
+ if (http_tls_cfg.enabled)
ast_cli(fd, "HTTPS Server Enabled and Bound to %s:%d\n\n",
ast_inet_ntoa(https_desc.oldsin.sin_addr),
ntohs(https_desc.oldsin.sin_port));
Modified: team/group/ast_storage/main/manager.c
URL: http://svn.digium.com/view/asterisk/team/group/ast_storage/main/manager.c?view=diff&rev=48354&r1=48353&r2=48354
==============================================================================
--- team/group/ast_storage/main/manager.c (original)
+++ team/group/ast_storage/main/manager.c Thu Dec 7 11:09:46 2006
@@ -1669,6 +1669,7 @@
int res;
int reason = 0;
struct ast_channel *chan = NULL;
+ char requested_channel[AST_CHANNEL_NAME];
if (!ast_strlen_zero(in->app)) {
res = ast_pbx_outgoing_app(in->tech, AST_FORMAT_SLINEAR, in->data, in->timeout, in->app, in->appdata, &reason, 1,
@@ -1682,18 +1683,20 @@
in->vars, in->account, &chan);
}
+ if (!chan)
+ snprintf(requested_channel, AST_CHANNEL_NAME, "%s/%s", in->tech, in->data);
/* Tell the manager what happened with the channel */
- manager_event(EVENT_FLAG_CALL,
- res ? "OriginateFailure" : "OriginateSuccess",
+ manager_event(EVENT_FLAG_CALL, "OriginateResponse",
"%s"
- "Channel: %s/%s\r\n"
+ "Response: %s\r\n"
+ "Channel: %s\r\n"
"Context: %s\r\n"
"Exten: %s\r\n"
"Reason: %d\r\n"
"Uniqueid: %s\r\n"
"CallerIDNum: %s\r\n"
"CallerIDName: %s\r\n",
- in->idtext, in->tech, in->data, in->context, in->exten, reason,
+ in->idtext, res ? "Failure" : "Success", chan ? chan->name : requested_channel, in->context, in->exten, reason,
chan ? chan->uniqueid : "<null>",
S_OR(in->cid_num, "<unknown>"),
S_OR(in->cid_name, "<unknown>")
@@ -2076,12 +2079,17 @@
* Look for \r\n within the buffer. If found, copy to the output
* buffer and return, trimming the \r\n (not used afterwards).
*/
- for (x = 1; x < s->inlen; x++) {
- if (src[x] != '\n' || src[x-1] != '\r')
+ for (x = 0; x < s->inlen; x++) {
+ int cr; /* set if we have \r */
+ if (src[x] == '\r' && x+1 < s->inlen && src[x+1] == '\n')
+ cr = 2; /* Found. Update length to include \r\n */
+ else if (src[x] == '\n')
+ cr = 1; /* also accept \n only */
+ else
continue;
- x++; /* Found. Update length to include \r\n */
- memmove(output, src, x-2); /*... but trim \r\n */
- output[x-2] = '\0'; /* terminate the string */
+ memmove(output, src, x); /*... but trim \r\n */
+ output[x] = '\0'; /* terminate the string */
+ x += cr; /* number of bytes used */
s->inlen -= x; /* remaining size */
memmove(src, src + x, s->inlen); /* remove used bytes */
return 1;
@@ -2868,10 +2876,11 @@
purge_events();
}
+struct tls_config ami_tls_cfg;
static struct server_args ami_desc = {
.accept_fd = -1,
.master = AST_PTHREADT_NULL,
- .is_ssl = 0,
+ .tls_cfg = NULL,
.poll_timeout = 5000, /* wake up every 5 seconds */
.periodic_fn = purge_old_stuff,
.name = "AMI server",
@@ -2879,6 +2888,16 @@
.worker_fn = session_do, /* thread handling the session */
};
+static struct server_args amis_desc = {
+ .accept_fd = -1,
+ .master = AST_PTHREADT_NULL,
+ .tls_cfg = &ami_tls_cfg,
+ .poll_timeout = -1, /* the other does the periodic cleanup */
+ .name = "AMI TLS server",
+ .accept_fn = server_root, /* thread doing the accept() */
+ .worker_fn = session_do, /* thread handling the session */
+};
+
int init_manager(void)
{
struct ast_config *cfg = NULL;
@@ -2887,6 +2906,9 @@
int webenabled = 0;
int enabled = 0;
int newhttptimeout = 60;
+ int have_sslbindaddr = 0;
+ struct hostent *hp;
+ struct ast_hostent ahp;
struct ast_manager_user *user = NULL;
if (!registered) {
@@ -2927,6 +2949,42 @@
ast_log(LOG_NOTICE, "Unable to open management configuration manager.conf. Call management disabled.\n");
return 0;
}
+
+ /* default values */
+ memset(&amis_desc.sin, 0, sizeof(amis_desc.sin));
+ amis_desc.sin.sin_port = htons(5039);
+
+ ami_tls_cfg.enabled = 0;
+ if (ami_tls_cfg.certfile)
+ free(ami_tls_cfg.certfile);
+ ami_tls_cfg.certfile = ast_strdup(AST_CERTFILE);
+ if (ami_tls_cfg.cipher)
+ free(ami_tls_cfg.cipher);
+ ami_tls_cfg.cipher = ast_strdup("");
+
+ /* XXX change this into a loop on ast_variable_browse(cfg, "general"); */
+
+ if ((val = ast_variable_retrieve(cfg, "general", "sslenable")))
+ ami_tls_cfg.enabled = ast_true(val);
+ if ((val = ast_variable_retrieve(cfg, "general", "sslbindport")))
+ amis_desc.sin.sin_port = htons(atoi(val));
+ if ((val = ast_variable_retrieve(cfg, "general", "sslbindaddr"))) {
+ if ((hp = ast_gethostbyname(val, &ahp))) {
+ memcpy(&amis_desc.sin.sin_addr, hp->h_addr, sizeof(amis_desc.sin.sin_addr));
+ have_sslbindaddr = 1;
+ } else {
+ ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val);
+ }
+ }
+ if ((val = ast_variable_retrieve(cfg, "general", "sslcert"))) {
+ free(ami_tls_cfg.certfile);
+ ami_tls_cfg.certfile = ast_strdup(val);
+ }
+ if ((val = ast_variable_retrieve(cfg, "general", "sslcipher"))) {
+ free(ami_tls_cfg.cipher);
+ ami_tls_cfg.cipher = ast_strdup(val);
+ }
+
val = ast_variable_retrieve(cfg, "general", "enabled");
if (val)
enabled = ast_true(val);
@@ -2969,7 +3027,12 @@
memset(&ami_desc.sin.sin_addr, 0, sizeof(ami_desc.sin.sin_addr));
}
}
-
+ if (!have_sslbindaddr)
+ amis_desc.sin.sin_addr = ami_desc.sin.sin_addr;
+ if (ami_tls_cfg.enabled)
+ amis_desc.sin.sin_family = AF_INET;
+
+
AST_LIST_LOCK(&users);
while ((cat = ast_category_browse(cfg, cat))) {
@@ -3070,6 +3133,8 @@
httptimeout = newhttptimeout;
server_start(&ami_desc);
+ if (ssl_setup(amis_desc.tls_cfg))
+ server_start(&amis_desc);
return 0;
}
More information about the asterisk-commits
mailing list