[asterisk-commits] bbryant: branch bbryant/ssl-tcp-tls r69798 - in /team/bbryant/ssl-tcp-tls: ./...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Jun 18 15:02:58 CDT 2007 

Author: bbryant
Date: Mon Jun 18 15:02:57 2007
New Revision: 69798

URL: http://svn.digium.com/view/asterisk?view=rev&rev=69798
Log:
commit my local changes as well as enable automerge

Modified:
    team/bbryant/ssl-tcp-tls/   (props changed)
    team/bbryant/ssl-tcp-tls/channels/chan_sip.c
    team/bbryant/ssl-tcp-tls/include/asterisk/http.h
    team/bbryant/ssl-tcp-tls/main/Makefile
    team/bbryant/ssl-tcp-tls/main/http.c
    team/bbryant/ssl-tcp-tls/main/manager.c

Propchange: team/bbryant/ssl-tcp-tls/
------------------------------------------------------------------------------
    automerge = *

Propchange: team/bbryant/ssl-tcp-tls/
------------------------------------------------------------------------------
    automerge-email = bbryant at digium.com

Modified: team/bbryant/ssl-tcp-tls/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/ssl-tcp-tls/channels/chan_sip.c?view=diff&rev=69798&r1=69797&r2=69798
==============================================================================
--- team/bbryant/ssl-tcp-tls/channels/chan_sip.c (original)
+++ team/bbryant/ssl-tcp-tls/channels/chan_sip.c Mon Jun 18 15:02:57 2007
@@ -144,6 +144,7 @@
 #include "asterisk/translate.h"
 #include "asterisk/version.h"
 #include "asterisk/event.h"
+#include "asterisk/server.h"
 
 #ifndef FALSE
 #define FALSE    0
@@ -588,6 +589,7 @@
 static int global_t1min;		/*!< T1 roundtrip time minimum */
 static int global_regextenonqualify;  /*!< Whether to add/remove regexten when qualifying peers */
 static int global_autoframing;          /*!< Turn autoframing on or off. */
+static int global_tcpenable;	/*!< Turn TCP on/off */
 static enum transfermodes global_allowtransfer;	/*!< SIP Refer restriction scheme */
 static struct sip_proxy global_outboundproxy;	/*!< Outbound proxy */
 
@@ -976,6 +978,7 @@
 		AST_STRING_FIELD(rpid);		/*!< Our RPID header */
 		AST_STRING_FIELD(rpid_from);	/*!< Our RPID From header */
 		AST_STRING_FIELD(url);		/*!< URL to be sent with next message to peer */
+		AST_STRING_FIELD(transport); /*!< Transport type (i.e. UDP, TCP, TLS ... etc) */
 	);
 	unsigned int ocseq;			/*!< Current outgoing seqno */
 	unsigned int icseq;			/*!< Current incoming seqno */
@@ -17166,6 +17169,10 @@
 
 	global_matchexterniplocally = FALSE;
 
+	/* Set some default TCP/TLS settings */
+	global_tcpenable = TRUE;
+	// sip_tls_cfg.enabled = FALSE;
+
 	/* Copy the default jb config over global_jbconf */
 	memcpy(&global_jbconf, &default_jbconf, sizeof(struct ast_jb_conf));
 
@@ -17202,6 +17209,10 @@
 			ast_set2_flag(&global_flags[1], ast_true(v->value), SIP_PAGE2_IGNOREREGEXPIRE);	
 		} else if (!strcasecmp(v->name, "t1min")) {
 			global_t1min = atoi(v->value);
+		} else if (!strcasecmp(v->name, "tcpenable")) {
+			global_tcpenable = ast_true(v->value);
+		} else if (!strcasecmp(v->name, "tlsenable")) {
+			global_tcpenable = ast_true(v->value);
 		} else if (!strcasecmp(v->name, "rtautoclear")) {
 			int i = atoi(v->value);
 			if (i > 0)

Modified: team/bbryant/ssl-tcp-tls/include/asterisk/http.h
URL: http://svn.digium.com/view/asterisk/team/bbryant/ssl-tcp-tls/include/asterisk/http.h?view=diff&rev=69798&r1=69797&r2=69798
==============================================================================
--- team/bbryant/ssl-tcp-tls/include/asterisk/http.h (original)
+++ team/bbryant/ssl-tcp-tls/include/asterisk/http.h Mon Jun 18 15:02:57 2007
@@ -50,90 +50,6 @@
  * be run earlier in the startup process so modules have it available.
  */
 
-#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
-#define	DO_SSL	/* comment in/out if you want to support ssl */
-#endif
-
-#ifdef DO_SSL
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#else
-/* declare dummy types so we can define a pointer to them */
-typedef struct {} SSL;
-typedef struct {} SSL_CTX;
-#endif /* DO_SSL */
-
-/*! SSL support */  
-#define AST_CERTFILE "asterisk.pem"
-
-struct tls_config {
-	int enabled;
-	char *certfile;
-	char *cipher;
-	SSL_CTX *ssl_ctx;
-};
-
-/*!
- * The following code implements a generic mechanism for starting
- * services on a TCP or TLS socket.
- * The service is configured in the struct server_args, and
- * then started by calling server_start(desc) on the descriptor.
- * server_start() first verifies if an instance of the service is active,
- * and in case shuts it down. Then, if the service must be started, creates
- * a socket and a thread in charge of doing the accept().
- *
- * The body of the thread is desc->accept_fn(desc), which the user can define
- * freely. We supply a sample implementation, server_root(), structured as an
- * infinite loop. At the beginning of each iteration it runs periodic_fn()
- * if defined (e.g. to perform some cleanup etc.) then issues a poll()
- * or equivalent with a timeout of 'poll_timeout' milliseconds, and if the
- * following accept() is successful it creates a thread in charge of
- * running the session, whose body is desc->worker_fn(). The argument of
- * worker_fn() is a struct server_instance, which contains the address
- * of the other party, a pointer to desc, the file descriptors (fd) on which
- * we can do a select/poll (but NOT IO/, and a FILE * on which we can do I/O.
- * We have both because we want to support plain and SSL sockets, and
- * going through a FILE * lets us provide the encryption/decryption
- * on the stream without using an auxiliary thread.
- *
- * NOTE: in order to let other parts of asterisk use these services,
- * we need to do the following:
- *    + move struct server_instance and struct server_args to
- *	a common header file, together with prototypes for
- *	server_start() and server_root().
- *    +
- */
- 
-/*!
- * describes a server instance
- */
-struct server_instance {
-	FILE *f;	/* fopen/funopen result */
-	int fd;		/* the socket returned by accept() */
-	SSL *ssl;	/* ssl state */
-	struct sockaddr_in requestor;
-	struct server_args *parent;
-};
-
-/*!
- * arguments for the accepting thread
- */
-struct server_args {
-	struct sockaddr_in sin;
-	struct sockaddr_in oldsin;
-	struct tls_config *tls_cfg;	/* points to the SSL configuration if any */
-	int accept_fd;
-	int poll_timeout;
-	pthread_t master;
-	void *(*accept_fn)(void *);	/* the function in charge of doing the accept */
-	void (*periodic_fn)(void *);	/* something we may want to run before after select on the accept socket */
-	void *(*worker_fn)(void *);	/* the function in charge of doing the actual work */
-	const char *name;
-};
-
-void *server_root(void *);
-void server_start(struct server_args *desc);
-int ssl_setup(struct tls_config *cfg);
 
 /*! \brief HTTP Callbacks take the socket
 

Modified: team/bbryant/ssl-tcp-tls/main/Makefile
URL: http://svn.digium.com/view/asterisk/team/bbryant/ssl-tcp-tls/main/Makefile?view=diff&rev=69798&r1=69797&r2=69798
==============================================================================
--- team/bbryant/ssl-tcp-tls/main/Makefile (original)
+++ team/bbryant/ssl-tcp-tls/main/Makefile Mon Jun 18 15:02:57 2007
@@ -26,7 +26,7 @@
 	utils.o plc.o jitterbuf.o dnsmgr.o devicestate.o \
 	netsock.o slinfactory.o ast_expr2.o ast_expr2f.o \
 	cryptostub.o sha1.o http.o fixedjitterbuf.o abstract_jb.o \
-	strcompat.o threadstorage.o dial.o event.o adsistub.o
+	strcompat.o threadstorage.o dial.o event.o adsistub.o server.o
 
 # we need to link in the objects statically, not as a library, because
 # otherwise modules will not have them available if none of the static

Modified: team/bbryant/ssl-tcp-tls/main/http.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/ssl-tcp-tls/main/http.c?view=diff&rev=69798&r1=69797&r2=69798
==============================================================================
--- team/bbryant/ssl-tcp-tls/main/http.c (original)
+++ team/bbryant/ssl-tcp-tls/main/http.c Mon Jun 18 15:02:57 2007
@@ -51,6 +51,7 @@
 #include "minimime/mm.h"
 
 #include "asterisk/cli.h"
+#include "asterisk/server.h"
 #include "asterisk/http.h"
 #include "asterisk/utils.h"
 #include "asterisk/strings.h"
@@ -676,7 +677,7 @@
  * We use wrappers rather than SSL_read/SSL_write directly so
  * we can put in some debugging.
  */
-static HOOK_T ssl_read(void *cookie, char *buf, LEN_T len)
+/*static HOOK_T ssl_read(void *cookie, char *buf, LEN_T len)
 {
 	int i = SSL_read(cookie, buf, len-1);
 #if 0
@@ -704,54 +705,8 @@
 	SSL_shutdown(cookie);
 	SSL_free(cookie);
 	return 0;
-}
+}*/
 #endif	/* DO_SSL */
-
-/*!
- * creates a FILE * from the fd passed by the accept thread.
- * This operation is potentially expensive (certificate verification),
- * so we do it in the child thread context.
- */
-static void *make_file_from_fd(void *data)
-{
-	struct server_instance *ser = data;
-
-	/*
-	 * open a FILE * as appropriate.
-	 */
-	if (!ser->parent->tls_cfg)
-		ser->f = fdopen(ser->fd, "w+");
-#ifdef DO_SSL
-	else if ( (ser->ssl = SSL_new(ser->parent->tls_cfg->ssl_ctx)) ) {
-		SSL_set_fd(ser->ssl, ser->fd);
-		if (SSL_accept(ser->ssl) == 0)
-			ast_verbose(" error setting up ssl connection");
-		else {
-#if defined(HAVE_FUNOPEN)	/* the BSD interface */
-			ser->f = funopen(ser->ssl, ssl_read, ssl_write, NULL, ssl_close);
-
-#elif defined(HAVE_FOPENCOOKIE)	/* the glibc/linux interface */
-			static const cookie_io_functions_t cookie_funcs = {
-				ssl_read, ssl_write, NULL, ssl_close
-			};
-			ser->f = fopencookie(ser->ssl, "w+", cookie_funcs);
-#else
-			/* could add other methods here */
-#endif
-		}
-		if (!ser->f)	/* no success opening descriptor stacking */
-			SSL_free(ser->ssl);
-	}
-#endif /* DO_SSL */
-
-	if (!ser->f) {
-		close(ser->fd);
-		ast_log(LOG_WARNING, "FILE * open failed!\n");
-		ast_free(ser);
-		return NULL;
-	}
-	return ser->parent->worker_fn(ser);
-}
 
 static void *httpd_helper_thread(void *data)
 {
@@ -897,154 +852,6 @@
 	fclose(ser->f);
 	ast_free(ser);
 	return NULL;
-}
-
-void *server_root(void *data)
-{
-	struct server_args *desc = data;
-	int fd;
-	struct sockaddr_in sin;
-	socklen_t sinlen;
-	struct server_instance *ser;
-	pthread_t launched;
-	
-	for (;;) {
-		int i, flags;
-
-		if (desc->periodic_fn)
-			desc->periodic_fn(desc);
-		i = ast_wait_for_input(desc->accept_fd, desc->poll_timeout);
-		if (i <= 0)
-			continue;
-		sinlen = sizeof(sin);
-		fd = accept(desc->accept_fd, (struct sockaddr *)&sin, &sinlen);
-		if (fd < 0) {
-			if ((errno != EAGAIN) && (errno != EINTR))
-				ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
-			continue;
-		}
-		ser = ast_calloc(1, sizeof(*ser));
-		if (!ser) {
-			ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno));
-			close(fd);
-			continue;
-		}
-		flags = fcntl(fd, F_GETFL);
-		fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
-		ser->fd = fd;
-		ser->parent = desc;
-		memcpy(&ser->requestor, &sin, sizeof(ser->requestor));
-			
-		if (ast_pthread_create_detached_background(&launched, NULL, make_file_from_fd, ser)) {
-			ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
-			close(ser->fd);
-			ast_free(ser);
-		}
-
-	}
-	return NULL;
-}
-
-int ssl_setup(struct tls_config *cfg)
-{
-#ifndef DO_SSL
-	cfg->enabled = 0;
-	return 0;
-#else
-	if (!cfg->enabled)
-		return 0;
-	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
-	cfg->ssl_ctx = SSL_CTX_new( SSLv23_server_method() );
-	if (!ast_strlen_zero(cfg->certfile)) {
-		if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
-		    SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
-		    SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) {
-			ast_verbose("ssl cert error <%s>", cfg->certfile);
-			sleep(2);
-			cfg->enabled = 0;
-			return 0;
-		}
-	}
-	if (!ast_strlen_zero(cfg->cipher)) {
-		if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
-			ast_verbose("ssl cipher error <%s>", cfg->cipher);
-			sleep(2);
-			cfg->enabled = 0;
-			return 0;
-		}
-	}
-	ast_verbose("ssl cert ok");
-	return 1;
-#endif
-}
-
-/*!
- * This is a generic (re)start routine for a TCP server,
- * which does the socket/bind/listen and starts a thread for handling
- * accept().
- */
-void server_start(struct server_args *desc)
-{
-	int flags;
-	int x = 1;
-	
-	/* Do nothing if nothing has changed */
-	if (!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
-		if (option_debug)
-			ast_log(LOG_DEBUG, "Nothing changed in %s\n", desc->name);
-		return;
-	}
-	
-	desc->oldsin = desc->sin;
-	
-	/* Shutdown a running server if there is one */
-	if (desc->master != AST_PTHREADT_NULL) {
-		pthread_cancel(desc->master);
-		pthread_kill(desc->master, SIGURG);
-		pthread_join(desc->master, NULL);
-	}
-	
-	if (desc->accept_fd != -1)
-		close(desc->accept_fd);
-
-	/* If there's no new server, stop here */
-	if (desc->sin.sin_family == 0)
-		return;
-
-	desc->accept_fd = socket(AF_INET, SOCK_STREAM, 0);
-	if (desc->accept_fd < 0) {
-		ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
-			desc->name, strerror(errno));
-		return;
-	}
-	
-	setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
-	if (bind(desc->accept_fd, (struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
-		ast_log(LOG_NOTICE, "Unable to bind %s to %s:%d: %s\n",
-			desc->name,
-			ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
-			strerror(errno));
-		goto error;
-	}
-	if (listen(desc->accept_fd, 10)) {
-		ast_log(LOG_NOTICE, "Unable to listen for %s!\n", desc->name);
-		goto error;
-	}
-	flags = fcntl(desc->accept_fd, F_GETFL);
-	fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
-	if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
-		ast_log(LOG_NOTICE, "Unable to launch %s on %s:%d: %s\n",
-			desc->name,
-			ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
-			strerror(errno));
-		goto error;
-	}
-	return;
-
-error:
-	close(desc->accept_fd);
-	desc->accept_fd = -1;
 }
 
 /*!

Modified: team/bbryant/ssl-tcp-tls/main/manager.c
URL: http://svn.digium.com/view/asterisk/team/bbryant/ssl-tcp-tls/main/manager.c?view=diff&rev=69798&r1=69797&r2=69798
==============================================================================
--- team/bbryant/ssl-tcp-tls/main/manager.c (original)
+++ team/bbryant/ssl-tcp-tls/main/manager.c Mon Jun 18 15:02:57 2007
@@ -75,6 +75,7 @@
 #include "asterisk/md5.h"
 #include "asterisk/acl.h"
 #include "asterisk/utils.h"
+#include "asterisk/server.h"
 #include "asterisk/http.h"
 #include "asterisk/version.h"
 #include "asterisk/threadstorage.h"

More information about the asterisk-commits mailing list