[asterisk-commits] seanbright: branch seanbright/resolve-shadow-warnings r118166 - in /team/sean...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri May 23 16:35:55 CDT 2008
Author: seanbright
Date: Fri May 23 16:35:55 2008
New Revision: 118166
URL: http://svn.digium.com/view/asterisk?view=rev&rev=118166
Log:
Merged revisions 118161,118164 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
................
r118161 | bbryant | 2008-05-23 17:19:42 -0400 (Fri, 23 May 2008) | 3 lines
Add new functionality to http server that requires manager authentication for any path that includes a directory named 'private'. This patch also
requires manager authentication for any POST's being sent to the server as well to help secure uploads.
................
r118164 | jpeeler | 2008-05-23 17:26:39 -0400 (Fri, 23 May 2008) | 9 lines
Merged revisions 118163 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r118163 | jpeeler | 2008-05-23 16:21:35 -0500 (Fri, 23 May 2008) | 1 line
Fix a few things I missed to ensure zt_chan_conf structure is not modified in mkintf
........
................
Modified:
team/seanbright/resolve-shadow-warnings/ (props changed)
team/seanbright/resolve-shadow-warnings/channels/chan_zap.c
team/seanbright/resolve-shadow-warnings/include/asterisk/manager.h
team/seanbright/resolve-shadow-warnings/main/http.c
team/seanbright/resolve-shadow-warnings/main/manager.c
Propchange: team/seanbright/resolve-shadow-warnings/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Propchange: team/seanbright/resolve-shadow-warnings/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Fri May 23 16:35:55 2008
@@ -1,1 +1,1 @@
-/trunk:1-118160
+/trunk:1-118164
Modified: team/seanbright/resolve-shadow-warnings/channels/chan_zap.c
URL: http://svn.digium.com/view/asterisk/team/seanbright/resolve-shadow-warnings/channels/chan_zap.c?view=diff&rev=118166&r1=118165&r2=118166
==============================================================================
--- team/seanbright/resolve-shadow-warnings/channels/chan_zap.c (original)
+++ team/seanbright/resolve-shadow-warnings/channels/chan_zap.c Fri May 23 16:35:55 2008
@@ -8212,13 +8212,13 @@
}
#endif
#ifdef HAVE_PRI
- if ((conf->chan.sig == SIG_PRI) || (conf->chan.sig == SIG_BRI) || (conf->chan.sig == SIG_BRI_PTMP) || (conf->chan.sig == SIG_GR303FXOKS) || (conf->chan.sig == SIG_GR303FXSKS)) {
+ if ((chan_sig == SIG_PRI) || (chan_sig == SIG_BRI) || (chan_sig == SIG_BRI_PTMP) || (chan_sig == SIG_GR303FXOKS) || (chan_sig == SIG_GR303FXSKS)) {
int offset;
int myswitchtype;
int matchesdchan;
int span_idx, chan_idx;
offset = 0;
- if (((conf->chan.sig == SIG_PRI) || (conf->chan.sig == SIG_BRI) || (conf->chan.sig == SIG_BRI_PTMP))
+ if (((chan_sig == SIG_PRI) || (chan_sig == SIG_BRI) || (chan_sig == SIG_BRI_PTMP))
&& ioctl(tmp->subs[SUB_REAL].zfd, ZT_AUDIOMODE, &offset)) {
ast_log(LOG_ERROR, "Unable to set clear mode on clear channel %d of span %d: %s\n", channel, p.spanno, strerror(errno));
destroy_zt_pvt(&tmp);
@@ -8243,9 +8243,9 @@
destroy_zt_pvt(&tmp);
return NULL;
}
- if ((conf->chan.sig == SIG_PRI) ||
- (conf->chan.sig == SIG_BRI) ||
- (conf->chan.sig == SIG_BRI_PTMP))
+ if ((chan_sig == SIG_PRI) ||
+ (chan_sig == SIG_BRI) ||
+ (chan_sig == SIG_BRI_PTMP))
myswitchtype = conf->pri.switchtype;
else
myswitchtype = PRI_SWITCH_GR303_TMC;
Modified: team/seanbright/resolve-shadow-warnings/include/asterisk/manager.h
URL: http://svn.digium.com/view/asterisk/team/seanbright/resolve-shadow-warnings/include/asterisk/manager.h?view=diff&rev=118166&r1=118165&r2=118166
==============================================================================
--- team/seanbright/resolve-shadow-warnings/include/asterisk/manager.h (original)
+++ team/seanbright/resolve-shadow-warnings/include/asterisk/manager.h Fri May 23 16:35:55 2008
@@ -203,6 +203,9 @@
void __attribute__ ((format (printf, 2, 3))) astman_append(struct mansession *s, const char *fmt, ...);
+/*! \brief Determinie if a manager session ident is authenticated */
+int astman_is_authed(uint32_t ident);
+
/*! \brief Called by Asterisk initialization */
int init_manager(void);
Modified: team/seanbright/resolve-shadow-warnings/main/http.c
URL: http://svn.digium.com/view/asterisk/team/seanbright/resolve-shadow-warnings/main/http.c?view=diff&rev=118166&r1=118165&r2=118166
==============================================================================
--- team/seanbright/resolve-shadow-warnings/main/http.c (original)
+++ team/seanbright/resolve-shadow-warnings/main/http.c Fri May 23 16:35:55 2008
@@ -131,6 +131,18 @@
return wkspace;
}
+static uint32_t manid_from_vars(struct ast_variable *sid) {
+ uint32_t mngid;
+
+ while (sid && strcmp(sid->name, "mansession_id"))
+ sid = sid->next;
+
+ if (!sid || sscanf(sid->value, "%x", &mngid) != 1)
+ return 0;
+
+ return mngid;
+}
+
static struct ast_str *static_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *vars, struct ast_variable *headers, int *status, char **title, int *contentlength)
{
char *path;
@@ -178,9 +190,13 @@
if (S_ISDIR(st.st_mode)) {
goto out404;
- }
+ }
if ((fd = open(path, O_RDONLY)) < 0) {
+ goto out403;
+ }
+
+ if (strstr(path, "/private/") && !astman_is_authed(manid_from_vars(vars))) {
goto out403;
}
@@ -514,7 +530,11 @@
}
}
- if (urih) {
+ if (method == AST_HTTP_POST && !astman_is_authed(manid_from_vars(vars))) {
+ out = ast_http_error((*status = 403),
+ (*title = ast_strdup("Access Denied")),
+ NULL, "Sorry, I cannot let you do that, Dave.");
+ } else if (urih) {
*static_content = urih->static_content;
out = urih->callback(ser, urih, uri, method, vars, headers, status, title, contentlength);
AST_RWLIST_UNLOCK(&uris);
Modified: team/seanbright/resolve-shadow-warnings/main/manager.c
URL: http://svn.digium.com/view/asterisk/team/seanbright/resolve-shadow-warnings/main/manager.c?view=diff&rev=118166&r1=118165&r2=118166
==============================================================================
--- team/seanbright/resolve-shadow-warnings/main/manager.c (original)
+++ team/seanbright/resolve-shadow-warnings/main/manager.c Fri May 23 16:35:55 2008
@@ -3292,7 +3292,7 @@
* the value of the mansession_id cookie (0 is not valid and means
* a session on the AMI socket).
*/
-static struct mansession *find_session(uint32_t ident)
+static struct mansession *find_session(uint32_t ident, int incinuse)
{
struct mansession *s;
@@ -3303,7 +3303,7 @@
AST_LIST_TRAVERSE(&sessions, s, list) {
ast_mutex_lock(&s->__lock);
if (s->managerid == ident && !s->needdestroy) {
- ast_atomic_fetchadd_int(&s->inuse, 1);
+ ast_atomic_fetchadd_int(&s->inuse, incinuse ? 1 : 0);
break;
}
ast_mutex_unlock(&s->__lock);
@@ -3311,6 +3311,21 @@
AST_LIST_UNLOCK(&sessions);
return s;
+}
+
+int astman_is_authed(uint32_t ident)
+{
+ int authed;
+ struct mansession *s;
+
+ if (!(s = find_session(ident, 0)))
+ return 0;
+
+ authed = (s->authenticated != 0);
+
+ ast_mutex_unlock(&s->__lock);
+
+ return authed;
}
int astman_verify_session_readpermissions(uint32_t ident, int perm)
@@ -3603,7 +3618,7 @@
}
}
- if (!(s = find_session(ident))) {
+ if (!(s = find_session(ident, 1))) {
/* Create new session.
* While it is not in the list we don't need any locking
*/
More information about the asterisk-commits
mailing list