[asterisk-commits] russell: branch 1.6.0 r190986 - in /branches/1.6.0: apps/ configs/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Apr 29 02:37:07 CDT 2009


Author: russell
Date: Wed Apr 29 02:37:04 2009
New Revision: 190986

URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=190986
Log:
Revert revision 190576 after out of band discussion with transnexus.

Modified:
    branches/1.6.0/apps/app_osplookup.c
    branches/1.6.0/configs/osp.conf.sample

Modified: branches/1.6.0/apps/app_osplookup.c
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/apps/app_osplookup.c?view=diff&rev=190986&r1=190985&r2=190986
==============================================================================
--- branches/1.6.0/apps/app_osplookup.c (original)
+++ branches/1.6.0/apps/app_osplookup.c Wed Apr 29 02:37:04 2009
@@ -39,7 +39,6 @@
 
 #include <osp/osp.h>
 #include <osp/osputils.h>
-#include <osp/ospb64.h>
 
 #include "asterisk/paths.h"
 #include "asterisk/lock.h"
@@ -56,7 +55,6 @@
 /* OSP Buffer Sizes */
 #define OSP_INTSTR_SIZE		((unsigned int)16)		/* OSP signed/unsigned int string buffer size */
 #define OSP_NORSTR_SIZE		((unsigned int)256)		/* OSP normal string buffer size */
-#define OSP_KEYSTR_SIZE		((unsigned int)1024)	/* OSP certificate string buffer size */
 #define OSP_TOKSTR_SIZE		((unsigned int)4096)	/* OSP token string buffer size */
 #define OSP_TECHSTR_SIZE	((unsigned int)32)		/* OSP signed/unsigned int string buffer size */
 #define OSP_UUID_SIZE		((unsigned int)16)		/* UUID size */
@@ -146,7 +144,7 @@
 /* Call ID */
 struct osp_callid {
 	unsigned char buf[OSPC_CALLID_MAXSIZE];		/* Call ID string */
-	unsigned int len;							/* Call ID length */
+	unsigned int len;					/* Call ID length */
 };
 
 /* OSP Application In/Output Results */
@@ -169,14 +167,8 @@
 AST_MUTEX_DEFINE_STATIC(osplock);							/* Lock of OSP provider list */
 static int osp_initialized = 0;								/* Init flag */
 static int osp_hardware = 0;								/* Hardware accelleration flag */
-static int osp_security = 0;								/* Using security features flag */
 static struct osp_provider* ospproviders = NULL;			/* OSP provider list */
 static unsigned int osp_tokenformat = TOKEN_ALGO_SIGNED;	/* Token format supported */
-
-/* OSP default certificates */
-const char* B64PKey = "MIIBOgIBAAJBAK8t5l+PUbTC4lvwlNxV5lpl+2dwSZGW46dowTe6y133XyVEwNiiRma2YNk3xKs/TJ3Wl9Wpns2SYEAJsFfSTukCAwEAAQJAPz13vCm2GmZ8Zyp74usTxLCqSJZNyMRLHQWBM0g44Iuy4wE3vpi7Wq+xYuSOH2mu4OddnxswCP4QhaXVQavTAQIhAOBVCKXtppEw9UaOBL4vW0Ed/6EA/1D8hDW6St0h7EXJAiEAx+iRmZKhJD6VT84dtX5ZYNVk3j3dAcIOovpzUj9a0CECIEduTCapmZQ5xqAEsLXuVlxRtQgLTUD4ZxDElPn8x0MhAiBE2HlcND0+qDbvtwJQQOUzDgqg5xk3w8capboVdzAlQQIhAMC+lDL7+gDYkNAft5Mu+NObJmQs4Cr+DkDFsKqoxqrm";
-const char* B64LCert = "MIIBeTCCASMCEHqkOHVRRWr+1COq3CR/xsowDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTA1MDYyMzAwMjkxOFoXDTA2MDYyNDAwMjkxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvLeZfj1G0wuJb8JTcVeZaZftncEmRluOnaME3ustd918lRMDYokZmtmDZN8SrP0yd1pfVqZ7NkmBACbBX0k7pAgMBAAEwDQYJKoZIhvcNAQEEBQADQQDnV8QNFVVJx/+7IselU0wsepqMurivXZzuxOmTEmTVDzCJx1xhA8jd3vGAj7XDIYiPub1PV23eY5a2ARJuw5w9";
-const char* B64CACert = "MIIBYDCCAQoCAQEwDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTAyMDIwNDE4MjU1MloXDTEyMDIwMzE4MjU1MlowOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPGeGwV41EIhX0jEDFLRXQhDEr50OUQPq+f55VwQd0TQNts06BP29+UiNdRW3c3IRHdZcJdC1Cg68ME9cgeq0h8CAwEAATANBgkqhkiG9w0BAQQFAANBAGkzBSj1EnnmUxbaiG1N4xjIuLAWydun7o3bFk2tV8dBIhnuh445obYyk1EnQ27kI7eACCILBZqi2MHDOIMnoN0=";
 
 /* OSP Client Wrapper APIs */
 
@@ -190,29 +182,25 @@
 	struct ast_config* cfg,
 	const char* provider)
 {
-	int res = 0;
+	int res;
+	unsigned int t, i, j;
+	struct osp_provider* p;
 	struct ast_variable* v;
-	struct osp_provider* p;
 	OSPTPRIVATEKEY privatekey;
-	OSPT_CERT localcert;
-	OSPT_CERT cacerts[OSP_MAX_CERTS];
-	const OSPT_CERT* pcacerts[OSP_MAX_CERTS];
+	OSPTCERT localcert;
 	const char* psrvpoints[OSP_MAX_SRVS];
-	unsigned char privatekeydata[OSP_KEYSTR_SIZE];
-	unsigned char localcertdata[OSP_KEYSTR_SIZE];
-	unsigned char cacertdata[OSP_KEYSTR_SIZE];
-	int i, t, error = OSPC_ERR_NO_ERROR;
+	OSPTCERT cacerts[OSP_MAX_CERTS];
+	const OSPTCERT* pcacerts[OSP_MAX_CERTS];
+	int error = OSPC_ERR_NO_ERROR;
 
 	if (!(p = ast_calloc(1, sizeof(*p)))) {
 		ast_log(LOG_ERROR, "Out of memory\n");
 		return -1;
 	}
 
-	/* ast_calloc has set 0 in p */
 	ast_copy_string(p->name, provider, sizeof(p->name));
 	snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s-privatekey.pem", ast_config_AST_KEY_DIR, provider);
 	snprintf(p->localcert, sizeof(p->localcert), "%s/%s-localcert.pem", ast_config_AST_KEY_DIR, provider);
-	snprintf(p->cacerts[0], sizeof(p->cacerts[0]), "%s/%s-cacert_0.pem", ast_config_AST_KEY_DIR, provider);
 	p->maxconnections = OSP_DEF_MAXCONNECTIONS;
 	p->retrydelay = OSP_DEF_RETRYDELAY;
 	p->retrylimit = OSP_DEF_RETRYLIMIT;
@@ -224,36 +212,30 @@
 	v = ast_variable_browse(cfg, provider);
 	while(v) {
 		if (!strcasecmp(v->name, "privatekey")) {
-			if (osp_security) {
+			if (v->value[0] == '/') {
+				ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
+			} else {
+				snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+			}
+			ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
+		} else if (!strcasecmp(v->name, "localcert")) {
+			if (v->value[0] == '/') {
+				ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
+			} else {
+				snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+			}
+			ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
+		} else if (!strcasecmp(v->name, "cacert")) {
+			if (p->cacount < OSP_MAX_CERTS) {
 				if (v->value[0] == '/') {
-					ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
+					ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
 				} else {
-					snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+					snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
 				}
-				ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
-			}
-		} else if (!strcasecmp(v->name, "localcert")) {
-			if (osp_security) {
-				if (v->value[0] == '/') {
-					ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
-				} else {
-					snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
-				}
-				ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
-			}
-		} else if (!strcasecmp(v->name, "cacert")) {
-			if (osp_security) {
-				if (p->cacount < OSP_MAX_CERTS) {
-					if (v->value[0] == '/') {
-						ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
-					} else {
-						snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
-					}
-					ast_debug(1, "OSP: cacerts[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
-					p->cacount++;
-				} else {
-					ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
-				}
+				ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
+				p->cacount++;
+			} else {
+				ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
 			}
 		} else if (!strcasecmp(v->name, "servicepoint")) {
 			if (p->spcount < OSP_MAX_SRVS) {
@@ -324,109 +306,95 @@
 		v = v->next;
 	}
 
-	if (p->cacount == 0) {
-		p->cacount = 1;
+	error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey);
+	if (error != OSPC_ERR_NO_ERROR) {
+		ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
+		ast_free(p);
+		return 0;
+	}
+
+	error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert);
+	if (error != OSPC_ERR_NO_ERROR) {
+		ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
+		if (privatekey.PrivateKeyData) {
+			ast_free(privatekey.PrivateKeyData);
+		}
+		ast_free(p);
+		return 0;
+	}
+
+	if (p->cacount < 1) {
+		snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s-cacert.pem", ast_config_AST_KEY_DIR, provider);
+		ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
+		p->cacount++;
+	}
+	for (i = 0; i < p->cacount; i++) {
+		error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i]);
+		if (error != OSPC_ERR_NO_ERROR) {
+			ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
+			for (j = 0; j < i; j++) {
+				if (cacerts[j].CertData) {
+					ast_free(cacerts[j].CertData);
+				}
+			}
+			if (localcert.CertData) {
+				ast_free(localcert.CertData);
+			}
+			if (privatekey.PrivateKeyData) {
+				ast_free(privatekey.PrivateKeyData);
+			}
+			ast_free(p);
+			return 0;
+		}
+		pcacerts[i] = &cacerts[i];
 	}
 
 	for (i = 0; i < p->spcount; i++) {
 		psrvpoints[i] = p->srvpoints[i];
 	}
 
-	if (osp_security) {
-		privatekey.PrivateKeyData = NULL;
-		privatekey.PrivateKeyLength = 0;
-
-		localcert.CertData = NULL;
-		localcert.CertDataLength = 0;
-
-		for (i = 0; i < p->cacount; i++) {
-			cacerts[i].CertData = NULL;
-			cacerts[i].CertDataLength = 0;
-		}
-
-		if ((error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey)) != OSPC_ERR_NO_ERROR) {
-			ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
-		} else if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert)) != OSPC_ERR_NO_ERROR) { 
-			ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
-		} else {
-			for (i = 0; i < p->cacount; i++) {
-				if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i])) != OSPC_ERR_NO_ERROR) {
-					ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
-					break;
-				} else {
-					pcacerts[i] = &cacerts[i];
-				}
-			}
-		}
+	error = OSPPProviderNew(
+				p->spcount,
+				psrvpoints,
+				NULL,
+				OSP_AUDIT_URL,
+				&privatekey,
+				&localcert,
+				p->cacount,
+				pcacerts,
+				OSP_LOCAL_VALIDATION,
+				OSP_SSL_LIFETIME,
+				p->maxconnections,
+				OSP_HTTP_PERSISTENCE,
+				p->retrydelay,
+				p->retrylimit,
+				p->timeout,
+				OSP_CUSTOMER_ID,
+				OSP_DEVICE_ID,
+				&p->handle);
+	if (error != OSPC_ERR_NO_ERROR) {
+		ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
+		ast_free(p);
+		res = -1;
 	} else {
-		privatekey.PrivateKeyData = privatekeydata;
-		privatekey.PrivateKeyLength = sizeof(privatekeydata);
-
-		localcert.CertData = localcertdata;
-		localcert.CertDataLength = sizeof(localcertdata);
-
-		cacerts[0].CertData = cacertdata;
-		cacerts[0].CertDataLength = sizeof(cacertdata);
-		pcacerts[0] = &cacerts[0];
-
-		if ((error = OSPPBase64Decode(B64PKey, strlen(B64PKey), privatekey.PrivateKeyData, &privatekey.PrivateKeyLength)) != OSPC_ERR_NO_ERROR) {
-			ast_log(LOG_WARNING, "OSP: Unable to decode private key, error '%d'\n", error);
-		} else if ((error = OSPPBase64Decode(B64LCert, strlen(B64LCert), localcert.CertData, &localcert.CertDataLength)) != OSPC_ERR_NO_ERROR) {
-			ast_log(LOG_WARNING, "OSP: Unable to decode local cert, error '%d'\n", error);
-		} else if ((error = OSPPBase64Decode(B64CACert, strlen(B64CACert), cacerts[0].CertData, &cacerts[0].CertDataLength)) != OSPC_ERR_NO_ERROR) {
-			ast_log(LOG_WARNING, "OSP: Unable to decode cacert, error '%d'\n", error);
-		}
-	}
-
-	if (error == OSPC_ERR_NO_ERROR) {
-		error = OSPPProviderNew(
-			p->spcount,
-			psrvpoints,
-			NULL,
-			OSP_AUDIT_URL,
-			&privatekey,
-			&localcert,
-			p->cacount,
-			pcacerts,
-			OSP_LOCAL_VALIDATION,
-			OSP_SSL_LIFETIME,
-			p->maxconnections,
-			OSP_HTTP_PERSISTENCE,
-			p->retrydelay,
-			p->retrylimit,
-			p->timeout,
-			OSP_CUSTOMER_ID,
-			OSP_DEVICE_ID,
-			&p->handle);
-		if (error != OSPC_ERR_NO_ERROR) {
-			ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
-			res = -1;
-		} else {
-			ast_debug(1, "OSP: provider '%s'\n", provider);
-			ast_mutex_lock(&osplock);
-			p->next = ospproviders;
-			ospproviders = p;
-			ast_mutex_unlock(&osplock);
-			res = 1;
-		}
-	}
-
-	if (osp_security) {
-		for (i = 0; i < p->cacount; i++) {
-			if (cacerts[i].CertData) {
-				ast_free(cacerts[i].CertData);
-			}
-		}
-		if (localcert.CertData) {
-			ast_free(localcert.CertData);
-		}
-		if (privatekey.PrivateKeyData) {
-			ast_free(privatekey.PrivateKeyData);
-		}
-	}
-
-	if (res != 1) {
-		ast_free(p);
+		ast_debug(1, "OSP: provider '%s'\n", provider);
+		ast_mutex_lock(&osplock);
+		p->next = ospproviders;
+		ospproviders = p;
+		ast_mutex_unlock(&osplock);
+		res = 1;
+	}
+
+	for (i = 0; i < p->cacount; i++) {
+		if (cacerts[i].CertData) {
+			ast_free(cacerts[i].CertData);
+		}
+	}
+	if (localcert.CertData) {
+		ast_free(localcert.CertData);
+	}
+	if (privatekey.PrivateKeyData) {
+		ast_free(privatekey.PrivateKeyData);
 	}
 
 	return res;
@@ -556,26 +524,26 @@
 	osp_convert_address(source, src, sizeof(src));
 	osp_convert_address(destination, dst, sizeof(dst));
 	error = OSPPTransactionValidateAuthorisation(
-		transaction,
-		src,
-		dst,
-		NULL,
-		NULL,
-		calling ? calling : "",
-		OSPC_NFORMAT_E164,
-		called,
-		OSPC_NFORMAT_E164,
-		0,
-		NULL,
-		tokenlen,
-		(char*)tokenstr,
-		&authorised,
-		timelimit,
-		&dummy,
-		NULL,
-		osp_tokenformat);
+				transaction,
+				src,
+				dst,
+				NULL,
+				NULL,
+				calling ? calling : "",
+				OSPC_E164,
+				called,
+				OSPC_E164,
+				0,
+				NULL,
+				tokenlen,
+				(char*)tokenstr,
+				&authorised,
+				timelimit,
+				&dummy,
+				NULL,
+				osp_tokenformat);
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to validate inbound token, error '%d'\n", error);
+		ast_debug(1, "OSP: Unable to validate inbound token\n");
 		res = -1;
 	} else if (authorised) {
 		ast_debug(1, "OSP: Authorised\n");
@@ -626,12 +594,12 @@
 	char* destination,
 	unsigned int tokenlen,
 	const char* token,
-	OSPEFAILREASON* reason,
+	enum OSPEFAILREASON* reason,
 	struct osp_result* result)
 {
 	int res;
-	OSPE_DEST_OSPENABLED enabled;
-	OSPE_DEST_PROTOCOL protocol;
+	OSPE_DEST_OSP_ENABLED enabled;
+	OSPE_DEST_PROT protocol;
 	int error;
 
 	if (strlen(destination) <= 2) {
@@ -646,7 +614,7 @@
 		return -1;
 	}
 
-	if (enabled == OSPC_DOSP_FALSE) {
+	if (enabled == OSPE_OSP_FALSE) {
 		result->token[0] = '\0';
 	} else {
 		ast_base64encode(result->token, (const unsigned char*)token, tokenlen, sizeof(result->token) - 1);
@@ -669,45 +637,45 @@
 	/* Strip leading and trailing brackets */
 	destination[strlen(destination) - 1] = '\0';
 	switch(protocol) {
-	case OSPC_DPROT_Q931:
-		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
-		ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
-		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-		ast_copy_string(result->called, called, sizeof(result->called));
-		ast_copy_string(result->calling, calling, sizeof(result->calling));
-		break;
-	case OSPC_DPROT_SIP:
-		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
-		ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
-		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-		ast_copy_string(result->called, called, sizeof(result->called));
-		ast_copy_string(result->calling, calling, sizeof(result->calling));
-		break;
-	case OSPC_DPROT_IAX:
-		ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
-		ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
-		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-		ast_copy_string(result->called, called, sizeof(result->called));
-		ast_copy_string(result->calling, calling, sizeof(result->calling));
-		break;
-	case OSPC_DPROT_UNDEFINED:
-	case OSPC_DPROT_UNKNOWN:
-		ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
-		ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
-
-		ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
-		ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
-		ast_copy_string(result->called, called, sizeof(result->called));
-		ast_copy_string(result->calling, calling, sizeof(result->calling));
-		break;
-	case OSPC_DPROT_LRQ:
-	default:
-		ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
-		*reason = OSPC_FAIL_PROTOCOL_ERROR;
-		result->token[0] = '\0';
-		result->networkid[0] = '\0';
-		res = 0;
-		break;
+		case OSPE_DEST_PROT_H323_SETUP:
+			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
+			ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
+			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+			ast_copy_string(result->called, called, sizeof(result->called));
+			ast_copy_string(result->calling, calling, sizeof(result->calling));
+			break;
+		case OSPE_DEST_PROT_SIP:
+			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
+			ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
+			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+			ast_copy_string(result->called, called, sizeof(result->called));
+			ast_copy_string(result->calling, calling, sizeof(result->calling));
+			break;
+		case OSPE_DEST_PROT_IAX:
+			ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
+			ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
+			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+			ast_copy_string(result->called, called, sizeof(result->called));
+			ast_copy_string(result->calling, calling, sizeof(result->calling));
+			break;
+		case OSPE_DEST_PROT_UNDEFINED:
+		case OSPE_DEST_PROT_UNKNOWN:
+			ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
+			ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
+
+			ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
+			ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+			ast_copy_string(result->called, called, sizeof(result->called));
+			ast_copy_string(result->calling, calling, sizeof(result->calling));
+			break;
+		case OSPE_DEST_PROT_H323_LRQ:
+		default:
+			ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
+			*reason = OSPC_FAIL_PROTOCOL_ERROR;
+			result->token[0] = '\0';
+			result->networkid[0] = '\0';
+			res = 0;
+			break;
 	}
 
 	return res;
@@ -718,10 +686,10 @@
  * \param cause Asterisk hangup cause
  * \return OSP TC code
  */
-static OSPEFAILREASON asterisk2osp(
+static enum OSPEFAILREASON asterisk2osp(
 	int cause)
 {
-	return (OSPEFAILREASON)cause;
+	return (enum OSPEFAILREASON)cause;
 }
 
 /*!
@@ -757,32 +725,32 @@
 	}
 
 	switch (p->authpolicy) {
-	case OSP_AUTH_NO:
-		res = 1;
-		break;
-	case OSP_AUTH_EXCLUSIVE:
-		if (ast_strlen_zero(token)) {
-			res = 0;
-		} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
-			ast_debug(1, "OSP: Unable to generate transaction handle\n");
-			*transaction = OSP_INVALID_HANDLE;
-			res = 0;
-		} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
-			OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
-		}
-		break;
-	case OSP_AUTH_YES:
-	default:
-		if (ast_strlen_zero(token)) {
+		case OSP_AUTH_NO:
 			res = 1;
-		} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
-			ast_debug(1, "OSP: Unable to generate transaction handle\n");
-			*transaction = OSP_INVALID_HANDLE;
-			res = 0;
-		} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
-			OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
-		}
-		break;
+			break;
+		case OSP_AUTH_EXCLUSIVE:
+			if (ast_strlen_zero(token)) {
+				res = 0;
+			} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
+				ast_debug(1, "OSP: Unable to generate transaction handle\n");
+				*transaction = OSP_INVALID_HANDLE;
+				res = 0;
+			} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
+				OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
+			}
+			break;
+		case OSP_AUTH_YES:
+		default:
+			if (ast_strlen_zero(token)) {
+				res = 1;
+			} else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
+				ast_debug(1, "OSP: Unable to generate transaction handle\n");
+				*transaction = OSP_INVALID_HANDLE;
+				res = 0;
+			} else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
+				OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
+			}
+			break;
 	}
 
 	return res;
@@ -855,15 +823,15 @@
 
 	callid->len = sizeof(callid->buf);
 	switch (type) {
-	case OSP_CALLID_H323:
-		res = osp_create_uuid(callid->buf, &callid->len);
-		break;
-	case OSP_CALLID_SIP:
-	case OSP_CALLID_IAX:
-		res = 0;
-	default:
-		res = -1;
-		break;
+		case OSP_CALLID_H323:
+			res = osp_create_uuid(callid->buf, &callid->len);
+			break;
+		case OSP_CALLID_SIP:
+		case OSP_CALLID_IAX:
+			res = 0;
+		default:
+			res = -1;
+			break;
 	}
 
 	if ((res != 1) && (callid->len != 0)) {
@@ -880,8 +848,6 @@
  * \param srcdev Source device of outbound call
  * \param calling Calling number
  * \param called Called number
- * \param snetid Source network ID
- * \param rnumber Routing number
  * \param callidtypes Call ID types
  * \param result Lookup results
  * \return 1 Found , 0 No route, -1 Error
@@ -891,8 +857,6 @@
 	const char* srcdev,
 	const char* calling,
 	const char* called,
-	const char* snetid,
-	const char* rnumber,
 	unsigned int callidtypes,
 	struct osp_result* result)
 {
@@ -909,9 +873,9 @@
 	unsigned int i, type;
 	struct osp_callid callid;
 	unsigned int callidnum;
-	OSPT_CALL_ID* callids[OSP_CALLID_MAXNUM];
+	OSPTCALLID* callids[OSP_CALLID_MAXNUM];
 	unsigned int dummy = 0;
-	OSPEFAILREASON reason;
+	enum OSPEFAILREASON reason;
 	int error;
 
 	result->outhandle = OSP_INVALID_HANDLE;
@@ -938,14 +902,6 @@
 		return -1;
 	}
 
-	if (!ast_strlen_zero(snetid)) {
-		OSPPTransactionSetNetworkIds(result->outhandle, snetid, "");
-	}
-
-	if (!ast_strlen_zero(rnumber)) {
-		OSPPTransactionSetRoutingNumber(result->outhandle, rnumber);
-	}
-
 	callidnum = 0;
 	callids[0] = NULL;
 	for (i = 0; i < OSP_CALLID_MAXNUM; i++) {
@@ -963,27 +919,27 @@
 	osp_convert_address(srcdev, dev, sizeof(dev));
 	result->numresults = OSP_DEF_DESTINATIONS;
 	error = OSPPTransactionRequestAuthorisation(
-		result->outhandle,
-		src,
-		dev,
-		calling ? calling : "",
-		OSPC_NFORMAT_E164,
-		called,
-		OSPC_NFORMAT_E164,
-		NULL,
-		callidnum,
-		callids,
-		NULL,
-		&result->numresults,
-		&dummy,
-		NULL);
+				result->outhandle,
+				src,
+				dev,
+				calling ? calling : "",
+				OSPC_E164,
+				called,
+				OSPC_E164,
+				NULL,
+				callidnum,
+				callids,
+				NULL,
+				&result->numresults,
+				&dummy,
+				NULL);
 
 	for (i = 0; i < callidnum; i++) {
 		OSPPCallIdDelete(&callids[i]);
 	}
 
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to request authorization, error '%d'\n", error);
+		ast_debug(1, "OSP: Unable to request authorization\n");
 		result->numresults = 0;
 		if (result->inhandle != OSP_INVALID_HANDLE) {
 			OSPPTransactionRecordFailure(result->inhandle, OSPC_FAIL_NORMAL_UNSPECIFIED);
@@ -1002,25 +958,25 @@
 	result->outcallid.len = sizeof(result->outcallid.buf);
 	tokenlen = sizeof(token);
 	error = OSPPTransactionGetFirstDestination(
-		result->outhandle,
-		0,
-		NULL,
-		NULL,
-		&result->outtimelimit,
-		&result->outcallid.len,
-		result->outcallid.buf,
-		sizeof(callednum),
-		callednum,
-		sizeof(callingnum),
-		callingnum,
-		sizeof(destination),
-		destination,
-		0,
-		NULL,
-		&tokenlen,
-		token);
+				result->outhandle,
+				0,
+				NULL,
+				NULL,
+				&result->outtimelimit,
+				&result->outcallid.len,
+				result->outcallid.buf,
+				sizeof(callednum),
+				callednum,
+				sizeof(callingnum),
+				callingnum,
+				sizeof(destination),
+				destination,
+				0,
+				NULL,
+				&tokenlen,
+				token);
 	if (error != OSPC_ERR_NO_ERROR) {
-		ast_debug(1, "OSP: Unable to get first route, error '%d'\n", error);
+		ast_debug(1, "OSP: Unable to get first route\n");
 		result->numresults = 0;
 		result->outtimelimit = OSP_DEF_TIMELIMIT;
 		if (result->inhandle != OSP_INVALID_HANDLE) {
@@ -1055,24 +1011,24 @@
 		result->outcallid.len = sizeof(result->outcallid.buf);
 		tokenlen = sizeof(token);
 		error = OSPPTransactionGetNextDestination(
-			result->outhandle,
-			reason,
-			0,
-			NULL,
-			NULL,
-			&result->outtimelimit,
-			&result->outcallid.len,
-			result->outcallid.buf,
-			sizeof(callednum),
-			callednum,
-			sizeof(callingnum),
-			callingnum,
-			sizeof(destination),
-			destination,
-			0,
-			NULL,
-			&tokenlen,
-			token);
+					result->outhandle,
+					reason,
+					0,
+					NULL,
+					NULL,
+					&result->outtimelimit,
+					&result->outcallid.len,
+					result->outcallid.buf,
+					sizeof(callednum),
+					callednum,
+					sizeof(callingnum),
+					callingnum,
+					sizeof(destination),
+					destination,
+					0,
+					NULL,
+					&tokenlen,
+					token);
 		if (error == OSPC_ERR_NO_ERROR) {
 			result->numresults--;
 			result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1126,7 +1082,7 @@
 	char destination[OSP_NORSTR_SIZE];
 	unsigned int tokenlen;
 	char token[OSP_TOKSTR_SIZE];
-	OSPEFAILREASON reason;
+	enum OSPEFAILREASON reason;
 	int error;
 
 	result->tech[0] = '\0';
@@ -1166,24 +1122,24 @@
 		result->outcallid.len = sizeof(result->outcallid.buf);
 		tokenlen = sizeof(token);
 		error = OSPPTransactionGetNextDestination(
-			result->outhandle,
-			reason,
-			0,
-			NULL,
-			NULL,
-			&result->outtimelimit,
-			&result->outcallid.len,
-			result->outcallid.buf,
-			sizeof(callednum),
-			callednum,
-			sizeof(callingnum),
-			callingnum,
-			sizeof(destination),
-			destination,
-			0,
-			NULL,
-			&tokenlen,
-			token);
+					result->outhandle,
+					reason,
+					0,
+					NULL,
+					NULL,
+					&result->outtimelimit,
+					&result->outcallid.len,
+					result->outcallid.buf,
+					sizeof(callednum),
+					callednum,
+					sizeof(callingnum),
+					callingnum,
+					sizeof(destination),
+					destination,
+					0,
+					NULL,
+					&tokenlen,
+					token);
 		if (error == OSPC_ERR_NO_ERROR) {
 			result->numresults--;
 			result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1242,7 +1198,7 @@
 	unsigned int release)
 {
 	int res;
-	OSPEFAILREASON reason;
+	enum OSPEFAILREASON reason;
 	time_t alert = 0;
 	unsigned isPddInfoPresent = 0;
 	unsigned pdd = 0;
@@ -1259,22 +1215,22 @@
 	}
 
 	error = OSPPTransactionReportUsage(
-		handle,
-		difftime(end, connect),
-		start,
-		end,
-		alert,
-		connect,
-		isPddInfoPresent,
-		pdd,
-		release,
-		NULL,
-		-1,
-		-1,
-		-1,
-		-1,
-		&dummy,
-		NULL);
+				handle,
+				difftime(end, connect),
+				start,
+				end,
+				alert,
+				connect,
+				isPddInfoPresent,
+				pdd,
+				release,
+				(unsigned char*)"",
+				0,
+				0,
+				0,
+				0,
+				&dummy,
+				NULL);
 	if (error == OSPC_ERR_NO_ERROR) {
 		ast_debug(1, "OSP: Usage reported\n");
 		res = 1;
@@ -1384,8 +1340,7 @@
 	struct varshead* headp;
 	struct ast_var_t* current;
 	const char* srcdev = "";
-	const char* snetid = "";
-	const char* rnumber = "";
+	const char* netid = "";
 	char buffer[OSP_TOKSTR_SIZE];
 	unsigned int callidtypes = OSP_CALLID_UNDEFINED;
 	struct osp_result result;
@@ -1444,24 +1399,21 @@
 				result.intimelimit = OSP_DEF_TIMELIMIT;
 			}
 		} else if (!strcasecmp(ast_var_name(current), "OSPINNETWORKID")) {
-			snetid = ast_var_value(current);
-		} else if (!strcasecmp(ast_var_name(current), "OSPROUTINGNUMBER")) {
-			rnumber = ast_var_value(current);
+			netid = ast_var_value(current);
 		} else if (!strcasecmp(ast_var_name(current), "OSPPEERIP")) {
 			srcdev = ast_var_value(current);
 		}
 	}
 	ast_debug(1, "OSPLookup: OSPINHANDLE '%d'\n", result.inhandle);
 	ast_debug(1, "OSPLookup: OSPINTIMELIMIT '%d'\n", result.intimelimit);
-	ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", snetid);
-	ast_debug(1, "OSPLookup: OSPROUTINGNUMBER '%s'\n", rnumber);
+	ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", netid);
 	ast_debug(1, "OSPLookup: source device '%s'\n", srcdev);
 
 	if ((cres = ast_autoservice_start(chan)) < 0) {
 		return -1;
 	}
 
-	if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, snetid, rnumber, callidtypes, &result)) > 0) {
+	if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, callidtypes, &result)) > 0) {
 		status = AST_OSP_SUCCESS;
 	} else {
 		result.tech[0] = '\0';
@@ -1492,8 +1444,6 @@
 	ast_debug(1, "OSPLookup: OSPCALLED '%s'\n", result.called);
 	pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
 	ast_debug(1, "OSPLookup: OSPCALLING '%s'\n", result.calling);
-	pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
-	ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
 	pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
 	ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
 	snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1655,8 +1605,6 @@
 	ast_debug(1, "OSPNext: OSPCALLED'%s'\n", result.called);
 	pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
 	ast_debug(1, "OSPNext: OSPCALLING '%s'\n", result.calling);
-	pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
-	ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
 	pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
 	ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
 	snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1786,11 +1734,11 @@
 		ast_debug(1, "OSPFinish: Unable to report usage for outbound call\n");
 	}
 	switch (cause) {
-	case AST_CAUSE_NORMAL_CLEARING:
-		break;
-	default:
-		cause = AST_CAUSE_NO_ROUTE_DESTINATION;
-		break;
+		case AST_CAUSE_NORMAL_CLEARING:
+			break;
+		default:
+			cause = AST_CAUSE_NO_ROUTE_DESTINATION;
+			break;
 	}
 	if (osp_finish(inhandle, recorded, cause, start, connect, end, release) <= 0) {
 		ast_debug(1, "OSPFinish: Unable to report usage for inbound call\n");
@@ -1847,12 +1795,6 @@
 			OSPPInit(0);
 		}
 		ast_debug(1, "OSP: osp_hardware '%d'\n", osp_hardware);
-
-		t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "securityfeatures");
-		if (t && ast_true(t)) {
-			osp_security = 1;
-		}
-		ast_debug(1, "OSP: osp_security '%d'\n", osp_security);
 
 		t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "tokenformat");
 		if (t) {
@@ -1907,7 +1849,6 @@
 		OSPPCleanup();
 
 		osp_tokenformat = TOKEN_ALGO_SIGNED;
-		osp_security = 0;
 		osp_hardware = 0;
 		osp_initialized = 0;
 	}
@@ -1939,22 +1880,19 @@
 		provider = a->argv[2];
 	if (!provider) {
 		switch (osp_tokenformat) {
-		case TOKEN_ALGO_BOTH:
-			tokenalgo = "Both";
-			break;
-		case TOKEN_ALGO_UNSIGNED:
-			tokenalgo = "Unsigned";
-			break;
-		case TOKEN_ALGO_SIGNED:
-		default:
-			tokenalgo = "Signed";
-			break;
-		}
-		ast_cli(a->fd, "OSP: %s/%s/%s/%s\n",
-			osp_initialized ? "Initialized" : "Uninitialized", 
-			osp_hardware ? "Accelerated" : "Normal", 
-			osp_security ? "Enabled" : "Disabled", 
-			tokenalgo);
+			case TOKEN_ALGO_BOTH:
+				tokenalgo = "Both";
+				break;
+			case TOKEN_ALGO_UNSIGNED:
+				tokenalgo = "Unsigned";
+				break;
+			case TOKEN_ALGO_SIGNED:
+			default:
+				tokenalgo = "Signed";
+				break;
+		}
+		ast_cli(a->fd, "OSP: %s %s %s\n",
+			osp_initialized ? "Initialized" : "Uninitialized", osp_hardware ? "Accelerated" : "Normal", tokenalgo);
 	}
 
 	ast_mutex_lock(&osplock);
@@ -1965,12 +1903,10 @@
 				ast_cli(a->fd, "\n");
 			}
 			ast_cli(a->fd, " == OSP Provider '%s' == \n", p->name);
-			if (osp_security) {
-				ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
-				ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
-				for (i = 0; i < p->cacount; i++) {
-					ast_cli(a->fd, "CA Certificate %d:  %s\n", i + 1, p->cacerts[i]);
-				}
+			ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
+			ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
+			for (i = 0; i < p->cacount; i++) {
+				ast_cli(a->fd, "CA Certificate %d:  %s\n", i + 1, p->cacerts[i]);
 			}
 			for (i = 0; i < p->spcount; i++) {
 				ast_cli(a->fd, "Service Point %d:   %s\n", i + 1, p->srvpoints[i]);
@@ -1994,7 +1930,7 @@
 			ast_cli(a->fd, "Unable to find OSP provider '%s'\n", provider);
 		} else {
 			ast_cli(a->fd, "No OSP providers configured\n");
-		}
+		}	
 	}
 	return CLI_SUCCESS;
 }

Modified: branches/1.6.0/configs/osp.conf.sample
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/configs/osp.conf.sample?view=diff&rev=190986&r1=190985&r2=190986
==============================================================================
--- branches/1.6.0/configs/osp.conf.sample (original)
+++ branches/1.6.0/configs/osp.conf.sample Wed Apr 29 02:37:04 2009
@@ -12,23 +12,14 @@
 [general]
 ;
 ; Enable cryptographic acceleration hardware.  
-; The default value is no.
 ;
 ;accelerate=no
-;
-; Enable security features.
-; If security features are disabled, Asterisk cannot validate signed tokens and
-; all certificate file name parameters are ignored.
-; The default value is no.
-;
-;securityfeatures=no
 ;
 ; Defines the status of tokens that Asterisk will validate. 
 ; 0 - signed tokens only 
 ; 1 - unsigned tokens only 
 ; 2 - both signed and unsigned
 ; The default value is 0, i.e. the Asterisk will only validate signed tokens.
-; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
 ;
 ;tokenformat=0
 ;
@@ -52,7 +43,6 @@
 ; If this parameter is unspecified or not present, the default name will be the 
 ; osp.conf section name followed by "-privatekey.pem" (for example: 
 ; default-privatekey.pem)
-; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;privatekey=pkey.pem
 ;
@@ -60,7 +50,6 @@
 ; If this parameter is unspecified or not present, the default name will be the 
 ; osp.conf section name followed by "- localcert.pem " (for example: 
 ; default-localcert.pem)  
-; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;localcert=localcert.pem
 ;
@@ -68,7 +57,6 @@
 ; a single Certificate Authority key file name is added with the default name of 
 ; the osp.conf section name followed by "-cacert_0.pem " (for example: 
 ; default-cacert_0.pem)
-; If securityfeatures are disabled, this parameter is ignored.
 ;
 ;cacert=cacert_0.pem
 ;
@@ -93,7 +81,6 @@
 ; 2 - EXCLUSIVE - Accept calls with valid token. Block calls with invalid token 
 ;                 or no token.
 ; Default is 1,
-; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
 ;
 ;authpolicy=1
 ;




More information about the asterisk-commits mailing list