[asterisk-commits] dvossel: branch dvossel/iax2encryption_trunk r174366 - /team/dvossel/iax2encr...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Feb 9 18:04:29 CST 2009 

Author: dvossel
Date: Mon Feb  9 18:04:29 2009
New Revision: 174366

URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=174366
Log:
force encryption progress, untested backup

Modified:
    team/dvossel/iax2encryption_trunk/channels/chan_iax2.c

Modified: team/dvossel/iax2encryption_trunk/channels/chan_iax2.c
URL: http://svn.digium.com/svn-view/asterisk/team/dvossel/iax2encryption_trunk/channels/chan_iax2.c?view=diff&rev=174366&r1=174365&r2=174366
==============================================================================
--- team/dvossel/iax2encryption_trunk/channels/chan_iax2.c (original)
+++ team/dvossel/iax2encryption_trunk/channels/chan_iax2.c Mon Feb  9 18:04:29 2009
@@ -377,6 +377,7 @@
 	IAX_ALLOWFWDOWNLOAD =   (1 << 26),	/*!< Allow the FWDOWNL command? */
 	IAX_NOKEYROTATE =       (1 << 27),	/*!< Disable key rotation with encryption */
 	IAX_IMMEDIATE =		(1 << 28),      /*!< Allow immediate off-hook to extension s */
+	IAX_FORCE_ENCRYPT =	(1 << 29),      /*!< Forces call encryption, if encryption not possible hangup */
 };
 
 static int global_rtautoclear = 120;
@@ -6664,6 +6665,7 @@
 	/* Start pessimistic */
 	int res = -1;
 	int authmethods = 0;
+	int force_encryption = 0;
 	struct iax_ie_data ied;
 	uint16_t callno = p->callno;
 
@@ -6696,6 +6698,8 @@
 				) {
 				res = authenticate(p->challenge, peer->secret, peer->outkey, authmethods, &ied, sin, &p->ecx, &p->dcx);
 				if (!res) {
+					force_encryption = ast_test_flag(peer, IAX_FORCE_ENCRYPT);
+					ast_log(LOG_NOTICE, "Force Encrpytion is: %d", force_encryption); // to do remove this
 					peer_unref(peer);
 					break;
 				}
@@ -6723,8 +6727,14 @@
 			}
 		}
 	}
-	if (ies->encmethods)
+	if (ies->encmethods) {
+		ast_log(LOG_NOTICE, "ENCRYPTION METHODS FOUND IN AUTHREQ"); // to do remove this
 		ast_set_flag(p, IAX_ENCRYPTED | IAX_KEYPOPULATED);
+	} else if (force_encryption) {
+		return -1;
+		// to do if force encryption is yes, and no encryption methods, then return -1 to hangup
+		// right now i am testing by simply returning -1.  this in effect is simulating force_encrypt=yes
+	}
 	if (!res) {
 		struct ast_datastore *variablestore;
 		struct ast_variable *var, *prev = NULL;
@@ -10708,7 +10718,14 @@
 			} else if (!strcasecmp(v->name, "auth")) {
 				peer->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				peer->encmethods = get_encrypt_methods(v->value);
+				if (!ast_test_flag(peer, IAX_FORCE_ENCRYPT)) {
+					peer->encmethods = get_encrypt_methods(v->value);	
+				}
+			} else if (!strcasecmp(v->name, "forceencryption")) {
+				if (ast_true(v->value)) {
+					ast_set_flag(peer, IAX_FORCE_ENCRYPT);
+					peer->encmethods = get_encrypt_methods(v->value);
+				}
 			} else if (!strcasecmp(v->name, "keyrotate")) {
 				if (ast_false(v->value))
 					ast_set_flag(peer, IAX_NOKEYROTATE);
@@ -10968,7 +10985,14 @@
 			} else if (!strcasecmp(v->name, "auth")) {
 				user->authmethods = get_auth_methods(v->value);
 			} else if (!strcasecmp(v->name, "encryption")) {
-				user->encmethods = get_encrypt_methods(v->value);
+				if (!ast_test_flag(user, IAX_FORCE_ENCRYPT)) {
+					user->encmethods = get_encrypt_methods(v->value);	
+				}
+			} else if (!strcasecmp(v->name, "forceencryption")) {
+				if (ast_true(v->value)) {
+					ast_set_flag(user, IAX_FORCE_ENCRYPT);
+					user->encmethods = get_encrypt_methods(v->value);
+				}
 			} else if (!strcasecmp(v->name, "keyrotate")) {
 				if (ast_false(v->value))
 					ast_set_flag(user, IAX_NOKEYROTATE);
@@ -11344,11 +11368,18 @@
 					ast_netsock_unref(ns);
 				}
 			}
-		} else if (!strcasecmp(v->name, "authdebug"))
+		} else if (!strcasecmp(v->name, "authdebug")) {
 			authdebug = ast_true(v->value);
-		else if (!strcasecmp(v->name, "encryption"))
-			iax2_encryption = get_encrypt_methods(v->value);
-		else if (!strcasecmp(v->name, "keyrotate")) {
+		} else if (!strcasecmp(v->name, "encryption")) {
+			if (!ast_test_flag((&globalflags), IAX_FORCE_ENCRYPT)) {
+				iax2_encryption = get_encrypt_methods(v->value);	
+			}
+		} else if (!strcasecmp(v->name, "forceencryption")) {
+			if (ast_true(v->value)) {
+				ast_set_flag((&globalflags), IAX_FORCE_ENCRYPT);
+				iax2_encryption = get_encrypt_methods(v->value);
+			}
+		} else if (!strcasecmp(v->name, "keyrotate")) {
 			if (ast_false(v->value))
 				ast_set_flag((&globalflags), IAX_NOKEYROTATE);
 			else

More information about the asterisk-commits mailing list