[asterisk-commits] dvossel: branch dvossel/iax2encryption_trunk r174768 - /team/dvossel/iax2encr...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Feb 10 15:53:45 CST 2009
Author: dvossel
Date: Tue Feb 10 15:53:45 2009
New Revision: 174768
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=174768
Log:
iax2 forceencrypt progress
Modified:
team/dvossel/iax2encryption_trunk/channels/chan_iax2.c
Modified: team/dvossel/iax2encryption_trunk/channels/chan_iax2.c
URL: http://svn.digium.com/svn-view/asterisk/team/dvossel/iax2encryption_trunk/channels/chan_iax2.c?view=diff&rev=174768&r1=174767&r2=174768
==============================================================================
--- team/dvossel/iax2encryption_trunk/channels/chan_iax2.c (original)
+++ team/dvossel/iax2encryption_trunk/channels/chan_iax2.c Tue Feb 10 15:53:45 2009
@@ -1940,8 +1940,7 @@
iaxs[x]->pingid = iax2_sched_add(sched, ping_time * 1000, send_ping, (void *)(long)x);
iaxs[x]->lagid = iax2_sched_add(sched, lagrq_time * 1000, send_lagrq, (void *)(long)x);
iaxs[x]->amaflags = amaflags;
- ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
-
+ ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_FORCE_ENCRYPT);
ast_string_field_set(iaxs[x], accountcode, accountcode);
ast_string_field_set(iaxs[x], mohinterpret, mohinterpret);
ast_string_field_set(iaxs[x], mohsuggest, mohsuggest);
@@ -3557,7 +3556,7 @@
if (peer->maxms && ((peer->lastms > peer->maxms) || (peer->lastms < 0)))
goto return_unref;
- ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE);
+ ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_FORCE_ENCRYPT);
cai->maxtime = peer->maxms;
cai->capability = peer->capability;
cai->encmethods = peer->encmethods;
@@ -6226,8 +6225,9 @@
ast_copy_flags(iaxs[callno], user, IAX_IMMEDIATE);
ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOPREFS);
ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOCAP);
+ iaxs[callno]->encmethods = user->encmethods;
ast_copy_flags(iaxs[callno], user, IAX_NOKEYROTATE);
- iaxs[callno]->encmethods = user->encmethods;
+ ast_copy_flags(iaxs[callno], user, IAX_FORCE_ENCRYPT);
/* Store the requested username if not specified */
if (ast_strlen_zero(iaxs[callno]->username))
ast_string_field_set(iaxs[callno], username, user->name);
@@ -6404,7 +6404,10 @@
ast_string_field_set(p, host, user->name);
user = user_unref(user);
}
-
+ if (ast_test_flag(p, IAX_FORCE_ENCRYPT) && !ies->encmethods){
+ ast_log(LOG_NOTICE, "Call Terminated, Incomming call is unencrypted while force encrypt is enabled.");
+ return res;
+ }
if (!ast_test_flag(&p->state, IAX_STATE_AUTHENTICATED))
return res;
if (ies->password)
@@ -6665,7 +6668,6 @@
/* Start pessimistic */
int res = -1;
int authmethods = 0;
- int force_encryption = 0;
struct iax_ie_data ied;
uint16_t callno = p->callno;
@@ -6698,8 +6700,6 @@
) {
res = authenticate(p->challenge, peer->secret, peer->outkey, authmethods, &ied, sin, &p->ecx, &p->dcx);
if (!res) {
- force_encryption = ast_test_flag(peer, IAX_FORCE_ENCRYPT);
- ast_log(LOG_NOTICE, "Force Encrpytion is: %d", force_encryption); // to do remove this
peer_unref(peer);
break;
}
@@ -6727,13 +6727,12 @@
}
}
}
+
if (ies->encmethods) {
- ast_log(LOG_NOTICE, "ENCRYPTION METHODS FOUND IN AUTHREQ"); // to do remove this
ast_set_flag(p, IAX_ENCRYPTED | IAX_KEYPOPULATED);
- } else if (force_encryption) {
- return -1;
- // to do if force encryption is yes, and no encryption methods, then return -1 to hangup
- // right now i am testing by simply returning -1. this in effect is simulating force_encrypt=yes
+ } else if (ast_test_flag(iaxs[callno], IAX_FORCE_ENCRYPT)) {
+ ast_log(LOG_NOTICE, "Call initiated without encryption while forceencryption=yes option is set");
+ return -1; /* if force encryption is yes, and no encryption methods, then return -1 to hangup */
}
if (!res) {
struct ast_datastore *variablestore;
More information about the asterisk-commits
mailing list