[asterisk-commits] mmichelson: branch group/issue8824 r175404 - in /team/group/issue8824: ./ cha...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Feb 12 17:17:11 CST 2009
Author: mmichelson
Date: Thu Feb 12 17:17:11 2009
New Revision: 175404
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=175404
Log:
Resolve conflict and reset automerge
Modified:
team/group/issue8824/ (props changed)
team/group/issue8824/CHANGES
team/group/issue8824/channels/chan_iax2.c
team/group/issue8824/channels/chan_sip.c
team/group/issue8824/configs/iax.conf.sample
team/group/issue8824/main/udptl.c
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
automerge = *
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Propchange: team/group/issue8824/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Thu Feb 12 17:17:11 2009
@@ -1,1 +1,1 @@
-/trunk:1-175311
+/trunk:1-175389
Modified: team/group/issue8824/CHANGES
URL: http://svn.digium.com/svn-view/asterisk/team/group/issue8824/CHANGES?view=diff&rev=175404&r1=175403&r2=175404
==============================================================================
--- team/group/issue8824/CHANGES (original)
+++ team/group/issue8824/CHANGES Thu Feb 12 17:17:11 2009
@@ -590,6 +590,7 @@
* Added support for OSP. The token is set and retrieved through the CHANNEL()
dialplan function.
* Added immediate option to iax.conf
+ * Added forceencryption option to iax.conf
XMPP Google Talk/Jingle changes
-------------------------------
Modified: team/group/issue8824/channels/chan_iax2.c
URL: http://svn.digium.com/svn-view/asterisk/team/group/issue8824/channels/chan_iax2.c?view=diff&rev=175404&r1=175403&r2=175404
==============================================================================
--- team/group/issue8824/channels/chan_iax2.c (original)
+++ team/group/issue8824/channels/chan_iax2.c Thu Feb 12 17:17:11 2009
@@ -379,6 +379,7 @@
IAX_IMMEDIATE = (1 << 28), /*!< Allow immediate off-hook to extension s */
IAX_SENDCONNECTEDLINE = (1 << 28), /*!< Allow sending of connected line updates */
IAX_RECVCONNECTEDLINE = (1 << 29), /*!< Allow receiving of connected line updates */
+ IAX_FORCE_ENCRYPT = (1 << 30), /*!< Forces call encryption, if encryption not possible hangup */
};
static int global_rtautoclear = 120;
@@ -1941,8 +1942,7 @@
iaxs[x]->pingid = iax2_sched_add(sched, ping_time * 1000, send_ping, (void *)(long)x);
iaxs[x]->lagid = iax2_sched_add(sched, lagrq_time * 1000, send_lagrq, (void *)(long)x);
iaxs[x]->amaflags = amaflags;
- ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE);
-
+ ast_copy_flags(iaxs[x], &globalflags, IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE | IAX_FORCE_ENCRYPT);
ast_string_field_set(iaxs[x], accountcode, accountcode);
ast_string_field_set(iaxs[x], mohinterpret, mohinterpret);
ast_string_field_set(iaxs[x], mohsuggest, mohsuggest);
@@ -3560,7 +3560,7 @@
if (peer->maxms && ((peer->lastms > peer->maxms) || (peer->lastms < 0)))
goto return_unref;
- ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE);
+ ast_copy_flags(cai, peer, IAX_SENDANI | IAX_TRUNK | IAX_NOTRANSFER | IAX_TRANSFERMEDIA | IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE | IAX_FORCE_ENCRYPT);
cai->maxtime = peer->maxms;
cai->capability = peer->capability;
cai->encmethods = peer->encmethods;
@@ -3762,16 +3762,17 @@
ast_log(LOG_WARNING, "No peer provided in the IAX2 dial string '%s'\n", dest);
return -1;
}
-
if (!pds.exten) {
pds.exten = defaultrdest;
}
-
if (create_addr(pds.peer, c, &sin, &cai)) {
ast_log(LOG_WARNING, "No address associated with '%s'\n", pds.peer);
return -1;
}
-
+ if (ast_strlen_zero(cai.secret) && ast_test_flag(iaxs[callno], IAX_FORCE_ENCRYPT)) {
+ ast_log(LOG_WARNING, "Call terminated. No secret given and force encrypt enabled\n");
+ return -1;
+ }
if (!pds.username && !ast_strlen_zero(cai.username))
pds.username = cai.username;
if (!pds.password && !ast_strlen_zero(cai.secret))
@@ -6232,11 +6233,7 @@
if (user->maxauthreq > 0)
ast_set_flag(iaxs[callno], IAX_MAXAUTHREQ);
iaxs[callno]->prefs = user->prefs;
- ast_copy_flags(iaxs[callno], user, IAX_CODEC_USER_FIRST);
- ast_copy_flags(iaxs[callno], user, IAX_IMMEDIATE);
- ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOPREFS);
- ast_copy_flags(iaxs[callno], user, IAX_CODEC_NOCAP);
- ast_copy_flags(iaxs[callno], user, IAX_NOKEYROTATE);
+ ast_copy_flags(iaxs[callno], user, IAX_CODEC_USER_FIRST | IAX_IMMEDIATE | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE | IAX_FORCE_ENCRYPT);
iaxs[callno]->encmethods = user->encmethods;
/* Store the requested username if not specified */
if (ast_strlen_zero(iaxs[callno]->username))
@@ -6414,7 +6411,10 @@
ast_string_field_set(p, host, user->name);
user = user_unref(user);
}
-
+ if (ast_test_flag(p, IAX_FORCE_ENCRYPT) && !p->encmethods) {
+ ast_log(LOG_NOTICE, "Call Terminated, Incomming call is unencrypted while force encrypt is enabled.");
+ return res;
+ }
if (!ast_test_flag(&p->state, IAX_STATE_AUTHENTICATED))
return res;
if (ies->password)
@@ -6734,8 +6734,13 @@
}
}
}
- if (ies->encmethods)
+
+ if (ies->encmethods) {
ast_set_flag(p, IAX_ENCRYPTED | IAX_KEYPOPULATED);
+ } else if (ast_test_flag(iaxs[callno], IAX_FORCE_ENCRYPT)) {
+ ast_log(LOG_NOTICE, "Call initiated without encryption while forceencryption=yes option is set");
+ return -1; /* if force encryption is yes, and no encryption methods, then return -1 to hangup */
+ }
if (!res) {
struct ast_datastore *variablestore;
struct ast_variable *var, *prev = NULL;
@@ -8850,6 +8855,11 @@
auth_fail(fr->callno, IAX_COMMAND_REJECT);
if (authdebug)
ast_log(LOG_NOTICE, "Rejected connect attempt from %s, who was trying to reach '%s@%s'\n", ast_inet_ntoa(sin.sin_addr), iaxs[fr->callno]->exten, iaxs[fr->callno]->context);
+ break;
+ }
+ if (ast_strlen_zero(iaxs[fr->callno]->secret) && ast_test_flag(iaxs[fr->callno], IAX_FORCE_ENCRYPT)) {
+ auth_fail(fr->callno, IAX_COMMAND_REJECT);
+ ast_log(LOG_WARNING, "Rejected connect attempt. No secret present while force encrypt enabled.\n");
break;
}
if (strcasecmp(iaxs[fr->callno]->exten, "TBD")) {
@@ -10695,7 +10705,7 @@
if (ast_test_flag(&globalflags, IAX_NOKEYROTATE)) {
ast_copy_flags(peer, &globalflags, IAX_NOKEYROTATE);
}
- ast_copy_flags(peer, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE);
+ ast_copy_flags(peer, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE | IAX_FORCE_ENCRYPT);
peer->encmethods = iax2_encryption;
peer->adsi = adsi;
ast_string_field_set(peer,secret,"");
@@ -10745,6 +10755,18 @@
peer->authmethods = get_auth_methods(v->value);
} else if (!strcasecmp(v->name, "encryption")) {
peer->encmethods = get_encrypt_methods(v->value);
+ if (!peer->encmethods) {
+ ast_clear_flag(peer, IAX_FORCE_ENCRYPT);
+ }
+ } else if (!strcasecmp(v->name, "forceencryption")) {
+ if (ast_false(v->value)) {
+ ast_clear_flag(peer, IAX_FORCE_ENCRYPT);
+ } else {
+ peer->encmethods = get_encrypt_methods(v->value);
+ if (peer->encmethods) {
+ ast_set_flag(peer, IAX_FORCE_ENCRYPT);
+ }
+ }
} else if (!strcasecmp(v->name, "keyrotate")) {
if (ast_false(v->value))
ast_set_flag(peer, IAX_NOKEYROTATE);
@@ -10973,7 +10995,7 @@
user->adsi = adsi;
ast_string_field_set(user, name, name);
ast_string_field_set(user, language, language);
- ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE);
+ ast_copy_flags(user, &globalflags, IAX_USEJITTERBUF | IAX_FORCEJITTERBUF | IAX_CODEC_USER_FIRST | IAX_CODEC_NOPREFS | IAX_CODEC_NOCAP | IAX_NOKEYROTATE | IAX_SENDCONNECTEDLINE | IAX_RECVCONNECTEDLINE | IAX_FORCE_ENCRYPT);
ast_clear_flag(user, IAX_HASCALLERID);
ast_string_field_set(user, cid_name, "");
ast_string_field_set(user, cid_num, "");
@@ -11019,6 +11041,18 @@
user->authmethods = get_auth_methods(v->value);
} else if (!strcasecmp(v->name, "encryption")) {
user->encmethods = get_encrypt_methods(v->value);
+ if (!user->encmethods) {
+ ast_clear_flag(user, IAX_FORCE_ENCRYPT);
+ }
+ } else if (!strcasecmp(v->name, "forceencryption")) {
+ if (ast_false(v->value)) {
+ ast_clear_flag(user, IAX_FORCE_ENCRYPT);
+ } else {
+ user->encmethods = get_encrypt_methods(v->value);
+ if (user->encmethods) {
+ ast_set_flag(user, IAX_FORCE_ENCRYPT);
+ }
+ }
} else if (!strcasecmp(v->name, "keyrotate")) {
if (ast_false(v->value))
ast_set_flag(user, IAX_NOKEYROTATE);
@@ -11410,11 +11444,23 @@
ast_netsock_unref(ns);
}
}
- } else if (!strcasecmp(v->name, "authdebug"))
+ } else if (!strcasecmp(v->name, "authdebug")) {
authdebug = ast_true(v->value);
- else if (!strcasecmp(v->name, "encryption"))
- iax2_encryption = get_encrypt_methods(v->value);
- else if (!strcasecmp(v->name, "keyrotate")) {
+ } else if (!strcasecmp(v->name, "encryption")) {
+ iax2_encryption = get_encrypt_methods(v->value);
+ if (!iax2_encryption) {
+ ast_clear_flag((&globalflags), IAX_FORCE_ENCRYPT);
+ }
+ } else if (!strcasecmp(v->name, "forceencryption")) {
+ if (ast_false(v->value)) {
+ ast_clear_flag((&globalflags), IAX_FORCE_ENCRYPT);
+ } else {
+ iax2_encryption = get_encrypt_methods(v->value);
+ if (iax2_encryption) {
+ ast_set_flag((&globalflags), IAX_FORCE_ENCRYPT);
+ }
+ }
+ } else if (!strcasecmp(v->name, "keyrotate")) {
if (ast_false(v->value))
ast_set_flag((&globalflags), IAX_NOKEYROTATE);
else
Modified: team/group/issue8824/channels/chan_sip.c
URL: http://svn.digium.com/svn-view/asterisk/team/group/issue8824/channels/chan_sip.c?view=diff&rev=175404&r1=175403&r2=175404
==============================================================================
--- team/group/issue8824/channels/chan_sip.c (original)
+++ team/group/issue8824/channels/chan_sip.c Thu Feb 12 17:17:11 2009
@@ -7734,7 +7734,6 @@
iterator = req->sdp_start;
while ((a = get_sdp_iterate(&iterator, req, "a"))[0] != '\0') {
char mimeSubtype[128];
- ast_copy_string(mimeSubtype, a, sizeof(mimeSubtype));
if (option_debug > 1) {
int breakout = FALSE;
@@ -7822,7 +7821,7 @@
}
red_cp = red_fmtp;
- } else if (sscanf(a, "rtpmap: %u %[^/]/", &codec, mimeSubtype) == 2) {
+ } else if (sscanf(a, "rtpmap: %u %127[^/]/", &codec, mimeSubtype) == 2) {
/* We have a rtpmap to handle */
if (last_rtpmap_codec < SDP_MAX_RTPMAP_CODECS) {
Modified: team/group/issue8824/configs/iax.conf.sample
URL: http://svn.digium.com/svn-view/asterisk/team/group/issue8824/configs/iax.conf.sample?view=diff&rev=175404&r1=175403&r2=175404
==============================================================================
--- team/group/issue8824/configs/iax.conf.sample (original)
+++ team/group/issue8824/configs/iax.conf.sample Thu Feb 12 17:17:11 2009
@@ -175,6 +175,11 @@
; Enable IAX2 encryption. The default is no.
;
; encryption = yes
+;
+; Force encryption insures no connection is established unless both sides support
+; encryption. By turning this option on, encryption is automatically turned on as well.
+;
+; forceencryption = yes
;
; This is a compatibility option for older versions of IAX2 that do not support
; key rotation with encryption. This option will disable the IAX_COMMAND_RTENC message.
Modified: team/group/issue8824/main/udptl.c
URL: http://svn.digium.com/svn-view/asterisk/team/group/issue8824/main/udptl.c?view=diff&rev=175404&r1=175403&r2=175404
==============================================================================
--- team/group/issue8824/main/udptl.c (original)
+++ team/group/issue8824/main/udptl.c Thu Feb 12 17:17:11 2009
@@ -86,7 +86,7 @@
static int udptlfecspan;
static int udptlmaxdatagram;
-#define LOCAL_FAX_MAX_DATAGRAM 400
+#define LOCAL_FAX_MAX_DATAGRAM 1400
#define MAX_FEC_ENTRIES 5
#define MAX_FEC_SPAN 5
@@ -159,7 +159,7 @@
static AST_RWLIST_HEAD_STATIC(protos, ast_udptl_protocol);
static int udptl_rx_packet(struct ast_udptl *s, uint8_t *buf, int len);
-static int udptl_build_packet(struct ast_udptl *s, uint8_t *buf, uint8_t *ifp, int ifp_len);
+static int udptl_build_packet(struct ast_udptl *s, uint8_t *buf, int buflen, uint8_t *ifp, int ifp_len);
static inline int udptl_debug_test_addr(struct sockaddr_in *addr)
{
@@ -257,7 +257,7 @@
}
/*- End of function --------------------------------------------------------*/
-static int encode_open_type(uint8_t *buf, int *len, const uint8_t *data, int num_octets)
+static int encode_open_type(uint8_t *buf, int buflen, int *len, const uint8_t *data, int num_octets)
{
int enclen;
int octet_idx;
@@ -273,6 +273,10 @@
for (octet_idx = 0; ; num_octets -= enclen, octet_idx += enclen) {
if ((enclen = encode_length(buf, len, num_octets)) < 0)
return -1;
+ if (enclen + *len > buflen) {
+ ast_log(LOG_ERROR, "Buffer overflow detected (%d + %d > %d)\n", enclen, *len, buflen);
+ return -1;
+ }
if (enclen > 0) {
memcpy(&buf[*len], &data[octet_idx], enclen);
*len += enclen;
@@ -493,9 +497,9 @@
}
/*- End of function --------------------------------------------------------*/
-static int udptl_build_packet(struct ast_udptl *s, uint8_t *buf, uint8_t *ifp, int ifp_len)
-{
- uint8_t fec[LOCAL_FAX_MAX_DATAGRAM];
+static int udptl_build_packet(struct ast_udptl *s, uint8_t *buf, int buflen, uint8_t *ifp, int ifp_len)
+{
+ uint8_t fec[LOCAL_FAX_MAX_DATAGRAM * 2];
int i;
int j;
int seq;
@@ -525,7 +529,7 @@
buf[len++] = seq & 0xFF;
/* Encode the primary IFP packet */
- if (encode_open_type(buf, &len, ifp, ifp_len) < 0)
+ if (encode_open_type(buf, buflen, &len, ifp, ifp_len) < 0)
return -1;
/* Encode the appropriate type of error recovery information */
@@ -553,8 +557,12 @@
/* Encode the elements */
for (i = 0; i < entries; i++) {
j = (entry - i - 1) & UDPTL_BUF_MASK;
- if (encode_open_type(buf, &len, s->tx[j].buf, s->tx[j].buf_len) < 0)
+ if (encode_open_type(buf, buflen, &len, s->tx[j].buf, s->tx[j].buf_len) < 0) {
+ if (option_debug) {
+ ast_log(LOG_DEBUG, "Encoding failed at i=%d, j=%d\n", i, j);
+ }
return -1;
+ }
}
break;
case UDPTL_ERROR_CORRECTION_FEC:
@@ -591,7 +599,7 @@
fec[j] ^= s->tx[i].buf[j];
}
}
- if (encode_open_type(buf, &len, fec, high_tide) < 0)
+ if (encode_open_type(buf, buflen, &len, fec, high_tide) < 0)
return -1;
}
break;
@@ -888,7 +896,7 @@
int seq;
int len;
int res;
- uint8_t buf[LOCAL_FAX_MAX_DATAGRAM];
+ uint8_t buf[LOCAL_FAX_MAX_DATAGRAM * 2];
/* If we have no peer, return immediately */
if (s->them.sin_addr.s_addr == INADDR_ANY)
@@ -907,7 +915,7 @@
seq = s->tx_seq_no & 0xFFFF;
/* Cook up the UDPTL packet, with the relevant EC info. */
- len = udptl_build_packet(s, buf, f->data.ptr, f->datalen);
+ len = udptl_build_packet(s, buf, sizeof(buf), f->data.ptr, f->datalen);
if (len > 0 && s->them.sin_port && s->them.sin_addr.s_addr) {
if ((res = sendto(s->fd, buf, len, 0, (struct sockaddr *) &s->them, sizeof(s->them))) < 0)
@@ -1175,17 +1183,25 @@
if (cfg) {
if ((s = ast_variable_retrieve(cfg, "general", "udptlstart"))) {
udptlstart = atoi(s);
- if (udptlstart < 1024)
+ if (udptlstart < 1024) {
+ ast_log(LOG_WARNING, "Ports under 1024 are not allowed for T.38.\n");
udptlstart = 1024;
- if (udptlstart > 65535)
+ }
+ if (udptlstart > 65535) {
+ ast_log(LOG_WARNING, "Ports over 65535 are invalid.\n");
udptlstart = 65535;
+ }
}
if ((s = ast_variable_retrieve(cfg, "general", "udptlend"))) {
udptlend = atoi(s);
- if (udptlend < 1024)
+ if (udptlend < 1024) {
+ ast_log(LOG_WARNING, "Ports under 1024 are not allowed for T.38.\n");
udptlend = 1024;
- if (udptlend > 65535)
+ }
+ if (udptlend > 65535) {
+ ast_log(LOG_WARNING, "Ports over 65535 are invalid.\n");
udptlend = 65535;
+ }
}
if ((s = ast_variable_retrieve(cfg, "general", "udptlchecksums"))) {
#ifdef SO_NO_CHECK
@@ -1206,24 +1222,36 @@
}
if ((s = ast_variable_retrieve(cfg, "general", "T38FaxMaxDatagram"))) {
udptlmaxdatagram = atoi(s);
- if (udptlmaxdatagram < 0)
- udptlmaxdatagram = 0;
- if (udptlmaxdatagram > LOCAL_FAX_MAX_DATAGRAM)
+ if (udptlmaxdatagram < 100) {
+ ast_log(LOG_WARNING, "Too small T38FaxMaxDatagram size. Defaulting to 100.\n");
+ udptlmaxdatagram = 100;
+ }
+ if (udptlmaxdatagram > LOCAL_FAX_MAX_DATAGRAM) {
+ ast_log(LOG_WARNING, "Too large T38FaxMaxDatagram size. Defaulting to %d.\n", LOCAL_FAX_MAX_DATAGRAM);
udptlmaxdatagram = LOCAL_FAX_MAX_DATAGRAM;
+ }
}
if ((s = ast_variable_retrieve(cfg, "general", "UDPTLFECentries"))) {
udptlfecentries = atoi(s);
- if (udptlfecentries < 0)
- udptlfecentries = 0;
- if (udptlfecentries > MAX_FEC_ENTRIES)
+ if (udptlfecentries < 1) {
+ ast_log(LOG_WARNING, "Too small UDPTLFECentries value. Defaulting to 1.\n");
+ udptlfecentries = 1;
+ }
+ if (udptlfecentries > MAX_FEC_ENTRIES) {
+ ast_log(LOG_WARNING, "Too large UDPTLFECentries value. Defaulting to %d.\n", MAX_FEC_ENTRIES);
udptlfecentries = MAX_FEC_ENTRIES;
+ }
}
if ((s = ast_variable_retrieve(cfg, "general", "UDPTLFECspan"))) {
udptlfecspan = atoi(s);
- if (udptlfecspan < 0)
- udptlfecspan = 0;
- if (udptlfecspan > MAX_FEC_SPAN)
+ if (udptlfecspan < 1) {
+ ast_log(LOG_WARNING, "Too small UDPTLFECspan value. Defaulting to 1.\n");
+ udptlfecspan = 1;
+ }
+ if (udptlfecspan > MAX_FEC_SPAN) {
+ ast_log(LOG_WARNING, "Too large UDPTLFECspan value. Defaulting to %d.\n", MAX_FEC_SPAN);
udptlfecspan = MAX_FEC_SPAN;
+ }
}
ast_config_destroy(cfg);
}
More information about the asterisk-commits
mailing list