[asterisk-commits] twilson: branch group/srtp_reboot r249002 - in /team/group/srtp_reboot: chann...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Feb 25 22:39:57 CST 2010 

Author: twilson
Date: Thu Feb 25 22:39:53 2010
New Revision: 249002

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=249002
Log:
Use tech->setoption and tech->queryoption for bridge reqs

This is a work check-in. Things appear to work, but still need some cleaning
up. set_security_requirements needs less magic numbers, etc. It would be nice
to have some convenience functions that hides the implementatin of setting
bridge requirements via a datstore as well.

Modified:
    team/group/srtp_reboot/channels/chan_sip.c
    team/group/srtp_reboot/channels/sip/include/sip.h
    team/group/srtp_reboot/funcs/func_secure.c
    team/group/srtp_reboot/include/asterisk/frame.h
    team/group/srtp_reboot/main/channel.c

Modified: team/group/srtp_reboot/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/channels/chan_sip.c?view=diff&rev=249002&r1=249001&r2=249002
==============================================================================
--- team/group/srtp_reboot/channels/chan_sip.c (original)
+++ team/group/srtp_reboot/channels/chan_sip.c Thu Feb 25 22:39:53 2010
@@ -261,7 +261,6 @@
 #include "asterisk/event.h"
 #include "asterisk/stun.h"
 #include "asterisk/cel.h"
-#include "asterisk/global_datastores.h"
 #include "sip/include/sip.h"
 #include "sip/include/globals.h"
 #include "sip/include/config_parser.h"
@@ -3115,7 +3114,16 @@
 			res = 0;
 		}
 		break;
+	case AST_OPTION_SECURE_SIGNALING:
+		p->req_secure_signaling = *(unsigned int *) data;
+		res = 0;
+		break;
+	case AST_OPTION_SECURE_MEDIA:
+		p->req_secure_media = *(unsigned int *) data;
+		res = 0;
+		break;
 	default:
+		ast_log(LOG_NOTICE, "Unknown option: %d\n", option);
 		break;
 	}
 
@@ -3165,6 +3173,14 @@
 		cp = (char *) data;
 		*cp = p->dsp ? 1 : 0;
 		ast_debug(1, "Reporting digit detection %sabled on %s\n", *cp ? "en" : "dis", chan->name);
+		break;
+	case AST_OPTION_SECURE_SIGNALING:
+		*((unsigned int *) data) = p->req_secure_signaling;
+		res = 0;
+		break;
+	case AST_OPTION_SECURE_MEDIA:
+		*((unsigned int *) data) = p->req_secure_media;
+		res = 0;
 		break;
 	default:
 		break;
@@ -4138,7 +4154,6 @@
 	struct varshead *headp;
 	struct ast_var_t *current;
 	const char *referer = NULL;   /* SIP referrer */
-	struct ast_datastore *ds;
 
 	if ((ast->_state != AST_STATE_DOWN) && (ast->_state != AST_STATE_RESERVED)) {
 		ast_log(LOG_WARNING, "sip_call called on %s, neither down nor reserved\n", ast->name);
@@ -4172,19 +4187,16 @@
 	}
 
 	/* Check to see if we should try to force encryption */
-	if ((ds = ast_channel_datastore_find(ast, &encrypt_call_info, NULL))) {
-		struct ast_encrypt_call_store *encrypt = ds->data;
-		if (encrypt->signaling && p->socket.type != SIP_TRANSPORT_TLS) {
-		   ast_log(LOG_WARNING, "Encrypted signaling is required\n");
-		   ast->hangupcause = AST_CAUSE_BEARERCAPABILITY_NOTAVAIL;
-		   return -1;
-		}
-		if (encrypt->media) {
-			/* Allow the dialplan to override whether we offer SRTP */
-			ast_set_flag(&p->flags[1], SIP_PAGE2_USE_SRTP);
-		} else {
-			ast_clear_flag(&p->flags[1], SIP_PAGE2_USE_SRTP);
-		}
+	if (p->req_secure_signaling && p->socket.type != SIP_TRANSPORT_TLS) {
+	   ast_log(LOG_WARNING, "Encrypted signaling is required\n");
+	   ast->hangupcause = AST_CAUSE_BEARERCAPABILITY_NOTAVAIL;
+	   return -1;
+	}
+	if (p->req_secure_media) {
+		/* Allow the dialplan to override whether we offer SRTP */
+		ast_set_flag(&p->flags[1], SIP_PAGE2_USE_SRTP);
+	} else {
+		ast_clear_flag(&p->flags[1], SIP_PAGE2_USE_SRTP);
 	}
 
 	if (ast_test_flag(&p->flags[1], SIP_PAGE2_USE_SRTP)) {

Modified: team/group/srtp_reboot/channels/sip/include/sip.h
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/channels/sip/include/sip.h?view=diff&rev=249002&r1=249001&r2=249002
==============================================================================
--- team/group/srtp_reboot/channels/sip/include/sip.h (original)
+++ team/group/srtp_reboot/channels/sip/include/sip.h Thu Feb 25 22:39:53 2010
@@ -952,6 +952,8 @@
 	                                       *   or respect the other endpoint's request for frame sizes (on)
 	                                       *   for incoming calls
 	                                       */
+	unsigned short req_secure_signaling:1;/*!< Whether we are required to have secure signaling or not */
+	unsigned short req_secure_media:1;/*!< Whetehr we are required to have secure media or not */
 	char tag[11];                     /*!< Our tag for this session */
 	int timer_t1;                     /*!< SIP timer T1, ms rtt */
 	int timer_b;                      /*!< SIP timer B, ms */

Modified: team/group/srtp_reboot/funcs/func_secure.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/funcs/func_secure.c?view=diff&rev=249002&r1=249001&r2=249002
==============================================================================
--- team/group/srtp_reboot/funcs/func_secure.c (original)
+++ team/group/srtp_reboot/funcs/func_secure.c Thu Feb 25 22:39:53 2010
@@ -80,14 +80,15 @@
 	ast_channel_lock(chan);
 	if (!(ds = ast_channel_datastore_find(chan, &encrypt_call_info, NULL))) {
 		if (!(ds = ast_datastore_alloc(&encrypt_call_info, NULL))) {
+			ast_channel_unlock(chan);
 			return -1;
 		}
 		if (!(store = ast_calloc(1, sizeof(*store)))) {
+			ast_channel_unlock(chan);
 			ast_free(ds);
 			return -1;
 		}
 		ds->data = store;
-		ds->inheritance = DATASTORE_INHERIT_FOREVER;
 		ast_channel_datastore_add(chan, ds);
 	} else {
 		store = ds->data;

Modified: team/group/srtp_reboot/include/asterisk/frame.h
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/include/asterisk/frame.h?view=diff&rev=249002&r1=249001&r2=249002
==============================================================================
--- team/group/srtp_reboot/include/asterisk/frame.h (original)
+++ team/group/srtp_reboot/include/asterisk/frame.h Thu Feb 25 22:39:53 2010
@@ -428,6 +428,10 @@
 /*! Get or set the fax tone detection state of the channel */
 #define AST_OPTION_FAX_DETECT		15
 
+/*! Get or set the security options on a channel */
+#define AST_OPTION_SECURE_SIGNALING        16
+#define AST_OPTION_SECURE_MEDIA            17
+
 struct oprmode {
 	struct ast_channel *peer;
 	int mode;

Modified: team/group/srtp_reboot/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/main/channel.c?view=diff&rev=249002&r1=249001&r2=249002
==============================================================================
--- team/group/srtp_reboot/main/channel.c (original)
+++ team/group/srtp_reboot/main/channel.c Thu Feb 25 22:39:53 2010
@@ -65,6 +65,7 @@
 #include "asterisk/timing.h"
 #include "asterisk/autochan.h"
 #include "asterisk/stringfields.h"
+#include "asterisk/global_datastores.h"
 
 #ifdef HAVE_EPOLL
 #include <sys/epoll.h>
@@ -4527,6 +4528,41 @@
 	return __ast_request_and_dial(type, format, requestor, data, timeout, outstate, cidnum, cidname, NULL);
 }
 
+static int set_security_requirements(const struct ast_channel *requestor, struct ast_channel *out)
+{
+	int ops[2][2] = {
+		{AST_OPTION_SECURE_SIGNALING, 0},
+		{AST_OPTION_SECURE_MEDIA, 0},
+	};
+	int i;
+	struct ast_channel *r = (struct ast_channel *) requestor; /* UGLY */
+	struct ast_datastore *ds;
+
+	if (!requestor || !out) {
+		return 0;
+	}
+
+	if ((ds = ast_channel_datastore_find(r, &encrypt_call_info, NULL))) {
+		struct ast_encrypt_call_store *encrypt = ds->data;
+		ops[0][1] = encrypt->signaling;
+		ops[1][1] = encrypt->media; 
+	}
+
+	for (i = 0; i < 2; i++) {
+		if (ops[i][1]) {
+			if (ast_channel_setoption(out, ops[i][0], &ops[i][1], sizeof(ops[i][1]), 0)) {
+				/* We require a security feature, but the channel won't provide it */
+				return -1;
+			}
+		} else {
+			/* We don't care if we can't clear the option on a channel that doesn't support it */
+			ast_channel_setoption(out, ops[i][0], &ops[i][1], sizeof(ops[i][1]), 0);
+		}
+	}
+
+	return 0;
+}
+
 struct ast_channel *ast_request(const char *type, format_t format, const struct ast_channel *requestor, void *data, int *cause)
 {
 	struct chanlist *chan;
@@ -4574,6 +4610,13 @@
 
 		if (!(c = chan->tech->requester(type, capabilities | videoformat | textformat, requestor, data, cause)))
 			return NULL;
+
+		if (set_security_requirements(requestor, c)) {
+			ast_log(LOG_WARNING, "Setting security requirements failed\n");
+			c = ast_channel_release(c);
+			*cause = AST_CAUSE_BEARERCAPABILITY_NOTAVAIL;
+			return NULL;
+		}
 
 		/* no need to generate a Newchannel event here; it is done in the channel_alloc call */
 		return c;

More information about the asterisk-commits mailing list