[asterisk-commits] twilson: branch group/srtp_reboot r249757 - in /team/group/srtp_reboot: chann...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Mar 1 17:22:35 CST 2010


Author: twilson
Date: Mon Mar  1 17:22:30 2010
New Revision: 249757

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=249757
Log:
Add IAX2 handling for dialplan-forced secure calls

Also CHANNEL(secure_bridge_*) functions to mirror SECURE() (which will probably
go away). Make dialplan functions return "1" or "" to make it possible to test
with ISNULL() and for the sake of consistency.

Renamed datastore from encrypt_call* to secure_call since security won't always
be about encryption.

Modified:
    team/group/srtp_reboot/channels/chan_iax2.c
    team/group/srtp_reboot/channels/sip/dialplan_functions.c
    team/group/srtp_reboot/funcs/func_channel.c
    team/group/srtp_reboot/funcs/func_secure.c
    team/group/srtp_reboot/include/asterisk/global_datastores.h
    team/group/srtp_reboot/main/asterisk.exports
    team/group/srtp_reboot/main/channel.c
    team/group/srtp_reboot/main/global_datastores.c

Modified: team/group/srtp_reboot/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/channels/chan_iax2.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/channels/chan_iax2.c (original)
+++ team/group/srtp_reboot/channels/chan_iax2.c Mon Mar  1 17:22:30 2010
@@ -1171,6 +1171,7 @@
 static int iax2_sendimage(struct ast_channel *c, struct ast_frame *img);
 static int iax2_sendtext(struct ast_channel *c, const char *text);
 static int iax2_setoption(struct ast_channel *c, int option, void *data, int datalen);
+static int iax2_queryoption(struct ast_channel *c, int option, void *data, int *datalen);
 static int iax2_transfer(struct ast_channel *c, const char *dest);
 static int iax2_write(struct ast_channel *c, struct ast_frame *f);
 static int send_trunk(struct iax2_trunk_peer *tpeer, struct timeval *now);
@@ -1218,6 +1219,7 @@
 	.write_video = iax2_write,
 	.indicate = iax2_indicate,
 	.setoption = iax2_setoption,
+	.queryoption = iax2_queryoption,
 	.bridge = iax2_bridge,
 	.transfer = iax2_transfer,
 	.fixup = iax2_fixup,
@@ -4894,6 +4896,11 @@
 		ast_log(LOG_WARNING, "No address associated with '%s'\n", pds.peer);
 		return -1;
 	}
+	if (ast_test_flag64(iaxs[callno], IAX_FORCE_ENCRYPT) && !cai.encmethods) {
+		ast_log(LOG_WARNING, "Encryption forced for call, but not enabled\n");
+		c->hangupcause = AST_CAUSE_BEARERCAPABILITY_NOTAVAIL;
+		return -1;
+	}
 	if (ast_strlen_zero(cai.secret) && ast_test_flag64(iaxs[callno], IAX_FORCE_ENCRYPT)) {
 		ast_log(LOG_WARNING, "Call terminated. No secret given and force encrypt enabled\n");
 		return -1;
@@ -5135,6 +5142,19 @@
 	case AST_OPTION_OPRMODE:
 		errno = EINVAL;
 		return -1;
+	case AST_OPTION_SECURE_SIGNALING:
+	case AST_OPTION_SECURE_MEDIA:
+	{
+		unsigned short callno = PTR_TO_CALLNO(c->tech_pvt);
+		ast_mutex_lock(&iaxsl[callno]);
+		if ((*(int *) data)) {
+			ast_set_flag64(iaxs[callno], IAX_FORCE_ENCRYPT);
+		} else {
+			ast_clear_flag64(iaxs[callno], IAX_FORCE_ENCRYPT);
+		}
+		ast_mutex_unlock(&iaxsl[callno]);
+		return 0;
+	}
 	default:
 	{
 		unsigned short callno = PTR_TO_CALLNO(c->tech_pvt);
@@ -5163,6 +5183,22 @@
 		ast_free(h);
 		return res;
 	}
+	}
+}
+
+static int iax2_queryoption(struct ast_channel *c, int option, void *data, int *datalen)
+{
+	switch (option) {
+	case AST_OPTION_SECURE_SIGNALING:
+	case AST_OPTION_SECURE_MEDIA:
+	{
+		unsigned short callno = PTR_TO_CALLNO(c->tech_pvt);
+		ast_mutex_lock(&iaxsl[callno]);
+		*((int *) data) = ast_test_flag64(iaxs[callno], IAX_FORCE_ENCRYPT) ? 1 : 0;
+		return 0;
+	}
+	default:
+		return -1;
 	}
 }
 
@@ -13582,6 +13618,8 @@
 		ast_copy_string(buf, pvt->addr.sin_addr.s_addr ? ast_inet_ntoa(pvt->addr.sin_addr) : "", buflen);
 	} else if (!strcasecmp(args, "peername")) {
 		ast_copy_string(buf, pvt->username, buflen);
+	} else if (!strcasecmp(args, "secure_signaling") || !strcasecmp(args, "secure_media")) {
+		snprintf(buf, sizeof(buf), "%s", pvt->encmethods ? "1" : "");
 	} else {
 		res = -1;
 	}

Modified: team/group/srtp_reboot/channels/sip/dialplan_functions.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/channels/sip/dialplan_functions.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/channels/sip/dialplan_functions.c (original)
+++ team/group/srtp_reboot/channels/sip/dialplan_functions.c Mon Mar  1 17:22:30 2010
@@ -176,6 +176,10 @@
 			ast_log(LOG_WARNING, "Unrecognized argument '%s' to %s\n", preparse, funcname);
 			return -1;
 		}
+	} else if (!strcasecmp(args.param, "secure_signaling")) {
+		snprintf(buf, buflen, "%s", p->socket.type == SIP_TRANSPORT_TLS ? "1" : "");
+	} else if (!strcasecmp(args.param, "secure_media")) {
+		snprintf(buf, buflen, "%s", p->srtp ? "1" : "");
 	} else {
 		res = -1;
 	}

Modified: team/group/srtp_reboot/funcs/func_channel.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/funcs/func_channel.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/funcs/func_channel.c (original)
+++ team/group/srtp_reboot/funcs/func_channel.c Mon Mar  1 17:22:30 2010
@@ -38,6 +38,7 @@
 #include "asterisk/app.h"
 #include "asterisk/indications.h"
 #include "asterisk/stringfields.h"
+#include "asterisk/global_datastores.h"
 
 /*** DOCUMENTATION
 	<function name="CHANNELS" language="en_US">
@@ -101,6 +102,12 @@
 					</enum>
 					<enum name="rxgain">
 						<para>R/W set rxgain level on channel drivers that support it.</para>
+					</enum>
+					<enum name="secure_bridge_signaling">
+						<para>Whether or not channels bridged to this channel require secure signaling</para>
+					</enum>
+					<enum name="secure_bridge_media">
+						<para>Whether or not channels bridged to this channel require secure media</para>
 					</enum>
 					<enum name="state">
 						<para>R/O state for channel</para>
@@ -343,6 +350,18 @@
 		char amabuf[256];
 		snprintf(amabuf,sizeof(amabuf), "%d", chan->amaflags);
 		locked_copy_string(chan, buf, amabuf, len);
+	} else if (!strncasecmp(data, "secure_bridge_", 14)) {
+		struct ast_datastore *ds;
+		ast_channel_lock(chan);
+		if ((ds = ast_channel_datastore_find(chan, &secure_call_info, NULL))) {
+			struct ast_secure_call_store *encrypt = ds->data;
+			if (!strcasecmp(data, "secure_bridge_signaling")) {
+				snprintf(buf, len, "%s", encrypt->signaling ? "1" : "");
+			} else if (!strcasecmp(data, "secure_bridge_media")) {
+				snprintf(buf, len, "%s", encrypt->media ? "1" : "");
+			}
+		}
+		ast_channel_unlock(chan);
 	} else if (!chan->tech || !chan->tech->func_channel_read || chan->tech->func_channel_read(chan, function, data, buf, len)) {
 		ast_log(LOG_WARNING, "Unknown or unavailable item requested: '%s'\n", data);
 		ret = -1;
@@ -428,6 +447,37 @@
 				break;
 			}
 		}
+	} else if (!strncasecmp(data, "secure_bridge_", 14)) {
+		struct ast_datastore *ds;
+		struct ast_secure_call_store *store;
+
+		if (!chan || !value) {
+			return -1;
+		}
+
+		ast_channel_lock(chan);
+		if (!(ds = ast_channel_datastore_find(chan, &secure_call_info, NULL))) {
+			if (!(ds = ast_datastore_alloc(&secure_call_info, NULL))) {
+				ast_channel_unlock(chan);
+				return -1;
+			}
+			if (!(store = ast_calloc(1, sizeof(*store)))) {
+				ast_channel_unlock(chan);
+				ast_free(ds);
+				return -1;
+			}
+			ds->data = store;
+			ast_channel_datastore_add(chan, ds);
+		} else {
+			store = ds->data;
+		}
+		ast_channel_unlock(chan);
+
+		if (!strcasecmp(data, "secure_bridge_signaling")) {
+			store->signaling = ast_true(value) ? 1 : 0;
+		} else if (!strcasecmp(data, "secure_bridge_media")) {
+			store->media = ast_true(value) ? 1 : 0;
+		}
 	} else if (!chan->tech->func_channel_write
 		 || chan->tech->func_channel_write(chan, function, data, value)) {
 		ast_log(LOG_WARNING, "Unknown or unavailable item requested: '%s'\n",

Modified: team/group/srtp_reboot/funcs/func_secure.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/funcs/func_secure.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/funcs/func_secure.c (original)
+++ team/group/srtp_reboot/funcs/func_secure.c Mon Mar  1 17:22:30 2010
@@ -50,17 +50,17 @@
 				 char *data, struct ast_str **buf, ssize_t len)
 {
 	struct ast_datastore *ds;
-	struct ast_encrypt_call_store *store;
+	struct ast_secure_call_store *store;
 	ast_channel_lock(chan);
-	if (!(ds = ast_channel_datastore_find(chan, &encrypt_call_info, NULL))) {
+	if (!(ds = ast_channel_datastore_find(chan, &secure_call_info, NULL))) {
 		ast_channel_unlock(chan);
 		return 0;
 	}
 	store = ds->data;
 	if (!strcasecmp(data, "signaling")) {
-		ast_str_set(buf, 0, "%u", store->signaling);
+		ast_str_set(buf, 0, "%s", store->signaling ? "1" : "");
 	} else if (!strcasecmp(data, "media")) {
-		ast_str_set(buf, 0, "%u", store->media);
+		ast_str_set(buf, 0, "%s", store->media ? "1" : "");
 	}
 	ast_channel_unlock(chan);
 
@@ -71,15 +71,15 @@
 	const char *value)
 {
 	struct ast_datastore *ds;
-	struct ast_encrypt_call_store *store;
+	struct ast_secure_call_store *store;
 
 	if (!chan || !value) {
 		return -1;
 	}
 
 	ast_channel_lock(chan);
-	if (!(ds = ast_channel_datastore_find(chan, &encrypt_call_info, NULL))) {
-		if (!(ds = ast_datastore_alloc(&encrypt_call_info, NULL))) {
+	if (!(ds = ast_channel_datastore_find(chan, &secure_call_info, NULL))) {
+		if (!(ds = ast_datastore_alloc(&secure_call_info, NULL))) {
 			ast_channel_unlock(chan);
 			return -1;
 		}

Modified: team/group/srtp_reboot/include/asterisk/global_datastores.h
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/include/asterisk/global_datastores.h?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/include/asterisk/global_datastores.h (original)
+++ team/group/srtp_reboot/include/asterisk/global_datastores.h Mon Mar  1 17:22:30 2010
@@ -27,14 +27,14 @@
 #include "asterisk/channel.h"
 
 extern const struct ast_datastore_info dialed_interface_info;
-extern const struct ast_datastore_info encrypt_call_info;
+extern const struct ast_datastore_info secure_call_info;
 
 struct ast_dialed_interface {
 	AST_LIST_ENTRY(ast_dialed_interface) list;
 	char interface[1];
 };
 
-struct ast_encrypt_call_store {
+struct ast_secure_call_store {
 	unsigned int signaling:1;
 	unsigned int media:1;
 };

Modified: team/group/srtp_reboot/main/asterisk.exports
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/main/asterisk.exports?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/main/asterisk.exports (original)
+++ team/group/srtp_reboot/main/asterisk.exports Mon Mar  1 17:22:30 2010
@@ -28,7 +28,7 @@
 		devstate2str;
 		__manager_event;
 		dialed_interface_info;
-		encrypt_call_info;
+		secure_call_info;
 		strsep;
 		setenv;
 		unsetenv;

Modified: team/group/srtp_reboot/main/channel.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/main/channel.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/main/channel.c (original)
+++ team/group/srtp_reboot/main/channel.c Mon Mar  1 17:22:30 2010
@@ -4542,8 +4542,8 @@
 		return 0;
 	}
 
-	if ((ds = ast_channel_datastore_find(r, &encrypt_call_info, NULL))) {
-		struct ast_encrypt_call_store *encrypt = ds->data;
+	if ((ds = ast_channel_datastore_find(r, &secure_call_info, NULL))) {
+		struct ast_secure_call_store *encrypt = ds->data;
 		ops[0][1] = encrypt->signaling;
 		ops[1][1] = encrypt->media; 
 	}

Modified: team/group/srtp_reboot/main/global_datastores.c
URL: http://svnview.digium.com/svn/asterisk/team/group/srtp_reboot/main/global_datastores.c?view=diff&rev=249757&r1=249756&r2=249757
==============================================================================
--- team/group/srtp_reboot/main/global_datastores.c (original)
+++ team/group/srtp_reboot/main/global_datastores.c Mon Mar  1 17:22:30 2010
@@ -85,17 +85,17 @@
 	.duplicate = dialed_interface_duplicate,
 };
 
-static void encrypt_call_store_destroy(void *data)
+static void secure_call_store_destroy(void *data)
 {
-	struct ast_encrypt_call_store *store = data;
+	struct ast_secure_call_store *store = data;
 
 	ast_free(store);
 }
 
-static void *encrypt_call_store_duplicate(void *data)
+static void *secure_call_store_duplicate(void *data)
 {
-	struct ast_encrypt_call_store *old = data;
-	struct ast_encrypt_call_store *new;
+	struct ast_secure_call_store *old = data;
+	struct ast_secure_call_store *new;
 
 	if (!(new = ast_calloc(1, sizeof(*new)))) {
 		return NULL;
@@ -105,8 +105,8 @@
 
 	return new;
 }
-const struct ast_datastore_info encrypt_call_info = {
+const struct ast_datastore_info secure_call_info = {
 	.type = "encrypt-call",
-	.destroy = encrypt_call_store_destroy,
-	.duplicate = encrypt_call_store_duplicate,
+	.destroy = secure_call_store_destroy,
+	.duplicate = secure_call_store_duplicate,
 };




More information about the asterisk-commits mailing list