[asterisk-commits] oej: branch oej/rana-manager-debug-1.4 r312863 - in /team/oej/rana-manager-de...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Apr 5 09:38:49 CDT 2011
Author: oej
Date: Tue Apr 5 09:38:45 2011
New Revision: 312863
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=312863
Log:
Reset, resolve
Modified:
team/oej/rana-manager-debug-1.4/ (props changed)
team/oej/rana-manager-debug-1.4/configs/manager.conf.sample
team/oej/rana-manager-debug-1.4/main/manager.c
Propchange: team/oej/rana-manager-debug-1.4/
------------------------------------------------------------------------------
automerge = http://www.codename-pineapple.org/
Propchange: team/oej/rana-manager-debug-1.4/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Tue Apr 5 09:38:45 2011
@@ -1,1 +1,1 @@
-/branches/1.4:1-312638
+/branches/1.4:1-312862
Modified: team/oej/rana-manager-debug-1.4/configs/manager.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/rana-manager-debug-1.4/configs/manager.conf.sample?view=diff&rev=312863&r1=312862&r2=312863
==============================================================================
--- team/oej/rana-manager-debug-1.4/configs/manager.conf.sample (original)
+++ team/oej/rana-manager-debug-1.4/configs/manager.conf.sample Tue Apr 5 09:38:45 2011
@@ -25,6 +25,17 @@
enabled = no
;webenabled = yes
port = 5038
+
+; authtimeout specifies the maximum number of seconds a client has to
+; authenticate. If the client does not authenticate beofre this timeout
+; expires, the client will be disconnected. (default: 30 seconds)
+
+;authtimeout = 30
+
+; authlimit specifies the maximum number of unauthenticated sessions that will
+; be allowed to connect at any given time.
+
+;authlimit = 50
;httptimeout = 60
; a) httptimeout sets the Max-Age of the http cookie
Modified: team/oej/rana-manager-debug-1.4/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/rana-manager-debug-1.4/main/manager.c?view=diff&rev=312863&r1=312862&r2=312863
==============================================================================
--- team/oej/rana-manager-debug-1.4/main/manager.c (original)
+++ team/oej/rana-manager-debug-1.4/main/manager.c Tue Apr 5 09:38:45 2011
@@ -105,6 +105,8 @@
static const int DEFAULT_HTTPTIMEOUT = 60; /*!< Default manager http timeout */
static const int DEFAULT_BROKENEVENTSACTION = 0; /*!< Default setting for brokeneventsaction */
static const int DEFAULT_DEBUG_ACTIONS = 0; /*!< Default setting for action debugging in the CLI */
+static const int DEFAULT_AUTHTIMEOUT = 30; /*!< Default setting for authtimeout */
+static const int DEFAULT_AUTHLIMIT = 50; /*!< Default setting for authlimit */
static int enabled;
@@ -115,10 +117,13 @@
static int timestampevents;
static int httptimeout;
static int broken_events_action;
+static int authtimeout;
+static int authlimit;
static pthread_t t;
static int block_sockets;
static int num_sessions;
+static int unauth_sessions = 0;
/* Protected by the sessions list lock */
struct eventqent *master_eventq = NULL;
@@ -224,6 +229,7 @@
struct eventqent *eventq;
/* Timeout for ast_carefulwrite() */
int writetimeout;
+ time_t authstart;
int pending_event; /*!< Pending events indicator in case when waiting_thread is NULL */
AST_LIST_ENTRY(mansession_session) list;
};
@@ -2323,6 +2329,7 @@
return -1;
} else {
s->session->authenticated = 1;
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
if (option_verbose > 1) {
if (displayconnects) {
ast_verbose(VERBOSE_PREFIX_2 "%sManager '%s' logged on from %s\n",
@@ -2380,6 +2387,8 @@
int res;
int x;
struct pollfd fds[1];
+ int timeout = -1;
+ time_t now;
for (x = 1; x < s->inlen; x++) {
if ((s->inbuf[x] == '\n') && (s->inbuf[x-1] == '\r')) {
/* Copy output data up to and including \r\n */
@@ -2398,7 +2407,22 @@
}
fds[0].fd = s->fd;
fds[0].events = POLLIN;
+
do {
+ /* calculate a timeout if we are not authenticated */
+ if (!s->authenticated) {
+ if(time(&now) == -1) {
+ ast_log(LOG_ERROR, "error executing time(): %s\n", strerror(errno));
+ return -1;
+ }
+
+ timeout = (authtimeout - (now - s->authstart)) * 1000;
+ if (timeout < 0) {
+ /* we have timed out */
+ return 0;
+ }
+ }
+
ast_mutex_lock(&s->__lock);
if (s->pending_event) {
s->pending_event = 0;
@@ -2408,7 +2432,7 @@
s->waiting_thread = pthread_self();
ast_mutex_unlock(&s->__lock);
- res = ast_poll(fds, 1, -1);
+ res = ast_poll(fds, 1, timeout);
ast_mutex_lock(&s->__lock);
s->waiting_thread = AST_PTHREADT_NULL;
@@ -2426,6 +2450,9 @@
if (res < 1)
return -1;
break;
+ } else {
+ /* timeout */
+ return 0;
}
} while(1);
s->inlen += res;
@@ -2438,6 +2465,7 @@
struct message m = { 0 };
char header_buf[sizeof(s->session->inbuf)] = { '\0' };
int res;
+ time_t now;
for (;;) {
/* Check if any events are pending and do them if needed */
@@ -2447,6 +2475,17 @@
}
res = get_input(s->session, header_buf);
if (res == 0) {
+ if (!s->session->authenticated) {
+ if(time(&now) == -1) {
+ ast_log(LOG_ERROR, "error executing time(): %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (now - s->session->authstart > authtimeout) {
+ ast_log(LOG_EVENT, "Client from %s, failed to authenticate in %d seconds\n", ast_inet_ntoa(s->session->sin.sin_addr), authtimeout);
+ return -1;
+ }
+ }
continue;
} else if (res > 0) {
/* Strip trailing \r\n */
@@ -2481,6 +2520,7 @@
}
ast_log(LOG_EVENT, "Manager '%s' logged off from %s\n", session->username, ast_inet_ntoa(session->sin.sin_addr));
} else {
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
if (option_verbose > 1) {
if (displayconnects)
ast_verbose(VERBOSE_PREFIX_2 "Connect attempt from '%s' unable to authenticate\n", ast_inet_ntoa(session->sin.sin_addr));
@@ -2554,14 +2594,25 @@
ast_log(LOG_NOTICE, "Accept returned -1: %s\n", strerror(errno));
continue;
}
+
+ if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) {
+ close(as);
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
+ ast_log(LOG_WARNING, "manager connection rejected, too many unauthenticated sessions.\n");
+ continue;
+ }
+
p = getprotobyname("tcp");
if (p) {
if( setsockopt(as, p->p_proto, TCP_NODELAY, (char *)&arg, sizeof(arg) ) < 0 ) {
ast_log(LOG_WARNING, "Failed to set manager tcp connection to TCP_NODELAY mode: %s\n", strerror(errno));
}
}
- if (!(s = ast_calloc(1, sizeof(*s))))
+ if (!(s = ast_calloc(1, sizeof(*s)))) {
+ close(as);
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
continue;
+ }
memcpy(&s->sin, &sin, sizeof(sin));
s->writetimeout = 100;
@@ -2588,8 +2639,16 @@
s->eventq = s->eventq->next;
ast_atomic_fetchadd_int(&s->eventq->usecount, 1);
AST_LIST_UNLOCK(&sessions);
- if (ast_pthread_create_background(&t, &attr, session_do, s))
+ if(time(&s->authstart) == -1) {
+ ast_log(LOG_ERROR, "error executing time(): %s; disconnecting client\n", strerror(errno));
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
destroy_session(s);
+ continue;
+ }
+ if (ast_pthread_create_background(&t, &attr, session_do, s)) {
+ ast_atomic_fetchadd_int(&unauth_sessions, -1);
+ destroy_session(s);
+ }
}
pthread_attr_destroy(&attr);
return NULL;
@@ -3127,6 +3186,8 @@
block_sockets = DEFAULT_BLOCKSOCKETS;
timestampevents = DEFAULT_TIMESTAMPEVENTS;
httptimeout = DEFAULT_HTTPTIMEOUT;
+ authtimeout = DEFAULT_AUTHTIMEOUT;
+ authlimit = DEFAULT_AUTHLIMIT;
cfg = ast_config_load("manager.conf");
if (!cfg) {
@@ -3167,6 +3228,26 @@
val = ast_variable_retrieve(cfg, "general", "debugactions");
if (val)
debug_actions = ast_true(val);
+
+ if ((val = ast_variable_retrieve(cfg, "general", "authtimeout"))) {
+ int timeout = atoi(val);
+
+ if (timeout < 1) {
+ ast_log(LOG_WARNING, "Invalid authtimeout value '%s', using default value\n", val);
+ } else {
+ authtimeout = timeout;
+ }
+ }
+
+ if ((val = ast_variable_retrieve(cfg, "general", "authlimit"))) {
+ int limit = atoi(val);
+
+ if (limit < 1) {
+ ast_log(LOG_WARNING, "Invalid authlimit value '%s', using default value\n", val);
+ } else {
+ authlimit = limit;
+ }
+ }
memset(&ba, 0, sizeof(ba));
ba.sin_family = AF_INET;
More information about the asterisk-commits
mailing list