[svn-commits] bbryant: branch 1.6.0 r118168 - in /branches/1.6.0: ./ include/asterisk/ main/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri May 23 16:37:08 CDT 2008
Author: bbryant
Date: Fri May 23 16:37:07 2008
New Revision: 118168
URL: http://svn.digium.com/view/asterisk?view=rev&rev=118168
Log:
Merged revisions 118161 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r118161 | bbryant | 2008-05-23 16:19:42 -0500 (Fri, 23 May 2008) | 3 lines
Add new functionality to http server that requires manager authentication for any path that includes a directory named 'private'. This patch also
requires manager authentication for any POST's being sent to the server as well to help secure uploads.
........
Modified:
branches/1.6.0/ (props changed)
branches/1.6.0/include/asterisk/manager.h
branches/1.6.0/main/http.c
branches/1.6.0/main/manager.c
Propchange: branches/1.6.0/
------------------------------------------------------------------------------
Binary property 'trunk-merged' - no diff available.
Modified: branches/1.6.0/include/asterisk/manager.h
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/include/asterisk/manager.h?view=diff&rev=118168&r1=118167&r2=118168
==============================================================================
--- branches/1.6.0/include/asterisk/manager.h (original)
+++ branches/1.6.0/include/asterisk/manager.h Fri May 23 16:37:07 2008
@@ -203,6 +203,9 @@
void __attribute__ ((format (printf, 2, 3))) astman_append(struct mansession *s, const char *fmt, ...);
+/*! \brief Determinie if a manager session ident is authenticated */
+int astman_is_authed(uint32_t ident);
+
/*! \brief Called by Asterisk initialization */
int init_manager(void);
Modified: branches/1.6.0/main/http.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/http.c?view=diff&rev=118168&r1=118167&r2=118168
==============================================================================
--- branches/1.6.0/main/http.c (original)
+++ branches/1.6.0/main/http.c Fri May 23 16:37:07 2008
@@ -143,6 +143,18 @@
}
snprintf(wkspace, wkspacelen, "text/%s", ftype ? ftype : "plain");
return wkspace;
+}
+
+static uint32_t manid_from_vars(struct ast_variable *sid) {
+ uint32_t mngid;
+
+ while (sid && strcmp(sid->name, "mansession_id"))
+ sid = sid->next;
+
+ if (!sid || sscanf(sid->value, "%x", &mngid) != 1)
+ return 0;
+
+ return mngid;
}
static struct ast_str *static_callback(struct ast_tcptls_session_instance *ser, const char *uri, struct ast_variable *vars, int *status, char **title, int *contentlength)
@@ -186,6 +198,10 @@
fd = open(path, O_RDONLY);
if (fd < 0)
goto out403;
+
+ if (strstr(path, "/private/") && !astman_is_authed(manid_from_vars(vars))) {
+ goto out403;
+ }
ast_strftime(buf, sizeof(buf), "%a, %d %b %Y %H:%M:%S %Z", ast_localtime(&tv, &tm, "GMT"));
fprintf(ser->f, "HTTP/1.1 200 OK\r\n"
Modified: branches/1.6.0/main/manager.c
URL: http://svn.digium.com/view/asterisk/branches/1.6.0/main/manager.c?view=diff&rev=118168&r1=118167&r2=118168
==============================================================================
--- branches/1.6.0/main/manager.c (original)
+++ branches/1.6.0/main/manager.c Fri May 23 16:37:07 2008
@@ -3140,7 +3140,7 @@
* the value of the mansession_id cookie (0 is not valid and means
* a session on the AMI socket).
*/
-static struct mansession *find_session(uint32_t ident)
+static struct mansession *find_session(uint32_t ident, int incinuse)
{
struct mansession *s;
@@ -3151,7 +3151,7 @@
AST_LIST_TRAVERSE(&sessions, s, list) {
ast_mutex_lock(&s->__lock);
if (s->managerid == ident && !s->needdestroy) {
- ast_atomic_fetchadd_int(&s->inuse, 1);
+ ast_atomic_fetchadd_int(&s->inuse, incinuse ? 1 : 0);
break;
}
ast_mutex_unlock(&s->__lock);
@@ -3159,6 +3159,21 @@
AST_LIST_UNLOCK(&sessions);
return s;
+}
+
+int astman_is_authed(uint32_t ident)
+{
+ int authed;
+ struct mansession *s;
+
+ if (!(s = find_session(ident, 0)))
+ return 0;
+
+ authed = (s->authenticated != 0);
+
+ ast_mutex_unlock(&s->__lock);
+
+ return authed;
}
int astman_verify_session_readpermissions(uint32_t ident, int perm)
@@ -3451,7 +3466,7 @@
}
}
- if (!(s = find_session(ident))) {
+ if (!(s = find_session(ident, 1))) {
/* Create new session.
* While it is not in the list we don't need any locking
*/
More information about the svn-commits
mailing list