[svn-commits] transnexus: branch 1.6.0 r190576 - in /branches/1.6.0: apps/ configs/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Mon Apr 27 01:14:23 CDT 2009
Author: transnexus
Date: Mon Apr 27 01:14:17 2009
New Revision: 190576
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=190576
Log:
1. Fixed the issue caused by network ID.
2. Fixed the issue caused by without certificate files.
3. Fixed the issue caused by number portability parameters in user part of RURI.
4. Updated for OSP Toolkit 3.5.
Modified:
branches/1.6.0/apps/app_osplookup.c
branches/1.6.0/configs/osp.conf.sample
Modified: branches/1.6.0/apps/app_osplookup.c
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/apps/app_osplookup.c?view=diff&rev=190576&r1=190575&r2=190576
==============================================================================
--- branches/1.6.0/apps/app_osplookup.c (original)
+++ branches/1.6.0/apps/app_osplookup.c Mon Apr 27 01:14:17 2009
@@ -39,6 +39,7 @@
#include <osp/osp.h>
#include <osp/osputils.h>
+#include <osp/ospb64.h>
#include "asterisk/paths.h"
#include "asterisk/lock.h"
@@ -55,6 +56,7 @@
/* OSP Buffer Sizes */
#define OSP_INTSTR_SIZE ((unsigned int)16) /* OSP signed/unsigned int string buffer size */
#define OSP_NORSTR_SIZE ((unsigned int)256) /* OSP normal string buffer size */
+#define OSP_KEYSTR_SIZE ((unsigned int)1024) /* OSP certificate string buffer size */
#define OSP_TOKSTR_SIZE ((unsigned int)4096) /* OSP token string buffer size */
#define OSP_TECHSTR_SIZE ((unsigned int)32) /* OSP signed/unsigned int string buffer size */
#define OSP_UUID_SIZE ((unsigned int)16) /* UUID size */
@@ -144,7 +146,7 @@
/* Call ID */
struct osp_callid {
unsigned char buf[OSPC_CALLID_MAXSIZE]; /* Call ID string */
- unsigned int len; /* Call ID length */
+ unsigned int len; /* Call ID length */
};
/* OSP Application In/Output Results */
@@ -167,8 +169,14 @@
AST_MUTEX_DEFINE_STATIC(osplock); /* Lock of OSP provider list */
static int osp_initialized = 0; /* Init flag */
static int osp_hardware = 0; /* Hardware accelleration flag */
+static int osp_security = 0; /* Using security features flag */
static struct osp_provider* ospproviders = NULL; /* OSP provider list */
static unsigned int osp_tokenformat = TOKEN_ALGO_SIGNED; /* Token format supported */
+
+/* OSP default certificates */
+const char* B64PKey = "MIIBOgIBAAJBAK8t5l+PUbTC4lvwlNxV5lpl+2dwSZGW46dowTe6y133XyVEwNiiRma2YNk3xKs/TJ3Wl9Wpns2SYEAJsFfSTukCAwEAAQJAPz13vCm2GmZ8Zyp74usTxLCqSJZNyMRLHQWBM0g44Iuy4wE3vpi7Wq+xYuSOH2mu4OddnxswCP4QhaXVQavTAQIhAOBVCKXtppEw9UaOBL4vW0Ed/6EA/1D8hDW6St0h7EXJAiEAx+iRmZKhJD6VT84dtX5ZYNVk3j3dAcIOovpzUj9a0CECIEduTCapmZQ5xqAEsLXuVlxRtQgLTUD4ZxDElPn8x0MhAiBE2HlcND0+qDbvtwJQQOUzDgqg5xk3w8capboVdzAlQQIhAMC+lDL7+gDYkNAft5Mu+NObJmQs4Cr+DkDFsKqoxqrm";
+const char* B64LCert = "MIIBeTCCASMCEHqkOHVRRWr+1COq3CR/xsowDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTA1MDYyMzAwMjkxOFoXDTA2MDYyNDAwMjkxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvLeZfj1G0wuJb8JTcVeZaZftncEmRluOnaME3ustd918lRMDYokZmtmDZN8SrP0yd1pfVqZ7NkmBACbBX0k7pAgMBAAEwDQYJKoZIhvcNAQEEBQADQQDnV8QNFVVJx/+7IselU0wsepqMurivXZzuxOmTEmTVDzCJx1xhA8jd3vGAj7XDIYiPub1PV23eY5a2ARJuw5w9";
+const char* B64CACert = "MIIBYDCCAQoCAQEwDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTAyMDIwNDE4MjU1MloXDTEyMDIwMzE4MjU1MlowOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPGeGwV41EIhX0jEDFLRXQhDEr50OUQPq+f55VwQd0TQNts06BP29+UiNdRW3c3IRHdZcJdC1Cg68ME9cgeq0h8CAwEAATANBgkqhkiG9w0BAQQFAANBAGkzBSj1EnnmUxbaiG1N4xjIuLAWydun7o3bFk2tV8dBIhnuh445obYyk1EnQ27kI7eACCILBZqi2MHDOIMnoN0=";
/* OSP Client Wrapper APIs */
@@ -182,25 +190,29 @@
struct ast_config* cfg,
const char* provider)
{
- int res;
- unsigned int t, i, j;
+ int res = 0;
+ struct ast_variable* v;
struct osp_provider* p;
- struct ast_variable* v;
OSPTPRIVATEKEY privatekey;
- OSPTCERT localcert;
+ OSPT_CERT localcert;
+ OSPT_CERT cacerts[OSP_MAX_CERTS];
+ const OSPT_CERT* pcacerts[OSP_MAX_CERTS];
const char* psrvpoints[OSP_MAX_SRVS];
- OSPTCERT cacerts[OSP_MAX_CERTS];
- const OSPTCERT* pcacerts[OSP_MAX_CERTS];
- int error = OSPC_ERR_NO_ERROR;
+ unsigned char privatekeydata[OSP_KEYSTR_SIZE];
+ unsigned char localcertdata[OSP_KEYSTR_SIZE];
+ unsigned char cacertdata[OSP_KEYSTR_SIZE];
+ int i, t, error = OSPC_ERR_NO_ERROR;
if (!(p = ast_calloc(1, sizeof(*p)))) {
ast_log(LOG_ERROR, "Out of memory\n");
return -1;
}
+ /* ast_calloc has set 0 in p */
ast_copy_string(p->name, provider, sizeof(p->name));
snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s-privatekey.pem", ast_config_AST_KEY_DIR, provider);
snprintf(p->localcert, sizeof(p->localcert), "%s/%s-localcert.pem", ast_config_AST_KEY_DIR, provider);
+ snprintf(p->cacerts[0], sizeof(p->cacerts[0]), "%s/%s-cacert_0.pem", ast_config_AST_KEY_DIR, provider);
p->maxconnections = OSP_DEF_MAXCONNECTIONS;
p->retrydelay = OSP_DEF_RETRYDELAY;
p->retrylimit = OSP_DEF_RETRYLIMIT;
@@ -212,30 +224,36 @@
v = ast_variable_browse(cfg, provider);
while(v) {
if (!strcasecmp(v->name, "privatekey")) {
- if (v->value[0] == '/') {
- ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
- } else {
- snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
- }
- ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
+ if (osp_security) {
+ if (v->value[0] == '/') {
+ ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
+ } else {
+ snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+ }
+ ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
+ }
} else if (!strcasecmp(v->name, "localcert")) {
- if (v->value[0] == '/') {
- ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
- } else {
- snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
- }
- ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
+ if (osp_security) {
+ if (v->value[0] == '/') {
+ ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
+ } else {
+ snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+ }
+ ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
+ }
} else if (!strcasecmp(v->name, "cacert")) {
- if (p->cacount < OSP_MAX_CERTS) {
- if (v->value[0] == '/') {
- ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
+ if (osp_security) {
+ if (p->cacount < OSP_MAX_CERTS) {
+ if (v->value[0] == '/') {
+ ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
+ } else {
+ snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+ }
+ ast_debug(1, "OSP: cacerts[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
+ p->cacount++;
} else {
- snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
+ ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
}
- ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
- p->cacount++;
- } else {
- ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
}
} else if (!strcasecmp(v->name, "servicepoint")) {
if (p->spcount < OSP_MAX_SRVS) {
@@ -306,95 +324,109 @@
v = v->next;
}
- error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey);
- if (error != OSPC_ERR_NO_ERROR) {
- ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
- ast_free(p);
- return 0;
- }
-
- error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert);
- if (error != OSPC_ERR_NO_ERROR) {
- ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
+ if (p->cacount == 0) {
+ p->cacount = 1;
+ }
+
+ for (i = 0; i < p->spcount; i++) {
+ psrvpoints[i] = p->srvpoints[i];
+ }
+
+ if (osp_security) {
+ privatekey.PrivateKeyData = NULL;
+ privatekey.PrivateKeyLength = 0;
+
+ localcert.CertData = NULL;
+ localcert.CertDataLength = 0;
+
+ for (i = 0; i < p->cacount; i++) {
+ cacerts[i].CertData = NULL;
+ cacerts[i].CertDataLength = 0;
+ }
+
+ if ((error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey)) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
+ } else if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert)) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
+ } else {
+ for (i = 0; i < p->cacount; i++) {
+ if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i])) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
+ break;
+ } else {
+ pcacerts[i] = &cacerts[i];
+ }
+ }
+ }
+ } else {
+ privatekey.PrivateKeyData = privatekeydata;
+ privatekey.PrivateKeyLength = sizeof(privatekeydata);
+
+ localcert.CertData = localcertdata;
+ localcert.CertDataLength = sizeof(localcertdata);
+
+ cacerts[0].CertData = cacertdata;
+ cacerts[0].CertDataLength = sizeof(cacertdata);
+ pcacerts[0] = &cacerts[0];
+
+ if ((error = OSPPBase64Decode(B64PKey, strlen(B64PKey), privatekey.PrivateKeyData, &privatekey.PrivateKeyLength)) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to decode private key, error '%d'\n", error);
+ } else if ((error = OSPPBase64Decode(B64LCert, strlen(B64LCert), localcert.CertData, &localcert.CertDataLength)) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to decode local cert, error '%d'\n", error);
+ } else if ((error = OSPPBase64Decode(B64CACert, strlen(B64CACert), cacerts[0].CertData, &cacerts[0].CertDataLength)) != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to decode cacert, error '%d'\n", error);
+ }
+ }
+
+ if (error == OSPC_ERR_NO_ERROR) {
+ error = OSPPProviderNew(
+ p->spcount,
+ psrvpoints,
+ NULL,
+ OSP_AUDIT_URL,
+ &privatekey,
+ &localcert,
+ p->cacount,
+ pcacerts,
+ OSP_LOCAL_VALIDATION,
+ OSP_SSL_LIFETIME,
+ p->maxconnections,
+ OSP_HTTP_PERSISTENCE,
+ p->retrydelay,
+ p->retrylimit,
+ p->timeout,
+ OSP_CUSTOMER_ID,
+ OSP_DEVICE_ID,
+ &p->handle);
+ if (error != OSPC_ERR_NO_ERROR) {
+ ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
+ res = -1;
+ } else {
+ ast_debug(1, "OSP: provider '%s'\n", provider);
+ ast_mutex_lock(&osplock);
+ p->next = ospproviders;
+ ospproviders = p;
+ ast_mutex_unlock(&osplock);
+ res = 1;
+ }
+ }
+
+ if (osp_security) {
+ for (i = 0; i < p->cacount; i++) {
+ if (cacerts[i].CertData) {
+ ast_free(cacerts[i].CertData);
+ }
+ }
+ if (localcert.CertData) {
+ ast_free(localcert.CertData);
+ }
if (privatekey.PrivateKeyData) {
ast_free(privatekey.PrivateKeyData);
}
+ }
+
+ if (res != 1) {
ast_free(p);
- return 0;
- }
-
- if (p->cacount < 1) {
- snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s-cacert.pem", ast_config_AST_KEY_DIR, provider);
- ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
- p->cacount++;
- }
- for (i = 0; i < p->cacount; i++) {
- error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i]);
- if (error != OSPC_ERR_NO_ERROR) {
- ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
- for (j = 0; j < i; j++) {
- if (cacerts[j].CertData) {
- ast_free(cacerts[j].CertData);
- }
- }
- if (localcert.CertData) {
- ast_free(localcert.CertData);
- }
- if (privatekey.PrivateKeyData) {
- ast_free(privatekey.PrivateKeyData);
- }
- ast_free(p);
- return 0;
- }
- pcacerts[i] = &cacerts[i];
- }
-
- for (i = 0; i < p->spcount; i++) {
- psrvpoints[i] = p->srvpoints[i];
- }
-
- error = OSPPProviderNew(
- p->spcount,
- psrvpoints,
- NULL,
- OSP_AUDIT_URL,
- &privatekey,
- &localcert,
- p->cacount,
- pcacerts,
- OSP_LOCAL_VALIDATION,
- OSP_SSL_LIFETIME,
- p->maxconnections,
- OSP_HTTP_PERSISTENCE,
- p->retrydelay,
- p->retrylimit,
- p->timeout,
- OSP_CUSTOMER_ID,
- OSP_DEVICE_ID,
- &p->handle);
- if (error != OSPC_ERR_NO_ERROR) {
- ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
- ast_free(p);
- res = -1;
- } else {
- ast_debug(1, "OSP: provider '%s'\n", provider);
- ast_mutex_lock(&osplock);
- p->next = ospproviders;
- ospproviders = p;
- ast_mutex_unlock(&osplock);
- res = 1;
- }
-
- for (i = 0; i < p->cacount; i++) {
- if (cacerts[i].CertData) {
- ast_free(cacerts[i].CertData);
- }
- }
- if (localcert.CertData) {
- ast_free(localcert.CertData);
- }
- if (privatekey.PrivateKeyData) {
- ast_free(privatekey.PrivateKeyData);
}
return res;
@@ -524,26 +556,26 @@
osp_convert_address(source, src, sizeof(src));
osp_convert_address(destination, dst, sizeof(dst));
error = OSPPTransactionValidateAuthorisation(
- transaction,
- src,
- dst,
- NULL,
- NULL,
- calling ? calling : "",
- OSPC_E164,
- called,
- OSPC_E164,
- 0,
- NULL,
- tokenlen,
- (char*)tokenstr,
- &authorised,
- timelimit,
- &dummy,
- NULL,
- osp_tokenformat);
+ transaction,
+ src,
+ dst,
+ NULL,
+ NULL,
+ calling ? calling : "",
+ OSPC_NFORMAT_E164,
+ called,
+ OSPC_NFORMAT_E164,
+ 0,
+ NULL,
+ tokenlen,
+ (char*)tokenstr,
+ &authorised,
+ timelimit,
+ &dummy,
+ NULL,
+ osp_tokenformat);
if (error != OSPC_ERR_NO_ERROR) {
- ast_debug(1, "OSP: Unable to validate inbound token\n");
+ ast_debug(1, "OSP: Unable to validate inbound token, error '%d'\n", error);
res = -1;
} else if (authorised) {
ast_debug(1, "OSP: Authorised\n");
@@ -594,12 +626,12 @@
char* destination,
unsigned int tokenlen,
const char* token,
- enum OSPEFAILREASON* reason,
+ OSPEFAILREASON* reason,
struct osp_result* result)
{
int res;
- OSPE_DEST_OSP_ENABLED enabled;
- OSPE_DEST_PROT protocol;
+ OSPE_DEST_OSPENABLED enabled;
+ OSPE_DEST_PROTOCOL protocol;
int error;
if (strlen(destination) <= 2) {
@@ -614,7 +646,7 @@
return -1;
}
- if (enabled == OSPE_OSP_FALSE) {
+ if (enabled == OSPC_DOSP_FALSE) {
result->token[0] = '\0';
} else {
ast_base64encode(result->token, (const unsigned char*)token, tokenlen, sizeof(result->token) - 1);
@@ -637,45 +669,45 @@
/* Strip leading and trailing brackets */
destination[strlen(destination) - 1] = '\0';
switch(protocol) {
- case OSPE_DEST_PROT_H323_SETUP:
- ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
- ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
- ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
- ast_copy_string(result->called, called, sizeof(result->called));
- ast_copy_string(result->calling, calling, sizeof(result->calling));
- break;
- case OSPE_DEST_PROT_SIP:
- ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
- ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
- ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
- ast_copy_string(result->called, called, sizeof(result->called));
- ast_copy_string(result->calling, calling, sizeof(result->calling));
- break;
- case OSPE_DEST_PROT_IAX:
- ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
- ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
- ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
- ast_copy_string(result->called, called, sizeof(result->called));
- ast_copy_string(result->calling, calling, sizeof(result->calling));
- break;
- case OSPE_DEST_PROT_UNDEFINED:
- case OSPE_DEST_PROT_UNKNOWN:
- ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
- ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
-
- ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
- ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
- ast_copy_string(result->called, called, sizeof(result->called));
- ast_copy_string(result->calling, calling, sizeof(result->calling));
- break;
- case OSPE_DEST_PROT_H323_LRQ:
- default:
- ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
- *reason = OSPC_FAIL_PROTOCOL_ERROR;
- result->token[0] = '\0';
- result->networkid[0] = '\0';
- res = 0;
- break;
+ case OSPC_DPROT_Q931:
+ ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
+ ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
+ ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+ ast_copy_string(result->called, called, sizeof(result->called));
+ ast_copy_string(result->calling, calling, sizeof(result->calling));
+ break;
+ case OSPC_DPROT_SIP:
+ ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
+ ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
+ ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+ ast_copy_string(result->called, called, sizeof(result->called));
+ ast_copy_string(result->calling, calling, sizeof(result->calling));
+ break;
+ case OSPC_DPROT_IAX:
+ ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
+ ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
+ ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+ ast_copy_string(result->called, called, sizeof(result->called));
+ ast_copy_string(result->calling, calling, sizeof(result->calling));
+ break;
+ case OSPC_DPROT_UNDEFINED:
+ case OSPC_DPROT_UNKNOWN:
+ ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
+ ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
+
+ ast_copy_string(result->tech, provider->defaultprotocol, sizeof(result->tech));
+ ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
+ ast_copy_string(result->called, called, sizeof(result->called));
+ ast_copy_string(result->calling, calling, sizeof(result->calling));
+ break;
+ case OSPC_DPROT_LRQ:
+ default:
+ ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
+ *reason = OSPC_FAIL_PROTOCOL_ERROR;
+ result->token[0] = '\0';
+ result->networkid[0] = '\0';
+ res = 0;
+ break;
}
return res;
@@ -686,10 +718,10 @@
* \param cause Asterisk hangup cause
* \return OSP TC code
*/
-static enum OSPEFAILREASON asterisk2osp(
+static OSPEFAILREASON asterisk2osp(
int cause)
{
- return (enum OSPEFAILREASON)cause;
+ return (OSPEFAILREASON)cause;
}
/*!
@@ -725,32 +757,32 @@
}
switch (p->authpolicy) {
- case OSP_AUTH_NO:
+ case OSP_AUTH_NO:
+ res = 1;
+ break;
+ case OSP_AUTH_EXCLUSIVE:
+ if (ast_strlen_zero(token)) {
+ res = 0;
+ } else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
+ ast_debug(1, "OSP: Unable to generate transaction handle\n");
+ *transaction = OSP_INVALID_HANDLE;
+ res = 0;
+ } else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
+ OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
+ }
+ break;
+ case OSP_AUTH_YES:
+ default:
+ if (ast_strlen_zero(token)) {
res = 1;
- break;
- case OSP_AUTH_EXCLUSIVE:
- if (ast_strlen_zero(token)) {
- res = 0;
- } else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
- ast_debug(1, "OSP: Unable to generate transaction handle\n");
- *transaction = OSP_INVALID_HANDLE;
- res = 0;
- } else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
- OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
- }
- break;
- case OSP_AUTH_YES:
- default:
- if (ast_strlen_zero(token)) {
- res = 1;
- } else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
- ast_debug(1, "OSP: Unable to generate transaction handle\n");
- *transaction = OSP_INVALID_HANDLE;
- res = 0;
- } else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
- OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
- }
- break;
+ } else if ((res = osp_create_transaction(provider, transaction, sizeof(dest), dest)) <= 0) {
+ ast_debug(1, "OSP: Unable to generate transaction handle\n");
+ *transaction = OSP_INVALID_HANDLE;
+ res = 0;
+ } else if((res = osp_validate_token(*transaction, source, dest, calling, called, token, timelimit)) <= 0) {
+ OSPPTransactionRecordFailure(*transaction, OSPC_FAIL_CALL_REJECTED);
+ }
+ break;
}
return res;
@@ -823,15 +855,15 @@
callid->len = sizeof(callid->buf);
switch (type) {
- case OSP_CALLID_H323:
- res = osp_create_uuid(callid->buf, &callid->len);
- break;
- case OSP_CALLID_SIP:
- case OSP_CALLID_IAX:
- res = 0;
- default:
- res = -1;
- break;
+ case OSP_CALLID_H323:
+ res = osp_create_uuid(callid->buf, &callid->len);
+ break;
+ case OSP_CALLID_SIP:
+ case OSP_CALLID_IAX:
+ res = 0;
+ default:
+ res = -1;
+ break;
}
if ((res != 1) && (callid->len != 0)) {
@@ -848,6 +880,8 @@
* \param srcdev Source device of outbound call
* \param calling Calling number
* \param called Called number
+ * \param snetid Source network ID
+ * \param rnumber Routing number
* \param callidtypes Call ID types
* \param result Lookup results
* \return 1 Found , 0 No route, -1 Error
@@ -857,6 +891,8 @@
const char* srcdev,
const char* calling,
const char* called,
+ const char* snetid,
+ const char* rnumber,
unsigned int callidtypes,
struct osp_result* result)
{
@@ -873,9 +909,9 @@
unsigned int i, type;
struct osp_callid callid;
unsigned int callidnum;
- OSPTCALLID* callids[OSP_CALLID_MAXNUM];
+ OSPT_CALL_ID* callids[OSP_CALLID_MAXNUM];
unsigned int dummy = 0;
- enum OSPEFAILREASON reason;
+ OSPEFAILREASON reason;
int error;
result->outhandle = OSP_INVALID_HANDLE;
@@ -902,6 +938,14 @@
return -1;
}
+ if (!ast_strlen_zero(snetid)) {
+ OSPPTransactionSetNetworkIds(result->outhandle, snetid, "");
+ }
+
+ if (!ast_strlen_zero(rnumber)) {
+ OSPPTransactionSetRoutingNumber(result->outhandle, rnumber);
+ }
+
callidnum = 0;
callids[0] = NULL;
for (i = 0; i < OSP_CALLID_MAXNUM; i++) {
@@ -919,27 +963,27 @@
osp_convert_address(srcdev, dev, sizeof(dev));
result->numresults = OSP_DEF_DESTINATIONS;
error = OSPPTransactionRequestAuthorisation(
- result->outhandle,
- src,
- dev,
- calling ? calling : "",
- OSPC_E164,
- called,
- OSPC_E164,
- NULL,
- callidnum,
- callids,
- NULL,
- &result->numresults,
- &dummy,
- NULL);
+ result->outhandle,
+ src,
+ dev,
+ calling ? calling : "",
+ OSPC_NFORMAT_E164,
+ called,
+ OSPC_NFORMAT_E164,
+ NULL,
+ callidnum,
+ callids,
+ NULL,
+ &result->numresults,
+ &dummy,
+ NULL);
for (i = 0; i < callidnum; i++) {
OSPPCallIdDelete(&callids[i]);
}
if (error != OSPC_ERR_NO_ERROR) {
- ast_debug(1, "OSP: Unable to request authorization\n");
+ ast_debug(1, "OSP: Unable to request authorization, error '%d'\n", error);
result->numresults = 0;
if (result->inhandle != OSP_INVALID_HANDLE) {
OSPPTransactionRecordFailure(result->inhandle, OSPC_FAIL_NORMAL_UNSPECIFIED);
@@ -958,25 +1002,25 @@
result->outcallid.len = sizeof(result->outcallid.buf);
tokenlen = sizeof(token);
error = OSPPTransactionGetFirstDestination(
- result->outhandle,
- 0,
- NULL,
- NULL,
- &result->outtimelimit,
- &result->outcallid.len,
- result->outcallid.buf,
- sizeof(callednum),
- callednum,
- sizeof(callingnum),
- callingnum,
- sizeof(destination),
- destination,
- 0,
- NULL,
- &tokenlen,
- token);
+ result->outhandle,
+ 0,
+ NULL,
+ NULL,
+ &result->outtimelimit,
+ &result->outcallid.len,
+ result->outcallid.buf,
+ sizeof(callednum),
+ callednum,
+ sizeof(callingnum),
+ callingnum,
+ sizeof(destination),
+ destination,
+ 0,
+ NULL,
+ &tokenlen,
+ token);
if (error != OSPC_ERR_NO_ERROR) {
- ast_debug(1, "OSP: Unable to get first route\n");
+ ast_debug(1, "OSP: Unable to get first route, error '%d'\n", error);
result->numresults = 0;
result->outtimelimit = OSP_DEF_TIMELIMIT;
if (result->inhandle != OSP_INVALID_HANDLE) {
@@ -1011,24 +1055,24 @@
result->outcallid.len = sizeof(result->outcallid.buf);
tokenlen = sizeof(token);
error = OSPPTransactionGetNextDestination(
- result->outhandle,
- reason,
- 0,
- NULL,
- NULL,
- &result->outtimelimit,
- &result->outcallid.len,
- result->outcallid.buf,
- sizeof(callednum),
- callednum,
- sizeof(callingnum),
- callingnum,
- sizeof(destination),
- destination,
- 0,
- NULL,
- &tokenlen,
- token);
+ result->outhandle,
+ reason,
+ 0,
+ NULL,
+ NULL,
+ &result->outtimelimit,
+ &result->outcallid.len,
+ result->outcallid.buf,
+ sizeof(callednum),
+ callednum,
+ sizeof(callingnum),
+ callingnum,
+ sizeof(destination),
+ destination,
+ 0,
+ NULL,
+ &tokenlen,
+ token);
if (error == OSPC_ERR_NO_ERROR) {
result->numresults--;
result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1082,7 +1126,7 @@
char destination[OSP_NORSTR_SIZE];
unsigned int tokenlen;
char token[OSP_TOKSTR_SIZE];
- enum OSPEFAILREASON reason;
+ OSPEFAILREASON reason;
int error;
result->tech[0] = '\0';
@@ -1122,24 +1166,24 @@
result->outcallid.len = sizeof(result->outcallid.buf);
tokenlen = sizeof(token);
error = OSPPTransactionGetNextDestination(
- result->outhandle,
- reason,
- 0,
- NULL,
- NULL,
- &result->outtimelimit,
- &result->outcallid.len,
- result->outcallid.buf,
- sizeof(callednum),
- callednum,
- sizeof(callingnum),
- callingnum,
- sizeof(destination),
- destination,
- 0,
- NULL,
- &tokenlen,
- token);
+ result->outhandle,
+ reason,
+ 0,
+ NULL,
+ NULL,
+ &result->outtimelimit,
+ &result->outcallid.len,
+ result->outcallid.buf,
+ sizeof(callednum),
+ callednum,
+ sizeof(callingnum),
+ callingnum,
+ sizeof(destination),
+ destination,
+ 0,
+ NULL,
+ &tokenlen,
+ token);
if (error == OSPC_ERR_NO_ERROR) {
result->numresults--;
result->outtimelimit = osp_choose_timelimit(result->intimelimit, result->outtimelimit);
@@ -1198,7 +1242,7 @@
unsigned int release)
{
int res;
- enum OSPEFAILREASON reason;
+ OSPEFAILREASON reason;
time_t alert = 0;
unsigned isPddInfoPresent = 0;
unsigned pdd = 0;
@@ -1215,22 +1259,22 @@
}
error = OSPPTransactionReportUsage(
- handle,
- difftime(end, connect),
- start,
- end,
- alert,
- connect,
- isPddInfoPresent,
- pdd,
- release,
- (unsigned char*)"",
- 0,
- 0,
- 0,
- 0,
- &dummy,
- NULL);
+ handle,
+ difftime(end, connect),
+ start,
+ end,
+ alert,
+ connect,
+ isPddInfoPresent,
+ pdd,
+ release,
+ NULL,
+ -1,
+ -1,
+ -1,
+ -1,
+ &dummy,
+ NULL);
if (error == OSPC_ERR_NO_ERROR) {
ast_debug(1, "OSP: Usage reported\n");
res = 1;
@@ -1340,7 +1384,8 @@
struct varshead* headp;
struct ast_var_t* current;
const char* srcdev = "";
- const char* netid = "";
+ const char* snetid = "";
+ const char* rnumber = "";
char buffer[OSP_TOKSTR_SIZE];
unsigned int callidtypes = OSP_CALLID_UNDEFINED;
struct osp_result result;
@@ -1399,21 +1444,24 @@
result.intimelimit = OSP_DEF_TIMELIMIT;
}
} else if (!strcasecmp(ast_var_name(current), "OSPINNETWORKID")) {
- netid = ast_var_value(current);
+ snetid = ast_var_value(current);
+ } else if (!strcasecmp(ast_var_name(current), "OSPROUTINGNUMBER")) {
+ rnumber = ast_var_value(current);
} else if (!strcasecmp(ast_var_name(current), "OSPPEERIP")) {
srcdev = ast_var_value(current);
}
}
ast_debug(1, "OSPLookup: OSPINHANDLE '%d'\n", result.inhandle);
ast_debug(1, "OSPLookup: OSPINTIMELIMIT '%d'\n", result.intimelimit);
- ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", netid);
+ ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", snetid);
+ ast_debug(1, "OSPLookup: OSPROUTINGNUMBER '%s'\n", rnumber);
ast_debug(1, "OSPLookup: source device '%s'\n", srcdev);
if ((cres = ast_autoservice_start(chan)) < 0) {
return -1;
}
- if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, callidtypes, &result)) > 0) {
+ if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, snetid, rnumber, callidtypes, &result)) > 0) {
status = AST_OSP_SUCCESS;
} else {
result.tech[0] = '\0';
@@ -1444,6 +1492,8 @@
ast_debug(1, "OSPLookup: OSPCALLED '%s'\n", result.called);
pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
ast_debug(1, "OSPLookup: OSPCALLING '%s'\n", result.calling);
+ pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
+ ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1605,6 +1655,8 @@
ast_debug(1, "OSPNext: OSPCALLED'%s'\n", result.called);
pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
ast_debug(1, "OSPNext: OSPCALLING '%s'\n", result.calling);
+ pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
+ ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1734,11 +1786,11 @@
ast_debug(1, "OSPFinish: Unable to report usage for outbound call\n");
}
switch (cause) {
- case AST_CAUSE_NORMAL_CLEARING:
- break;
- default:
- cause = AST_CAUSE_NO_ROUTE_DESTINATION;
- break;
+ case AST_CAUSE_NORMAL_CLEARING:
+ break;
+ default:
+ cause = AST_CAUSE_NO_ROUTE_DESTINATION;
+ break;
}
if (osp_finish(inhandle, recorded, cause, start, connect, end, release) <= 0) {
ast_debug(1, "OSPFinish: Unable to report usage for inbound call\n");
@@ -1795,6 +1847,12 @@
OSPPInit(0);
}
ast_debug(1, "OSP: osp_hardware '%d'\n", osp_hardware);
+
+ t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "securityfeatures");
+ if (t && ast_true(t)) {
+ osp_security = 1;
+ }
+ ast_debug(1, "OSP: osp_security '%d'\n", osp_security);
t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "tokenformat");
if (t) {
@@ -1849,6 +1907,7 @@
OSPPCleanup();
osp_tokenformat = TOKEN_ALGO_SIGNED;
+ osp_security = 0;
osp_hardware = 0;
osp_initialized = 0;
}
@@ -1880,19 +1939,22 @@
provider = a->argv[2];
if (!provider) {
switch (osp_tokenformat) {
- case TOKEN_ALGO_BOTH:
- tokenalgo = "Both";
- break;
- case TOKEN_ALGO_UNSIGNED:
- tokenalgo = "Unsigned";
- break;
- case TOKEN_ALGO_SIGNED:
- default:
- tokenalgo = "Signed";
- break;
- }
- ast_cli(a->fd, "OSP: %s %s %s\n",
- osp_initialized ? "Initialized" : "Uninitialized", osp_hardware ? "Accelerated" : "Normal", tokenalgo);
+ case TOKEN_ALGO_BOTH:
+ tokenalgo = "Both";
+ break;
+ case TOKEN_ALGO_UNSIGNED:
+ tokenalgo = "Unsigned";
+ break;
+ case TOKEN_ALGO_SIGNED:
+ default:
+ tokenalgo = "Signed";
+ break;
+ }
+ ast_cli(a->fd, "OSP: %s/%s/%s/%s\n",
+ osp_initialized ? "Initialized" : "Uninitialized",
+ osp_hardware ? "Accelerated" : "Normal",
+ osp_security ? "Enabled" : "Disabled",
+ tokenalgo);
}
ast_mutex_lock(&osplock);
@@ -1903,10 +1965,12 @@
ast_cli(a->fd, "\n");
}
ast_cli(a->fd, " == OSP Provider '%s' == \n", p->name);
- ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
- ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
- for (i = 0; i < p->cacount; i++) {
- ast_cli(a->fd, "CA Certificate %d: %s\n", i + 1, p->cacerts[i]);
+ if (osp_security) {
+ ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
+ ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
+ for (i = 0; i < p->cacount; i++) {
+ ast_cli(a->fd, "CA Certificate %d: %s\n", i + 1, p->cacerts[i]);
+ }
}
for (i = 0; i < p->spcount; i++) {
ast_cli(a->fd, "Service Point %d: %s\n", i + 1, p->srvpoints[i]);
@@ -1930,7 +1994,7 @@
ast_cli(a->fd, "Unable to find OSP provider '%s'\n", provider);
} else {
ast_cli(a->fd, "No OSP providers configured\n");
- }
+ }
}
return CLI_SUCCESS;
}
Modified: branches/1.6.0/configs/osp.conf.sample
URL: http://svn.digium.com/svn-view/asterisk/branches/1.6.0/configs/osp.conf.sample?view=diff&rev=190576&r1=190575&r2=190576
==============================================================================
--- branches/1.6.0/configs/osp.conf.sample (original)
+++ branches/1.6.0/configs/osp.conf.sample Mon Apr 27 01:14:17 2009
@@ -12,14 +12,23 @@
[general]
;
; Enable cryptographic acceleration hardware.
+; The default value is no.
;
;accelerate=no
+;
+; Enable security features.
+; If security features are disabled, Asterisk cannot validate signed tokens and
+; all certificate file name parameters are ignored.
+; The default value is no.
+;
+;securityfeatures=no
;
; Defines the status of tokens that Asterisk will validate.
; 0 - signed tokens only
; 1 - unsigned tokens only
; 2 - both signed and unsigned
; The default value is 0, i.e. the Asterisk will only validate signed tokens.
+; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
;
;tokenformat=0
;
@@ -43,6 +52,7 @@
; If this parameter is unspecified or not present, the default name will be the
; osp.conf section name followed by "-privatekey.pem" (for example:
; default-privatekey.pem)
+; If securityfeatures are disabled, this parameter is ignored.
;
;privatekey=pkey.pem
;
@@ -50,6 +60,7 @@
; If this parameter is unspecified or not present, the default name will be the
; osp.conf section name followed by "- localcert.pem " (for example:
; default-localcert.pem)
+; If securityfeatures are disabled, this parameter is ignored.
;
;localcert=localcert.pem
;
@@ -57,6 +68,7 @@
; a single Certificate Authority key file name is added with the default name of
; the osp.conf section name followed by "-cacert_0.pem " (for example:
; default-cacert_0.pem)
+; If securityfeatures are disabled, this parameter is ignored.
;
;cacert=cacert_0.pem
;
@@ -81,6 +93,7 @@
; 2 - EXCLUSIVE - Accept calls with valid token. Block calls with invalid token
; or no token.
; Default is 1,
+; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
;
;authpolicy=1
;
More information about the svn-commits
mailing list