[svn-commits] russell: branch group/security_events r196451 - in /team/group/security_event...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri May 22 16:30:31 CDT 2009
Author: russell
Date: Fri May 22 16:30:14 2009
New Revision: 196451
URL: http://svn.asterisk.org/svn-view/asterisk?view=rev&rev=196451
Log:
resolve, reset
Modified:
team/group/security_events/ (props changed)
team/group/security_events/channels/chan_sip.c
team/group/security_events/configs/sip.conf.sample
team/group/security_events/main/asterisk.c
Propchange: team/group/security_events/
------------------------------------------------------------------------------
automerge = *
Propchange: team/group/security_events/
------------------------------------------------------------------------------
--- svnmerge-integrated (original)
+++ svnmerge-integrated Fri May 22 16:30:14 2009
@@ -1,1 +1,1 @@
-/trunk:1-196396
+/trunk:1-196443
Modified: team/group/security_events/channels/chan_sip.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/channels/chan_sip.c?view=diff&rev=196451&r1=196450&r2=196451
==============================================================================
--- team/group/security_events/channels/chan_sip.c (original)
+++ team/group/security_events/channels/chan_sip.c Fri May 22 16:30:14 2009
@@ -1990,6 +1990,8 @@
AST_STRING_FIELD(engine); /*!< RTP Engine to use */
);
struct sip_socket socket; /*!< Socket used for this peer */
+ enum sip_transport default_outbound_transport; /*!< Peer Registration may change the default outbound transport.
+ If register expires, default should be reset. to this value */
unsigned int transports:3; /*!< Transports (enum sip_transport) that are acceptable for this peer */
struct sip_auth *auth; /*!< Realm authentication list */
int amaflags; /*!< AMA Flags (for billing) */
@@ -2004,7 +2006,7 @@
int lastmsgssent;
unsigned int sipoptions; /*!< Supported SIP options */
struct ast_flags flags[2]; /*!< SIP_ flags */
-
+
/*! Mailboxes that this peer cares about */
AST_LIST_HEAD_NOLOCK(, sip_mailbox) mailboxes;
@@ -2026,7 +2028,7 @@
struct ast_dnsmgr_entry *dnsmgr;/*!< DNS refresh manager for peer */
struct sockaddr_in addr; /*!< IP address of peer */
int maxcallbitrate; /*!< Maximum Bitrate for a video call */
-
+
/* Qualification */
struct sip_pvt *call; /*!< Call pointer */
int pokeexpire; /*!< When to expire poke (qualify= checking) */
@@ -3335,6 +3337,28 @@
return sip_debug_test_addr(sip_real_dst(p));
}
+/*! \brief Return int representing a bit field of transport types found in const char *transport */
+static int get_transport_str2enum(const char *transport)
+{
+ int res = 0;
+
+ if (ast_strlen_zero(transport)) {
+ return res;
+ }
+
+ if (!strcasecmp(transport, "udp")) {
+ res |= SIP_TRANSPORT_UDP;
+ }
+ if (!strcasecmp(transport, "tcp")) {
+ res |= SIP_TRANSPORT_TCP;
+ }
+ if (!strcasecmp(transport, "tls")) {
+ res |= SIP_TRANSPORT_TLS;
+ }
+
+ return res;
+}
+
/*! \brief Return configuration of transports for a device */
static inline const char *get_transport_list(unsigned int transports) {
switch (transports) {
@@ -4171,10 +4195,9 @@
* general form we are expecting is sip[s]:username[:password][;parameter]@host[:port][;...]
* \endverbatim
*
- * \todo This function needs to look for ;transport= too
*/
static int parse_uri(char *uri, char *scheme,
- char **ret_name, char **pass, char **domain, char **port, char **options)
+ char **ret_name, char **pass, char **domain, char **port, char **options, char **transport)
{
char *name = NULL;
int error = 0;
@@ -4193,6 +4216,17 @@
error = -1;
}
}
+ if (transport) {
+ char *t, *type = "";
+ *transport = "";
+ if ((t = strstr(uri, "transport="))) {
+ strsep(&t, "=");
+ if ((type = strsep(&t, ";"))) {
+ *transport = type;
+ }
+ }
+ }
+
if (!domain) {
/* if we don't want to split around domain, keep everything as a name,
* so we need to do nothing here, except remember why.
@@ -11578,11 +11612,24 @@
}
}
+static void set_peer_transport(struct sip_peer *peer, int transport)
+{
+ /* if the transport type changes, clear all socket data */
+ if (peer->socket.type != transport) {
+ peer->socket.type = transport;
+ peer->socket.fd = -1;
+ if (peer->socket.tcptls_session) {
+ ao2_ref(peer->socket.tcptls_session, -1);
+ peer->socket.tcptls_session = NULL;
+ }
+ }
+}
+
/*! \brief Expire registration of SIP peer */
static int expire_register(const void *data)
{
struct sip_peer *peer = (struct sip_peer *)data;
-
+
if (!peer) /* Hmmm. We have no peer. Weird. */
return 0;
@@ -11590,7 +11637,8 @@
memset(&peer->addr, 0, sizeof(peer->addr));
destroy_association(peer); /* remove registration data from storage */
-
+ set_peer_transport(peer, peer->default_outbound_transport);
+
manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Unregistered\r\nCause: Expired\r\n", peer->name);
register_peer_exten(peer, FALSE); /* Remove regexten */
ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
@@ -11740,16 +11788,16 @@
We still need to be able to send to the remote agent through the proxy.
*/
if (tcp) {
- if (!parse_uri(contact, "sips:", &contact, NULL, &host, &pt, NULL)) {
+ if (!parse_uri(contact, "sips:", &contact, NULL, &host, &pt, NULL, NULL)) {
use_tls = TRUE;
} else {
- if (parse_uri(contact2, "sip:", &contact, NULL, &host, &pt, NULL))
+ if (parse_uri(contact2, "sip:", &contact, NULL, &host, &pt, NULL, NULL))
ast_log(LOG_NOTICE, "'%s' is not a valid SIP contact (missing sip:) trying to use anyway\n", contact);
}
port = !ast_strlen_zero(pt) ? atoi(pt) : STANDARD_TLS_PORT;
/*! \todo XXX why are we setting TLS port if there's no port given? parse_uri needs to return the transport. */
} else {
- if (parse_uri(contact, "sip:", &contact, NULL, &host, &pt, NULL))
+ if (parse_uri(contact, "sip:", &contact, NULL, &host, &pt, NULL, NULL))
ast_log(LOG_NOTICE, "'%s' is not a valid SIP contact (missing sip:) trying to use anyway\n", contact);
port = !ast_strlen_zero(pt) ? atoi(pt) : STANDARD_SIP_PORT;
}
@@ -11852,16 +11900,18 @@
/*! \brief Parse contact header and save registration (peer registration) */
static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, struct sip_peer *peer, struct sip_request *req)
{
- char contact[SIPBUFSIZE];
+ char contact[SIPBUFSIZE];
char data[SIPBUFSIZE];
const char *expires = get_header(req, "Expires");
int expire = atoi(expires);
- char *curi, *host, *pt, *curi2;
+ char *curi, *host, *pt, *curi2, *transport;
int port;
+ int transport_type;
const char *useragent;
struct hostent *hp;
struct ast_hostent ahp;
struct sockaddr_in oldsin, testsin;
+
ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact));
@@ -11877,8 +11927,6 @@
}
}
- if (peer->socket.type == req->socket.type)
- copy_socket_data(&peer->socket, &req->socket);
copy_socket_data(&pvt->socket, &req->socket);
/* Look for brackets */
@@ -11900,12 +11948,13 @@
} else if (!strcasecmp(curi, "*") || !expire) { /* Unregister this peer */
/* This means remove all registrations and return OK */
memset(&peer->addr, 0, sizeof(peer->addr));
+ set_peer_transport(peer, peer->default_outbound_transport);
AST_SCHED_DEL_UNREF(sched, peer->expire,
unref_peer(peer, "remove register expire ref"));
destroy_association(peer);
-
+
register_peer_exten(peer, FALSE); /* Remove extension from regexten= setting in sip.conf */
ast_string_field_set(peer, fullcontact, "");
ast_string_field_set(peer, useragent, "");
@@ -11926,22 +11975,35 @@
ast_string_field_build(pvt, our_contact, "<%s>", curi);
/* Make sure it's a SIP URL */
- /*! \todo This code assumes that the Contact is using the same transport as the
- REGISTER request. That might not be true at all. You can receive
- sips: requests over any transport. Needs to be fixed.
- Does not parse the ;transport uri parameter at this point, which might be handy
- in some situations.
- */
if (pvt->socket.type == SIP_TRANSPORT_TLS) {
- if (parse_uri(curi, "sips:", &curi, NULL, &host, &pt, NULL)) {
- if (parse_uri(curi2, "sip:", &curi, NULL, &host, &pt, NULL))
+ if (parse_uri(curi, "sips:", &curi, NULL, &host, &pt, NULL, &transport)) {
+ if (parse_uri(curi2, "sip:", &curi, NULL, &host, &pt, NULL, &transport))
ast_log(LOG_NOTICE, "Not a valid SIP contact (missing sip:) trying to use anyway\n");
}
port = !ast_strlen_zero(pt) ? atoi(pt) : STANDARD_TLS_PORT;
} else {
- if (parse_uri(curi, "sip:", &curi, NULL, &host, &pt, NULL))
+ if (parse_uri(curi, "sip:", &curi, NULL, &host, &pt, NULL, &transport))
ast_log(LOG_NOTICE, "Not a valid SIP contact (missing sip:) trying to use anyway\n");
port = !ast_strlen_zero(pt) ? atoi(pt) : STANDARD_SIP_PORT;
+ }
+
+ /* handle the transport type specified in Contact header. */
+ if ((transport_type = get_transport_str2enum(transport))) {
+ /* if the port is not specified but the transport is, make sure to set the
+ * default port to match the specified transport. This may or may not be the
+ * same transport used by the pvt struct for the Register dialog. */
+ if (ast_strlen_zero(pt)) {
+ port = (transport_type == SIP_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT;
+ }
+ } else {
+ transport_type = pvt->socket.type;
+ }
+
+ /* if the peer's socket type is different than the Registration
+ * transport type, change it. If it got this far, it is a
+ * supported type, but check just in case */
+ if ((peer->socket.type != transport_type) && (peer->transports & transport_type)) {
+ set_peer_transport(peer, transport_type);
}
oldsin = peer->addr;
@@ -11987,6 +12049,16 @@
peer->addr = pvt->recv;
}
+ /* if the Contact header information copied into peer->addr matches the
+ * received address, and the transport types are the same, then copy socket
+ * data into the peer struct */
+ if ((peer->socket.type == pvt->socket.type) &&
+ (peer->addr.sin_addr.s_addr == pvt->recv.sin_addr.s_addr) &&
+ (peer->addr.sin_port == pvt->recv.sin_port)){
+
+ copy_socket_data(&peer->socket, &pvt->socket);
+ }
+
/* Now that our address has been updated put ourselves back into the container for lookups */
ao2_t_link(peers_by_ip, peer, "ao2_link into peers_by_ip table");
@@ -12006,7 +12078,7 @@
if (peer->is_realtime && !ast_test_flag(&peer->flags[1], SIP_PAGE2_RTCACHEFRIENDS)) {
peer->expire = -1;
} else {
- peer->expire = ast_sched_add(sched, (expire + 10) * 1000, expire_register,
+ peer->expire = ast_sched_add(sched, (expire + 10) * 1000, expire_register,
ref_peer(peer, "add registration ref"));
if (peer->expire == -1) {
unref_peer(peer, "remote registration ref");
@@ -12018,7 +12090,7 @@
XXX WHY???? XXX
\todo Fix this immediately.
*/
- if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP))
+ if (!peer->rt_fromcontact && (peer->socket.type & SIP_TRANSPORT_UDP))
ast_db_put("SIP/Registry", peer->name, data);
manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Registered\r\nAddress: %s\r\nPort: %d\r\n", peer->name, ast_inet_ntoa(peer->addr.sin_addr), ntohs(peer->addr.sin_port));
@@ -13878,12 +13950,12 @@
/*! \todo Samme logical error as in many places above. Need a generic function for this.
*/
if (p->socket.type == SIP_TRANSPORT_TLS) {
- if (parse_uri(of, "sips:", &of, &dummy, &domain, &dummy, &dummy)) {
- if (parse_uri(of2, "sip:", &of, &dummy, &domain, &dummy, &dummy))
+ if (parse_uri(of, "sips:", &of, &dummy, &domain, &dummy, &dummy, NULL)) {
+ if (parse_uri(of2, "sip:", &of, &dummy, &domain, &dummy, &dummy, NULL))
ast_log(LOG_NOTICE, "From address missing 'sip:', using it anyway\n");
}
} else {
- if (parse_uri(of, "sip:", &of, &dummy, &domain, &dummy, &dummy))
+ if (parse_uri(of, "sip:", &of, &dummy, &domain, &dummy, &dummy, NULL))
ast_log(LOG_NOTICE, "From address missing 'sip:', using it anyway\n");
}
@@ -23558,9 +23630,9 @@
{
struct sip_peer *peer = NULL;
struct ast_ha *oldha = NULL;
- int found=0;
- int firstpass=1;
- int format=0; /* Ama flags */
+ int found = 0;
+ int firstpass = 1;
+ int format = 0; /* Ama flags */
time_t regseconds = 0;
struct ast_flags peerflags[2] = {{(0)}};
struct ast_flags mask[2] = {{(0)}};
@@ -23623,8 +23695,8 @@
/* If we have realm authentication information, remove them (reload) */
clear_realm_authentication(peer->auth);
peer->auth = NULL;
+ peer->default_outbound_transport = 0;
peer->transports = 0;
- peer->socket.type = 0;
for (; v || ((v = alt) && !(alt=NULL)); v = v->next) {
if (handle_common_options(&peerflags[0], &mask[0], v))
@@ -23636,7 +23708,7 @@
while ((trans = strsep(&val, ","))) {
trans = ast_skip_blanks(trans);
- if (!strncasecmp(trans, "udp", 3))
+ if (!strncasecmp(trans, "udp", 3))
peer->transports |= SIP_TRANSPORT_UDP;
else if (!strncasecmp(trans, "tcp", 3))
peer->transports |= SIP_TRANSPORT_TCP;
@@ -23645,9 +23717,8 @@
else
ast_log(LOG_NOTICE, "'%s' is not a valid transport type. if no other is specified, udp will be used.\n", trans);
- if (!peer->socket.type) { /*!< The first transport listed should be used for outgoing */
- peer->socket.type = peer->transports;
- peer->socket.fd = -1;
+ if (!peer->default_outbound_transport) { /*!< The first transport listed should be default outbound */
+ peer->default_outbound_transport = peer->transports;
}
}
} else if (realtime && !strcasecmp(v->name, "regseconds")) {
@@ -23955,12 +24026,21 @@
}
}
- if (!peer->socket.type) {
+ if (!peer->default_outbound_transport) {
/* Set default set of transports */
peer->transports = default_transports;
/* Set default primary transport */
- peer->socket.type = default_primary_transport;
- peer->socket.fd = -1;
+ peer->default_outbound_transport = default_primary_transport;
+ }
+
+ /* The default transport type set during build_peer should only replace the socket.type when...
+ * 1. Registration is not present and the socket.type and default transport types are different.
+ * 2. The socket.type is not an acceptable transport type after rebuilding peer.
+ * 3. The socket.type is not set yet. */
+ if (((peer->socket.type != peer->default_outbound_transport) && (peer->expire == -1)) ||
+ !(peer->socket.type & peer->transports) || !(peer->socket.type)) {
+
+ set_peer_transport(peer, peer->default_outbound_transport);
}
if (fullcontact->used > 0) {
@@ -23985,7 +24065,7 @@
if ((params = strchr(_srvlookup, ';'))) {
*params++ = '\0';
}
-
+
snprintf(transport, sizeof(transport), "_sip._%s", get_transport(peer->socket.type));
if (ast_dnsmgr_lookup(_srvlookup, &peer->addr, &peer->dnsmgr, sip_cfg.srvlookup ? transport : NULL)) {
Modified: team/group/security_events/configs/sip.conf.sample
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/configs/sip.conf.sample?view=diff&rev=196451&r1=196450&r2=196451
==============================================================================
--- team/group/security_events/configs/sip.conf.sample (original)
+++ team/group/security_events/configs/sip.conf.sample Fri May 22 16:30:14 2009
@@ -906,11 +906,14 @@
;remotesecret=guessit ; Our password to their service
;defaultuser=yourusername ; Authentication user for outbound proxies
;fromuser=yourusername ; Many SIP providers require this!
-;fromdomain=provider.sip.domain
+;fromdomain=provider.sip.domain
;host=box.provider.com
-;transport=udp,tcp ; This sets the transport type to udp for outgoing, and will
-; ; accept both tcp and udp. Default is udp. The first transport
-; ; listed will always be used for outgoing connections.
+;transport=udp,tcp ; This sets the default transport type to udp for outgoing, and will
+; ; accept both tcp and udp. The default transport type is only used for
+; ; outbound messages until a Registration takes place. During the
+; ; peer Registration the transport type may change to another supported
+; ; type if the peer requests so.
+
;usereqphone=yes ; This provider requires ";user=phone" on URI
;callcounter=yes ; Enable call counter
;busylevel=2 ; Signal busy at 2 or more calls
Modified: team/group/security_events/main/asterisk.c
URL: http://svn.asterisk.org/svn-view/asterisk/team/group/security_events/main/asterisk.c?view=diff&rev=196451&r1=196450&r2=196451
==============================================================================
--- team/group/security_events/main/asterisk.c (original)
+++ team/group/security_events/main/asterisk.c Fri May 22 16:30:14 2009
@@ -3648,6 +3648,8 @@
/* loads the cli_permissoins.conf file needed to implement cli restrictions. */
ast_cli_perms_init(0);
+ ast_stun_init();
+
/* AMI is initialized after loading modules because of a potential
* conflict between issuing a module reload from manager and
* registering manager actions. This will cause reversed locking
More information about the svn-commits
mailing list