[svn-commits] asanders: trunk r431484 - in /trunk: ./ configs/samples/ include/asterisk/ main/
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri Jan 30 11:21:54 CST 2015
Author: asanders
Date: Fri Jan 30 11:21:50 2015
New Revision: 431484
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=431484
Log:
HTTP: For httpd server, need option to define server name for security purposes
Added a new config property [servername] to the http.conf file; updated the http server to use the new property when sending responses, for showing http status through the CLI and when reporting status through the 'httpstatus' webpage. In this version, [servername] is uncommented by default.
ASTERISK-24316 #close
Reported By: Andrew Nagy
Review: https://reviewboard.asterisk.org/r/4374/
........
Merged revisions 431471 from http://svn.asterisk.org/svn/asterisk/branches/13
Modified:
trunk/ (props changed)
trunk/configs/samples/http.conf.sample
trunk/include/asterisk/http.h
trunk/main/http.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-13-merged' - no diff available.
Modified: trunk/configs/samples/http.conf.sample
URL: http://svnview.digium.com/svn/asterisk/trunk/configs/samples/http.conf.sample?view=diff&rev=431484&r1=431483&r2=431484
==============================================================================
--- trunk/configs/samples/http.conf.sample (original)
+++ trunk/configs/samples/http.conf.sample Fri Jan 30 11:21:50 2015
@@ -12,6 +12,16 @@
; http://<server_ip>:<bindport>/static/docs/index.html
;
[general]
+;
+; The name of the server, advertised in both the Server field in HTTP
+; response message headers, as well as the <address /> element in certain HTTP
+; response message bodies. If not furnished here, "Asterisk/{version}" will be
+; used as a default value for the Server header field and the <address />
+; element. Setting this property to a blank value will result in the omission
+; of the Server header field from HTTP response message headers and the
+; <address /> element from HTTP response message bodies.
+;
+servername=Asterisk
;
; Whether HTTP/HTTPS interface is enabled or not. Default is no.
; This also affects manager/rawman/mxml access (see manager.conf)
Modified: trunk/include/asterisk/http.h
URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/http.h?view=diff&rev=431484&r1=431483&r2=431484
==============================================================================
--- trunk/include/asterisk/http.h (original)
+++ trunk/include/asterisk/http.h Fri Jan 30 11:21:50 2015
@@ -200,6 +200,28 @@
int status_code, const char *status_title, struct ast_str *http_header,
struct ast_str *out, int fd, unsigned int static_content);
+/*!
+ * \brief Creates and sends a formatted http response message.
+ * \param ser TCP/TLS session object
+ * \param status_code HTTP response code (200/401/403/404/500)
+ * \param status_title English equivalent to the status_code parameter
+ * \param http_header_data The formatted text to use in the http header
+ * \param text Additional informational text to use in the
+ * response
+ *
+ * \note Function constructs response headers from the status_code, status_title and
+ * http_header_data parameters.
+ *
+ * The response body is created as HTML content, from the status_code,
+ * status_title, and the text parameters.
+ *
+ * The http_header_data parameter will be freed as a result of calling function.
+ *
+ * \since 13.2.0
+ */
+void ast_http_create_response(struct ast_tcptls_session_instance *ser, int status_code,
+ const char *status_title, struct ast_str *http_header_data, const char *text);
+
/*! \brief Send http "401 Unauthorized" response and close socket */
void ast_http_auth(struct ast_tcptls_session_instance *ser, const char *realm, const unsigned long nonce, const unsigned long opaque, int stale, const char *text);
Modified: trunk/main/http.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/http.c?view=diff&rev=431484&r1=431483&r2=431484
==============================================================================
--- trunk/main/http.c (original)
+++ trunk/main/http.c Fri Jan 30 11:21:50 2015
@@ -77,6 +77,10 @@
#define MIN_INITIAL_REQUEST_TIMEOUT 10000
/*! (ms) Idle time between HTTP requests */
#define DEFAULT_SESSION_KEEP_ALIVE 15000
+/*! Max size for the http server name */
+#define MAX_SERVER_NAME_LENGTH 128
+/*! Max size for the http response header */
+#define DEFAULT_RESPONSE_HEADER_LENGTH 512
/*! Maximum application/json or application/x-www-form-urlencoded body content length. */
#if !defined(LOW_MEMORY)
@@ -91,6 +95,8 @@
#else
#define MAX_HTTP_LINE_LENGTH 1024
#endif /* !defined(LOW_MEMORY) */
+
+static char http_server_name[MAX_SERVER_NAME_LENGTH];
static int session_limit = DEFAULT_SESSION_LIMIT;
static int session_inactivity = DEFAULT_SESSION_INACTIVITY;
@@ -375,6 +381,7 @@
"<table bgcolor=\"#f1f1f1\" align=\"center\"><tr><td bgcolor=\"#e0e0ff\" colspan=\"2\" width=\"500\">\r\n"
"<h2> Asterisk™ HTTP Status</h2></td></tr>\r\n");
+ ast_str_append(&out, 0, "<tr><td><i>Server</i></td><td><b>%s</b></td></tr>\r\n", http_server_name);
ast_str_append(&out, 0, "<tr><td><i>Prefix</i></td><td><b>%s</b></td></tr>\r\n", prefix);
ast_str_append(&out, 0, "<tr><td><i>Bind Address</i></td><td><b>%s</b></td></tr>\r\n",
ast_sockaddr_stringify_addr(&http_desc.old_address));
@@ -446,12 +453,21 @@
char timebuf[80];
int content_length = 0;
int close_connection;
-
- if (!ser || !ser->f) {
+ struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
+
+ if (!ser || !ser->f || !server_header_field) {
/* The connection is not open. */
ast_free(http_header);
ast_free(out);
+ ast_free(server_header_field);
return;
+ }
+
+ if(!ast_strlen_zero(http_server_name)) {
+ ast_str_set(&server_header_field,
+ 0,
+ "Server: %s\r\n",
+ http_server_name);
}
/*
@@ -491,7 +507,7 @@
/* send http header */
fprintf(ser->f,
"HTTP/1.1 %d %s\r\n"
- "Server: Asterisk/%s\r\n"
+ "%s"
"Date: %s\r\n"
"%s"
"%s"
@@ -499,7 +515,7 @@
"Content-Length: %d\r\n"
"\r\n",
status_code, status_title ? status_title : "OK",
- ast_get_version(),
+ ast_str_buffer(server_header_field),
timebuf,
close_connection ? "Connection: close\r\n" : "",
static_content ? "" : "Cache-Control: no-cache, no-store\r\n",
@@ -532,6 +548,7 @@
ast_free(http_header);
ast_free(out);
+ ast_free(server_header_field);
if (close_connection) {
ast_debug(1, "HTTP closing session. status_code:%d\n", status_code);
@@ -541,76 +558,101 @@
}
}
+void ast_http_create_response(struct ast_tcptls_session_instance *ser, int status_code,
+ const char *status_title, struct ast_str *http_header_data, const char *text)
+{
+ char server_name[MAX_SERVER_NAME_LENGTH];
+ struct ast_str *server_address = ast_str_create(MAX_SERVER_NAME_LENGTH);
+ struct ast_str *out = ast_str_create(MAX_CONTENT_LENGTH);
+
+ if (!http_header_data || !server_address || !out) {
+ ast_free(http_header_data);
+ ast_free(server_address);
+ ast_free(out);
+ if (ser && ser->f) {
+ ast_debug(1, "HTTP closing session. OOM.\n");
+ ast_tcptls_close_session_file(ser);
+ }
+ return;
+ }
+
+ if(!ast_strlen_zero(http_server_name)) {
+ ast_xml_escape(http_server_name, server_name, sizeof(server_name));
+ ast_str_set(&server_address,
+ 0,
+ "<address>%s</address>\r\n",
+ server_name);
+ }
+
+ ast_str_set(&out,
+ 0,
+ "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
+ "<html><head>\r\n"
+ "<title>%d %s</title>\r\n"
+ "</head><body>\r\n"
+ "<h1>%s</h1>\r\n"
+ "<p>%s</p>\r\n"
+ "<hr />\r\n"
+ "%s"
+ "</body></html>\r\n",
+ status_code,
+ status_title,
+ status_title,
+ text ? text : "",
+ ast_str_buffer(server_address));
+
+ ast_free(server_address);
+
+ ast_http_send(ser,
+ AST_HTTP_UNKNOWN,
+ status_code,
+ status_title,
+ http_header_data,
+ out,
+ 0,
+ 0);
+}
+
void ast_http_auth(struct ast_tcptls_session_instance *ser, const char *realm,
const unsigned long nonce, const unsigned long opaque, int stale,
const char *text)
{
- struct ast_str *http_headers = ast_str_create(128);
- struct ast_str *out = ast_str_create(512);
-
- if (!http_headers || !out) {
- ast_free(http_headers);
- ast_free(out);
- if (ser && ser->f) {
- ast_debug(1, "HTTP closing session. Auth OOM\n");
- ast_tcptls_close_session_file(ser);
- }
- return;
- }
-
- ast_str_set(&http_headers, 0,
- "WWW-authenticate: Digest algorithm=MD5, realm=\"%s\", nonce=\"%08lx\", qop=\"auth\", opaque=\"%08lx\"%s\r\n"
- "Content-type: text/html\r\n",
- realm ? realm : "Asterisk",
- nonce,
- opaque,
- stale ? ", stale=true" : "");
-
- ast_str_set(&out, 0,
- "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
- "<html><head>\r\n"
- "<title>401 Unauthorized</title>\r\n"
- "</head><body>\r\n"
- "<h1>401 Unauthorized</h1>\r\n"
- "<p>%s</p>\r\n"
- "<hr />\r\n"
- "<address>Asterisk Server</address>\r\n"
- "</body></html>\r\n",
- text ? text : "");
-
- ast_http_send(ser, AST_HTTP_UNKNOWN, 401, "Unauthorized", http_headers, out, 0, 0);
-}
-
-void ast_http_error(struct ast_tcptls_session_instance *ser, int status_code, const char *status_title, const char *text)
-{
- struct ast_str *http_headers = ast_str_create(40);
- struct ast_str *out = ast_str_create(256);
-
- if (!http_headers || !out) {
- ast_free(http_headers);
- ast_free(out);
- if (ser && ser->f) {
- ast_debug(1, "HTTP closing session. error OOM\n");
- ast_tcptls_close_session_file(ser);
- }
- return;
- }
-
- ast_str_set(&http_headers, 0, "Content-type: text/html\r\n");
-
- ast_str_set(&out, 0,
- "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n"
- "<html><head>\r\n"
- "<title>%d %s</title>\r\n"
- "</head><body>\r\n"
- "<h1>%s</h1>\r\n"
- "<p>%s</p>\r\n"
- "<hr />\r\n"
- "<address>Asterisk Server</address>\r\n"
- "</body></html>\r\n",
- status_code, status_title, status_title, text);
-
- ast_http_send(ser, AST_HTTP_UNKNOWN, status_code, status_title, http_headers, out, 0, 0);
+ int status_code = 401;
+ char *status_title = "Unauthorized";
+ struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH);
+
+ if (http_header_data) {
+ ast_str_set(&http_header_data,
+ 0,
+ "WWW-authenticate: Digest algorithm=MD5, realm=\"%s\", nonce=\"%08lx\", qop=\"auth\", opaque=\"%08lx\"%s\r\n"
+ "Content-type: text/html\r\n",
+ realm ? realm : "Asterisk",
+ nonce,
+ opaque,
+ stale ? ", stale=true" : "");
+ }
+
+ ast_http_create_response(ser,
+ status_code,
+ status_title,
+ http_header_data,
+ text);
+}
+
+void ast_http_error(struct ast_tcptls_session_instance *ser, int status_code,
+ const char *status_title, const char *text)
+{
+ struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH);
+
+ if (http_header_data) {
+ ast_str_set(&http_header_data, 0, "Content-type: text/html\r\n");
+ }
+
+ ast_http_create_response(ser,
+ status_code,
+ status_title,
+ http_header_data,
+ text);
}
/*!
@@ -2029,6 +2071,7 @@
int enabled=0;
int newenablestatic=0;
char newprefix[MAX_PREFIX] = "";
+ char server_name[MAX_SERVER_NAME_LENGTH];
struct http_uri_redirect *redirect;
struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
uint32_t bindport = DEFAULT_PORT;
@@ -2070,6 +2113,8 @@
session_limit = DEFAULT_SESSION_LIMIT;
session_inactivity = DEFAULT_SESSION_INACTIVITY;
session_keep_alive = DEFAULT_SESSION_KEEP_ALIVE;
+
+ snprintf(server_name, sizeof(server_name), "Asterisk/%s", ast_get_version());
v = ast_variable_browse(cfg, "general");
for (; v; v = v->next) {
@@ -2087,7 +2132,13 @@
continue;
}
- if (!strcasecmp(v->name, "enabled")) {
+ if (!strcasecmp(v->name, "servername")) {
+ if (!ast_strlen_zero(v->value)) {
+ ast_copy_string(server_name, v->value, sizeof(server_name));
+ } else {
+ server_name[0] = '\0';
+ }
+ } else if (!strcasecmp(v->name, "enabled")) {
enabled = ast_true(v->value);
} else if (!strcasecmp(v->name, "enablestatic")) {
newenablestatic = ast_true(v->value);
@@ -2139,6 +2190,8 @@
if (strcmp(prefix, newprefix)) {
ast_copy_string(prefix, newprefix, sizeof(prefix));
}
+
+ ast_copy_string(http_server_name, server_name, sizeof(http_server_name));
enablestatic = newenablestatic;
if (num_addrs && enabled) {
@@ -2209,6 +2262,7 @@
}
ast_cli(a->fd, "HTTP Server Status:\n");
ast_cli(a->fd, "Prefix: %s\n", prefix);
+ ast_cli(a->fd, "Server: %s\n", http_server_name);
if (ast_sockaddr_isnull(&http_desc.old_address)) {
ast_cli(a->fd, "Server Disabled\n\n");
} else {
More information about the svn-commits
mailing list