cleaup of the TCP/TLS socket API:
1) rename 'struct server_args' to 'struct ast_tcptls_session_args', to follow coding guidelines 2) make ast_make_file_from_fd() static and rename it to something that indicates what it really is for (again coding guidelines) 3) rename address variables inside 'struct ast_tcptls_session_args' to be more descriptive (dare i say it... coding guidelines) 4) change ast_tcptls_client_start() to use the new 'remote_address' field of the session args for the destination of the connection, and use the 'local_address' field to bind() the socket to the proper source address, if one is supplied 5) in chan_sip, ensure that we pass in the PP address we are bound to when creating outbound (client) connections, so that our connections will appear from the correct address git-svn-id: http://svn.digium.com/svn/asterisk/trunk@151101 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
parent
e5859a4d31
commit
2b799006a1
|
@ -46,6 +46,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
|
|||
#include "asterisk/app.h"
|
||||
#include "asterisk/utils.h"
|
||||
#include "asterisk/tcptls.h"
|
||||
#include "asterisk/astobj2.h"
|
||||
|
||||
static const char *app = "ExternalIVR";
|
||||
|
||||
|
@ -419,7 +420,7 @@ static int app_exec(struct ast_channel *chan, void *data)
|
|||
}
|
||||
|
||||
if (!strncmp(app_args[0], "ivr://", 6)) {
|
||||
struct server_args ivr_desc = {
|
||||
struct ast_tcptls_session_args ivr_desc = {
|
||||
.accept_fd = -1,
|
||||
.name = "IVR",
|
||||
};
|
||||
|
@ -438,9 +439,9 @@ static int app_exec(struct ast_channel *chan, void *data)
|
|||
}
|
||||
|
||||
ast_gethostbyname(hostname, &hp);
|
||||
ivr_desc.sin.sin_family = AF_INET;
|
||||
ivr_desc.sin.sin_port = htons(port);
|
||||
memmove(&ivr_desc.sin.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
|
||||
ivr_desc.local_address.sin_family = AF_INET;
|
||||
ivr_desc.local_address.sin_port = htons(port);
|
||||
memcpy(&ivr_desc.local_address.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
|
||||
ser = ast_tcptls_client_start(&ivr_desc);
|
||||
|
||||
if (!ser) {
|
||||
|
|
|
@ -2379,7 +2379,7 @@ static struct ast_tls_config sip_tls_cfg;
|
|||
static struct ast_tls_config default_tls_cfg;
|
||||
|
||||
/*! \brief The TCP server definition */
|
||||
static struct server_args sip_tcp_desc = {
|
||||
static struct ast_tcptls_session_args sip_tcp_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = NULL,
|
||||
|
@ -2390,7 +2390,7 @@ static struct server_args sip_tcp_desc = {
|
|||
};
|
||||
|
||||
/*! \brief The TCP/TLS server definition */
|
||||
static struct server_args sip_tls_desc = {
|
||||
static struct ast_tcptls_session_args sip_tls_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = &sip_tls_cfg,
|
||||
|
@ -2544,7 +2544,7 @@ static void *_sip_tcp_helper_thread(struct sip_pvt *pvt, struct ast_tcptls_sessi
|
|||
we receive is not the same - we should generate an error */
|
||||
|
||||
req.socket.ser = ser;
|
||||
handle_request_do(&req, &ser->requestor);
|
||||
handle_request_do(&req, &ser->remote_address);
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
@ -2588,7 +2588,7 @@ static void *unref_peer(struct sip_peer *peer, char *tag)
|
|||
|
||||
static struct sip_peer *ref_peer(struct sip_peer *peer, char *tag)
|
||||
{
|
||||
ao2_t_ref(peer, 1,tag);
|
||||
ao2_t_ref(peer, 1, tag);
|
||||
return peer;
|
||||
}
|
||||
|
||||
|
@ -12838,8 +12838,8 @@ static char *sip_show_tcp(struct ast_cli_entry *e, int cmd, struct ast_cli_args
|
|||
ast_cli(a->fd, FORMAT2, "Host", "Port", "Transport", "Type");
|
||||
AST_LIST_LOCK(&threadl);
|
||||
AST_LIST_TRAVERSE(&threadl, th, list) {
|
||||
ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->requestor.sin_addr),
|
||||
ntohs(th->ser->requestor.sin_port),
|
||||
ast_cli(a->fd, FORMAT, ast_inet_ntoa(th->ser->remote_address.sin_addr),
|
||||
ntohs(th->ser->remote_address.sin_port),
|
||||
get_transport(th->type),
|
||||
(th->ser->client ? "Client" : "Server"));
|
||||
|
||||
|
@ -14105,16 +14105,16 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_
|
|||
ast_cli(a->fd, " UDP SIP Port: %d\n", ntohs(bindaddr.sin_port));
|
||||
ast_cli(a->fd, " UDP Bindaddress: %s\n", ast_inet_ntoa(bindaddr.sin_addr));
|
||||
ast_cli(a->fd, " TCP SIP Port: ");
|
||||
if (sip_tcp_desc.sin.sin_family == AF_INET) {
|
||||
ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.sin.sin_port));
|
||||
ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.sin.sin_addr));
|
||||
if (sip_tcp_desc.local_address.sin_family == AF_INET) {
|
||||
ast_cli(a->fd, "%d\n", ntohs(sip_tcp_desc.local_address.sin_port));
|
||||
ast_cli(a->fd, " TCP Bindaddress: %s\n", ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr));
|
||||
} else {
|
||||
ast_cli(a->fd, "Disabled\n");
|
||||
}
|
||||
ast_cli(a->fd, " TLS SIP Port: ");
|
||||
if (default_tls_cfg.enabled != FALSE) {
|
||||
ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.sin.sin_port));
|
||||
ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.sin.sin_addr));
|
||||
ast_cli(a->fd, "%d\n", ntohs(sip_tls_desc.local_address.sin_port));
|
||||
ast_cli(a->fd, " TLS Bindaddress: %s\n", ast_inet_ntoa(sip_tls_desc.local_address.sin_addr));
|
||||
} else {
|
||||
ast_cli(a->fd, "Disabled\n");
|
||||
}
|
||||
|
@ -20060,9 +20060,9 @@ static struct ast_tcptls_session_instance *sip_tcp_locate(struct sockaddr_in *s)
|
|||
|
||||
AST_LIST_LOCK(&threadl);
|
||||
AST_LIST_TRAVERSE(&threadl, th, list) {
|
||||
if ((s->sin_family == th->ser->requestor.sin_family) &&
|
||||
(s->sin_addr.s_addr == th->ser->requestor.sin_addr.s_addr) &&
|
||||
(s->sin_port == th->ser->requestor.sin_port)) {
|
||||
if ((s->sin_family == th->ser->remote_address.sin_family) &&
|
||||
(s->sin_addr.s_addr == th->ser->remote_address.sin_addr.s_addr) &&
|
||||
(s->sin_port == th->ser->remote_address.sin_port)) {
|
||||
AST_LIST_UNLOCK(&threadl);
|
||||
return th->ser;
|
||||
}
|
||||
|
@ -20077,7 +20077,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
|
|||
struct sip_socket *s = &p->socket;
|
||||
static const char name[] = "SIP socket";
|
||||
struct ast_tcptls_session_instance *ser;
|
||||
struct server_args ca = {
|
||||
struct ast_tcptls_session_args ca = {
|
||||
.name = name,
|
||||
.accept_fd = -1,
|
||||
};
|
||||
|
@ -20097,9 +20097,9 @@ static int sip_prepare_socket(struct sip_pvt *p)
|
|||
return s->fd;
|
||||
}
|
||||
|
||||
ca.sin = *(sip_real_dst(p));
|
||||
ca.remote_address = *(sip_real_dst(p));
|
||||
|
||||
if ((ser = sip_tcp_locate(&ca.sin))) { /* Check if we have a thread handling a socket connected to this IP/port */
|
||||
if ((ser = sip_tcp_locate(&ca.remote_address))) { /* Check if we have a thread handling a socket connected to this IP/port */
|
||||
s->fd = ser->fd;
|
||||
if (s->ser) {
|
||||
ao2_ref(s->ser, -1);
|
||||
|
@ -22048,16 +22048,16 @@ static int reload_config(enum channelreloadreason reason)
|
|||
}
|
||||
|
||||
/* Initialize tcp sockets */
|
||||
memset(&sip_tcp_desc.sin, 0, sizeof(sip_tcp_desc.sin));
|
||||
memset(&sip_tls_desc.sin, 0, sizeof(sip_tls_desc.sin));
|
||||
memset(&sip_tcp_desc.local_address, 0, sizeof(sip_tcp_desc.local_address));
|
||||
memset(&sip_tls_desc.local_address, 0, sizeof(sip_tls_desc.local_address));
|
||||
|
||||
ast_free_ha(global_contact_ha);
|
||||
global_contact_ha = NULL;
|
||||
|
||||
default_tls_cfg.enabled = FALSE; /* Default: Disable TLS */
|
||||
|
||||
sip_tcp_desc.sin.sin_port = htons(STANDARD_SIP_PORT);
|
||||
sip_tls_desc.sin.sin_port = htons(STANDARD_TLS_PORT);
|
||||
sip_tcp_desc.local_address.sin_port = htons(STANDARD_SIP_PORT);
|
||||
sip_tls_desc.local_address.sin_port = htons(STANDARD_TLS_PORT);
|
||||
|
||||
if (reason != CHANNEL_MODULE_LOAD) {
|
||||
ast_debug(4, "--------------- SIP reload started\n");
|
||||
|
@ -22292,17 +22292,17 @@ static int reload_config(enum channelreloadreason reason)
|
|||
}
|
||||
}
|
||||
} else if (!strcasecmp(v->name, "tcpenable")) {
|
||||
sip_tcp_desc.sin.sin_family = ast_false(v->value) ? 0 : AF_INET;
|
||||
sip_tcp_desc.local_address.sin_family = ast_false(v->value) ? 0 : AF_INET;
|
||||
ast_debug(2, "Enabling TCP socket for listening\n");
|
||||
} else if (!strcasecmp(v->name, "tcpbindaddr")) {
|
||||
int family = sip_tcp_desc.sin.sin_family;
|
||||
if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.sin))
|
||||
int family = sip_tcp_desc.local_address.sin_family;
|
||||
if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tcp_desc.local_address))
|
||||
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
|
||||
sip_tcp_desc.sin.sin_family = family;
|
||||
sip_tcp_desc.local_address.sin_family = family;
|
||||
ast_debug(2, "Setting TCP socket address to %s\n", v->value);
|
||||
} else if (!strcasecmp(v->name, "tlsenable")) {
|
||||
default_tls_cfg.enabled = ast_true(v->value) ? TRUE : FALSE;
|
||||
sip_tls_desc.sin.sin_family = AF_INET;
|
||||
sip_tls_desc.local_address.sin_family = AF_INET;
|
||||
} else if (!strcasecmp(v->name, "tlscertfile")) {
|
||||
ast_free(default_tls_cfg.certfile);
|
||||
default_tls_cfg.certfile = ast_strdup(v->value);
|
||||
|
@ -22320,7 +22320,7 @@ static int reload_config(enum channelreloadreason reason)
|
|||
} else if (!strcasecmp(v->name, "tlsdontverifyserver")) {
|
||||
ast_set2_flag(&default_tls_cfg.flags, ast_true(v->value), AST_SSL_DONT_VERIFY_SERVER);
|
||||
} else if (!strcasecmp(v->name, "tlsbindaddr")) {
|
||||
if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.sin))
|
||||
if (ast_parse_arg(v->value, PARSE_INADDR, &sip_tls_desc.local_address))
|
||||
ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of %s\n", v->name, v->value, v->lineno, config);
|
||||
} else if (!strcasecmp(v->name, "dynamic_exclude_static") || !strcasecmp(v->name, "dynamic_excludes_static")) {
|
||||
global_dynamic_exclude_static = ast_true(v->value);
|
||||
|
@ -22798,10 +22798,10 @@ static int reload_config(enum channelreloadreason reason)
|
|||
|
||||
/* Start TCP server */
|
||||
ast_tcptls_server_start(&sip_tcp_desc);
|
||||
if (sip_tcp_desc.accept_fd == -1 && sip_tcp_desc.sin.sin_family == AF_INET) {
|
||||
if (sip_tcp_desc.accept_fd == -1 && sip_tcp_desc.local_address.sin_family == AF_INET) {
|
||||
/* TCP server start failed. Tell the admin */
|
||||
ast_log(LOG_ERROR, "SIP TCP Server start failed. Not listening on TCP socket.\n");
|
||||
sip_tcp_desc.sin.sin_family = 0;
|
||||
sip_tcp_desc.local_address.sin_family = 0;
|
||||
} else {
|
||||
ast_debug(2, "SIP TCP server started\n");
|
||||
}
|
||||
|
@ -22836,12 +22836,12 @@ static int reload_config(enum channelreloadreason reason)
|
|||
ast_log(LOG_NOTICE, "Can't add wildcard IP address to domain list, please add IP address to domain manually.\n");
|
||||
|
||||
/* If TCP is running on a different IP than UDP, then add it too */
|
||||
if (sip_tcp_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.sin))
|
||||
add_sip_domain(ast_inet_ntoa(sip_tcp_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
|
||||
if (sip_tcp_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tcp_desc.local_address))
|
||||
add_sip_domain(ast_inet_ntoa(sip_tcp_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
|
||||
|
||||
/* If TLS is running on a differen IP than UDP and TCP, then add that too */
|
||||
if (sip_tls_desc.sin.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.sin) && inaddrcmp(&sip_tcp_desc.sin, &sip_tls_desc.sin))
|
||||
add_sip_domain(ast_inet_ntoa(sip_tls_desc.sin.sin_addr), SIP_DOMAIN_AUTO, NULL);
|
||||
if (sip_tls_desc.local_address.sin_addr.s_addr && !inaddrcmp(&bindaddr, &sip_tls_desc.local_address) && inaddrcmp(&sip_tcp_desc.local_address, &sip_tls_desc.local_address))
|
||||
add_sip_domain(ast_inet_ntoa(sip_tls_desc.local_address.sin_addr), SIP_DOMAIN_AUTO, NULL);
|
||||
|
||||
/* Our extern IP address, if configured */
|
||||
if (externip.sin_addr.s_addr)
|
||||
|
|
|
@ -45,12 +45,10 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _ASTERISK_SERVER_H
|
||||
#define _ASTERISK_SERVER_H
|
||||
#ifndef _ASTERISK_TCPTLS_H
|
||||
#define _ASTERISK_TCPTLS_H
|
||||
|
||||
#include "asterisk/utils.h"
|
||||
#include "asterisk/astobj2.h"
|
||||
|
||||
#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
|
||||
#define DO_SSL /* comment in/out if you want to support ssl */
|
||||
|
@ -90,7 +88,7 @@ struct ast_tls_config {
|
|||
/*!
|
||||
* The following code implements a generic mechanism for starting
|
||||
* services on a TCP or TLS socket.
|
||||
* The service is configured in the struct server_args, and
|
||||
* The service is configured in the struct session_args, and
|
||||
* then started by calling server_start(desc) on the descriptor.
|
||||
* server_start() first verifies if an instance of the service is active,
|
||||
* and in case shuts it down. Then, if the service must be started, creates
|
||||
|
@ -105,38 +103,19 @@ struct ast_tls_config {
|
|||
* running the session, whose body is desc->worker_fn(). The argument of
|
||||
* worker_fn() is a struct ast_tcptls_session_instance, which contains the address
|
||||
* of the other party, a pointer to desc, the file descriptors (fd) on which
|
||||
* we can do a select/poll (but NOT IO/, and a FILE *on which we can do I/O.
|
||||
* we can do a select/poll (but NOT I/O), and a FILE *on which we can do I/O.
|
||||
* We have both because we want to support plain and SSL sockets, and
|
||||
* going through a FILE *lets us provide the encryption/decryption
|
||||
* going through a FILE * lets us provide the encryption/decryption
|
||||
* on the stream without using an auxiliary thread.
|
||||
*
|
||||
* NOTE: in order to let other parts of asterisk use these services,
|
||||
* we need to do the following:
|
||||
* + move struct ast_tcptls_session_instance and struct server_args to
|
||||
* a common header file, together with prototypes for
|
||||
* server_start() and server_root().
|
||||
*/
|
||||
|
||||
/*! \brief
|
||||
* describes a server instance
|
||||
*/
|
||||
struct ast_tcptls_session_instance {
|
||||
FILE *f; /* fopen/funopen result */
|
||||
int fd; /* the socket returned by accept() */
|
||||
SSL *ssl; /* ssl state */
|
||||
/* iint (*ssl_setup)(SSL *); */
|
||||
int client;
|
||||
struct sockaddr_in requestor;
|
||||
struct server_args *parent;
|
||||
ast_mutex_t lock;
|
||||
};
|
||||
|
||||
/*! \brief
|
||||
* arguments for the accepting thread
|
||||
*/
|
||||
struct server_args {
|
||||
struct sockaddr_in sin;
|
||||
struct sockaddr_in oldsin;
|
||||
struct ast_tcptls_session_args {
|
||||
struct sockaddr_in local_address;
|
||||
struct sockaddr_in old_local_address;
|
||||
struct sockaddr_in remote_address;
|
||||
char hostname[MAXHOSTNAMELEN]; /*!< only necessary for SSL clients so we can compare to common name */
|
||||
struct ast_tls_config *tls_cfg; /*!< points to the SSL configuration if any */
|
||||
int accept_fd;
|
||||
|
@ -148,6 +127,20 @@ struct server_args {
|
|||
const char *name;
|
||||
};
|
||||
|
||||
/*
|
||||
* describes a server instance
|
||||
*/
|
||||
struct ast_tcptls_session_instance {
|
||||
FILE *f; /* fopen/funopen result */
|
||||
int fd; /* the socket returned by accept() */
|
||||
SSL *ssl; /* ssl state */
|
||||
/* iint (*ssl_setup)(SSL *); */
|
||||
int client;
|
||||
struct sockaddr_in remote_address;
|
||||
struct ast_tcptls_session_args *parent;
|
||||
ast_mutex_t lock;
|
||||
};
|
||||
|
||||
#if defined(HAVE_FUNOPEN)
|
||||
#define HOOK_T int
|
||||
#define LEN_T int
|
||||
|
@ -156,16 +149,14 @@ struct server_args {
|
|||
#define LEN_T size_t
|
||||
#endif
|
||||
|
||||
struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc);
|
||||
struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc);
|
||||
|
||||
void *ast_tcptls_server_root(void *);
|
||||
void ast_tcptls_server_start(struct server_args *desc);
|
||||
void ast_tcptls_server_stop(struct server_args *desc);
|
||||
void ast_tcptls_server_start(struct ast_tcptls_session_args *desc);
|
||||
void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc);
|
||||
int ast_ssl_setup(struct ast_tls_config *cfg);
|
||||
|
||||
void *ast_make_file_from_fd(void *data);
|
||||
|
||||
HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
|
||||
HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
|
||||
|
||||
#endif /* _ASTERISK_SERVER_H */
|
||||
#endif /* _ASTERISK_TCPTLS_H */
|
||||
|
|
41
main/http.c
41
main/http.c
|
@ -50,6 +50,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
|
|||
#include "asterisk/ast_version.h"
|
||||
#include "asterisk/manager.h"
|
||||
#include "asterisk/_private.h"
|
||||
#include "asterisk/astobj2.h"
|
||||
|
||||
#define MAX_PREFIX 80
|
||||
|
||||
|
@ -65,7 +66,7 @@ static void *httpd_helper_thread(void *arg);
|
|||
/*!
|
||||
* we have up to two accepting threads, one for http, one for https
|
||||
*/
|
||||
static struct server_args http_desc = {
|
||||
static struct ast_tcptls_session_args http_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = NULL,
|
||||
|
@ -75,7 +76,7 @@ static struct server_args http_desc = {
|
|||
.worker_fn = httpd_helper_thread,
|
||||
};
|
||||
|
||||
static struct server_args https_desc = {
|
||||
static struct ast_tcptls_session_args https_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = &http_tls_cfg,
|
||||
|
@ -254,13 +255,13 @@ static struct ast_str *httpstatus_callback(struct ast_tcptls_session_instance *s
|
|||
"<h2> Asterisk™ HTTP Status</h2></td></tr>\r\n");
|
||||
ast_str_append(&out, 0, "<tr><td><i>Prefix</i></td><td><b>%s</b></td></tr>\r\n", prefix);
|
||||
ast_str_append(&out, 0, "<tr><td><i>Bind Address</i></td><td><b>%s</b></td></tr>\r\n",
|
||||
ast_inet_ntoa(http_desc.oldsin.sin_addr));
|
||||
ast_inet_ntoa(http_desc.old_local_address.sin_addr));
|
||||
ast_str_append(&out, 0, "<tr><td><i>Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
|
||||
ntohs(http_desc.oldsin.sin_port));
|
||||
ntohs(http_desc.old_local_address.sin_port));
|
||||
|
||||
if (http_tls_cfg.enabled) {
|
||||
ast_str_append(&out, 0, "<tr><td><i>SSL Bind Port</i></td><td><b>%d</b></td></tr>\r\n",
|
||||
ntohs(https_desc.oldsin.sin_port));
|
||||
ntohs(https_desc.old_local_address.sin_port));
|
||||
}
|
||||
|
||||
ast_str_append(&out, 0, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
|
||||
|
@ -857,11 +858,11 @@ static int __ast_http_load(int reload)
|
|||
}
|
||||
|
||||
/* default values */
|
||||
memset(&http_desc.sin, 0, sizeof(http_desc.sin));
|
||||
http_desc.sin.sin_port = htons(8088);
|
||||
memset(&http_desc.local_address, 0, sizeof(http_desc.local_address));
|
||||
http_desc.local_address.sin_port = htons(8088);
|
||||
|
||||
memset(&https_desc.sin, 0, sizeof(https_desc.sin));
|
||||
https_desc.sin.sin_port = htons(8089);
|
||||
memset(&https_desc.local_address, 0, sizeof(https_desc.local_address));
|
||||
https_desc.local_address.sin_port = htons(8089);
|
||||
|
||||
http_tls_cfg.enabled = 0;
|
||||
if (http_tls_cfg.certfile) {
|
||||
|
@ -887,7 +888,7 @@ static int __ast_http_load(int reload)
|
|||
} else if (!strcasecmp(v->name, "sslenable")) {
|
||||
http_tls_cfg.enabled = ast_true(v->value);
|
||||
} else if (!strcasecmp(v->name, "sslbindport")) {
|
||||
https_desc.sin.sin_port = htons(atoi(v->value));
|
||||
https_desc.local_address.sin_port = htons(atoi(v->value));
|
||||
} else if (!strcasecmp(v->name, "sslcert")) {
|
||||
ast_free(http_tls_cfg.certfile);
|
||||
http_tls_cfg.certfile = ast_strdup(v->value);
|
||||
|
@ -897,17 +898,17 @@ static int __ast_http_load(int reload)
|
|||
} else if (!strcasecmp(v->name, "enablestatic")) {
|
||||
newenablestatic = ast_true(v->value);
|
||||
} else if (!strcasecmp(v->name, "bindport")) {
|
||||
http_desc.sin.sin_port = htons(atoi(v->value));
|
||||
http_desc.local_address.sin_port = htons(atoi(v->value));
|
||||
} else if (!strcasecmp(v->name, "sslbindaddr")) {
|
||||
if ((hp = ast_gethostbyname(v->value, &ahp))) {
|
||||
memcpy(&https_desc.sin.sin_addr, hp->h_addr, sizeof(https_desc.sin.sin_addr));
|
||||
memcpy(&https_desc.local_address.sin_addr, hp->h_addr, sizeof(https_desc.local_address.sin_addr));
|
||||
have_sslbindaddr = 1;
|
||||
} else {
|
||||
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
|
||||
}
|
||||
} else if (!strcasecmp(v->name, "bindaddr")) {
|
||||
if ((hp = ast_gethostbyname(v->value, &ahp))) {
|
||||
memcpy(&http_desc.sin.sin_addr, hp->h_addr, sizeof(http_desc.sin.sin_addr));
|
||||
memcpy(&http_desc.local_address.sin_addr, hp->h_addr, sizeof(http_desc.local_address.sin_addr));
|
||||
} else {
|
||||
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", v->value);
|
||||
}
|
||||
|
@ -929,10 +930,10 @@ static int __ast_http_load(int reload)
|
|||
}
|
||||
|
||||
if (!have_sslbindaddr) {
|
||||
https_desc.sin.sin_addr = http_desc.sin.sin_addr;
|
||||
https_desc.local_address.sin_addr = http_desc.local_address.sin_addr;
|
||||
}
|
||||
if (enabled) {
|
||||
http_desc.sin.sin_family = https_desc.sin.sin_family = AF_INET;
|
||||
http_desc.local_address.sin_family = https_desc.local_address.sin_family = AF_INET;
|
||||
}
|
||||
if (strcmp(prefix, newprefix)) {
|
||||
ast_copy_string(prefix, newprefix, sizeof(prefix));
|
||||
|
@ -967,16 +968,16 @@ static char *handle_show_http(struct ast_cli_entry *e, int cmd, struct ast_cli_a
|
|||
}
|
||||
ast_cli(a->fd, "HTTP Server Status:\n");
|
||||
ast_cli(a->fd, "Prefix: %s\n", prefix);
|
||||
if (!http_desc.oldsin.sin_family) {
|
||||
if (!http_desc.old_local_address.sin_family) {
|
||||
ast_cli(a->fd, "Server Disabled\n\n");
|
||||
} else {
|
||||
ast_cli(a->fd, "Server Enabled and Bound to %s:%d\n\n",
|
||||
ast_inet_ntoa(http_desc.oldsin.sin_addr),
|
||||
ntohs(http_desc.oldsin.sin_port));
|
||||
ast_inet_ntoa(http_desc.old_local_address.sin_addr),
|
||||
ntohs(http_desc.old_local_address.sin_port));
|
||||
if (http_tls_cfg.enabled) {
|
||||
ast_cli(a->fd, "HTTPS Server Enabled and Bound to %s:%d\n\n",
|
||||
ast_inet_ntoa(https_desc.oldsin.sin_addr),
|
||||
ntohs(https_desc.oldsin.sin_port));
|
||||
ast_inet_ntoa(https_desc.old_local_address.sin_addr),
|
||||
ntohs(https_desc.old_local_address.sin_port));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -3105,7 +3105,7 @@ static void *session_do(void *data)
|
|||
/* these fields duplicate those in the 'ser' structure */
|
||||
s->fd = ser->fd;
|
||||
s->f = ser->f;
|
||||
s->sin = ser->requestor;
|
||||
s->sin = ser->remote_address;
|
||||
|
||||
AST_LIST_HEAD_INIT_NOLOCK(&s->datastores);
|
||||
|
||||
|
@ -3696,7 +3696,7 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *v
|
|||
}
|
||||
|
||||
static struct ast_str *generic_http_callback(enum output_format format,
|
||||
struct sockaddr_in *requestor, const char *uri, enum ast_http_method method,
|
||||
struct sockaddr_in *remote_address, const char *uri, enum ast_http_method method,
|
||||
struct ast_variable *params, int *status,
|
||||
char **title, int *contentlength)
|
||||
{
|
||||
|
@ -3725,7 +3725,7 @@ static struct ast_str *generic_http_callback(enum output_format format,
|
|||
*status = 500;
|
||||
goto generic_callback_out;
|
||||
}
|
||||
s->sin = *requestor;
|
||||
s->sin = *remote_address;
|
||||
s->fd = -1;
|
||||
s->waiting_thread = AST_PTHREADT_NULL;
|
||||
s->send_events = 0;
|
||||
|
@ -3871,17 +3871,17 @@ generic_callback_out:
|
|||
|
||||
static struct ast_str *manager_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
|
||||
{
|
||||
return generic_http_callback(FORMAT_HTML, &ser->requestor, uri, method, params, status, title, contentlength);
|
||||
return generic_http_callback(FORMAT_HTML, &ser->remote_address, uri, method, params, status, title, contentlength);
|
||||
}
|
||||
|
||||
static struct ast_str *mxml_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
|
||||
{
|
||||
return generic_http_callback(FORMAT_XML, &ser->requestor, uri, method, params, status, title, contentlength);
|
||||
return generic_http_callback(FORMAT_XML, &ser->remote_address, uri, method, params, status, title, contentlength);
|
||||
}
|
||||
|
||||
static struct ast_str *rawman_http_callback(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *params, struct ast_variable *headers, int *status, char **title, int *contentlength)
|
||||
{
|
||||
return generic_http_callback(FORMAT_RAW, &ser->requestor, uri, method, params, status, title, contentlength);
|
||||
return generic_http_callback(FORMAT_RAW, &ser->remote_address, uri, method, params, status, title, contentlength);
|
||||
}
|
||||
|
||||
struct ast_http_uri rawmanuri = {
|
||||
|
@ -3924,7 +3924,7 @@ static void purge_old_stuff(void *data)
|
|||
}
|
||||
|
||||
struct ast_tls_config ami_tls_cfg;
|
||||
static struct server_args ami_desc = {
|
||||
static struct ast_tcptls_session_args ami_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = NULL,
|
||||
|
@ -3935,7 +3935,7 @@ static struct server_args ami_desc = {
|
|||
.worker_fn = session_do, /* thread handling the session */
|
||||
};
|
||||
|
||||
static struct server_args amis_desc = {
|
||||
static struct ast_tcptls_session_args amis_desc = {
|
||||
.accept_fd = -1,
|
||||
.master = AST_PTHREADT_NULL,
|
||||
.tls_cfg = &ami_tls_cfg,
|
||||
|
@ -4011,10 +4011,10 @@ static int __init_manager(int reload)
|
|||
}
|
||||
|
||||
/* default values */
|
||||
memset(&ami_desc.sin, 0, sizeof(struct sockaddr_in));
|
||||
memset(&amis_desc.sin, 0, sizeof(amis_desc.sin));
|
||||
amis_desc.sin.sin_port = htons(5039);
|
||||
ami_desc.sin.sin_port = htons(DEFAULT_MANAGER_PORT);
|
||||
memset(&ami_desc.local_address, 0, sizeof(struct sockaddr_in));
|
||||
memset(&amis_desc.local_address, 0, sizeof(amis_desc.local_address));
|
||||
amis_desc.local_address.sin_port = htons(5039);
|
||||
ami_desc.local_address.sin_port = htons(DEFAULT_MANAGER_PORT);
|
||||
|
||||
ami_tls_cfg.enabled = 0;
|
||||
if (ami_tls_cfg.certfile)
|
||||
|
@ -4029,10 +4029,10 @@ static int __init_manager(int reload)
|
|||
if (!strcasecmp(var->name, "sslenable"))
|
||||
ami_tls_cfg.enabled = ast_true(val);
|
||||
else if (!strcasecmp(var->name, "sslbindport"))
|
||||
amis_desc.sin.sin_port = htons(atoi(val));
|
||||
amis_desc.local_address.sin_port = htons(atoi(val));
|
||||
else if (!strcasecmp(var->name, "sslbindaddr")) {
|
||||
if ((hp = ast_gethostbyname(val, &ahp))) {
|
||||
memcpy(&amis_desc.sin.sin_addr, hp->h_addr, sizeof(amis_desc.sin.sin_addr));
|
||||
memcpy(&amis_desc.local_address.sin_addr, hp->h_addr, sizeof(amis_desc.local_address.sin_addr));
|
||||
have_sslbindaddr = 1;
|
||||
} else {
|
||||
ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val);
|
||||
|
@ -4050,11 +4050,11 @@ static int __init_manager(int reload)
|
|||
} else if (!strcasecmp(var->name, "webenabled")) {
|
||||
webmanager_enabled = ast_true(val);
|
||||
} else if (!strcasecmp(var->name, "port")) {
|
||||
ami_desc.sin.sin_port = htons(atoi(val));
|
||||
ami_desc.local_address.sin_port = htons(atoi(val));
|
||||
} else if (!strcasecmp(var->name, "bindaddr")) {
|
||||
if (!inet_aton(val, &ami_desc.sin.sin_addr)) {
|
||||
if (!inet_aton(val, &ami_desc.local_address.sin_addr)) {
|
||||
ast_log(LOG_WARNING, "Invalid address '%s' specified, using 0.0.0.0\n", val);
|
||||
memset(&ami_desc.sin.sin_addr, 0, sizeof(ami_desc.sin.sin_addr));
|
||||
memset(&ami_desc.local_address.sin_addr, 0, sizeof(ami_desc.local_address.sin_addr));
|
||||
}
|
||||
} else if (!strcasecmp(var->name, "allowmultiplelogin")) {
|
||||
allowmultiplelogin = ast_true(val);
|
||||
|
@ -4073,11 +4073,11 @@ static int __init_manager(int reload)
|
|||
}
|
||||
|
||||
if (manager_enabled)
|
||||
ami_desc.sin.sin_family = AF_INET;
|
||||
ami_desc.local_address.sin_family = AF_INET;
|
||||
if (!have_sslbindaddr)
|
||||
amis_desc.sin.sin_addr = ami_desc.sin.sin_addr;
|
||||
amis_desc.local_address.sin_addr = ami_desc.local_address.sin_addr;
|
||||
if (ami_tls_cfg.enabled)
|
||||
amis_desc.sin.sin_family = AF_INET;
|
||||
amis_desc.local_address.sin_family = AF_INET;
|
||||
|
||||
|
||||
AST_RWLIST_WRLOCK(&users);
|
||||
|
|
526
main/tcptls.c
526
main/tcptls.c
|
@ -42,6 +42,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
|
|||
#include "asterisk/strings.h"
|
||||
#include "asterisk/options.h"
|
||||
#include "asterisk/manager.h"
|
||||
#include "asterisk/astobj2.h"
|
||||
|
||||
/*! \brief
|
||||
* replacement read/write functions for SSL support.
|
||||
|
@ -117,267 +118,12 @@ static void session_instance_destructor(void *obj)
|
|||
ast_mutex_destroy(&i->lock);
|
||||
}
|
||||
|
||||
void *ast_tcptls_server_root(void *data)
|
||||
{
|
||||
struct server_args *desc = data;
|
||||
int fd;
|
||||
struct sockaddr_in sin;
|
||||
socklen_t sinlen;
|
||||
struct ast_tcptls_session_instance *ser;
|
||||
pthread_t launched;
|
||||
|
||||
for (;;) {
|
||||
int i, flags;
|
||||
|
||||
if (desc->periodic_fn)
|
||||
desc->periodic_fn(desc);
|
||||
i = ast_wait_for_input(desc->accept_fd, desc->poll_timeout);
|
||||
if (i <= 0)
|
||||
continue;
|
||||
sinlen = sizeof(sin);
|
||||
fd = accept(desc->accept_fd, (struct sockaddr *)&sin, &sinlen);
|
||||
if (fd < 0) {
|
||||
if ((errno != EAGAIN) && (errno != EINTR))
|
||||
ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
|
||||
continue;
|
||||
}
|
||||
ser = ao2_alloc(sizeof(*ser), session_instance_destructor);
|
||||
if (!ser) {
|
||||
ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno));
|
||||
close(fd);
|
||||
continue;
|
||||
}
|
||||
|
||||
ast_mutex_init(&ser->lock);
|
||||
|
||||
flags = fcntl(fd, F_GETFL);
|
||||
fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
|
||||
ser->fd = fd;
|
||||
ser->parent = desc;
|
||||
memcpy(&ser->requestor, &sin, sizeof(ser->requestor));
|
||||
|
||||
ser->client = 0;
|
||||
|
||||
if (ast_pthread_create_detached_background(&launched, NULL, ast_make_file_from_fd, ser)) {
|
||||
ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
|
||||
close(ser->fd);
|
||||
ao2_ref(ser, -1);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int __ssl_setup(struct ast_tls_config *cfg, int client)
|
||||
{
|
||||
#ifndef DO_SSL
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
#else
|
||||
if (!cfg->enabled)
|
||||
return 0;
|
||||
|
||||
SSL_load_error_strings();
|
||||
SSLeay_add_ssl_algorithms();
|
||||
|
||||
if (!(cfg->ssl_ctx = SSL_CTX_new( client ? SSLv23_client_method() : SSLv23_server_method() ))) {
|
||||
ast_debug(1, "Sorry, SSL_CTX_new call returned null...\n");
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->certfile)) {
|
||||
if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
|
||||
SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
|
||||
SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) {
|
||||
if (!client) {
|
||||
/* Clients don't need a certificate, but if its setup we can use it */
|
||||
ast_verb(0, "SSL cert error <%s>", cfg->certfile);
|
||||
sleep(2);
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->cipher)) {
|
||||
if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
|
||||
if (!client) {
|
||||
ast_verb(0, "SSL cipher error <%s>", cfg->cipher);
|
||||
sleep(2);
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->cafile) || !ast_strlen_zero(cfg->capath)) {
|
||||
if (SSL_CTX_load_verify_locations(cfg->ssl_ctx, S_OR(cfg->cafile, NULL), S_OR(cfg->capath,NULL)) == 0)
|
||||
ast_verb(0, "SSL CA file(%s)/path(%s) error\n", cfg->cafile, cfg->capath);
|
||||
}
|
||||
|
||||
ast_verb(0, "SSL certificate ok\n");
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
int ast_ssl_setup(struct ast_tls_config *cfg)
|
||||
{
|
||||
return __ssl_setup(cfg, 0);
|
||||
}
|
||||
|
||||
/*! \brief A generic client routine for a TCP client
|
||||
* and starts a thread for handling accept()
|
||||
*/
|
||||
struct ast_tcptls_session_instance *ast_tcptls_client_start(struct server_args *desc)
|
||||
{
|
||||
int flags;
|
||||
struct ast_tcptls_session_instance *ser = NULL;
|
||||
|
||||
/* Do nothing if nothing has changed */
|
||||
if(!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
|
||||
ast_debug(1, "Nothing changed in %s\n", desc->name);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
desc->oldsin = desc->sin;
|
||||
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
|
||||
desc->accept_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
if (desc->accept_fd < 0) {
|
||||
ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
|
||||
desc->name, strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (connect(desc->accept_fd, (const struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
|
||||
ast_log(LOG_ERROR, "Unable to connect %s to %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (!(ser = ao2_alloc(sizeof(*ser), session_instance_destructor)))
|
||||
goto error;
|
||||
|
||||
ast_mutex_init(&ser->lock);
|
||||
|
||||
flags = fcntl(desc->accept_fd, F_GETFL);
|
||||
fcntl(desc->accept_fd, F_SETFL, flags & ~O_NONBLOCK);
|
||||
|
||||
ser->fd = desc->accept_fd;
|
||||
ser->parent = desc;
|
||||
ser->parent->worker_fn = NULL;
|
||||
memcpy(&ser->requestor, &desc->sin, sizeof(ser->requestor));
|
||||
|
||||
ser->client = 1;
|
||||
|
||||
if (desc->tls_cfg) {
|
||||
desc->tls_cfg->enabled = 1;
|
||||
__ssl_setup(desc->tls_cfg, 1);
|
||||
}
|
||||
|
||||
ao2_ref(ser, +1);
|
||||
if (!ast_make_file_from_fd(ser))
|
||||
goto error;
|
||||
|
||||
return ser;
|
||||
|
||||
error:
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
if (ser)
|
||||
ao2_ref(ser, -1);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*! \brief
|
||||
* This is a generic (re)start routine for a TCP server,
|
||||
* which does the socket/bind/listen and starts a thread for handling
|
||||
* accept().
|
||||
*/
|
||||
void ast_tcptls_server_start(struct server_args *desc)
|
||||
{
|
||||
int flags;
|
||||
int x = 1;
|
||||
|
||||
/* Do nothing if nothing has changed */
|
||||
if (!memcmp(&desc->oldsin, &desc->sin, sizeof(desc->oldsin))) {
|
||||
ast_debug(1, "Nothing changed in %s\n", desc->name);
|
||||
return;
|
||||
}
|
||||
|
||||
desc->oldsin = desc->sin;
|
||||
|
||||
/* Shutdown a running server if there is one */
|
||||
if (desc->master != AST_PTHREADT_NULL) {
|
||||
pthread_cancel(desc->master);
|
||||
pthread_kill(desc->master, SIGURG);
|
||||
pthread_join(desc->master, NULL);
|
||||
}
|
||||
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
|
||||
/* If there's no new server, stop here */
|
||||
if (desc->sin.sin_family == 0) {
|
||||
ast_debug(2, "Server disabled: %s\n", desc->name);
|
||||
return;
|
||||
}
|
||||
|
||||
desc->accept_fd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (desc->accept_fd < 0) {
|
||||
ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
||||
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
|
||||
if (bind(desc->accept_fd, (struct sockaddr *)&desc->sin, sizeof(desc->sin))) {
|
||||
ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
if (listen(desc->accept_fd, 10)) {
|
||||
ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name);
|
||||
goto error;
|
||||
}
|
||||
flags = fcntl(desc->accept_fd, F_GETFL);
|
||||
fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
|
||||
if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
|
||||
ast_log(LOG_ERROR, "Unable to launch thread for %s on %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->sin.sin_addr), ntohs(desc->sin.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
return;
|
||||
|
||||
error:
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
}
|
||||
|
||||
/*! \brief Shutdown a running server if there is one */
|
||||
void ast_tcptls_server_stop(struct server_args *desc)
|
||||
{
|
||||
if (desc->master != AST_PTHREADT_NULL) {
|
||||
pthread_cancel(desc->master);
|
||||
pthread_kill(desc->master, SIGURG);
|
||||
pthread_join(desc->master, NULL);
|
||||
}
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
ast_debug(2, "Stopped server :: %s\n", desc->name);
|
||||
}
|
||||
|
||||
/*! \brief
|
||||
* creates a FILE * from the fd passed by the accept thread.
|
||||
* This operation is potentially expensive (certificate verification),
|
||||
* so we do it in the child thread context.
|
||||
*/
|
||||
void *ast_make_file_from_fd(void *data)
|
||||
static void *handle_tls_connection(void *data)
|
||||
{
|
||||
struct ast_tcptls_session_instance *ser = data;
|
||||
#ifdef DO_SSL
|
||||
|
@ -473,3 +219,271 @@ void *ast_make_file_from_fd(void *data)
|
|||
return ser;
|
||||
}
|
||||
|
||||
void *ast_tcptls_server_root(void *data)
|
||||
{
|
||||
struct ast_tcptls_session_args *desc = data;
|
||||
int fd;
|
||||
struct sockaddr_in sin;
|
||||
socklen_t sinlen;
|
||||
struct ast_tcptls_session_instance *ser;
|
||||
pthread_t launched;
|
||||
|
||||
for (;;) {
|
||||
int i, flags;
|
||||
|
||||
if (desc->periodic_fn)
|
||||
desc->periodic_fn(desc);
|
||||
i = ast_wait_for_input(desc->accept_fd, desc->poll_timeout);
|
||||
if (i <= 0)
|
||||
continue;
|
||||
sinlen = sizeof(sin);
|
||||
fd = accept(desc->accept_fd, (struct sockaddr *) &sin, &sinlen);
|
||||
if (fd < 0) {
|
||||
if ((errno != EAGAIN) && (errno != EINTR))
|
||||
ast_log(LOG_WARNING, "Accept failed: %s\n", strerror(errno));
|
||||
continue;
|
||||
}
|
||||
ser = ao2_alloc(sizeof(*ser), session_instance_destructor);
|
||||
if (!ser) {
|
||||
ast_log(LOG_WARNING, "No memory for new session: %s\n", strerror(errno));
|
||||
close(fd);
|
||||
continue;
|
||||
}
|
||||
|
||||
ast_mutex_init(&ser->lock);
|
||||
|
||||
flags = fcntl(fd, F_GETFL);
|
||||
fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
|
||||
ser->fd = fd;
|
||||
ser->parent = desc;
|
||||
memcpy(&ser->remote_address, &sin, sizeof(ser->remote_address));
|
||||
|
||||
ser->client = 0;
|
||||
|
||||
if (ast_pthread_create_detached_background(&launched, NULL, handle_tls_connection, ser)) {
|
||||
ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno));
|
||||
close(ser->fd);
|
||||
ao2_ref(ser, -1);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int __ssl_setup(struct ast_tls_config *cfg, int client)
|
||||
{
|
||||
#ifndef DO_SSL
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
#else
|
||||
if (!cfg->enabled)
|
||||
return 0;
|
||||
|
||||
SSL_load_error_strings();
|
||||
SSLeay_add_ssl_algorithms();
|
||||
|
||||
if (!(cfg->ssl_ctx = SSL_CTX_new( client ? SSLv23_client_method() : SSLv23_server_method() ))) {
|
||||
ast_debug(1, "Sorry, SSL_CTX_new call returned null...\n");
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->certfile)) {
|
||||
if (SSL_CTX_use_certificate_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
|
||||
SSL_CTX_use_PrivateKey_file(cfg->ssl_ctx, cfg->certfile, SSL_FILETYPE_PEM) == 0 ||
|
||||
SSL_CTX_check_private_key(cfg->ssl_ctx) == 0 ) {
|
||||
if (!client) {
|
||||
/* Clients don't need a certificate, but if its setup we can use it */
|
||||
ast_verb(0, "SSL cert error <%s>", cfg->certfile);
|
||||
sleep(2);
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->cipher)) {
|
||||
if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
|
||||
if (!client) {
|
||||
ast_verb(0, "SSL cipher error <%s>", cfg->cipher);
|
||||
sleep(2);
|
||||
cfg->enabled = 0;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!ast_strlen_zero(cfg->cafile) || !ast_strlen_zero(cfg->capath)) {
|
||||
if (SSL_CTX_load_verify_locations(cfg->ssl_ctx, S_OR(cfg->cafile, NULL), S_OR(cfg->capath,NULL)) == 0)
|
||||
ast_verb(0, "SSL CA file(%s)/path(%s) error\n", cfg->cafile, cfg->capath);
|
||||
}
|
||||
|
||||
ast_verb(0, "SSL certificate ok\n");
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
||||
int ast_ssl_setup(struct ast_tls_config *cfg)
|
||||
{
|
||||
return __ssl_setup(cfg, 0);
|
||||
}
|
||||
|
||||
/*! \brief A generic client routine for a TCP client
|
||||
* and starts a thread for handling accept()
|
||||
*/
|
||||
struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_session_args *desc)
|
||||
{
|
||||
int flags;
|
||||
int x = 1;
|
||||
struct ast_tcptls_session_instance *ser = NULL;
|
||||
|
||||
/* Do nothing if nothing has changed */
|
||||
if(!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
|
||||
ast_debug(1, "Nothing changed in %s\n", desc->name);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
desc->old_local_address = desc->local_address;
|
||||
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
|
||||
desc->accept_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||
if (desc->accept_fd < 0) {
|
||||
ast_log(LOG_WARNING, "Unable to allocate socket for %s: %s\n",
|
||||
desc->name, strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* if a local address was specified, bind to it so the connection will
|
||||
originate from the desired address */
|
||||
if (desc->local_address.sin_family != 0) {
|
||||
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
|
||||
if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
|
||||
ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
if (connect(desc->accept_fd, (const struct sockaddr *) &desc->remote_address, sizeof(desc->remote_address))) {
|
||||
ast_log(LOG_ERROR, "Unable to connect %s to %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->remote_address.sin_addr), ntohs(desc->remote_address.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (!(ser = ao2_alloc(sizeof(*ser), session_instance_destructor)))
|
||||
goto error;
|
||||
|
||||
ast_mutex_init(&ser->lock);
|
||||
|
||||
flags = fcntl(desc->accept_fd, F_GETFL);
|
||||
fcntl(desc->accept_fd, F_SETFL, flags & ~O_NONBLOCK);
|
||||
|
||||
ser->fd = desc->accept_fd;
|
||||
ser->parent = desc;
|
||||
ser->parent->worker_fn = NULL;
|
||||
memcpy(&ser->remote_address, &desc->local_address, sizeof(ser->remote_address));
|
||||
|
||||
ser->client = 1;
|
||||
|
||||
if (desc->tls_cfg) {
|
||||
desc->tls_cfg->enabled = 1;
|
||||
__ssl_setup(desc->tls_cfg, 1);
|
||||
}
|
||||
|
||||
ao2_ref(ser, +1);
|
||||
if (!handle_tls_connection(ser))
|
||||
goto error;
|
||||
|
||||
return ser;
|
||||
|
||||
error:
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
if (ser)
|
||||
ao2_ref(ser, -1);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*! \brief
|
||||
* This is a generic (re)start routine for a TCP server,
|
||||
* which does the socket/bind/listen and starts a thread for handling
|
||||
* accept().
|
||||
*/
|
||||
void ast_tcptls_server_start(struct ast_tcptls_session_args *desc)
|
||||
{
|
||||
int flags;
|
||||
int x = 1;
|
||||
|
||||
/* Do nothing if nothing has changed */
|
||||
if (!memcmp(&desc->old_local_address, &desc->local_address, sizeof(desc->old_local_address))) {
|
||||
ast_debug(1, "Nothing changed in %s\n", desc->name);
|
||||
return;
|
||||
}
|
||||
|
||||
desc->old_local_address = desc->local_address;
|
||||
|
||||
/* Shutdown a running server if there is one */
|
||||
if (desc->master != AST_PTHREADT_NULL) {
|
||||
pthread_cancel(desc->master);
|
||||
pthread_kill(desc->master, SIGURG);
|
||||
pthread_join(desc->master, NULL);
|
||||
}
|
||||
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
|
||||
/* If there's no new server, stop here */
|
||||
if (desc->local_address.sin_family == 0) {
|
||||
ast_debug(2, "Server disabled: %s\n", desc->name);
|
||||
return;
|
||||
}
|
||||
|
||||
desc->accept_fd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (desc->accept_fd < 0) {
|
||||
ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n", desc->name, strerror(errno));
|
||||
return;
|
||||
}
|
||||
|
||||
setsockopt(desc->accept_fd, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
|
||||
if (bind(desc->accept_fd, (struct sockaddr *) &desc->local_address, sizeof(desc->local_address))) {
|
||||
ast_log(LOG_ERROR, "Unable to bind %s to %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
if (listen(desc->accept_fd, 10)) {
|
||||
ast_log(LOG_ERROR, "Unable to listen for %s!\n", desc->name);
|
||||
goto error;
|
||||
}
|
||||
flags = fcntl(desc->accept_fd, F_GETFL);
|
||||
fcntl(desc->accept_fd, F_SETFL, flags | O_NONBLOCK);
|
||||
if (ast_pthread_create_background(&desc->master, NULL, desc->accept_fn, desc)) {
|
||||
ast_log(LOG_ERROR, "Unable to launch thread for %s on %s:%d: %s\n",
|
||||
desc->name,
|
||||
ast_inet_ntoa(desc->local_address.sin_addr), ntohs(desc->local_address.sin_port),
|
||||
strerror(errno));
|
||||
goto error;
|
||||
}
|
||||
return;
|
||||
|
||||
error:
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
}
|
||||
|
||||
/*! \brief Shutdown a running server if there is one */
|
||||
void ast_tcptls_server_stop(struct ast_tcptls_session_args *desc)
|
||||
{
|
||||
if (desc->master != AST_PTHREADT_NULL) {
|
||||
pthread_cancel(desc->master);
|
||||
pthread_kill(desc->master, SIGURG);
|
||||
pthread_join(desc->master, NULL);
|
||||
}
|
||||
if (desc->accept_fd != -1)
|
||||
close(desc->accept_fd);
|
||||
desc->accept_fd = -1;
|
||||
ast_debug(2, "Stopped server :: %s\n", desc->name);
|
||||
}
|
||||
|
|
Reference in New Issue