kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-01 19:43:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert revision 190576 after out of band discussion with transnexus.

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.0@190986 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2009-04-29 07:37:04 +00:00
parent 3598b08507
commit e2b2d16176
2 changed files with 320 additions and 397 deletions
Download Patch File Download Diff File Expand all files Collapse all files

232
apps/app_osplookup.c
View File

@@ -39,7 +39,6 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include <osp/osp.h> #include <osp/osp.h>
#include <osp/osputils.h> #include <osp/osputils.h>
#include <osp/ospb64.h>
#include "asterisk/paths.h" #include "asterisk/paths.h"
#include "asterisk/lock.h" #include "asterisk/lock.h"
@@ -56,7 +55,6 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
/* OSP Buffer Sizes */ /* OSP Buffer Sizes */
#define OSP_INTSTR_SIZE ((unsigned int)16) /* OSP signed/unsigned int string buffer size */ #define OSP_INTSTR_SIZE ((unsigned int)16) /* OSP signed/unsigned int string buffer size */
#define OSP_NORSTR_SIZE ((unsigned int)256) /* OSP normal string buffer size */ #define OSP_NORSTR_SIZE ((unsigned int)256) /* OSP normal string buffer size */
#define OSP_KEYSTR_SIZE ((unsigned int)1024) /* OSP certificate string buffer size */
#define OSP_TOKSTR_SIZE ((unsigned int)4096) /* OSP token string buffer size */ #define OSP_TOKSTR_SIZE ((unsigned int)4096) /* OSP token string buffer size */
#define OSP_TECHSTR_SIZE ((unsigned int)32) /* OSP signed/unsigned int string buffer size */ #define OSP_TECHSTR_SIZE ((unsigned int)32) /* OSP signed/unsigned int string buffer size */
#define OSP_UUID_SIZE ((unsigned int)16) /* UUID size */ #define OSP_UUID_SIZE ((unsigned int)16) /* UUID size */
@@ -169,15 +167,9 @@ struct osp_result {
AST_MUTEX_DEFINE_STATIC(osplock); /* Lock of OSP provider list */ AST_MUTEX_DEFINE_STATIC(osplock); /* Lock of OSP provider list */
static int osp_initialized = 0; /* Init flag */ static int osp_initialized = 0; /* Init flag */
static int osp_hardware = 0; /* Hardware accelleration flag */ static int osp_hardware = 0; /* Hardware accelleration flag */
static int osp_security = 0; /* Using security features flag */
static struct osp_provider* ospproviders = NULL; /* OSP provider list */ static struct osp_provider* ospproviders = NULL; /* OSP provider list */
static unsigned int osp_tokenformat = TOKEN_ALGO_SIGNED; /* Token format supported */ static unsigned int osp_tokenformat = TOKEN_ALGO_SIGNED; /* Token format supported */
/* OSP default certificates */
const char* B64PKey = "MIIBOgIBAAJBAK8t5l+PUbTC4lvwlNxV5lpl+2dwSZGW46dowTe6y133XyVEwNiiRma2YNk3xKs/TJ3Wl9Wpns2SYEAJsFfSTukCAwEAAQJAPz13vCm2GmZ8Zyp74usTxLCqSJZNyMRLHQWBM0g44Iuy4wE3vpi7Wq+xYuSOH2mu4OddnxswCP4QhaXVQavTAQIhAOBVCKXtppEw9UaOBL4vW0Ed/6EA/1D8hDW6St0h7EXJAiEAx+iRmZKhJD6VT84dtX5ZYNVk3j3dAcIOovpzUj9a0CECIEduTCapmZQ5xqAEsLXuVlxRtQgLTUD4ZxDElPn8x0MhAiBE2HlcND0+qDbvtwJQQOUzDgqg5xk3w8capboVdzAlQQIhAMC+lDL7+gDYkNAft5Mu+NObJmQs4Cr+DkDFsKqoxqrm";
const char* B64LCert = "MIIBeTCCASMCEHqkOHVRRWr+1COq3CR/xsowDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTA1MDYyMzAwMjkxOFoXDTA2MDYyNDAwMjkxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCvLeZfj1G0wuJb8JTcVeZaZftncEmRluOnaME3ustd918lRMDYokZmtmDZN8SrP0yd1pfVqZ7NkmBACbBX0k7pAgMBAAEwDQYJKoZIhvcNAQEEBQADQQDnV8QNFVVJx/+7IselU0wsepqMurivXZzuxOmTEmTVDzCJx1xhA8jd3vGAj7XDIYiPub1PV23eY5a2ARJuw5w9";
const char* B64CACert = "MIIBYDCCAQoCAQEwDQYJKoZIhvcNAQEEBQAwOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMB4XDTAyMDIwNDE4MjU1MloXDTEyMDIwMzE4MjU1MlowOzElMCMGA1UEAxMcb3NwdGVzdHNlcnZlci50cmFuc25leHVzLmNvbTESMBAGA1UEChMJT1NQU2VydmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPGeGwV41EIhX0jEDFLRXQhDEr50OUQPq+f55VwQd0TQNts06BP29+UiNdRW3c3IRHdZcJdC1Cg68ME9cgeq0h8CAwEAATANBgkqhkiG9w0BAQQFAANBAGkzBSj1EnnmUxbaiG1N4xjIuLAWydun7o3bFk2tV8dBIhnuh445obYyk1EnQ27kI7eACCILBZqi2MHDOIMnoN0=";
/* OSP Client Wrapper APIs */ /* OSP Client Wrapper APIs */
/*! /*!
@@ -190,29 +182,25 @@ static int osp_create_provider(
struct ast_config* cfg, struct ast_config* cfg,
const char* provider) const char* provider)
{ {
int res = 0; int res;
struct ast_variable* v; unsigned int t, i, j;
struct osp_provider* p; struct osp_provider* p;
struct ast_variable* v;
OSPTPRIVATEKEY privatekey; OSPTPRIVATEKEY privatekey;
OSPT_CERT localcert; OSPTCERT localcert;
OSPT_CERT cacerts[OSP_MAX_CERTS];
const OSPT_CERT* pcacerts[OSP_MAX_CERTS];
const char* psrvpoints[OSP_MAX_SRVS]; const char* psrvpoints[OSP_MAX_SRVS];
unsigned char privatekeydata[OSP_KEYSTR_SIZE]; OSPTCERT cacerts[OSP_MAX_CERTS];
unsigned char localcertdata[OSP_KEYSTR_SIZE]; const OSPTCERT* pcacerts[OSP_MAX_CERTS];
unsigned char cacertdata[OSP_KEYSTR_SIZE]; int error = OSPC_ERR_NO_ERROR;
int i, t, error = OSPC_ERR_NO_ERROR;
if (!(p = ast_calloc(1, sizeof(*p)))) { if (!(p = ast_calloc(1, sizeof(*p)))) {
ast_log(LOG_ERROR, "Out of memory\n"); ast_log(LOG_ERROR, "Out of memory\n");
return -1; return -1;
} }
/* ast_calloc has set 0 in p */
ast_copy_string(p->name, provider, sizeof(p->name)); ast_copy_string(p->name, provider, sizeof(p->name));
snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s-privatekey.pem", ast_config_AST_KEY_DIR, provider); snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s-privatekey.pem", ast_config_AST_KEY_DIR, provider);
snprintf(p->localcert, sizeof(p->localcert), "%s/%s-localcert.pem", ast_config_AST_KEY_DIR, provider); snprintf(p->localcert, sizeof(p->localcert), "%s/%s-localcert.pem", ast_config_AST_KEY_DIR, provider);
snprintf(p->cacerts[0], sizeof(p->cacerts[0]), "%s/%s-cacert_0.pem", ast_config_AST_KEY_DIR, provider);
p->maxconnections = OSP_DEF_MAXCONNECTIONS; p->maxconnections = OSP_DEF_MAXCONNECTIONS;
p->retrydelay = OSP_DEF_RETRYDELAY; p->retrydelay = OSP_DEF_RETRYDELAY;
p->retrylimit = OSP_DEF_RETRYLIMIT; p->retrylimit = OSP_DEF_RETRYLIMIT;
@@ -224,37 +212,31 @@ static int osp_create_provider(
v = ast_variable_browse(cfg, provider); v = ast_variable_browse(cfg, provider);
while(v) { while(v) {
if (!strcasecmp(v->name, "privatekey")) { if (!strcasecmp(v->name, "privatekey")) {
if (osp_security) {
if (v->value[0] == '/') { if (v->value[0] == '/') {
ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey)); ast_copy_string(p->privatekey, v->value, sizeof(p->privatekey));
} else { } else {
snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value); snprintf(p->privatekey, sizeof(p->privatekey), "%s/%s", ast_config_AST_KEY_DIR, v->value);
} }
ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey); ast_debug(1, "OSP: privatekey '%s'\n", p->privatekey);
}
} else if (!strcasecmp(v->name, "localcert")) { } else if (!strcasecmp(v->name, "localcert")) {
if (osp_security) {
if (v->value[0] == '/') { if (v->value[0] == '/') {
ast_copy_string(p->localcert, v->value, sizeof(p->localcert)); ast_copy_string(p->localcert, v->value, sizeof(p->localcert));
} else { } else {
snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value); snprintf(p->localcert, sizeof(p->localcert), "%s/%s", ast_config_AST_KEY_DIR, v->value);
} }
ast_debug(1, "OSP: localcert '%s'\n", p->localcert); ast_debug(1, "OSP: localcert '%s'\n", p->localcert);
}
} else if (!strcasecmp(v->name, "cacert")) { } else if (!strcasecmp(v->name, "cacert")) {
if (osp_security) {
if (p->cacount < OSP_MAX_CERTS) { if (p->cacount < OSP_MAX_CERTS) {
if (v->value[0] == '/') { if (v->value[0] == '/') {
ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0])); ast_copy_string(p->cacerts[p->cacount], v->value, sizeof(p->cacerts[0]));
} else { } else {
snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value); snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s", ast_config_AST_KEY_DIR, v->value);
} }
ast_debug(1, "OSP: cacerts[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]); ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
p->cacount++; p->cacount++;
} else { } else {
ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno); ast_log(LOG_WARNING, "OSP: Too many CA Certificates at line %d\n", v->lineno);
} }
}
} else if (!strcasecmp(v->name, "servicepoint")) { } else if (!strcasecmp(v->name, "servicepoint")) {
if (p->spcount < OSP_MAX_SRVS) { if (p->spcount < OSP_MAX_SRVS) {
ast_copy_string(p->srvpoints[p->spcount], v->value, sizeof(p->srvpoints[0])); ast_copy_string(p->srvpoints[p->spcount], v->value, sizeof(p->srvpoints[0]));
@@ -324,61 +306,53 @@ static int osp_create_provider(
v = v->next; v = v->next;
} }
if (p->cacount == 0) { error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey);
p->cacount = 1; if (error != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
ast_free(p);
return 0;
}
error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert);
if (error != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
if (privatekey.PrivateKeyData) {
ast_free(privatekey.PrivateKeyData);
}
ast_free(p);
return 0;
}
if (p->cacount < 1) {
snprintf(p->cacerts[p->cacount], sizeof(p->cacerts[0]), "%s/%s-cacert.pem", ast_config_AST_KEY_DIR, provider);
ast_debug(1, "OSP: cacert[%d]: '%s'\n", p->cacount, p->cacerts[p->cacount]);
p->cacount++;
}
for (i = 0; i < p->cacount; i++) {
error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i]);
if (error != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
for (j = 0; j < i; j++) {
if (cacerts[j].CertData) {
ast_free(cacerts[j].CertData);
}
}
if (localcert.CertData) {
ast_free(localcert.CertData);
}
if (privatekey.PrivateKeyData) {
ast_free(privatekey.PrivateKeyData);
}
ast_free(p);
return 0;
}
pcacerts[i] = &cacerts[i];
} }
for (i = 0; i < p->spcount; i++) { for (i = 0; i < p->spcount; i++) {
psrvpoints[i] = p->srvpoints[i]; psrvpoints[i] = p->srvpoints[i];
} }
if (osp_security) {
privatekey.PrivateKeyData = NULL;
privatekey.PrivateKeyLength = 0;
localcert.CertData = NULL;
localcert.CertDataLength = 0;
for (i = 0; i < p->cacount; i++) {
cacerts[i].CertData = NULL;
cacerts[i].CertDataLength = 0;
}
if ((error = OSPPUtilLoadPEMPrivateKey((unsigned char*)p->privatekey, &privatekey)) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load privatekey '%s', error '%d'\n", p->privatekey, error);
} else if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->localcert, &localcert)) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load localcert '%s', error '%d'\n", p->localcert, error);
} else {
for (i = 0; i < p->cacount; i++) {
if ((error = OSPPUtilLoadPEMCert((unsigned char*)p->cacerts[i], &cacerts[i])) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to load cacert '%s', error '%d'\n", p->cacerts[i], error);
break;
} else {
pcacerts[i] = &cacerts[i];
}
}
}
} else {
privatekey.PrivateKeyData = privatekeydata;
privatekey.PrivateKeyLength = sizeof(privatekeydata);
localcert.CertData = localcertdata;
localcert.CertDataLength = sizeof(localcertdata);
cacerts[0].CertData = cacertdata;
cacerts[0].CertDataLength = sizeof(cacertdata);
pcacerts[0] = &cacerts[0];
if ((error = OSPPBase64Decode(B64PKey, strlen(B64PKey), privatekey.PrivateKeyData, &privatekey.PrivateKeyLength)) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to decode private key, error '%d'\n", error);
} else if ((error = OSPPBase64Decode(B64LCert, strlen(B64LCert), localcert.CertData, &localcert.CertDataLength)) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to decode local cert, error '%d'\n", error);
} else if ((error = OSPPBase64Decode(B64CACert, strlen(B64CACert), cacerts[0].CertData, &cacerts[0].CertDataLength)) != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to decode cacert, error '%d'\n", error);
}
}
if (error == OSPC_ERR_NO_ERROR) {
error = OSPPProviderNew( error = OSPPProviderNew(
p->spcount, p->spcount,
psrvpoints, psrvpoints,
@@ -400,6 +374,7 @@ static int osp_create_provider(
&p->handle); &p->handle);
if (error != OSPC_ERR_NO_ERROR) { if (error != OSPC_ERR_NO_ERROR) {
ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error); ast_log(LOG_WARNING, "OSP: Unable to create provider '%s', error '%d'\n", provider, error);
ast_free(p);
res = -1; res = -1;
} else { } else {
ast_debug(1, "OSP: provider '%s'\n", provider); ast_debug(1, "OSP: provider '%s'\n", provider);
@@ -409,9 +384,7 @@ static int osp_create_provider(
ast_mutex_unlock(&osplock); ast_mutex_unlock(&osplock);
res = 1; res = 1;
} }
}
if (osp_security) {
for (i = 0; i < p->cacount; i++) { for (i = 0; i < p->cacount; i++) {
if (cacerts[i].CertData) { if (cacerts[i].CertData) {
ast_free(cacerts[i].CertData); ast_free(cacerts[i].CertData);
@@ -423,11 +396,6 @@ static int osp_create_provider(
if (privatekey.PrivateKeyData) { if (privatekey.PrivateKeyData) {
ast_free(privatekey.PrivateKeyData); ast_free(privatekey.PrivateKeyData);
} }
}
if (res != 1) {
ast_free(p);
}
return res; return res;
} }
@@ -562,9 +530,9 @@ static int osp_validate_token(
NULL, NULL,
NULL, NULL,
calling ? calling : "", calling ? calling : "",
OSPC_NFORMAT_E164, OSPC_E164,
called, called,
OSPC_NFORMAT_E164, OSPC_E164,
0, 0,
NULL, NULL,
tokenlen, tokenlen,
@@ -575,7 +543,7 @@ static int osp_validate_token(
NULL, NULL,
osp_tokenformat); osp_tokenformat);
if (error != OSPC_ERR_NO_ERROR) { if (error != OSPC_ERR_NO_ERROR) {
ast_debug(1, "OSP: Unable to validate inbound token, error '%d'\n", error); ast_debug(1, "OSP: Unable to validate inbound token\n");
res = -1; res = -1;
} else if (authorised) { } else if (authorised) {
ast_debug(1, "OSP: Authorised\n"); ast_debug(1, "OSP: Authorised\n");
@@ -626,12 +594,12 @@ static int osp_check_destination(
char* destination, char* destination,
unsigned int tokenlen, unsigned int tokenlen,
const char* token, const char* token,
OSPEFAILREASON* reason, enum OSPEFAILREASON* reason,
struct osp_result* result) struct osp_result* result)
{ {
int res; int res;
OSPE_DEST_OSPENABLED enabled; OSPE_DEST_OSP_ENABLED enabled;
OSPE_DEST_PROTOCOL protocol; OSPE_DEST_PROT protocol;
int error; int error;
if (strlen(destination) <= 2) { if (strlen(destination) <= 2) {
@@ -646,7 +614,7 @@ static int osp_check_destination(
return -1; return -1;
} }
if (enabled == OSPC_DOSP_FALSE) { if (enabled == OSPE_OSP_FALSE) {
result->token[0] = '\0'; result->token[0] = '\0';
} else { } else {
ast_base64encode(result->token, (const unsigned char*)token, tokenlen, sizeof(result->token) - 1); ast_base64encode(result->token, (const unsigned char*)token, tokenlen, sizeof(result->token) - 1);
@@ -669,29 +637,29 @@ static int osp_check_destination(
/* Strip leading and trailing brackets */ /* Strip leading and trailing brackets */
destination[strlen(destination) - 1] = '\0'; destination[strlen(destination) - 1] = '\0';
switch(protocol) { switch(protocol) {
case OSPC_DPROT_Q931: case OSPE_DEST_PROT_H323_SETUP:
ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323); ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_H323);
ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech)); ast_copy_string(result->tech, OSP_TECH_H323, sizeof(result->tech));
ast_copy_string(result->dest, destination + 1, sizeof(result->dest)); ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
ast_copy_string(result->called, called, sizeof(result->called)); ast_copy_string(result->called, called, sizeof(result->called));
ast_copy_string(result->calling, calling, sizeof(result->calling)); ast_copy_string(result->calling, calling, sizeof(result->calling));
break; break;
case OSPC_DPROT_SIP: case OSPE_DEST_PROT_SIP:
ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP); ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_SIP);
ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech)); ast_copy_string(result->tech, OSP_TECH_SIP, sizeof(result->tech));
ast_copy_string(result->dest, destination + 1, sizeof(result->dest)); ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
ast_copy_string(result->called, called, sizeof(result->called)); ast_copy_string(result->called, called, sizeof(result->called));
ast_copy_string(result->calling, calling, sizeof(result->calling)); ast_copy_string(result->calling, calling, sizeof(result->calling));
break; break;
case OSPC_DPROT_IAX: case OSPE_DEST_PROT_IAX:
ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX); ast_debug(1, "OSP: protocol '%s'\n", OSP_PROT_IAX);
ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech)); ast_copy_string(result->tech, OSP_TECH_IAX, sizeof(result->tech));
ast_copy_string(result->dest, destination + 1, sizeof(result->dest)); ast_copy_string(result->dest, destination + 1, sizeof(result->dest));
ast_copy_string(result->called, called, sizeof(result->called)); ast_copy_string(result->called, called, sizeof(result->called));
ast_copy_string(result->calling, calling, sizeof(result->calling)); ast_copy_string(result->calling, calling, sizeof(result->calling));
break; break;
case OSPC_DPROT_UNDEFINED: case OSPE_DEST_PROT_UNDEFINED:
case OSPC_DPROT_UNKNOWN: case OSPE_DEST_PROT_UNKNOWN:
ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol); ast_debug(1, "OSP: unknown/undefined protocol '%d'\n", protocol);
ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol); ast_debug(1, "OSP: use default protocol '%s'\n", provider->defaultprotocol);
@@ -700,7 +668,7 @@ static int osp_check_destination(
ast_copy_string(result->called, called, sizeof(result->called)); ast_copy_string(result->called, called, sizeof(result->called));
ast_copy_string(result->calling, calling, sizeof(result->calling)); ast_copy_string(result->calling, calling, sizeof(result->calling));
break; break;
case OSPC_DPROT_LRQ: case OSPE_DEST_PROT_H323_LRQ:
default: default:
ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol); ast_log(LOG_WARNING, "OSP: unsupported protocol '%d'\n", protocol);
*reason = OSPC_FAIL_PROTOCOL_ERROR; *reason = OSPC_FAIL_PROTOCOL_ERROR;
@@ -718,10 +686,10 @@ static int osp_check_destination(
* \param cause Asterisk hangup cause * \param cause Asterisk hangup cause
* \return OSP TC code * \return OSP TC code
*/ */
static OSPEFAILREASON asterisk2osp( static enum OSPEFAILREASON asterisk2osp(
int cause) int cause)
{ {
return (OSPEFAILREASON)cause; return (enum OSPEFAILREASON)cause;
} }
/*! /*!
@@ -880,8 +848,6 @@ static int osp_create_callid(
* \param srcdev Source device of outbound call * \param srcdev Source device of outbound call
* \param calling Calling number * \param calling Calling number
* \param called Called number * \param called Called number
* \param snetid Source network ID
* \param rnumber Routing number
* \param callidtypes Call ID types * \param callidtypes Call ID types
* \param result Lookup results * \param result Lookup results
* \return 1 Found , 0 No route, -1 Error * \return 1 Found , 0 No route, -1 Error
@@ -891,8 +857,6 @@ static int osp_lookup(
const char* srcdev, const char* srcdev,
const char* calling, const char* calling,
const char* called, const char* called,
const char* snetid,
const char* rnumber,
unsigned int callidtypes, unsigned int callidtypes,
struct osp_result* result) struct osp_result* result)
{ {
@@ -909,9 +873,9 @@ static int osp_lookup(
unsigned int i, type; unsigned int i, type;
struct osp_callid callid; struct osp_callid callid;
unsigned int callidnum; unsigned int callidnum;
OSPT_CALL_ID* callids[OSP_CALLID_MAXNUM]; OSPTCALLID* callids[OSP_CALLID_MAXNUM];
unsigned int dummy = 0; unsigned int dummy = 0;
OSPEFAILREASON reason; enum OSPEFAILREASON reason;
int error; int error;
result->outhandle = OSP_INVALID_HANDLE; result->outhandle = OSP_INVALID_HANDLE;
@@ -938,14 +902,6 @@ static int osp_lookup(
return -1; return -1;
} }
if (!ast_strlen_zero(snetid)) {
OSPPTransactionSetNetworkIds(result->outhandle, snetid, "");
}
if (!ast_strlen_zero(rnumber)) {
OSPPTransactionSetRoutingNumber(result->outhandle, rnumber);
}
callidnum = 0; callidnum = 0;
callids[0] = NULL; callids[0] = NULL;
for (i = 0; i < OSP_CALLID_MAXNUM; i++) { for (i = 0; i < OSP_CALLID_MAXNUM; i++) {
@@ -967,9 +923,9 @@ static int osp_lookup(
src, src,
dev, dev,
calling ? calling : "", calling ? calling : "",
OSPC_NFORMAT_E164, OSPC_E164,
called, called,
OSPC_NFORMAT_E164, OSPC_E164,
NULL, NULL,
callidnum, callidnum,
callids, callids,
@@ -983,7 +939,7 @@ static int osp_lookup(
} }
if (error != OSPC_ERR_NO_ERROR) { if (error != OSPC_ERR_NO_ERROR) {
ast_debug(1, "OSP: Unable to request authorization, error '%d'\n", error); ast_debug(1, "OSP: Unable to request authorization\n");
result->numresults = 0; result->numresults = 0;
if (result->inhandle != OSP_INVALID_HANDLE) { if (result->inhandle != OSP_INVALID_HANDLE) {
OSPPTransactionRecordFailure(result->inhandle, OSPC_FAIL_NORMAL_UNSPECIFIED); OSPPTransactionRecordFailure(result->inhandle, OSPC_FAIL_NORMAL_UNSPECIFIED);
@@ -1020,7 +976,7 @@ static int osp_lookup(
&tokenlen, &tokenlen,
token); token);
if (error != OSPC_ERR_NO_ERROR) { if (error != OSPC_ERR_NO_ERROR) {
ast_debug(1, "OSP: Unable to get first route, error '%d'\n", error); ast_debug(1, "OSP: Unable to get first route\n");
result->numresults = 0; result->numresults = 0;
result->outtimelimit = OSP_DEF_TIMELIMIT; result->outtimelimit = OSP_DEF_TIMELIMIT;
if (result->inhandle != OSP_INVALID_HANDLE) { if (result->inhandle != OSP_INVALID_HANDLE) {
@@ -1126,7 +1082,7 @@ static int osp_next(
char destination[OSP_NORSTR_SIZE]; char destination[OSP_NORSTR_SIZE];
unsigned int tokenlen; unsigned int tokenlen;
char token[OSP_TOKSTR_SIZE]; char token[OSP_TOKSTR_SIZE];
OSPEFAILREASON reason; enum OSPEFAILREASON reason;
int error; int error;
result->tech[0] = '\0'; result->tech[0] = '\0';
@@ -1242,7 +1198,7 @@ static int osp_finish(
unsigned int release) unsigned int release)
{ {
int res; int res;
OSPEFAILREASON reason; enum OSPEFAILREASON reason;
time_t alert = 0; time_t alert = 0;
unsigned isPddInfoPresent = 0; unsigned isPddInfoPresent = 0;
unsigned pdd = 0; unsigned pdd = 0;
@@ -1268,11 +1224,11 @@ static int osp_finish(
isPddInfoPresent, isPddInfoPresent,
pdd, pdd,
release, release,
NULL, (unsigned char*)"",
-1, 0,
-1, 0,
-1, 0,
-1, 0,
&dummy, &dummy,
NULL); NULL);
if (error == OSPC_ERR_NO_ERROR) { if (error == OSPC_ERR_NO_ERROR) {
@@ -1384,8 +1340,7 @@ static int osplookup_exec(
struct varshead* headp; struct varshead* headp;
struct ast_var_t* current; struct ast_var_t* current;
const char* srcdev = ""; const char* srcdev = "";
const char* snetid = ""; const char* netid = "";
const char* rnumber = "";
char buffer[OSP_TOKSTR_SIZE]; char buffer[OSP_TOKSTR_SIZE];
unsigned int callidtypes = OSP_CALLID_UNDEFINED; unsigned int callidtypes = OSP_CALLID_UNDEFINED;
struct osp_result result; struct osp_result result;
@@ -1444,24 +1399,21 @@ static int osplookup_exec(
result.intimelimit = OSP_DEF_TIMELIMIT; result.intimelimit = OSP_DEF_TIMELIMIT;
} }
} else if (!strcasecmp(ast_var_name(current), "OSPINNETWORKID")) { } else if (!strcasecmp(ast_var_name(current), "OSPINNETWORKID")) {
snetid = ast_var_value(current); netid = ast_var_value(current);
} else if (!strcasecmp(ast_var_name(current), "OSPROUTINGNUMBER")) {
rnumber = ast_var_value(current);
} else if (!strcasecmp(ast_var_name(current), "OSPPEERIP")) { } else if (!strcasecmp(ast_var_name(current), "OSPPEERIP")) {
srcdev = ast_var_value(current); srcdev = ast_var_value(current);
} }
} }
ast_debug(1, "OSPLookup: OSPINHANDLE '%d'\n", result.inhandle); ast_debug(1, "OSPLookup: OSPINHANDLE '%d'\n", result.inhandle);
ast_debug(1, "OSPLookup: OSPINTIMELIMIT '%d'\n", result.intimelimit); ast_debug(1, "OSPLookup: OSPINTIMELIMIT '%d'\n", result.intimelimit);
ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", snetid); ast_debug(1, "OSPLookup: OSPINNETWORKID '%s'\n", netid);
ast_debug(1, "OSPLookup: OSPROUTINGNUMBER '%s'\n", rnumber);
ast_debug(1, "OSPLookup: source device '%s'\n", srcdev); ast_debug(1, "OSPLookup: source device '%s'\n", srcdev);
if ((cres = ast_autoservice_start(chan)) < 0) { if ((cres = ast_autoservice_start(chan)) < 0) {
return -1; return -1;
} }
if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, snetid, rnumber, callidtypes, &result)) > 0) { if ((res = osp_lookup(provider, srcdev, chan->cid.cid_num, args.exten, callidtypes, &result)) > 0) {
status = AST_OSP_SUCCESS; status = AST_OSP_SUCCESS;
} else { } else {
result.tech[0] = '\0'; result.tech[0] = '\0';
@@ -1492,8 +1444,6 @@ static int osplookup_exec(
ast_debug(1, "OSPLookup: OSPCALLED '%s'\n", result.called); ast_debug(1, "OSPLookup: OSPCALLED '%s'\n", result.called);
pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling); pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
ast_debug(1, "OSPLookup: OSPCALLING '%s'\n", result.calling); ast_debug(1, "OSPLookup: OSPCALLING '%s'\n", result.calling);
pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token); pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(result.token)); ast_debug(1, "OSPLookup: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
snprintf(buffer, sizeof(buffer), "%d", result.numresults); snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1655,8 +1605,6 @@ static int ospnext_exec(
ast_debug(1, "OSPNext: OSPCALLED'%s'\n", result.called); ast_debug(1, "OSPNext: OSPCALLED'%s'\n", result.called);
pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling); pbx_builtin_setvar_helper(chan, "OSPCALLING", result.calling);
ast_debug(1, "OSPNext: OSPCALLING '%s'\n", result.calling); ast_debug(1, "OSPNext: OSPCALLING '%s'\n", result.calling);
pbx_builtin_setvar_helper(chan, "OSPOUTNETWORKID", result.networkid);
ast_debug(1, "OSPLookup: OSPOUTNETWORKID '%s'\n", result.networkid);
pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token); pbx_builtin_setvar_helper(chan, "OSPOUTTOKEN", result.token);
ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(result.token)); ast_debug(1, "OSPNext: OSPOUTTOKEN size '%zd'\n", strlen(result.token));
snprintf(buffer, sizeof(buffer), "%d", result.numresults); snprintf(buffer, sizeof(buffer), "%d", result.numresults);
@@ -1848,12 +1796,6 @@ static int osp_load(int reload)
} }
ast_debug(1, "OSP: osp_hardware '%d'\n", osp_hardware); ast_debug(1, "OSP: osp_hardware '%d'\n", osp_hardware);
t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "securityfeatures");
if (t && ast_true(t)) {
osp_security = 1;
}
ast_debug(1, "OSP: osp_security '%d'\n", osp_security);
t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "tokenformat"); t = ast_variable_retrieve(cfg, OSP_GENERAL_CAT, "tokenformat");
if (t) { if (t) {
if ((sscanf(t, "%d", &v) == 1) && if ((sscanf(t, "%d", &v) == 1) &&
@@ -1907,7 +1849,6 @@ static int osp_unload(void)
OSPPCleanup(); OSPPCleanup();
osp_tokenformat = TOKEN_ALGO_SIGNED; osp_tokenformat = TOKEN_ALGO_SIGNED;
osp_security = 0;
osp_hardware = 0; osp_hardware = 0;
osp_initialized = 0; osp_initialized = 0;
} }
@@ -1950,11 +1891,8 @@ static char *handle_cli_osp_show(struct ast_cli_entry *e, int cmd, struct ast_cl
tokenalgo = "Signed"; tokenalgo = "Signed";
break; break;
} }
ast_cli(a->fd, "OSP: %s/%s/%s/%s\n", ast_cli(a->fd, "OSP: %s %s %s\n",
osp_initialized ? "Initialized" : "Uninitialized", osp_initialized ? "Initialized" : "Uninitialized", osp_hardware ? "Accelerated" : "Normal", tokenalgo);
osp_hardware ? "Accelerated" : "Normal",
osp_security ? "Enabled" : "Disabled",
tokenalgo);
} }
ast_mutex_lock(&osplock); ast_mutex_lock(&osplock);
@@ -1965,13 +1903,11 @@ static char *handle_cli_osp_show(struct ast_cli_entry *e, int cmd, struct ast_cl
ast_cli(a->fd, "\n"); ast_cli(a->fd, "\n");
} }
ast_cli(a->fd, " == OSP Provider '%s' == \n", p->name); ast_cli(a->fd, " == OSP Provider '%s' == \n", p->name);
if (osp_security) {
ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey); ast_cli(a->fd, "Local Private Key: %s\n", p->privatekey);
ast_cli(a->fd, "Local Certificate: %s\n", p->localcert); ast_cli(a->fd, "Local Certificate: %s\n", p->localcert);
for (i = 0; i < p->cacount; i++) { for (i = 0; i < p->cacount; i++) {
ast_cli(a->fd, "CA Certificate %d: %s\n", i + 1, p->cacerts[i]); ast_cli(a->fd, "CA Certificate %d: %s\n", i + 1, p->cacerts[i]);
} }
}
for (i = 0; i < p->spcount; i++) { for (i = 0; i < p->spcount; i++) {
ast_cli(a->fd, "Service Point %d: %s\n", i + 1, p->srvpoints[i]); ast_cli(a->fd, "Service Point %d: %s\n", i + 1, p->srvpoints[i]);
} }

13
configs/osp.conf.sample
View File

@@ -12,23 +12,14 @@
[general] [general]
; ;
; Enable cryptographic acceleration hardware. ; Enable cryptographic acceleration hardware.
; The default value is no.
; ;
;accelerate=no ;accelerate=no
; ;
; Enable security features.
; If security features are disabled, Asterisk cannot validate signed tokens and
; all certificate file name parameters are ignored.
; The default value is no.
;
;securityfeatures=no
;
; Defines the status of tokens that Asterisk will validate. ; Defines the status of tokens that Asterisk will validate.
; 0 - signed tokens only ; 0 - signed tokens only
; 1 - unsigned tokens only ; 1 - unsigned tokens only
; 2 - both signed and unsigned ; 2 - both signed and unsigned
; The default value is 0, i.e. the Asterisk will only validate signed tokens. ; The default value is 0, i.e. the Asterisk will only validate signed tokens.
; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
; ;
;tokenformat=0 ;tokenformat=0
; ;
@@ -52,7 +43,6 @@
; If this parameter is unspecified or not present, the default name will be the ; If this parameter is unspecified or not present, the default name will be the
; osp.conf section name followed by "-privatekey.pem" (for example: ; osp.conf section name followed by "-privatekey.pem" (for example:
; default-privatekey.pem) ; default-privatekey.pem)
; If securityfeatures are disabled, this parameter is ignored.
; ;
;privatekey=pkey.pem ;privatekey=pkey.pem
; ;
@@ -60,7 +50,6 @@
; If this parameter is unspecified or not present, the default name will be the ; If this parameter is unspecified or not present, the default name will be the
; osp.conf section name followed by "- localcert.pem " (for example: ; osp.conf section name followed by "- localcert.pem " (for example:
; default-localcert.pem) ; default-localcert.pem)
; If securityfeatures are disabled, this parameter is ignored.
; ;
;localcert=localcert.pem ;localcert=localcert.pem
; ;
@@ -68,7 +57,6 @@
; a single Certificate Authority key file name is added with the default name of ; a single Certificate Authority key file name is added with the default name of
; the osp.conf section name followed by "-cacert_0.pem " (for example: ; the osp.conf section name followed by "-cacert_0.pem " (for example:
; default-cacert_0.pem) ; default-cacert_0.pem)
; If securityfeatures are disabled, this parameter is ignored.
; ;
;cacert=cacert_0.pem ;cacert=cacert_0.pem
; ;
@@ -93,7 +81,6 @@
; 2 - EXCLUSIVE - Accept calls with valid token. Block calls with invalid token ; 2 - EXCLUSIVE - Accept calls with valid token. Block calls with invalid token
; or no token. ; or no token.
; Default is 1, ; Default is 1,
; If securityfeatures are disabled, Asterisk cannot validate signed tokens.
; ;
;authpolicy=1 ;authpolicy=1
; ;