sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stasis: Update security events to use Stasis 

Also moves ACL messages to the security topic and gets rid of the
ACL topic

(closes issue ASTERISK-21103)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2496/



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@388975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Jonathan Rose 2013-05-17 17:36:10 +00:00
parent 15945a7185
commit b90bba7a30
25 changed files with 539 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -147,6 +147,11 @@ XMPP
If no resources exist or all are unavailable the device state is considered
to be unavailable.
Security Events Framework
-------------------------
* Security Event timestamps now use ISO 8601 formatted date/time instead of the
"seconds-microseconds" format that it was using previously.
Sorcery
------------------
* All future modules which utilize Sorcery for object persistence must have a

3
channels/chan_iax2.c
View File

@ -101,6 +101,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/test.h"
#include "asterisk/data.h"
#include "asterisk/netsock2.h"
#include "asterisk/security_events.h"
#include "iax2/include/iax2.h"
#include "iax2/include/firmware.h"
@ -1341,7 +1342,7 @@ static void network_change_stasis_unsubscribe(void)
static void acl_change_stasis_subscribe(void)
{
if (!acl_change_sub) {
acl_change_sub = stasis_subscribe(ast_acl_topic(),
acl_change_sub = stasis_subscribe(ast_security_topic(),
acl_change_stasis_cb, NULL);
}
}

238
channels/chan_sip.c
View File

@ -763,8 +763,8 @@ static char default_engine[256]; /*!< Default RTP engine */
static int default_maxcallbitrate; /*!< Maximum bitrate for call */
static struct ast_codec_pref default_prefs; /*!< Default codec prefs */
static char default_zone[MAX_TONEZONE_COUNTRY]; /*!< Default tone zone for channels created from the SIP driver */
static unsigned int default_transports; /*!< Default Transports (enum sip_transport) that are acceptable */
static unsigned int default_primary_transport; /*!< Default primary Transport (enum sip_transport) for outbound connections to devices */
static unsigned int default_transports; /*!< Default Transports (enum ast_transport) that are acceptable */
static unsigned int default_primary_transport; /*!< Default primary Transport (enum ast_transport) for outbound connections to devices */
static struct sip_settings sip_cfg; /*!< SIP configuration data.
\note in the future we could have multiple of these (per domain, per device group etc) */
@ -1145,7 +1145,7 @@ static int sip_queryoption(struct ast_channel *chan, int option, void *data, int
static const char *sip_get_callid(struct ast_channel *chan);
static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr);
static int sip_standard_port(enum sip_transport type, int port);
static int sip_standard_port(enum ast_transport type, int port);
static int sip_prepare_socket(struct sip_pvt *p);
static int get_address_family_filter(unsigned int transport);
@ -2473,7 +2473,7 @@ static const char *sip_reason_code_to_str(struct ast_party_redirecting_reason *r
sip_get_transport(tmpl->socket.type), peer->name, get_transport_list(peer->transports) \
); \
ret = 1; \
} else if (peer->socket.type & SIP_TRANSPORT_TLS) { \
} else if (peer->socket.type & AST_TRANSPORT_TLS) { \
ast_log(LOG_WARNING, \
"peer '%s' HAS NOT USED (OR SWITCHED TO) TLS in favor of '%s' (but this was allowed in sip.conf)!\n", \
peer->name, sip_get_transport(tmpl->socket.type) \
@ -2566,7 +2566,7 @@ static struct sip_threadinfo *sip_threadinfo_create(struct ast_tcptls_session_in
}
ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object");
th->tcptls_session = tcptls_session;
th->type = transport ? transport : (tcptls_session->ssl ? SIP_TRANSPORT_TLS: SIP_TRANSPORT_TCP);
th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
ao2_t_link(threadt, th, "Adding new tcptls helper thread");
ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains");
return th;
@ -2671,7 +2671,7 @@ static void sip_websocket_callback(struct ast_websocket *session, struct ast_var
}
req.socket.fd = ast_websocket_fd(session);
set_socket_transport(&req.socket, ast_websocket_is_secure(session) ? SIP_TRANSPORT_WSS : SIP_TRANSPORT_WS);
set_socket_transport(&req.socket, ast_websocket_is_secure(session) ? AST_TRANSPORT_WSS : AST_TRANSPORT_WS);
req.socket.ws_session = session;
handle_request_do(&req, ast_websocket_remote_address(session));
@ -3123,7 +3123,7 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
goto cleanup;
}
if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? SIP_TRANSPORT_TLS : SIP_TRANSPORT_TCP))) {
if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
goto cleanup;
}
ao2_t_ref(me, +1, "Adding threadinfo ref for tcp_helper_thread");
@ -3220,10 +3220,10 @@ static void *_sip_tcp_helper_thread(struct ast_tcptls_session_instance *tcptls_s
memset(buf, 0, sizeof(buf));
if (tcptls_session->ssl) {
set_socket_transport(&req.socket, SIP_TRANSPORT_TLS);
set_socket_transport(&req.socket, AST_TRANSPORT_TLS);
req.socket.port = htons(ourport_tls);
} else {
set_socket_transport(&req.socket, SIP_TRANSPORT_TCP);
set_socket_transport(&req.socket, AST_TRANSPORT_TCP);
req.socket.port = htons(ourport_tcp);
}
req.socket.fd = tcptls_session->fd;
@ -3595,7 +3595,7 @@ static int proxy_update(struct sip_proxy *proxy)
if (!ast_sockaddr_parse(&proxy->ip, proxy->name, 0)) {
/* Ok, not an IP address, then let's check if it's a domain or host */
/* XXX Todo - if we have proxy port, don't do SRV */
proxy->ip.ss.ss_family = get_address_family_filter(SIP_TRANSPORT_UDP); /* Filter address family */
proxy->ip.ss.ss_family = get_address_family_filter(AST_TRANSPORT_UDP); /* Filter address family */
if (ast_get_ip_or_srv(&proxy->ip, proxy->name, sip_cfg.srvlookup ? "_sip._udp" : NULL) < 0) {
ast_log(LOG_WARNING, "Unable to locate host '%s'\n", proxy->name);
return FALSE;
@ -3788,19 +3788,19 @@ static int get_transport_str2enum(const char *transport)
}
if (!strcasecmp(transport, "udp")) {
res |= SIP_TRANSPORT_UDP;
res |= AST_TRANSPORT_UDP;
}
if (!strcasecmp(transport, "tcp")) {
res |= SIP_TRANSPORT_TCP;
res |= AST_TRANSPORT_TCP;
}
if (!strcasecmp(transport, "tls")) {
res |= SIP_TRANSPORT_TLS;
res |= AST_TRANSPORT_TLS;
}
if (!strcasecmp(transport, "ws")) {
res |= SIP_TRANSPORT_WS;
res |= AST_TRANSPORT_WS;
}
if (!strcasecmp(transport, "wss")) {
res |= SIP_TRANSPORT_WSS;
res |= AST_TRANSPORT_WSS;
}
return res;
@ -3821,19 +3821,19 @@ static inline const char *get_transport_list(unsigned int transports)
memset(buf, 0, SIP_TRANSPORT_STR_BUFSIZE);
if (transports & SIP_TRANSPORT_UDP) {
if (transports & AST_TRANSPORT_UDP) {
strncat(buf, "UDP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
}
if (transports & SIP_TRANSPORT_TCP) {
if (transports & AST_TRANSPORT_TCP) {
strncat(buf, "TCP,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
}
if (transports & SIP_TRANSPORT_TLS) {
if (transports & AST_TRANSPORT_TLS) {
strncat(buf, "TLS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
}
if (transports & SIP_TRANSPORT_WS) {
if (transports & AST_TRANSPORT_WS) {
strncat(buf, "WS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
}
if (transports & SIP_TRANSPORT_WSS) {
if (transports & AST_TRANSPORT_WSS) {
strncat(buf, "WSS,", SIP_TRANSPORT_STR_BUFSIZE - strlen(buf));
}
@ -3846,17 +3846,17 @@ static inline const char *get_transport_list(unsigned int transports)
}
/*! \brief Return transport as string */
const char *sip_get_transport(enum sip_transport t)
const char *sip_get_transport(enum ast_transport t)
{
switch (t) {
case SIP_TRANSPORT_UDP:
case AST_TRANSPORT_UDP:
return "UDP";
case SIP_TRANSPORT_TCP:
case AST_TRANSPORT_TCP:
return "TCP";
case SIP_TRANSPORT_TLS:
case AST_TRANSPORT_TLS:
return "TLS";
case SIP_TRANSPORT_WS:
case SIP_TRANSPORT_WSS:
case AST_TRANSPORT_WS:
case AST_TRANSPORT_WSS:
return "WS";
}
@ -3864,17 +3864,17 @@ const char *sip_get_transport(enum sip_transport t)
}
/*! \brief Return protocol string for srv dns query */
static inline const char *get_srv_protocol(enum sip_transport t)
static inline const char *get_srv_protocol(enum ast_transport t)
{
switch (t) {
case SIP_TRANSPORT_UDP:
case AST_TRANSPORT_UDP:
return "udp";
case SIP_TRANSPORT_WS:
case AST_TRANSPORT_WS:
return "ws";
case SIP_TRANSPORT_TLS:
case SIP_TRANSPORT_TCP:
case AST_TRANSPORT_TLS:
case AST_TRANSPORT_TCP:
return "tcp";
case SIP_TRANSPORT_WSS:
case AST_TRANSPORT_WSS:
return "wss";
}
@ -3882,15 +3882,15 @@ static inline const char *get_srv_protocol(enum sip_transport t)
}
/*! \brief Return service string for srv dns query */
static inline const char *get_srv_service(enum sip_transport t)
static inline const char *get_srv_service(enum ast_transport t)
{
switch (t) {
case SIP_TRANSPORT_TCP:
case SIP_TRANSPORT_UDP:
case SIP_TRANSPORT_WS:
case AST_TRANSPORT_TCP:
case AST_TRANSPORT_UDP:
case AST_TRANSPORT_WS:
return "sip";
case SIP_TRANSPORT_TLS:
case SIP_TRANSPORT_WSS:
case AST_TRANSPORT_TLS:
case AST_TRANSPORT_WSS:
return "sips";
}
return "sip";
@ -3933,7 +3933,7 @@ static int __sip_xmit(struct sip_pvt *p, struct ast_str *data)
return XMIT_ERROR;
}
if (p->socket.type == SIP_TRANSPORT_UDP) {
if (p->socket.type == AST_TRANSPORT_UDP) {
res = ast_sendto(p->socket.fd, ast_str_buffer(data), ast_str_strlen(data), 0, dst);
} else if (p->socket.tcptls_session) {
res = sip_tcptls_write(p->socket.tcptls_session, ast_str_buffer(data), ast_str_strlen(data));
@ -4031,17 +4031,17 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka
if (!ast_sockaddr_isnull(&externaddr)) {
ast_sockaddr_copy(us, &externaddr);
switch (p->socket.type) {
case SIP_TRANSPORT_TCP:
case AST_TRANSPORT_TCP:
if (!externtcpport && ast_sockaddr_port(&externaddr)) {
/* for consistency, default to the externaddr port */
externtcpport = ast_sockaddr_port(&externaddr);
}
ast_sockaddr_set_port(us, externtcpport);
break;
case SIP_TRANSPORT_TLS:
case AST_TRANSPORT_TLS:
ast_sockaddr_set_port(us, externtlsport);
break;
case SIP_TRANSPORT_UDP:
case AST_TRANSPORT_UDP:
if (!ast_sockaddr_port(&externaddr)) {
ast_sockaddr_set_port(us, ast_sockaddr_port(&bindaddr));
}
@ -4055,7 +4055,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka
} else {
/* no remapping, but we bind to a specific address, so use it. */
switch (p->socket.type) {
case SIP_TRANSPORT_TCP:
case AST_TRANSPORT_TCP:
if (!ast_sockaddr_is_any(&sip_tcp_desc.local_address)) {
ast_sockaddr_copy(us,
&sip_tcp_desc.local_address);
@ -4064,7 +4064,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka
ast_sockaddr_port(&sip_tcp_desc.local_address));
}
break;
case SIP_TRANSPORT_TLS:
case AST_TRANSPORT_TLS:
if (!ast_sockaddr_is_any(&sip_tls_desc.local_address)) {
ast_sockaddr_copy(us,
&sip_tls_desc.local_address);
@ -4073,7 +4073,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka
ast_sockaddr_port(&sip_tls_desc.local_address));
}
break;
case SIP_TRANSPORT_UDP:
case AST_TRANSPORT_UDP:
/* fall through on purpose */
default:
if (!ast_sockaddr_is_any(&bindaddr)) {
@ -4084,7 +4084,7 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka
}
}
}
ast_debug(3, "Setting SIP_TRANSPORT_%s with address %s\n", sip_get_transport(p->socket.type), ast_sockaddr_stringify(us));
ast_debug(3, "Setting AST_TRANSPORT_%s with address %s\n", sip_get_transport(p->socket.type), ast_sockaddr_stringify(us));
}
/*! \brief Append to SIP dialog history with arg list */
@ -4342,7 +4342,7 @@ static enum sip_result __sip_reliable_xmit(struct sip_pvt *p, uint32_t seqno, in
/* If the transport is something reliable (TCP or TLS) then don't really send this reliably */
/* I removed the code from retrans_pkt that does the same thing so it doesn't get loaded into the scheduler */
/*! \todo According to the RFC some packets need to be retransmitted even if its TCP, so this needs to get revisited */
if (!(p->socket.type & SIP_TRANSPORT_UDP)) {
if (!(p->socket.type & AST_TRANSPORT_UDP)) {
xmitres = __sip_xmit(p, data); /* Send packet */
if (xmitres == XMIT_ERROR) { /* Serious network trouble, no need to try again */
append_history(p, "XmitErr", "%s", fatal ? "(Critical)" : "(Non-critical)");
@ -5482,7 +5482,7 @@ static int realtime_peer_by_name(const char *const *name, struct ast_sockaddr *a
if (ast_sockaddr_resolve(&addrs,
tmp->value,
PARSE_PORT_FORBID,
get_address_family_filter(SIP_TRANSPORT_UDP)) <= 0 ||
get_address_family_filter(AST_TRANSPORT_UDP)) <= 0 ||
ast_sockaddr_cmp(&addrs[0], addr)) {
/* No match */
ast_variables_destroy(*var);
@ -6080,7 +6080,7 @@ static int create_addr_from_peer(struct sip_pvt *dialog, struct sip_peer *peer)
copy_route(&dialog->route, peer->path);
if (dialog->route) {
/* Parse SIP URI of first route-set hop and use it as target address */
__set_address_from_contact(dialog->route->hop, &dialog->sa, dialog->socket.type == SIP_TRANSPORT_TLS ? 1 : 0);
__set_address_from_contact(dialog->route->hop, &dialog->sa, dialog->socket.type == AST_TRANSPORT_TLS ? 1 : 0);
}
if (dialog_initialize_rtp(dialog)) {
@ -6213,9 +6213,9 @@ static int create_addr_from_peer(struct sip_pvt *dialog, struct sip_peer *peer)
}
/*! \brief The default sip port for the given transport */
static inline int default_sip_port(enum sip_transport type)
static inline int default_sip_port(enum ast_transport type)
{
return type == SIP_TRANSPORT_TLS ? STANDARD_TLS_PORT : STANDARD_SIP_PORT;
return type == AST_TRANSPORT_TLS ? STANDARD_TLS_PORT : STANDARD_SIP_PORT;
}
/*! \brief create address structure from device name
@ -6300,7 +6300,7 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc
}
}
if (ast_sockaddr_resolve_first_transport(&dialog->sa, hostn, 0, dialog->socket.type ? dialog->socket.type : SIP_TRANSPORT_UDP)) {
if (ast_sockaddr_resolve_first_transport(&dialog->sa, hostn, 0, dialog->socket.type ? dialog->socket.type : AST_TRANSPORT_UDP)) {
ast_log(LOG_WARNING, "No such host: %s\n", peername);
return -1;
}
@ -6311,7 +6311,7 @@ static int create_addr(struct sip_pvt *dialog, const char *opeer, struct ast_soc
}
if (!dialog->socket.type)
set_socket_transport(&dialog->socket, SIP_TRANSPORT_UDP);
set_socket_transport(&dialog->socket, AST_TRANSPORT_UDP);
if (!dialog->socket.port) {
dialog->socket.port = htons(ast_sockaddr_port(&bindaddr));
}
@ -6408,7 +6408,7 @@ static int sip_call(struct ast_channel *ast, const char *dest, int timeout)
}
/* Check to see if we should try to force encryption */
if (p->req_secure_signaling && p->socket.type != SIP_TRANSPORT_TLS) {
if (p->req_secure_signaling && p->socket.type != AST_TRANSPORT_TLS) {
ast_log(LOG_WARNING, "Encrypted signaling is required\n");
ast_channel_hangupcause_set(ast, AST_CAUSE_BEARERCAPABILITY_NOTAVAIL);
return -1;
@ -8592,7 +8592,7 @@ static char *generate_random_string(char *buf, size_t size)
static char *generate_uri(struct sip_pvt *pvt, char *buf, size_t size)
{
struct ast_str *uri = ast_str_alloca(size);
ast_str_set(&uri, 0, "%s", pvt->socket.type == SIP_TRANSPORT_TLS ? "sips:" : "sip:");
ast_str_set(&uri, 0, "%s", pvt->socket.type == AST_TRANSPORT_TLS ? "sips:" : "sip:");
/* Here would be a great place to generate a UUID, but for now we'll
* use the handy random string generation function we already have
*/
@ -8786,7 +8786,7 @@ struct sip_pvt *sip_alloc(ast_string_field callid, struct ast_sockaddr *addr,
/* Later in ast_sip_ouraddrfor we need this to choose the right ip and port for the specific transport */
set_socket_transport(&p->socket, req->socket.type);
} else {
set_socket_transport(&p->socket, SIP_TRANSPORT_UDP);
set_socket_transport(&p->socket, AST_TRANSPORT_UDP);
}
p->socket.fd = -1;
@ -9474,7 +9474,7 @@ static int sip_subscribe_mwi(const char *value, int lineno)
{
struct sip_subscription_mwi *mwi;
int portnum = 0;
enum sip_transport transport = SIP_TRANSPORT_UDP;
enum ast_transport transport = AST_TRANSPORT_UDP;
char buf[256] = "";
char *username = NULL, *hostname = NULL, *secret = NULL, *authuser = NULL, *porta = NULL, *mailbox = NULL;
@ -11969,7 +11969,7 @@ static int reqprep(struct sip_request *req, struct sip_pvt *p, int sipmethod, ui
if (p->route &&
!(sipmethod == SIP_CANCEL ||
(sipmethod == SIP_ACK && (p->invitestate == INV_COMPLETED || p->invitestate == INV_CANCELLED)))) {
if (p->socket.type != SIP_TRANSPORT_UDP && p->socket.tcptls_session) {
if (p->socket.type != AST_TRANSPORT_UDP && p->socket.tcptls_session) {
/* For TCP/TLS sockets that are connected we won't need
* to do any hostname/IP lookups */
} else if (ast_test_flag(&p->flags[0], SIP_NAT_FORCE_RPORT)) {
@ -13794,7 +13794,7 @@ static void build_contact(struct sip_pvt *p)
char tmp[SIPBUFSIZE];
char *user = ast_uri_encode(p->exten, tmp, sizeof(tmp), ast_uri_sip_user);
if (p->socket.type == SIP_TRANSPORT_UDP) {
if (p->socket.type == AST_TRANSPORT_UDP) {
ast_string_field_build(p, our_contact, "<sip:%s%s%s>", user,
ast_strlen_zero(user) ? "" : "@", ast_sockaddr_stringify_remote(&p->ourip));
} else {
@ -14856,13 +14856,13 @@ static int transmit_notify_with_mwi(struct sip_pvt *p, int newmsgs, int oldmsgs,
domain = S_OR(p->fromdomain, ast_sockaddr_stringify_host_remote(&p->ourip));
if (!sip_standard_port(p->socket.type, ourport)) {
if (p->socket.type == SIP_TRANSPORT_UDP) {
if (p->socket.type == AST_TRANSPORT_UDP) {
ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d\r\n", exten, domain, ourport);
} else {
ast_str_append(&out, 0, "Message-Account: sip:%s@%s:%d;transport=%s\r\n", exten, domain, ourport, sip_get_transport(p->socket.type));
}
} else {
if (p->socket.type == SIP_TRANSPORT_UDP) {
if (p->socket.type == AST_TRANSPORT_UDP) {
ast_str_append(&out, 0, "Message-Account: sip:%s@%s\r\n", exten, domain);
} else {
ast_str_append(&out, 0, "Message-Account: sip:%s@%s;transport=%s\r\n", exten, domain, sip_get_transport(p->socket.type));
@ -15342,7 +15342,7 @@ static int transmit_register(struct sip_registry *r, int sipmethod, const char *
/* Set transport and port so the correct contact is built */
set_socket_transport(&p->socket, r->transport);
if (r->transport == SIP_TRANSPORT_TLS || r->transport == SIP_TRANSPORT_TCP) {
if (r->transport == AST_TRANSPORT_TLS || r->transport == AST_TRANSPORT_TCP) {
p->socket.port =
htons(ast_sockaddr_port(&sip_tcp_desc.local_address));
}
@ -15965,7 +15965,7 @@ static int __set_address_from_contact(const char *fullcontact, struct ast_sockad
if (!ast_sockaddr_port(addr)) {
ast_sockaddr_set_port(addr,
(get_transport_str2enum(transport) ==
SIP_TRANSPORT_TLS ||
AST_TRANSPORT_TLS ||
!strncasecmp(fullcontact, "sips", 4)) ?
STANDARD_TLS_PORT : STANDARD_SIP_PORT);
}
@ -15984,7 +15984,7 @@ static int set_address_from_contact(struct sip_pvt *pvt)
return 0;
}
return __set_address_from_contact(pvt->fullcontact, &pvt->sa, pvt->socket.type == SIP_TRANSPORT_TLS ? 1 : 0);
return __set_address_from_contact(pvt->fullcontact, &pvt->sa, pvt->socket.type == AST_TRANSPORT_TLS ? 1 : 0);
}
/*! \brief Parse contact header and save registration (peer registration) */
@ -16095,7 +16095,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
ao2_t_unlink(peers_by_ip, peer, "ao2_unlink of peer from peers_by_ip table");
}
if ((transport_type != SIP_TRANSPORT_WS) && (transport_type != SIP_TRANSPORT_WSS) &&
if ((transport_type != AST_TRANSPORT_WS) && (transport_type != AST_TRANSPORT_WSS) &&
(!ast_test_flag(&peer->flags[0], SIP_NAT_FORCE_RPORT) && !ast_test_flag(&peer->flags[0], SIP_NAT_RPORT_PRESENT))) {
/* use the data provided in the Contact header for call routing */
ast_debug(1, "Store REGISTER's Contact header for call routing.\n");
@ -16750,7 +16750,7 @@ static void network_change_stasis_unsubscribe(void)
static void acl_change_stasis_subscribe(void)
{
if (!acl_change_sub) {
acl_change_sub = stasis_subscribe(ast_acl_topic(),
acl_change_sub = stasis_subscribe(ast_security_topic(),
acl_change_stasis_cb, NULL);
}
@ -22110,11 +22110,11 @@ static int build_reply_digest(struct sip_pvt *p, int method, char* digest, int d
struct sip_auth_container *credentials;
if (!ast_strlen_zero(p->domain))
snprintf(uri, sizeof(uri), "%s:%s", p->socket.type == SIP_TRANSPORT_TLS ? "sips" : "sip", p->domain);
snprintf(uri, sizeof(uri), "%s:%s", p->socket.type == AST_TRANSPORT_TLS ? "sips" : "sip", p->domain);
else if (!ast_strlen_zero(p->uri))
ast_copy_string(uri, p->uri, sizeof(uri));
else
snprintf(uri, sizeof(uri), "%s:%s@%s", p->socket.type == SIP_TRANSPORT_TLS ? "sips" : "sip", p->username, ast_sockaddr_stringify_host_remote(&p->sa));
snprintf(uri, sizeof(uri), "%s:%s@%s", p->socket.type == AST_TRANSPORT_TLS ? "sips" : "sip", p->username, ast_sockaddr_stringify_host_remote(&p->sa));
snprintf(cnonce, sizeof(cnonce), "%08lx", ast_random());
@ -22543,7 +22543,7 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char
char *contact_number = NULL;
char *separator, *trans;
char *domain;
enum sip_transport transport = SIP_TRANSPORT_UDP;
enum ast_transport transport = AST_TRANSPORT_UDP;
ast_copy_string(contact, sip_get_header(req, "Contact"), sizeof(contact));
if ((separator = strchr(contact, ',')))
@ -22557,14 +22557,14 @@ static void parse_moved_contact(struct sip_pvt *p, struct sip_request *req, char
*separator = '\0';
if (!strncasecmp(trans, "tcp", 3))
transport = SIP_TRANSPORT_TCP;
transport = AST_TRANSPORT_TCP;
else if (!strncasecmp(trans, "tls", 3))
transport = SIP_TRANSPORT_TLS;
transport = AST_TRANSPORT_TLS;
else {
if (strncasecmp(trans, "udp", 3))
ast_debug(1, "received contact with an invalid transport, '%s'\n", contact_number);
/* This will assume UDP for all unknown transports */
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
}
}
contact_number = remove_uri_parameters(contact_number);
@ -24017,7 +24017,7 @@ static void handle_response(struct sip_pvt *p, int resp, const char *rest, struc
ast_channel_hangupcause_set(owner, hangup_sip2cause(resp));
}
if (p->socket.type == SIP_TRANSPORT_UDP) {
if (p->socket.type == AST_TRANSPORT_UDP) {
int ack_res = FALSE;
/* Acknowledge whatever it is destined for */
@ -28636,7 +28636,7 @@ static int sipsock_read(int *id, int fd, short events, void *ignore)
}
req.socket.fd = sipsock;
set_socket_transport(&req.socket, SIP_TRANSPORT_UDP);
set_socket_transport(&req.socket, AST_TRANSPORT_UDP);
req.socket.tcptls_session = NULL;
req.socket.port = htons(ast_sockaddr_port(&bindaddr));
@ -28743,9 +28743,9 @@ static int handle_request_do(struct sip_request *req, struct ast_sockaddr *addr)
* \param port Port we are checking to see if it's the standard port.
* \note port is expected in host byte order
*/
static int sip_standard_port(enum sip_transport type, int port)
static int sip_standard_port(enum ast_transport type, int port)
{
if (type & SIP_TRANSPORT_TLS)
if (type & AST_TRANSPORT_TLS)
return port == STANDARD_TLS_PORT;
else
return port == STANDARD_SIP_PORT;
@ -28790,11 +28790,11 @@ int get_address_family_filter(unsigned int transport)
{
const struct ast_sockaddr *addr = NULL;
if ((transport == SIP_TRANSPORT_UDP) || !transport) {
if ((transport == AST_TRANSPORT_UDP) || !transport) {
addr = &bindaddr;
} else if (transport == SIP_TRANSPORT_TCP || transport == SIP_TRANSPORT_WS) {
} else if (transport == AST_TRANSPORT_TCP || transport == AST_TRANSPORT_WS) {
addr = &sip_tcp_desc.local_address;
} else if (transport == SIP_TRANSPORT_TLS || transport == SIP_TRANSPORT_WSS) {
} else if (transport == AST_TRANSPORT_TLS || transport == AST_TRANSPORT_WSS) {
addr = &sip_tls_desc.local_address;
}
@ -28817,15 +28817,15 @@ static int sip_prepare_socket(struct sip_pvt *p)
pthread_t launched;
/* check to see if a socket is already active */
if ((s->fd != -1) && (s->type == SIP_TRANSPORT_UDP)) {
if ((s->fd != -1) && (s->type == AST_TRANSPORT_UDP)) {
return s->fd;
}
if ((s->type & (SIP_TRANSPORT_TCP | SIP_TRANSPORT_TLS)) &&
if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
(s->tcptls_session) &&
(s->tcptls_session->fd != -1)) {
return s->tcptls_session->fd;
}
if ((s->type & (SIP_TRANSPORT_WS | SIP_TRANSPORT_WSS))) {
if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) {
return s->ws_session ? ast_websocket_fd(s->ws_session) : -1;
}
@ -28836,7 +28836,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
s->type = p->outboundproxy->transport;
}
if (s->type == SIP_TRANSPORT_UDP) {
if (s->type == AST_TRANSPORT_UDP) {
s->fd = sipsock;
return s->fd;
}
@ -28874,7 +28874,7 @@ static int sip_prepare_socket(struct sip_pvt *p)
ca->accept_fd = -1;
ast_sockaddr_copy(&ca->remote_address,sip_real_dst(p));
/* if type is TLS, we need to create a tls cfg for this session arg */
if (s->type == SIP_TRANSPORT_TLS) {
if (s->type == AST_TRANSPORT_TLS) {
if (!(ca->tls_cfg = ast_calloc(1, sizeof(*ca->tls_cfg)))) {
goto create_tcptls_session_fail;
}
@ -29657,13 +29657,13 @@ static int sip_send_keepalive(const void *data)
}
/* Send the packet out using the proper method for this peer */
if ((peer->socket.fd != -1) && (peer->socket.type == SIP_TRANSPORT_UDP)) {
if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) {
res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr);
} else if ((peer->socket.type & (SIP_TRANSPORT_TCP | SIP_TRANSPORT_TLS)) &&
} else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
(peer->socket.tcptls_session) &&
(peer->socket.tcptls_session->fd != -1)) {
res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive));
} else if (peer->socket.type == SIP_TRANSPORT_UDP) {
} else if (peer->socket.type == AST_TRANSPORT_UDP) {
res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr);
}
@ -29783,7 +29783,7 @@ static int sip_poke_peer(struct sip_peer *peer, int force)
copy_route(&p->route, peer->path);
if (p->route) {
/* Parse SIP URI of first route-set hop and use it as target address */
__set_address_from_contact(p->route->hop, &p->sa, p->socket.type == SIP_TRANSPORT_TLS ? 1 : 0);
__set_address_from_contact(p->route->hop, &p->sa, p->socket.type == AST_TRANSPORT_TLS ? 1 : 0);
}
/* Send OPTIONs to peer's fullcontact */
@ -29964,7 +29964,7 @@ static struct ast_channel *sip_request_call(const char *type, struct ast_format_
char *trans = NULL;
char dialstring[256];
char *remote_address;
enum sip_transport transport = 0;
enum ast_transport transport = 0;
struct ast_callid *callid;
AST_DECLARE_APP_ARGS(args,
AST_APP_ARG(peerorhost);
@ -30056,16 +30056,16 @@ static struct ast_channel *sip_request_call(const char *type, struct ast_format_
if (trans) {
*trans++ = '\0';
if (!strcasecmp(trans, "tcp"))
transport = SIP_TRANSPORT_TCP;
transport = AST_TRANSPORT_TCP;
else if (!strcasecmp(trans, "tls"))
transport = SIP_TRANSPORT_TLS;
transport = AST_TRANSPORT_TLS;
else {
if (strcasecmp(trans, "udp"))
ast_log(LOG_WARNING, "'%s' is not a valid transport option to Dial() for SIP calls, using udp by default.\n", trans);
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
}
} else { /* use default */
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
}
if (!host) {
@ -30608,7 +30608,7 @@ static void set_peer_defaults(struct sip_peer *peer)
peer->expire = -1;
peer->pokeexpire = -1;
peer->keepalivesend = -1;
set_socket_transport(&peer->socket, SIP_TRANSPORT_UDP);
set_socket_transport(&peer->socket, AST_TRANSPORT_UDP);
}
peer->type = SIP_TYPE_PEER;
ast_copy_flags(&peer->flags[0], &global_flags[0], SIP_FLAGS_TO_COPY);
@ -30876,15 +30876,15 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
trans = ast_skip_blanks(trans);
if (!strncasecmp(trans, "udp", 3)) {
peer->transports |= SIP_TRANSPORT_UDP;
peer->transports |= AST_TRANSPORT_UDP;
} else if (!strncasecmp(trans, "wss", 3)) {
peer->transports |= SIP_TRANSPORT_WSS;
peer->transports |= AST_TRANSPORT_WSS;
} else if (!strncasecmp(trans, "ws", 2)) {
peer->transports |= SIP_TRANSPORT_WS;
peer->transports |= AST_TRANSPORT_WS;
} else if (sip_cfg.tcp_enabled && !strncasecmp(trans, "tcp", 3)) {
peer->transports |= SIP_TRANSPORT_TCP;
peer->transports |= AST_TRANSPORT_TCP;
} else if (default_tls_cfg.enabled && !strncasecmp(trans, "tls", 3)) {
peer->transports |= SIP_TRANSPORT_TLS;
peer->transports |= AST_TRANSPORT_TLS;
} else if (!strncasecmp(trans, "tcp", 3) || !strncasecmp(trans, "tls", 3)) {
ast_log(LOG_WARNING, "'%.3s' is not a valid transport type when %.3senable=no. If no other is specified, the defaults from general will be used.\n", trans, trans);
} else {
@ -31401,16 +31401,16 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
if (ast_sockaddr_port(&peer->addr) == 0) {
ast_sockaddr_set_port(&peer->addr,
(peer->socket.type & SIP_TRANSPORT_TLS) ?
(peer->socket.type & AST_TRANSPORT_TLS) ?
STANDARD_TLS_PORT : STANDARD_SIP_PORT);
}
if (ast_sockaddr_port(&peer->defaddr) == 0) {
ast_sockaddr_set_port(&peer->defaddr,
(peer->socket.type & SIP_TRANSPORT_TLS) ?
(peer->socket.type & AST_TRANSPORT_TLS) ?
STANDARD_TLS_PORT : STANDARD_SIP_PORT);
}
if (!peer->socket.port) {
peer->socket.port = htons(((peer->socket.type & SIP_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT));
peer->socket.port = htons(((peer->socket.type & AST_TRANSPORT_TLS) ? STANDARD_TLS_PORT : STANDARD_SIP_PORT));
}
if (!sip_cfg.ignore_regexpire && peer->host_dynamic && realtime) {
@ -31668,8 +31668,8 @@ static int reload_config(enum channelreloadreason reason)
memset(&default_prefs, 0 , sizeof(default_prefs));
memset(&sip_cfg.outboundproxy, 0, sizeof(struct sip_proxy));
sip_cfg.outboundproxy.force = FALSE; /*!< Don't force proxy usage, use route: headers */
default_transports = SIP_TRANSPORT_UDP;
default_primary_transport = SIP_TRANSPORT_UDP;
default_transports = AST_TRANSPORT_UDP;
default_primary_transport = AST_TRANSPORT_UDP;
ourport_tcp = STANDARD_SIP_PORT;
ourport_tls = STANDARD_TLS_PORT;
externtcpport = STANDARD_SIP_PORT;
@ -31885,15 +31885,15 @@ static int reload_config(enum channelreloadreason reason)
trans = ast_skip_blanks(trans);
if (!strncasecmp(trans, "udp", 3)) {
default_transports |= SIP_TRANSPORT_UDP;
default_transports |= AST_TRANSPORT_UDP;
} else if (!strncasecmp(trans, "tcp", 3)) {
default_transports |= SIP_TRANSPORT_TCP;
default_transports |= AST_TRANSPORT_TCP;
} else if (!strncasecmp(trans, "tls", 3)) {
default_transports |= SIP_TRANSPORT_TLS;
default_transports |= AST_TRANSPORT_TLS;
} else if (!strncasecmp(trans, "wss", 3)) {
default_transports |= SIP_TRANSPORT_WSS;
default_transports |= AST_TRANSPORT_WSS;
} else if (!strncasecmp(trans, "ws", 2)) {
default_transports |= SIP_TRANSPORT_WS;
default_transports |= AST_TRANSPORT_WS;
} else {
ast_log(LOG_NOTICE, "'%s' is not a valid transport type. if no other is specified, udp will be used.\n", trans);
}
@ -32398,22 +32398,22 @@ static int reload_config(enum channelreloadreason reason)
sip_cfg.allow_external_domains = 1;
}
/* If not or badly configured, set default transports */
if (!sip_cfg.tcp_enabled && (default_transports & SIP_TRANSPORT_TCP)) {
if (!sip_cfg.tcp_enabled && (default_transports & AST_TRANSPORT_TCP)) {
ast_log(LOG_WARNING, "Cannot use 'tcp' transport with tcpenable=no. Removing from available transports.\n");
default_primary_transport &= ~SIP_TRANSPORT_TCP;
default_transports &= ~SIP_TRANSPORT_TCP;
default_primary_transport &= ~AST_TRANSPORT_TCP;
default_transports &= ~AST_TRANSPORT_TCP;
}
if (!default_tls_cfg.enabled && (default_transports & SIP_TRANSPORT_TLS)) {
if (!default_tls_cfg.enabled && (default_transports & AST_TRANSPORT_TLS)) {
ast_log(LOG_WARNING, "Cannot use 'tls' transport with tlsenable=no. Removing from available transports.\n");
default_primary_transport &= ~SIP_TRANSPORT_TLS;
default_transports &= ~SIP_TRANSPORT_TLS;
default_primary_transport &= ~AST_TRANSPORT_TLS;
default_transports &= ~AST_TRANSPORT_TLS;
}
if (!default_transports) {
ast_log(LOG_WARNING, "No valid transports available, falling back to 'udp'.\n");
default_transports = default_primary_transport = SIP_TRANSPORT_UDP;
default_transports = default_primary_transport = AST_TRANSPORT_UDP;
} else if (!default_primary_transport) {
ast_log(LOG_WARNING, "No valid default transport. Selecting 'udp' as default.\n");
default_primary_transport = SIP_TRANSPORT_UDP;
default_primary_transport = AST_TRANSPORT_UDP;
}
/* Build list of authentication to various SIP realms, i.e. service providers */
@ -33552,7 +33552,7 @@ static int ast_sockaddr_resolve_first_af(struct ast_sockaddr *addr,
static int ast_sockaddr_resolve_first(struct ast_sockaddr *addr,
const char* name, int flag)
{
return ast_sockaddr_resolve_first_af(addr, name, flag, get_address_family_filter(SIP_TRANSPORT_UDP));
return ast_sockaddr_resolve_first_af(addr, name, flag, get_address_family_filter(AST_TRANSPORT_UDP));
}
/*! \brief Return the first entry from ast_sockaddr_resolve filtered by family of binddaddr
@ -33644,7 +33644,7 @@ static int peer_ipcmp_cb_full(void *obj, void *arg, void *data, int flags)
}
/* We matched the IP, check to see if we need to match by port as well. */
if ((peer->transports & peer2->transports) & (SIP_TRANSPORT_TLS | SIP_TRANSPORT_TCP)) {
if ((peer->transports & peer2->transports) & (AST_TRANSPORT_TLS | AST_TRANSPORT_TCP)) {
/* peer matching on port is not possible with TCP/TLS */
return CMP_MATCH | CMP_STOP;
} else if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) {

58
channels/sip/config_parser.c
View File

@ -40,7 +40,7 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const
{
int portnum = 0;
int domainport = 0;
enum sip_transport transport = SIP_TRANSPORT_UDP;
enum ast_transport transport = AST_TRANSPORT_UDP;
char buf[256] = "";
char *userpart = NULL, *hostpart = NULL;
/* register => [peer?][transport://]user[@domain][:secret[:authuser]]@host[:port][/extension][~expiry] */
@ -230,21 +230,21 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const
/* set transport type */
if (!pre2.transport) {
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
} else if (!strncasecmp(pre2.transport, "tcp", 3)) {
transport = SIP_TRANSPORT_TCP;
transport = AST_TRANSPORT_TCP;
} else if (!strncasecmp(pre2.transport, "tls", 3)) {
transport = SIP_TRANSPORT_TLS;
transport = AST_TRANSPORT_TLS;
} else if (!strncasecmp(pre2.transport, "udp", 3)) {
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
} else {
transport = SIP_TRANSPORT_UDP;
transport = AST_TRANSPORT_UDP;
ast_log(LOG_NOTICE, "'%.3s' is not a valid transport type on line %d of sip.conf. defaulting to udp.\n", pre2.transport, lineno);
}
/* if no portnum specified, set default for transport */
if (!portnum) {
if (transport == SIP_TRANSPORT_TLS) {
if (transport == AST_TRANSPORT_TLS) {
portnum = STANDARD_TLS_PORT;
} else {
portnum = STANDARD_SIP_PORT;
@ -314,7 +314,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "") ||
strcmp(reg->secret, "") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -343,7 +343,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -372,7 +372,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -401,7 +401,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -430,7 +430,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_TCP ||
reg->transport != AST_TRANSPORT_TCP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -459,7 +459,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_TLS ||
reg->transport != AST_TRANSPORT_TLS ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != 111 ||
@ -488,7 +488,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "peer") ||
reg->transport != SIP_TRANSPORT_TCP ||
reg->transport != AST_TRANSPORT_TCP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != 111 ||
@ -517,7 +517,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "peer") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != 111 ||
@ -587,7 +587,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "authuser") ||
strcmp(reg->secret, "pass") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -616,7 +616,7 @@ AST_TEST_DEFINE(sip_parse_register_line_test)
strcmp(reg->authuser, "") ||
strcmp(reg->secret, "") ||
strcmp(reg->peername, "") ||
reg->transport != SIP_TRANSPORT_UDP ||
reg->transport != AST_TRANSPORT_UDP ||
reg->timeout != -1 ||
reg->expire != -1 ||
reg->refresh != default_expiry ||
@ -641,7 +641,7 @@ alloc_fail:
return res;
}
int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum sip_transport *transport)
int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum ast_transport *transport)
{
char *port;
@ -653,11 +653,11 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s
*hostname += 3;
if (!strncasecmp(line, "tcp", 3)) {
*transport = SIP_TRANSPORT_TCP;
*transport = AST_TRANSPORT_TCP;
} else if (!strncasecmp(line, "tls", 3)) {
*transport = SIP_TRANSPORT_TLS;
*transport = AST_TRANSPORT_TLS;
} else if (!strncasecmp(line, "udp", 3)) {
*transport = SIP_TRANSPORT_UDP;
*transport = AST_TRANSPORT_UDP;
} else if (lineno) {
ast_log(LOG_NOTICE, "'%.3s' is not a valid transport type on line %d of sip.conf. defaulting to udp.\n", line, lineno);
} else {
@ -665,7 +665,7 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s
}
} else {
*hostname = line;
*transport = SIP_TRANSPORT_UDP;
*transport = AST_TRANSPORT_UDP;
}
if ((line = strrchr(*hostname, '@')))
@ -695,7 +695,7 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s
}
if (!port) {
if (*transport & SIP_TRANSPORT_TLS) {
if (*transport & AST_TRANSPORT_TLS) {
*portnum = STANDARD_TLS_PORT;
} else {
*portnum = STANDARD_SIP_PORT;
@ -710,7 +710,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
int res = AST_TEST_PASS;
char *host;
int port;
enum sip_transport transport;
enum ast_transport transport;
char host1[] = "www.blah.com";
char host2[] = "tcp://www.blah.com";
char host3[] = "tls://10.10.10.10";
@ -734,7 +734,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
sip_parse_host(host1, 1, &host, &port, &transport);
if (port != STANDARD_SIP_PORT ||
ast_strlen_zero(host) || strcmp(host, "www.blah.com") ||
transport != SIP_TRANSPORT_UDP) {
transport != AST_TRANSPORT_UDP) {
ast_test_status_update(test, "Test 1: simple host failed.\n");
res = AST_TEST_FAIL;
}
@ -743,7 +743,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
sip_parse_host(host2, 1, &host, &port, &transport);
if (port != STANDARD_SIP_PORT ||
ast_strlen_zero(host) || strcmp(host, "www.blah.com") ||
transport != SIP_TRANSPORT_TCP) {
transport != AST_TRANSPORT_TCP) {
ast_test_status_update(test, "Test 2: tcp host failed.\n");
res = AST_TEST_FAIL;
}
@ -752,7 +752,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
sip_parse_host(host3, 1, &host, &port, &transport);
if (port != STANDARD_TLS_PORT ||
ast_strlen_zero(host) || strcmp(host, "10.10.10.10") ||
transport != SIP_TRANSPORT_TLS) {
transport != AST_TRANSPORT_TLS) {
ast_test_status_update(test, "Test 3: tls host failed. \n");
res = AST_TEST_FAIL;
}
@ -761,7 +761,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
sip_parse_host(host4, 1, &host, &port, &transport);
if (port != 1234 || ast_strlen_zero(host) ||
strcmp(host, "10.10.10.10") ||
transport != SIP_TRANSPORT_TLS) {
transport != AST_TRANSPORT_TLS) {
ast_test_status_update(test, "Test 4: tls host with custom port failed.\n");
res = AST_TEST_FAIL;
}
@ -770,7 +770,7 @@ AST_TEST_DEFINE(sip_parse_host_line_test)
sip_parse_host(host5, 1, &host, &port, &transport);
if (port != 1234 || ast_strlen_zero(host) ||
strcmp(host, "10.10.10.10") ||
transport != SIP_TRANSPORT_UDP) {
transport != AST_TRANSPORT_UDP) {
ast_test_status_update(test, "Test 5: simple host with custom port failed.\n");
res = AST_TEST_FAIL;
}

2
channels/sip/dialplan_functions.c
View File

@ -226,7 +226,7 @@ int sip_acf_channel_read(struct ast_channel *chan, const char *funcname, char *p
return -1;
}
} else if (!strcasecmp(args.param, "secure_signaling")) {
snprintf(buf, buflen, "%s", p->socket.type == SIP_TRANSPORT_TLS ? "1" : "");
snprintf(buf, buflen, "%s", p->socket.type == AST_TRANSPORT_TLS ? "1" : "");
} else if (!strcasecmp(args.param, "secure_media")) {
snprintf(buf, buflen, "%s", p->srtp ? "1" : "");
} else {

2
channels/sip/include/config_parser.h
View File

@ -41,7 +41,7 @@ int sip_parse_register_line(struct sip_registry *reg, int default_expiry, const
* \retval 0 on success
* \retval -1 on failure
*/
int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum sip_transport *transport);
int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum ast_transport *transport);
/*! \brief Parse the comma-separated nat= option values
* \param value The comma-separated value

28
channels/sip/include/sip.h
View File

@ -37,6 +37,7 @@
#include "asterisk/features.h"
#include "asterisk/http_websocket.h"
#include "asterisk/rtp_engine.h"
#include "asterisk/netsock2.h"
#ifndef FALSE
#define FALSE 0
@ -571,17 +572,6 @@ enum st_refresher_param {
SESSION_TIMER_REFRESHER_PARAM_UAS,
};
/*! \brief Define some implemented SIP transports
\note Asterisk does not support SCTP or UDP/DTLS
*/
enum sip_transport {
SIP_TRANSPORT_UDP = 1, /*!< Unreliable transport for SIP, needs retransmissions */
SIP_TRANSPORT_TCP = 1 << 1, /*!< Reliable, but unsecure */
SIP_TRANSPORT_TLS = 1 << 2, /*!< TCP/TLS - reliable and secure transport for signalling */
SIP_TRANSPORT_WS = 1 << 3, /*!< WebSocket, unsecure */
SIP_TRANSPORT_WSS = 1 << 4, /*!< WebSocket, secure */
};
/*! \brief Automatic peer registration behavior
*/
enum autocreatepeer_mode {
@ -713,7 +703,7 @@ struct sip_proxy {
struct ast_sockaddr ip; /*!< Currently used IP address and port */
int port;
time_t last_dnsupdate; /*!< When this was resolved */
enum sip_transport transport;
enum ast_transport transport;
int force; /*!< If it's an outbound proxy, Force use of this outbound proxy for all outbound requests */
/* Room for a SRV record chain based on the name */
};
@ -782,7 +772,7 @@ struct sip_settings {
/*! \brief The SIP socket definition */
struct sip_socket {
enum sip_transport type; /*!< UDP, TCP or TLS */
enum ast_transport type; /*!< UDP, TCP or TLS */
int fd; /*!< Filed descriptor, the actual socket */
uint16_t port;
struct ast_tcptls_session_instance *tcptls_session; /* If tcp or tls, a socket manager */
@ -1305,10 +1295,10 @@ struct sip_peer {
AST_STRING_FIELD(callback); /*!< Callback extension */
);
struct sip_socket socket; /*!< Socket used for this peer */
enum sip_transport default_outbound_transport; /*!< Peer Registration may change the default outbound transport.
enum ast_transport default_outbound_transport; /*!< Peer Registration may change the default outbound transport.
If register expires, default should be reset. to this value */
/* things that don't belong in flags */
unsigned short transports:5; /*!< Transports (enum sip_transport) that are acceptable for this peer */
unsigned short transports:5; /*!< Transports (enum ast_transport) that are acceptable for this peer */
unsigned short is_realtime:1; /*!< this is a 'realtime' peer */
unsigned short rt_fromcontact:1;/*!< copy fromcontact from realtime */
unsigned short host_dynamic:1; /*!< Dynamic Peers register with Asterisk */
@ -1414,7 +1404,7 @@ struct sip_registry {
AST_STRING_FIELD(callback); /*!< Contact extension */
AST_STRING_FIELD(peername); /*!< Peer registering to */
);
enum sip_transport transport; /*!< Transport for this registration UDP, TCP or TLS */
enum ast_transport transport; /*!< Transport for this registration UDP, TCP or TLS */
int portno; /*!< Optional port override */
int regdomainport; /*!< Port override for domainport */
int expire; /*!< Sched ID of expiration */
@ -1446,7 +1436,7 @@ struct sip_threadinfo {
int alert_pipe[2]; /*! Used to alert tcptls thread when packet is ready to be written */
pthread_t threadid;
struct ast_tcptls_session_instance *tcptls_session;
enum sip_transport type; /*!< We keep a copy of the type here so we can display it in the connection list */
enum ast_transport type; /*!< We keep a copy of the type here so we can display it in the connection list */
AST_LIST_HEAD_NOLOCK(, tcptls_packet) packet_q;
};
@ -1464,7 +1454,7 @@ struct sip_subscription_mwi {
AST_STRING_FIELD(secret); /*!< Password in clear text */
AST_STRING_FIELD(mailbox); /*!< Mailbox store to put MWI into */
);
enum sip_transport transport; /*!< Transport to use */
enum ast_transport transport; /*!< Transport to use */
int portno; /*!< Optional port override */
int resub; /*!< Sched ID of resubscription */
unsigned int subscribed:1; /*!< Whether we are currently subscribed or not */
@ -1922,7 +1912,7 @@ AST_THREADSTORAGE(check_auth_buf);
struct sip_peer *sip_find_peer(const char *peer, struct ast_sockaddr *addr, int realtime, int which_objects, int devstate_only, int transport);
void sip_auth_headers(enum sip_auth_type code, char **header, char **respheader);
const char *sip_get_header(const struct sip_request *req, const char *name);
const char *sip_get_transport(enum sip_transport t);
const char *sip_get_transport(enum ast_transport t);
#ifdef REF_DEBUG
#define sip_ref_peer(arg1,arg2) _ref_peer((arg1),(arg2), __FILE__, __LINE__, __PRETTY_FUNCTION__)

17
channels/sip/security_events.c
View File

@ -39,22 +39,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
/*! \brief Determine transport type used to receive request*/
static enum ast_security_event_transport_type security_event_get_transport(const struct sip_pvt *p)
static enum ast_transport security_event_get_transport(const struct sip_pvt *p)
{
int res = 0;
switch (p->socket.type) {
case SIP_TRANSPORT_UDP:
return AST_SECURITY_EVENT_TRANSPORT_UDP;
case SIP_TRANSPORT_TCP:
case SIP_TRANSPORT_WS:
return AST_SECURITY_EVENT_TRANSPORT_TCP;
case SIP_TRANSPORT_TLS:
case SIP_TRANSPORT_WSS:
return AST_SECURITY_EVENT_TRANSPORT_TLS;
}
return res;
return p->socket.type;
}
void sip_report_invalid_peer(const struct sip_pvt *p)

16
include/asterisk/acl.h
View File

@ -386,20 +386,14 @@ int ast_named_acl_init(void);
int ast_named_acl_reload(void);
/*!
* \brief accessor for the ACL stasis topic
* \brief a \ref stasis_message_type for changes against a named ACL or the set of all named ACLs
* \since 12
*
* \retval NULL if the stasis topic hasn't been created or has been disabled
* \retval a pointer to the ACL stasis topic
*/
struct stasis_topic *ast_acl_topic(void);
/*!
* \brief accessor for the named ACL change stasis message type
* \since 12
* \retval NULL on error
* \retval \ref stasis_message_type for named ACL changes
*
* \retval NULL if the ACL change message type hasn't been created or has been canceled
* \retval a pointer to the ACL change message type
* \note Messages of this type should always be issued on and expected from the
* \ref ast_security_topic \ref stasis_topic
*/
struct stasis_message_type *ast_named_acl_change_type(void);

14
include/asterisk/json.h
View File

@ -19,6 +19,8 @@
#ifndef _ASTERISK_JSON_H
#define _ASTERISK_JSON_H
#include "asterisk/netsock2.h"
/*! \file
*
* \brief Asterisk JSON abstraction layer.
@ -862,6 +864,18 @@ struct ast_json *ast_json_name_number(const char *name, const char *number);
*/
struct ast_json *ast_json_timeval(const struct timeval tv, const char *zone);
/*!
* \brief Construct an IP address as JSON
*
* XXX some comments describing the need for this here
*
* \param addr ast_sockaddr to encode
* \param transport_type ast_transport to include in the address string if any. Should just be one.
* \return JSON string containing the IP address with optional transport information
* \return \c NULL on error.
*/
struct ast_json *ast_json_ipaddr(const struct ast_sockaddr *addr, enum ast_transport transport_type);
/*!
* \brief Construct a context/exten/priority as JSON.
*

8
include/asterisk/netsock2.h
View File

@ -42,6 +42,14 @@ enum {
AST_AF_INET6 = 10,
};
enum ast_transport {
AST_TRANSPORT_UDP = 1,
AST_TRANSPORT_TCP = 1 << 1,
AST_TRANSPORT_TLS = 1 << 2,
AST_TRANSPORT_WS = 1 << 3,
AST_TRANSPORT_WSS = 1 << 4,
};
/*!
* \brief Socket address structure.
*

12
include/asterisk/res_sip.h
View File

@ -68,16 +68,6 @@ struct ast_sip_domain_alias {
);
};
/*!
* \brief Types of supported transports
*/
enum ast_sip_transport_type {
AST_SIP_TRANSPORT_UDP,
AST_SIP_TRANSPORT_TCP,
AST_SIP_TRANSPORT_TLS,
/* XXX Websocket ? */
};
/*! \brief Maximum number of ciphers supported for a TLS transport */
#define SIP_TLS_MAX_CIPHERS 64
@ -104,7 +94,7 @@ struct ast_sip_transport {
AST_STRING_FIELD(domain);
);
/*! Type of transport */
enum ast_sip_transport_type type;
enum ast_transport type;
/*! Address and port to bind to */
pj_sockaddr host;
/*! Number of simultaneous asynchronous operations */

36
include/asterisk/security_events.h
View File

@ -56,6 +56,42 @@ struct ast_security_event_ie_type {
size_t offset;
};
/*!
* \brief A \ref stasis_topic which publishes messages for security related issues.
* \since 12
*
* \retval \ref stasis_topic for security related issues.
* \retval NULL on error
*/
struct stasis_topic *ast_security_topic(void);
/*!
* \brief A \ref stasis_message_type for security events
* \since 12
*
* \retval NULL on error
* \retval \ref stasis_message_type for security events
*
* \note Messages of this type should always be issued on and expected from
* the \ref ast_security_topic \ref stasis_topic
*/
struct stasis_message_type *ast_security_event_type(void);
/*!
* \brief initializes stasis topic/event types for \ref ast_security_topic and \ref ast_security_event_type
* \since 12
*
* \retval 0 on success
* \retval -1 on failure
*/
int ast_security_stasis_init(void);
/*!
* \brief removes stasis topic/event types for \ref ast_security_topic and \ref ast_security_event_type
* \since 12
*/
void ast_security_stasis_cleanup(void);
/*!
* \brief Get the list of required IEs for a given security event sub-type
*

12
include/asterisk/security_events_defs.h
View File

@ -28,6 +28,7 @@
#define __AST_SECURITY_EVENTS_DEFS_H__
#include "asterisk/network.h"
#include "asterisk/netsock2.h"
#if defined(__cplusplus) || defined(c_plusplus)
extern "C" {
@ -140,20 +141,11 @@ enum ast_security_event_severity {
AST_SECURITY_EVENT_SEVERITY_ERROR = (1 << 1),
};
/*!
* \brief Transport types
*/
enum ast_security_event_transport_type {
AST_SECURITY_EVENT_TRANSPORT_UDP,
AST_SECURITY_EVENT_TRANSPORT_TCP,
AST_SECURITY_EVENT_TRANSPORT_TLS,
};
#define AST_SEC_EVT(e) ((struct ast_security_event_common *) e)
struct ast_security_event_ip_addr {
const struct ast_sockaddr *addr;
enum ast_security_event_transport_type transport;
enum ast_transport transport;
};
/*!

7
main/asterisk.c
View File

@ -242,6 +242,7 @@ int daemon(int, int); /* defined in libresolv of all places */
#include "asterisk/sorcery.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"
#include "asterisk/stasis_endpoints.h"
#include "../defaults.h"
@ -4263,6 +4264,12 @@ int main(int argc, char *argv[])
exit(1);
}
if (ast_security_stasis_init()) { /* Initialize Security Stasis Topic and Events */
ast_security_stasis_cleanup();
printf("%s", term_quit());
exit(1);
}
if (ast_named_acl_init()) { /* Initialize the Named ACL system */
printf("%s", term_quit());
exit(1);

44
main/json.c
View File

@ -527,6 +527,50 @@ struct ast_json *ast_json_timeval(const struct timeval tv, const char *zone)
return ast_json_string_create(buf);
}
struct ast_json *ast_json_ipaddr(const struct ast_sockaddr *addr, enum ast_transport transport_type)
{
struct ast_str *string = ast_str_alloca(64);
if (!string) {
return NULL;
}
ast_str_set(&string, 0, (ast_sockaddr_is_ipv4(addr) ||
ast_sockaddr_is_ipv4_mapped(addr)) ? "IPV4/" : "IPV6/");
if (transport_type) {
char *transport_string = NULL;
/* NOTE: None will be applied if multiple transport types are specified in transport_type */
switch(transport_type) {
case AST_TRANSPORT_UDP:
transport_string = "UDP";
break;
case AST_TRANSPORT_TCP:
transport_string = "TCP";
break;
case AST_TRANSPORT_TLS:
transport_string = "TLS";
break;
case AST_TRANSPORT_WS:
transport_string = "WS";
break;
case AST_TRANSPORT_WSS:
transport_string = "WSS";
break;
}
if (transport_string) {
ast_str_append(&string, 0, "%s/", transport_string);
}
}
ast_str_append(&string, 0, "%s", ast_sockaddr_stringify_addr(addr));
ast_str_append(&string, 0, "/%s", ast_sockaddr_stringify_port(addr));
return ast_json_string_create(ast_str_buffer(string));
}
void ast_json_init(void)
{
/* Setup to use Asterisk custom allocators */

8
main/manager.c
View File

@ -1070,7 +1070,7 @@ static void acl_change_stasis_cb(void *data, struct stasis_subscription *sub, st
static void acl_change_stasis_subscribe(void)
{
if (!acl_change_sub) {
acl_change_sub = stasis_subscribe(ast_acl_topic(),
acl_change_sub = stasis_subscribe(ast_security_topic(),
acl_change_stasis_cb, NULL);
}
}
@ -2361,10 +2361,10 @@ static int set_eventmask(struct mansession *s, const char *eventmask)
return maskint;
}
static enum ast_security_event_transport_type mansession_get_transport(const struct mansession *s)
static enum ast_transport mansession_get_transport(const struct mansession *s)
{
return s->tcptls_session->parent->tls_cfg ? AST_SECURITY_EVENT_TRANSPORT_TLS :
AST_SECURITY_EVENT_TRANSPORT_TCP;
return s->tcptls_session->parent->tls_cfg ? AST_TRANSPORT_TLS :
AST_TRANSPORT_TCP;
}
static void report_invalid_user(const struct mansession *s, const char *username)

20
main/named_acl.c
View File

@ -41,6 +41,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/paths.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"
#define NACL_CONFIG "acl.conf"
#define ACL_FAMILY "acls"
@ -356,16 +357,11 @@ struct ast_ha *ast_named_acl_find(const char *name, int *is_realtime, int *is_un
return ha;
}
/*! \brief Topic for ACLs */
static struct stasis_topic *acl_topic;
/*! \brief Message type for named ACL changes */
STASIS_MESSAGE_TYPE_DEFN(ast_named_acl_change_type);
static void acl_stasis_shutdown(void)
{
ao2_cleanup(acl_topic);
acl_topic = NULL;
STASIS_MESSAGE_TYPE_CLEANUP(ast_named_acl_change_type);
}
@ -376,22 +372,16 @@ static void acl_stasis_shutdown(void)
static void ast_acl_stasis_init(void)
{
ast_register_atexit(acl_stasis_shutdown);
acl_topic = stasis_topic_create("ast_acl");
STASIS_MESSAGE_TYPE_INIT(ast_named_acl_change_type);
}
struct stasis_topic *ast_acl_topic(void)
{
return acl_topic;
}
/*!
* \internal
* \brief Sends a stasis message corresponding to a given named ACL that has changed or
* that all ACLs have been updated and old copies must be refreshed. Consumers of
* named ACLs should subscribe to the ast_acl_topic and respond to messages of the
* ast_named_acl_change_type stasis message type in order to be able to accomodate
* changes to named ACLs.
* named ACLs should subscribe to the ast_security_topic and respond to messages
* of the ast_named_acl_change_type stasis message type in order to be able to
* accommodate changes to named ACLs.
*
* \param name Name of the ACL that has changed. May be an empty string (but not NULL)
* If name is an empty string, then all ACLs must be refreshed.
@ -423,7 +413,7 @@ static int publish_acl_change(const char *name)
goto publish_failure;
}
stasis_publish(ast_acl_topic(), msg);
stasis_publish(ast_security_topic(), msg);
return 0;

233
main/security_events.c
View File

@ -37,9 +37,49 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/network.h"
#include "asterisk/security_events.h"
#include "asterisk/netsock2.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/astobj2.h"
static const size_t TIMESTAMP_STR_LEN = 32;
/*! \brief Security Topic */
static struct stasis_topic *security_topic;
struct stasis_topic *ast_security_topic(void)
{
return security_topic;
}
/*! \brief Message type for security events */
STASIS_MESSAGE_TYPE_DEFN(ast_security_event_type);
int ast_security_stasis_init(void)
{
security_topic = stasis_topic_create("ast_security");
if (!security_topic) {
return -1;
}
if (STASIS_MESSAGE_TYPE_INIT(ast_security_event_type)) {
return -1;
}
if (ast_register_atexit(ast_security_stasis_cleanup)) {
return -1;
}
return 0;
}
void ast_security_stasis_cleanup(void)
{
STASIS_MESSAGE_TYPE_CLEANUP(ast_security_event_type);
ao2_cleanup(security_topic);
security_topic = NULL;
}
static const struct {
const char *name;
uint32_t version;
@ -464,72 +504,17 @@ const struct ast_security_event_ie_type *ast_security_event_get_optional_ies(
return sec_events[event_type].optional_ies;
}
static void encode_timestamp(struct ast_str **str, const struct timeval *tv)
{
ast_str_set(str, 0, "%u-%u",
(unsigned int) tv->tv_sec,
(unsigned int) tv->tv_usec);
}
static struct ast_event *alloc_event(const struct ast_security_event_common *sec)
{
struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
struct timeval tv = ast_tvnow();
const char *severity_str;
if (check_event_type(sec->event_type)) {
return NULL;
}
encode_timestamp(&str, &tv);
severity_str = S_OR(
ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
"Unknown"
);
return ast_event_new(AST_EVENT_SECURITY,
AST_EVENT_IE_SECURITY_EVENT, AST_EVENT_IE_PLTYPE_UINT, sec->event_type,
AST_EVENT_IE_EVENT_VERSION, AST_EVENT_IE_PLTYPE_UINT, sec->version,
AST_EVENT_IE_EVENT_TV, AST_EVENT_IE_PLTYPE_STR, ast_str_buffer(str),
AST_EVENT_IE_SERVICE, AST_EVENT_IE_PLTYPE_STR, sec->service,
AST_EVENT_IE_SEVERITY, AST_EVENT_IE_PLTYPE_STR, severity_str,
AST_EVENT_IE_END);
}
static int add_timeval_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
const struct timeval *tv)
{
struct ast_str *str = ast_str_alloca(TIMESTAMP_STR_LEN);
encode_timestamp(&str, tv);
return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
}
static int add_ip_ie(struct ast_event **event, enum ast_event_ie_type ie_type,
static int add_ip_json_object(struct ast_json *json, enum ast_event_ie_type ie_type,
const struct ast_security_event_ip_addr *addr)
{
struct ast_str *str = ast_str_alloca(64);
struct ast_json *json_ip;
ast_str_set(&str, 0, (ast_sockaddr_is_ipv4(addr->addr) || ast_sockaddr_is_ipv4_mapped(addr->addr)) ? "IPV4/" : "IPV6/");
switch (addr->transport) {
case AST_SECURITY_EVENT_TRANSPORT_UDP:
ast_str_append(&str, 0, "UDP/");
break;
case AST_SECURITY_EVENT_TRANSPORT_TCP:
ast_str_append(&str, 0, "TCP/");
break;
case AST_SECURITY_EVENT_TRANSPORT_TLS:
ast_str_append(&str, 0, "TLS/");
break;
json_ip = ast_json_ipaddr(addr->addr, addr->transport);
if (!json_ip) {
return -1;
}
ast_str_append(&str, 0, "%s", ast_sockaddr_stringify_addr(addr->addr));
ast_str_append(&str, 0, "/%s", ast_sockaddr_stringify_port(addr->addr));
return ast_event_append_ie_str(event, ie_type, ast_str_buffer(str));
return ast_json_object_set(json, ast_event_get_ie_type_name(ie_type), json_ip);
}
enum ie_required {
@ -537,7 +522,7 @@ enum ie_required {
REQUIRED
};
static int add_ie(struct ast_event **event, const struct ast_security_event_common *sec,
static int add_json_object(struct ast_json *json, const struct ast_security_event_common *sec,
const struct ast_security_event_ie_type *ie_type, enum ie_required req)
{
int res = 0;
@ -559,6 +544,7 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
case AST_EVENT_IE_ATTEMPTED_TRANSPORT:
{
const char *str;
struct ast_json *json_string;
str = *((const char **)(((const char *) sec) + ie_type->offset));
@ -567,20 +553,36 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
"type '%d' not present\n", ie_type->ie_type,
sec->event_type);
res = -1;
break;
}
if (str) {
res = ast_event_append_ie_str(event, ie_type->ie_type, str);
if (!str) {
break;
}
json_string = ast_json_string_create(str);
if (!json_string) {
res = -1;
break;
}
res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
break;
}
case AST_EVENT_IE_EVENT_VERSION:
case AST_EVENT_IE_USING_PASSWORD:
{
struct ast_json *json_string;
uint32_t val;
val = *((const uint32_t *)(((const char *) sec) + ie_type->offset));
res = ast_event_append_ie_uint(event, ie_type->ie_type, val);
json_string = ast_json_stringf("%d", val);
if (!json_string) {
res = -1;
break;
}
res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_string);
break;
}
case AST_EVENT_IE_LOCAL_ADDR:
@ -599,8 +601,9 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
}
if (addr->addr) {
res = add_ip_ie(event, ie_type->ie_type, addr);
res = add_ip_json_object(json, ie_type->ie_type, addr);
}
break;
}
case AST_EVENT_IE_SESSION_TV:
@ -617,7 +620,12 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
}
if (tval) {
add_timeval_ie(event, ie_type->ie_type, tval);
struct ast_json *json_tval = ast_json_timeval(*tval, NULL);
if (!json_tval) {
res = -1;
break;
}
res = ast_json_object_set(json, ast_event_get_ie_type_name(ie_type->ie_type), json_tval);
}
break;
@ -635,20 +643,78 @@ static int add_ie(struct ast_event **event, const struct ast_security_event_comm
return res;
}
static struct ast_json *alloc_security_event_json_object(const struct ast_security_event_common *sec)
{
struct timeval tv = ast_tvnow();
const char *severity_str;
struct ast_json *json_temp;
RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
if (!json_object) {
return NULL;
}
/* NOTE: Every time ast_json_object_set is used, json_temp becomes a stale pointer since the reference is taken.
* This is true even if ast_json_object_set fails.
*/
/* AST_EVENT_IE_SECURITY_EVENT */
json_temp = ast_json_integer_create(sec->event_type);
if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SECURITY_EVENT), json_temp)) {
return NULL;
}
/* AST_EVENT_IE_EVENT_VERSION */
json_temp = ast_json_stringf("%d", sec->version);
if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_VERSION), json_temp)) {
return NULL;
}
/* AST_EVENT_IE_EVENT_TV */
json_temp = ast_json_timeval(tv, NULL);
if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_EVENT_TV), json_temp)) {
return NULL;
}
/* AST_EVENT_IE_SERVICE */
json_temp = ast_json_string_create(sec->service);
if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SERVICE), json_temp)) {
return NULL;
}
/* AST_EVENT_IE_SEVERITY */
severity_str = S_OR(
ast_security_event_severity_get_name(sec_events[sec->event_type].severity),
"Unknown"
);
json_temp = ast_json_string_create(severity_str);
if (!json_temp || ast_json_object_set(json_object, ast_event_get_ie_type_name(AST_EVENT_IE_SEVERITY), json_temp)) {
return NULL;
}
return ast_json_ref(json_object);
}
static int handle_security_event(const struct ast_security_event_common *sec)
{
struct ast_event *event;
RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
RAII_VAR(struct ast_json *, json_object, NULL, ast_json_unref);
const struct ast_security_event_ie_type *ies;
unsigned int i;
if (!(event = alloc_event(sec))) {
json_object = alloc_security_event_json_object(sec);
if (!json_object) {
return -1;
}
for (ies = ast_security_event_get_required_ies(sec->event_type), i = 0;
ies[i].ie_type != AST_EVENT_IE_END;
i++) {
if (add_ie(&event, sec, ies + i, REQUIRED)) {
if (add_json_object(json_object, sec, ies + i, REQUIRED)) {
goto return_error;
}
}
@ -656,30 +722,32 @@ static int handle_security_event(const struct ast_security_event_common *sec)
for (ies = ast_security_event_get_optional_ies(sec->event_type), i = 0;
ies[i].ie_type != AST_EVENT_IE_END;
i++) {
if (add_ie(&event, sec, ies + i, NOT_REQUIRED)) {
if (add_json_object(json_object, sec, ies + i, NOT_REQUIRED)) {
goto return_error;
}
}
if (ast_event_queue(event)) {
/* The json blob is ready. Throw it in the payload and send it out over stasis. */
if (!(json_payload = ast_json_payload_create(json_object))) {
goto return_error;
}
msg = stasis_message_create(ast_security_event_type(), json_payload);
if (!msg) {
goto return_error;
}
stasis_publish(ast_security_topic(), msg);
return 0;
return_error:
if (event) {
ast_event_destroy(event);
}
return -1;
}
int ast_security_event_report(const struct ast_security_event_common *sec)
{
int res;
if (sec->event_type < 0 || sec->event_type >= AST_SECURITY_EVENT_NUM_TYPES) {
ast_log(LOG_ERROR, "Invalid security event type\n");
return -1;
@ -697,9 +765,12 @@ int ast_security_event_report(const struct ast_security_event_common *sec)
return -1;
}
res = handle_security_event(sec);
if (handle_security_event(sec)) {
ast_log(LOG_ERROR, "Failed to issue security event of type %s.\n",
ast_security_event_get_name(sec->event_type));
}
return res;
return 0;
}

95
res/res_security_log.c
View File

@ -37,16 +37,17 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$");
#include "asterisk/module.h"
#include "asterisk/logger.h"
#include "asterisk/event.h"
#include "asterisk/threadstorage.h"
#include "asterisk/strings.h"
#include "asterisk/security_events.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
static const char LOG_SECURITY_NAME[] = "SECURITY";
static int LOG_SECURITY;
static struct ast_event_sub *security_event_sub;
static struct stasis_subscription *security_stasis_sub;
AST_THREADSTORAGE(security_event_buf);
static const size_t SECURITY_EVENT_BUF_INIT_LEN = 256;
@ -56,93 +57,89 @@ enum ie_required {
REQUIRED
};
static int ie_is_present(const struct ast_event *event,
const enum ast_event_ie_type ie_type)
{
return (ast_event_get_ie_raw(event, ie_type) != NULL);
}
static void append_ie(struct ast_str **str, const struct ast_event *event,
static void append_json_single(struct ast_str **str, struct ast_json *json,
const enum ast_event_ie_type ie_type, enum ie_required required)
{
if (!required && !ie_is_present(event, ie_type)) {
/* Optional IE isn't present. Ignore. */
const char *ie_type_key = ast_event_get_ie_type_name(ie_type);
struct ast_json *json_string;
json_string = ast_json_object_get(json, ie_type_key);
if (!required && !json_string) {
/* Optional IE isn't present. Ignore. */
return;
}
/* At this point, it _better_ be there! */
ast_assert(ie_is_present(event, ie_type));
ast_assert(json_string != NULL);
switch (ast_event_get_ie_pltype(ie_type)) {
case AST_EVENT_IE_PLTYPE_UINT:
ast_str_append(str, 0, ",%s=\"%u\"",
ast_event_get_ie_type_name(ie_type),
ast_event_get_ie_uint(event, ie_type));
break;
case AST_EVENT_IE_PLTYPE_STR:
ast_str_append(str, 0, ",%s=\"%s\"",
ast_event_get_ie_type_name(ie_type),
ast_event_get_ie_str(event, ie_type));
break;
case AST_EVENT_IE_PLTYPE_BITFLAGS:
ast_str_append(str, 0, ",%s=\"%u\"",
ast_event_get_ie_type_name(ie_type),
ast_event_get_ie_bitflags(event, ie_type));
break;
case AST_EVENT_IE_PLTYPE_UNKNOWN:
case AST_EVENT_IE_PLTYPE_EXISTS:
case AST_EVENT_IE_PLTYPE_RAW:
ast_log(LOG_WARNING, "Unexpected payload type for IE '%s'\n",
ast_event_get_ie_type_name(ie_type));
break;
}
ast_str_append(str, 0, ",%s=\"%s\"",
ie_type_key,
ast_json_string_get(json_string));
}
static void append_ies(struct ast_str **str, const struct ast_event *event,
static void append_json(struct ast_str **str, struct ast_json *json,
const struct ast_security_event_ie_type *ies, enum ie_required required)
{
unsigned int i;
for (i = 0; ies[i].ie_type != AST_EVENT_IE_END; i++) {
append_ie(str, event, ies[i].ie_type, required);
append_json_single(str, json, ies[i].ie_type, required);
}
}
static void security_event_cb(const struct ast_event *event, void *data)
static void security_event_stasis_cb(struct ast_json *json)
{
struct ast_str *str;
struct ast_json *event_type_json;
enum ast_security_event_type event_type;
event_type_json = ast_json_object_get(json, "SecurityEvent");
event_type = ast_json_integer_get(event_type_json);
ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES);
if (!(str = ast_str_thread_get(&security_event_buf,
SECURITY_EVENT_BUF_INIT_LEN))) {
return;
}
/* Note that the event type is guaranteed to be valid here. */
event_type = ast_event_get_ie_uint(event, AST_EVENT_IE_SECURITY_EVENT);
ast_assert(event_type >= 0 && event_type < AST_SECURITY_EVENT_NUM_TYPES);
ast_str_set(&str, 0, "%s=\"%s\"",
ast_event_get_ie_type_name(AST_EVENT_IE_SECURITY_EVENT),
ast_security_event_get_name(event_type));
append_ies(&str, event,
append_json(&str, json,
ast_security_event_get_required_ies(event_type), REQUIRED);
append_ies(&str, event,
append_json(&str, json,
ast_security_event_get_optional_ies(event_type), NOT_REQUIRED);
ast_log_dynamic_level(LOG_SECURITY, "%s\n", ast_str_buffer(str));
}
static void security_stasis_cb(void *data, struct stasis_subscription *sub,
struct stasis_topic *topic, struct stasis_message *message)
{
struct ast_json_payload *payload = stasis_message_data(message);
if (stasis_message_type(message) != ast_security_event_type()) {
return;
}
if (!payload) {
return;
}
security_event_stasis_cb(payload->json);
}
static int load_module(void)
{
if ((LOG_SECURITY = ast_logger_register_level(LOG_SECURITY_NAME)) == -1) {
return AST_MODULE_LOAD_DECLINE;
}
if (!(security_event_sub = ast_event_subscribe(AST_EVENT_SECURITY,
security_event_cb, "Security Event Logger",
NULL, AST_EVENT_IE_END))) {
if (!(security_stasis_sub = stasis_subscribe(ast_security_topic(), security_stasis_cb, NULL))) {
ast_logger_unregister_level(LOG_SECURITY_NAME);
LOG_SECURITY = -1;
return AST_MODULE_LOAD_DECLINE;
@ -155,8 +152,8 @@ static int load_module(void)
static int unload_module(void)
{
if (security_event_sub) {
security_event_sub = ast_event_unsubscribe(security_event_sub);
if (security_stasis_sub) {
security_stasis_sub = stasis_unsubscribe(security_stasis_sub);
}
ast_verb(3, "Security Logging Disabled\n");

4
res/res_sip.c
View File

@ -315,10 +315,10 @@ static int sip_get_tpselector_from_endpoint(const struct ast_sip_endpoint *endpo
return -1;
}
if (transport->type == AST_SIP_TRANSPORT_UDP) {
if (transport->type == AST_TRANSPORT_UDP) {
selector->type = PJSIP_TPSELECTOR_TRANSPORT;
selector->u.transport = transport->state->transport;
} else if (transport->type == AST_SIP_TRANSPORT_TCP || transport->type == AST_SIP_TRANSPORT_TLS) {
} else if (transport->type == AST_TRANSPORT_TCP || transport->type == AST_TRANSPORT_TLS) {
selector->type = PJSIP_TPSELECTOR_LISTENER;
selector->u.listener = transport->state->factory;
} else {

14
res/res_sip/config_transport.c
View File

@ -103,7 +103,7 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
/* Set default port if not present */
if (!pj_sockaddr_get_port(&transport->host)) {
pj_sockaddr_set_port(&transport->host, (transport->type == AST_SIP_TRANSPORT_TLS) ? 5061 : 5060);
pj_sockaddr_set_port(&transport->host, (transport->type == AST_TRANSPORT_TLS) ? 5061 : 5060);
}
/* Now that we know what address family we can set up a dnsmgr refresh for the external media address if present */
@ -124,13 +124,13 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
}
}
if (transport->type == AST_SIP_TRANSPORT_UDP) {
if (transport->type == AST_TRANSPORT_UDP) {
if (transport->host.addr.sa_family == pj_AF_INET()) {
res = pjsip_udp_transport_start(ast_sip_get_pjsip_endpoint(), &transport->host.ipv4, NULL, transport->async_operations, &transport->state->transport);
} else if (transport->host.addr.sa_family == pj_AF_INET6()) {
res = pjsip_udp_transport_start6(ast_sip_get_pjsip_endpoint(), &transport->host.ipv6, NULL, transport->async_operations, &transport->state->transport);
}
} else if (transport->type == AST_SIP_TRANSPORT_TCP) {
} else if (transport->type == AST_TRANSPORT_TCP) {
pjsip_tcp_transport_cfg cfg;
pjsip_tcp_transport_cfg_default(&cfg, transport->host.addr.sa_family);
@ -138,7 +138,7 @@ static int transport_apply(const struct ast_sorcery *sorcery, void *obj)
cfg.async_cnt = transport->async_operations;
res = pjsip_tcp_transport_start3(ast_sip_get_pjsip_endpoint(), &cfg, &transport->state->factory);
} else if (transport->type == AST_SIP_TRANSPORT_TLS) {
} else if (transport->type == AST_TRANSPORT_TLS) {
transport->tls.ca_list_file = pj_str((char*)transport->ca_list_file);
transport->tls.cert_file = pj_str((char*)transport->cert_file);
transport->tls.privkey_file = pj_str((char*)transport->privkey_file);
@ -163,11 +163,11 @@ static int transport_protocol_handler(const struct aco_option *opt, struct ast_v
struct ast_sip_transport *transport = obj;
if (!strcasecmp(var->value, "udp")) {
transport->type = AST_SIP_TRANSPORT_UDP;
transport->type = AST_TRANSPORT_UDP;
} else if (!strcasecmp(var->value, "tcp")) {
transport->type = AST_SIP_TRANSPORT_TCP;
transport->type = AST_TRANSPORT_TCP;
} else if (!strcasecmp(var->value, "tls")) {
transport->type = AST_SIP_TRANSPORT_TLS;
transport->type = AST_TRANSPORT_TLS;
} else {
/* TODO: Implement websockets */
return -1;

10
res/res_sip_nat.c
View File

@ -58,7 +58,7 @@ static pj_bool_t nat_on_rx_request(pjsip_rx_data *rdata)
/*! \brief Structure which contains information about a transport */
struct request_transport_details {
/*! \brief Type of transport */
enum ast_sip_transport_type type;
enum ast_transport type;
/*! \brief Potential pointer to the transport itself, if UDP */
pjsip_transport *transport;
/*! \brief Potential pointer to the transport factory itself, if TCP/TLS */
@ -139,13 +139,13 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata)
details.factory = tdata->tp_sel.u.listener;
} else if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP || tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_UDP6) {
/* Connectionless uses the same transport for all requests */
details.type = AST_SIP_TRANSPORT_UDP;
details.type = AST_TRANSPORT_UDP;
details.transport = tdata->tp_info.transport;
} else {
if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TCP) {
details.type = AST_SIP_TRANSPORT_TCP;
details.type = AST_TRANSPORT_TCP;
} else if (tdata->tp_info.transport->key.type == PJSIP_TRANSPORT_TLS) {
details.type = AST_SIP_TRANSPORT_TLS;
details.type = AST_TRANSPORT_TLS;
} else {
/* Unknown transport type, we can't map and thus can't apply NAT changes */
return PJ_SUCCESS;
@ -163,7 +163,7 @@ static pj_status_t nat_on_tx_message(pjsip_tx_data *tdata)
}
if (!details.local_port) {
details.local_port = (details.type == AST_SIP_TRANSPORT_TLS) ? 5061 : 5060;
details.local_port = (details.type == AST_TRANSPORT_TLS) ? 5061 : 5060;
}
}

4
res/res_sip_outbound_registration.c
View File

@ -539,10 +539,10 @@ static int sip_outbound_registration_apply(const struct ast_sorcery *sorcery, vo
return -1;
}
if (transport->type == AST_SIP_TRANSPORT_UDP) {
if (transport->type == AST_TRANSPORT_UDP) {
selector.type = PJSIP_TPSELECTOR_TRANSPORT;
selector.u.transport = transport->state->transport;
} else if (transport->type == AST_SIP_TRANSPORT_TCP || transport->type == AST_SIP_TRANSPORT_TLS) {
} else if (transport->type == AST_TRANSPORT_TCP || transport->type == AST_TRANSPORT_TLS) {
selector.type = PJSIP_TPSELECTOR_LISTENER;
selector.u.listener = transport->state->factory;
} else {

62
tests/test_security_events.c
View File

@ -89,11 +89,11 @@ static void evt_gen_failed_acl(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.acl_name = "TEST_ACL",
@ -127,11 +127,11 @@ static void evt_gen_inval_acct_id(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
};
@ -163,11 +163,11 @@ static void evt_gen_session_limit(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TLS,
.transport = AST_TRANSPORT_TLS,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TLS,
.transport = AST_TRANSPORT_TLS,
},
};
@ -199,11 +199,11 @@ static void evt_gen_mem_limit(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
};
@ -235,11 +235,11 @@ static void evt_gen_load_avg(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
};
@ -271,11 +271,11 @@ static void evt_gen_req_no_support(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.request_type = "MakeMeDinner",
@ -309,11 +309,11 @@ static void evt_gen_req_not_allowed(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.request_type = "MakeMeBreakfast",
@ -348,11 +348,11 @@ static void evt_gen_auth_method_not_allowed(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.auth_method = "PlainText"
@ -386,11 +386,11 @@ static void evt_gen_req_bad_format(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.request_type = "CheeseBurger",
@ -425,11 +425,11 @@ static void evt_gen_successful_auth(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
};
@ -462,16 +462,16 @@ static void evt_gen_unexpected_addr(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
.expected_addr = {
.addr = &addr_expected,
.transport = AST_SECURITY_EVENT_TRANSPORT_UDP,
.transport = AST_TRANSPORT_UDP,
},
};
@ -506,11 +506,11 @@ static void evt_gen_chal_resp_failed(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.challenge = "8adf8a9sd8fas9df23ljk4",
@ -546,11 +546,11 @@ static void evt_gen_inval_password(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.challenge = "GoOdChAlLeNgE",
.received_challenge = "BaDcHaLlEnGe",
@ -585,11 +585,11 @@ static void evt_gen_chal_sent(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.challenge = "IcHaLlEnGeYoU",
};
@ -622,11 +622,11 @@ static void evt_gen_inval_transport(void)
.common.session_tv = &session_tv,
.common.local_addr = {
.addr = &addr_local,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.common.remote_addr = {
.addr = &addr_remote,
.transport = AST_SECURITY_EVENT_TRANSPORT_TCP,
.transport = AST_TRANSPORT_TCP,
},
.transport = "UDP",
};