Code to support TCP and TLS server/client. More...
#include "asterisk.h"
#include <fcntl.h>
#include <signal.h>
#include <sys/signal.h>
#include "asterisk/compat.h"
#include "asterisk/tcptls.h"
#include "asterisk/http.h"
#include "asterisk/utils.h"
#include "asterisk/strings.h"
#include "asterisk/options.h"
#include "asterisk/manager.h"
#include "asterisk/astobj2.h"
#include "asterisk/pbx.h"
Go to the source code of this file.
Data Structures | |
struct | ast_tcptls_stream |
Functions | |
static int | __ssl_setup (struct ast_tls_config *cfg, int client) |
int | ast_ssl_setup (struct ast_tls_config *cfg) |
Set up an SSL server. More... | |
void | ast_ssl_teardown (struct ast_tls_config *cfg) |
free resources used by an SSL server More... | |
struct ast_tcptls_session_instance * | ast_tcptls_client_create (struct ast_tcptls_session_args *desc) |
struct ast_tcptls_session_instance * | ast_tcptls_client_start (struct ast_tcptls_session_instance *tcptls_session) |
attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned. More... | |
void | ast_tcptls_close_session_file (struct ast_tcptls_session_instance *tcptls_session) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function. More... | |
HOOK_T | ast_tcptls_server_read (struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count) |
void * | ast_tcptls_server_root (void *data) |
void | ast_tcptls_server_start (struct ast_tcptls_session_args *desc) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept(). More... | |
void | ast_tcptls_server_stop (struct ast_tcptls_session_args *desc) |
Shutdown a running server if there is one. More... | |
HOOK_T | ast_tcptls_server_write (struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count) |
void | ast_tcptls_stream_set_exclusive_input (struct ast_tcptls_stream *stream, int exclusive_input) |
Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts. More... | |
void | ast_tcptls_stream_set_timeout_disable (struct ast_tcptls_stream *stream) |
Disable the TCP/TLS stream timeout timer. More... | |
void | ast_tcptls_stream_set_timeout_inactivity (struct ast_tcptls_stream *stream, int timeout) |
Set the TCP/TLS stream inactivity timeout timer. More... | |
void | ast_tcptls_stream_set_timeout_sequence (struct ast_tcptls_stream *stream, struct timeval start, int timeout) |
Set the TCP/TLS stream I/O sequence timeout timer. More... | |
int | ast_tls_read_conf (struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value) |
Used to parse conf files containing tls/ssl options. More... | |
static void * | handle_tcptls_connection (void *data) |
creates a FILE * from the fd passed by the accept thread. This operation is potentially expensive (certificate verification), so we do it in the child thread context. More... | |
static void | session_instance_destructor (void *obj) |
static struct ast_tcptls_stream * | tcptls_stream_alloc (void) |
static int | tcptls_stream_close (void *cookie) |
static void | tcptls_stream_dtor (void *cookie) |
static FILE * | tcptls_stream_fopen (struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout) |
static HOOK_T | tcptls_stream_read (void *cookie, char *buf, LEN_T size) |
static HOOK_T | tcptls_stream_write (void *cookie, const char *buf, LEN_T size) |
Code to support TCP and TLS server/client.
Definition in file tcptls.c.
|
static |
Definition at line 745 of file tcptls.c.
References ast_debug, ast_log(), AST_SSL_SSLV2_CLIENT, AST_SSL_SSLV3_CLIENT, AST_SSL_TLSV1_CLIENT, AST_SSL_VERIFY_CLIENT, ast_strlen_zero(), ast_test_flag, ast_verb, ast_tls_config::cafile, ast_tls_config::capath, ast_tls_config::certfile, ast_tls_config::cipher, ast_tls_config::enabled, ast_tls_config::flags, LOG_WARNING, ast_tls_config::pvtfile, S_OR, and ast_tls_config::ssl_ctx.
Referenced by ast_ssl_setup(), and ast_tcptls_client_start().
int ast_ssl_setup | ( | struct ast_tls_config * | cfg | ) |
Set up an SSL server.
cfg | Configuration for the SSL server |
1 | Success |
0 | Failure |
Definition at line 850 of file tcptls.c.
References __ssl_setup().
Referenced by __ast_http_load(), __init_manager(), and reload_config().
void ast_ssl_teardown | ( | struct ast_tls_config * | cfg | ) |
free resources used by an SSL server
cfg | Configuration for the SSL server |
Definition at line 855 of file tcptls.c.
References ast_tls_config::ssl_ctx.
Referenced by sip_tcptls_client_args_destructor(), and unload_module().
struct ast_tcptls_session_instance* ast_tcptls_client_create | ( | struct ast_tcptls_session_args * | desc | ) |
Definition at line 902 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_bind(), ast_debug, ast_log(), ast_mutex_init, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), ast_str_create(), ast_tcptls_session_instance::client, desc, errno, ast_tcptls_session_instance::fd, ast_tcptls_session_args::local_address, ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_args::name, ast_tcptls_session_args::old_address, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_args::remote_address, ast_tcptls_session_instance::remote_address, session_instance_destructor(), and ast_tcptls_session_args::worker_fn.
Referenced by app_exec(), and sip_prepare_socket().
struct ast_tcptls_session_instance* ast_tcptls_client_start | ( | struct ast_tcptls_session_instance * | tcptls_session | ) |
attempts to connect and start tcptls session, on error the tcptls_session's ref count is decremented, fd and file are closed, and NULL is returned.
Definition at line 865 of file tcptls.c.
References __ssl_setup(), ast_tcptls_session_args::accept_fd, ao2_ref, ast_connect(), ast_log(), ast_sockaddr_stringify(), desc, ast_tls_config::enabled, errno, handle_tcptls_connection(), LOG_ERROR, ast_tcptls_session_args::name, ast_tcptls_session_instance::parent, ast_tcptls_session_args::remote_address, and ast_tcptls_session_args::tls_cfg.
Referenced by _sip_tcp_helper_thread(), and app_exec().
void ast_tcptls_close_session_file | ( | struct ast_tcptls_session_instance * | tcptls_session | ) |
Closes a tcptls session instance's file and/or file descriptor. The tcptls_session will be set to NULL and it's file descriptor will be set to -1 by this function.
Definition at line 1033 of file tcptls.c.
References ast_log(), errno, ast_tcptls_session_instance::f, ast_tcptls_session_instance::fd, and LOG_ERROR.
Referenced by _sip_tcp_helper_thread(), ast_http_send(), ast_tcptls_server_root(), handle_tcptls_connection(), httpd_helper_thread(), and sip_prepare_socket().
HOOK_T ast_tcptls_server_read | ( | struct ast_tcptls_session_instance * | tcptls_session, |
void * | buf, | ||
size_t | count | ||
) |
Definition at line 519 of file tcptls.c.
References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_read().
Referenced by sip_tcptls_read().
void* ast_tcptls_server_root | ( | void * | data | ) |
Definition at line 693 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ao2_alloc, ao2_ref, ast_accept(), ast_log(), ast_mutex_init, ast_pthread_create_detached_background, ast_sockaddr_copy(), ast_str_create(), ast_tcptls_close_session_file(), ast_wait_for_input(), ast_tcptls_session_instance::client, desc, errno, ast_tcptls_session_instance::fd, handle_tcptls_connection(), ast_tcptls_session_instance::lock, LOG_ERROR, LOG_WARNING, ast_tcptls_session_instance::overflow_buf, ast_tcptls_session_instance::parent, ast_tcptls_session_args::periodic_fn, ast_tcptls_session_args::poll_timeout, ast_tcptls_session_instance::remote_address, and session_instance_destructor().
void ast_tcptls_server_start | ( | struct ast_tcptls_session_args * | desc | ) |
This is a generic (re)start routine for a TCP server, which does the socket/bind/listen and starts a thread for handling accept().
Definition at line 964 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ast_tcptls_session_args::accept_fn, ast_bind(), ast_debug, ast_log(), ast_pthread_create_background, AST_PTHREADT_NULL, ast_sockaddr_cmp(), ast_sockaddr_copy(), ast_sockaddr_is_ipv6(), ast_sockaddr_isnull(), ast_sockaddr_setnull(), ast_sockaddr_stringify(), errno, ast_tcptls_session_args::local_address, LOG_ERROR, ast_tcptls_session_args::master, ast_tcptls_session_args::name, and ast_tcptls_session_args::old_address.
Referenced by __ast_http_load(), __init_manager(), and reload_config().
void ast_tcptls_server_stop | ( | struct ast_tcptls_session_args * | desc | ) |
Shutdown a running server if there is one.
Definition at line 1058 of file tcptls.c.
References ast_tcptls_session_args::accept_fd, ast_debug, AST_PTHREADT_NULL, ast_tcptls_session_args::master, and ast_tcptls_session_args::name.
Referenced by __ast_http_load(), __init_manager(), http_shutdown(), manager_shutdown(), and unload_module().
HOOK_T ast_tcptls_server_write | ( | struct ast_tcptls_session_instance * | tcptls_session, |
const void * | buf, | ||
size_t | count | ||
) |
Definition at line 530 of file tcptls.c.
References ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, ast_tcptls_session_instance::stream_cookie, and tcptls_stream_write().
Referenced by _sip_tcp_helper_thread().
void ast_tcptls_stream_set_exclusive_input | ( | struct ast_tcptls_stream * | stream, |
int | exclusive_input | ||
) |
Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
stream | TCP/TLS stream control data. |
exclusive_input | TRUE if stream can exclusively wait for fd input. Otherwise, the stream will not wait for fd input. It will wait while trying to send data. |
Definition at line 107 of file tcptls.c.
References ast_assert, and ast_tcptls_stream::exclusive_input.
Referenced by _sip_tcp_helper_thread(), httpd_helper_thread(), and session_do().
void ast_tcptls_stream_set_timeout_disable | ( | struct ast_tcptls_stream * | stream | ) |
Disable the TCP/TLS stream timeout timer.
stream | TCP/TLS stream control data. |
Definition at line 84 of file tcptls.c.
References ast_assert, and ast_tcptls_stream::timeout.
Referenced by _sip_tcp_helper_thread(), and session_do().
void ast_tcptls_stream_set_timeout_inactivity | ( | struct ast_tcptls_stream * | stream, |
int | timeout | ||
) |
Set the TCP/TLS stream inactivity timeout timer.
stream | TCP/TLS stream control data. |
timeout | Number of milliseconds to wait for data transfer with the peer. |
This is basically how much time we are willing to spend in an I/O call before we declare the peer unresponsive.
Definition at line 91 of file tcptls.c.
References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by httpd_helper_thread().
void ast_tcptls_stream_set_timeout_sequence | ( | struct ast_tcptls_stream * | stream, |
struct timeval | start, | ||
int | timeout | ||
) |
Set the TCP/TLS stream I/O sequence timeout timer.
stream | TCP/TLS stream control data. |
start | Time the I/O sequence timer starts. |
timeout | Number of milliseconds from the start time before timeout. |
This is how much time are we willing to allow the peer to complete an operation that can take several I/O calls. The main use is as an authentication timer with us.
Definition at line 99 of file tcptls.c.
References ast_assert, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by _sip_tcp_helper_thread(), and session_do().
int ast_tls_read_conf | ( | struct ast_tls_config * | tls_cfg, |
struct ast_tcptls_session_args * | tls_desc, | ||
const char * | varname, | ||
const char * | value | ||
) |
Used to parse conf files containing tls/ssl options.
Definition at line 1072 of file tcptls.c.
References ast_clear_flag, ast_free, ast_log(), ast_parse_arg(), ast_set2_flag, ast_set_flag, AST_SSL_DONT_VERIFY_SERVER, AST_SSL_SSLV2_CLIENT, AST_SSL_SSLV3_CLIENT, AST_SSL_TLSV1_CLIENT, AST_SSL_VERIFY_CLIENT, ast_strdup, ast_true(), ast_tls_config::cafile, ast_tls_config::capath, ast_tls_config::certfile, ast_tls_config::cipher, ast_tls_config::enabled, ast_tls_config::flags, ast_tcptls_session_args::local_address, LOG_WARNING, PARSE_ADDR, and ast_tls_config::pvtfile.
Referenced by __ast_http_load(), __init_manager(), and reload_config().
|
static |
creates a FILE * from the fd passed by the accept thread. This operation is potentially expensive (certificate verification), so we do it in the child thread context.
Definition at line 560 of file tcptls.c.
References ao2_ref, ast_debug, ast_log(), AST_SSL_DONT_VERIFY_SERVER, AST_SSL_IGNORE_COMMON_NAME, AST_SSL_VERIFY_CLIENT, ast_tcptls_close_session_file(), ast_test_flag, ast_thread_inhibit_escalations(), ast_verb, ast_tcptls_session_instance::client, ast_tcptls_session_instance::f, ast_tcptls_session_instance::fd, ast_tls_config::flags, ast_tcptls_session_args::hostname, LOG_ERROR, LOG_WARNING, name, ast_tcptls_session_instance::parent, ast_tcptls_session_instance::ssl, ast_tls_config::ssl_ctx, str, ast_tcptls_session_instance::stream_cookie, tcptls_stream_alloc(), tcptls_stream_fopen(), ast_tcptls_session_args::tls_cfg, and ast_tcptls_session_args::worker_fn.
Referenced by ast_tcptls_client_start(), and ast_tcptls_server_root().
|
static |
Definition at line 541 of file tcptls.c.
References ao2_t_ref, ast_free, ast_mutex_destroy, ast_tcptls_session_instance::lock, ast_tcptls_session_instance::overflow_buf, and ast_tcptls_session_instance::stream_cookie.
Referenced by ast_tcptls_client_create(), and ast_tcptls_server_root().
|
static |
Definition at line 454 of file tcptls.c.
References ao2_alloc, ast_tcptls_stream::fd, tcptls_stream_dtor(), and ast_tcptls_stream::timeout.
Referenced by handle_tcptls_connection().
|
static |
Definition at line 373 of file tcptls.c.
References ao2_t_ref, ast_log(), errno, ast_tcptls_stream::fd, LOG_ERROR, and ast_tcptls_stream::ssl.
Referenced by tcptls_stream_fopen().
|
static |
Definition at line 435 of file tcptls.c.
References ast_assert, and ast_tcptls_stream::fd.
Referenced by tcptls_stream_alloc().
|
static |
Definition at line 478 of file tcptls.c.
References ao2_t_ref, ast_debug, ast_tcptls_stream::fd, ast_tcptls_stream::ssl, tcptls_stream_close(), tcptls_stream_read(), tcptls_stream_write(), and ast_tcptls_stream::timeout.
Referenced by handle_tcptls_connection().
Definition at line 126 of file tcptls.c.
References ast_debug, ast_remaining_ms(), ast_tvnow(), ast_wait_for_input(), ast_wait_for_output(), errno, ast_tcptls_stream::exclusive_input, ast_tcptls_stream::fd, ast_tcptls_stream::ssl, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by ast_tcptls_server_read(), and tcptls_stream_fopen().
Definition at line 250 of file tcptls.c.
References ast_debug, ast_remaining_ms(), ast_tvnow(), ast_wait_for_input(), ast_wait_for_output(), errno, ast_tcptls_stream::fd, ast_tcptls_stream::ssl, ast_tcptls_stream::start, and ast_tcptls_stream::timeout.
Referenced by ast_tcptls_server_write(), and tcptls_stream_fopen().