Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:abergmann:voip:asterisk18
asterisk
2-mediasec-18.12.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 2-mediasec-18.12.patch of Package asterisk
diff -Nurp asterisk-18.12.1/include/asterisk/res_pjsip.h asterisk-18.12.1-patched/include/asterisk/res_pjsip.h --- asterisk-18.12.1/include/asterisk/res_pjsip.h 2022-05-19 17:51:28.000000000 +0200 +++ asterisk-18.12.1-patched/include/asterisk/res_pjsip.h 2022-06-10 16:59:52.773376863 +0200 @@ -945,6 +945,8 @@ struct ast_sip_endpoint { unsigned int suppress_q850_reason_headers; /*! Ignore 183 if no SDP is present */ unsigned int ignore_183_without_sdp; + /*! Support mediasec on endpoint */ + unsigned int support_mediasec; /*! Set which STIR/SHAKEN behaviors we want on this endpoint */ unsigned int stir_shaken; /*! Should we authenticate OPTIONS requests per RFC 3261? */ diff -Nurp asterisk-18.12.1/res/res_pjsip/pjsip_configuration.c asterisk-18.12.1-patched/res/res_pjsip/pjsip_configuration.c --- asterisk-18.12.1/res/res_pjsip/pjsip_configuration.c 2022-05-19 17:51:28.000000000 +0200 +++ asterisk-18.12.1-patched/res/res_pjsip/pjsip_configuration.c 2022-06-10 16:59:52.769376863 +0200 @@ -2174,6 +2174,7 @@ int ast_res_pjsip_initialize_configurati ast_sorcery_object_field_register(sip_sorcery, "endpoint", "follow_early_media_fork", "yes", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.follow_early_media_fork)); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "accept_multiple_sdp_answers", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, media.rtp.accept_multiple_sdp_answers)); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "suppress_q850_reason_headers", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, suppress_q850_reason_headers)); + ast_sorcery_object_field_register(sip_sorcery, "endpoint", "support_mediasec", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, support_mediasec)); ast_sorcery_object_field_register(sip_sorcery, "endpoint", "ignore_183_without_sdp", "no", OPT_BOOL_T, 1, FLDSET(struct ast_sip_endpoint, ignore_183_without_sdp)); ast_sorcery_object_field_register_custom(sip_sorcery, "endpoint", "incoming_call_offer_pref", "local", call_offer_pref_handler, incoming_call_offer_pref_to_str, NULL, 0, 0); diff -Nurp asterisk-18.12.1/res/res_pjsip/pjsip_config.xml asterisk-18.12.1-patched/res/res_pjsip/pjsip_config.xml --- asterisk-18.12.1/res/res_pjsip/pjsip_config.xml 2022-05-19 17:51:28.000000000 +0200 +++ asterisk-18.12.1-patched/res/res_pjsip/pjsip_config.xml 2022-06-10 16:59:52.773376863 +0200 @@ -1431,6 +1431,12 @@ several options and rules used for STIR/SHAKEN.</para> </description> </configOption> + <configOption name="support_mediasec"> + <synopsis>Enables Medisec support for INVITE and SDP.</synopsis> + <description><para> + When this option is enabled, the Mediasec Headers are added and enforced.</para> + </description> + </configOption> <configOption name="allow_unauthenticated_options" default="no"> <synopsis>Skip authentication when receiving OPTIONS requests</synopsis> <description><para> diff -Nurp asterisk-18.12.1/res/res_pjsip_outbound_registration.c asterisk-18.12.1-patched/res/res_pjsip_outbound_registration.c --- asterisk-18.12.1/res/res_pjsip_outbound_registration.c 2022-06-10 17:02:51.365384143 +0200 +++ asterisk-18.12.1-patched/res/res_pjsip_outbound_registration.c 2022-06-10 16:59:52.769376863 +0200 @@ -181,6 +181,13 @@ header as necessary. </para></description> </configOption> + <configOption name="support_mediasec"> + <synopsis>Enables Mediasec support for outbound REGISTER requests.</synopsis> + <description><para> + When this option is enabled, outbound REGISTER requests will advertise + support for Mediasec. + </para></description> + </configOption> <configOption name="support_outbound"> <synopsis>Enables advertising SIP Outbound support (RFC5626) for outbound REGISTER requests.</synopsis> </configOption> @@ -335,6 +342,8 @@ struct sip_outbound_registration { struct ast_sip_auth_vector outbound_auths; /*! \brief Whether Path support is enabled */ unsigned int support_path; + /*! \brief Wether mediasec support is enabled */ + unsigned int support_mediasec; /*! \brief Whether Outbound support is enabled */ unsigned int support_outbound; }; @@ -376,6 +385,8 @@ struct sip_outbound_registration_client_ unsigned int auth_rejection_permanent; /*! \brief Determines whether SIP Path support should be advertised */ unsigned int support_path; + /*! \brief Wether mediasec support is enabled */ + unsigned int support_mediasec; /*! \brief Determines whether SIP Outbound support should be advertised */ unsigned int support_outbound; /*! CSeq number of last sent auth request. */ @@ -697,18 +708,19 @@ static int handle_client_registration(vo } /* Add some header for mediasec */ - if (client_state->is494) { - /* answer for 494 */ - ast_sip_add_header(tdata,"Security-Verify","msrp-tls;mediasec"); - ast_sip_add_header(tdata,"Security-Verify","sdes-srtp;mediasec"); - ast_sip_add_header(tdata,"Security-Verify","dtls-srtp;mediasec"); - } - else { - ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec"); - ast_sip_add_header(tdata,"Proxy-Require","mediasec"); - ast_sip_add_header(tdata,"Require","mediasec"); + if (client_state->support_mediasec) { + if (client_state->is494) { + /* answer for 494 */ + ast_sip_add_header(tdata,"Security-Verify","msrp-tls;mediasec"); + ast_sip_add_header(tdata,"Security-Verify","sdes-srtp;mediasec"); + ast_sip_add_header(tdata,"Security-Verify","dtls-srtp;mediasec"); + } + else { + ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec"); + ast_sip_add_header(tdata,"Proxy-Require","mediasec"); + ast_sip_add_header(tdata,"Require","mediasec"); + } } - registration_client_send(client_state, tdata); return 0; @@ -1109,22 +1121,24 @@ static int handle_registration_response( server_uri, client_uri); /* Add MEDIASEC headers */ - static const pj_str_t headerName = { "Security-Server", 15 }; - pjsip_generic_string_hdr *secSrv; - secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, NULL); - if (secSrv) { - response->client_state->is494=0; - - static const pj_str_t headerNameVrfy = { "Security-Verify", 15 }; - pjsip_generic_string_hdr *secVrfy; - secVrfy = pjsip_msg_find_hdr_by_name(tdata->msg, &headerNameVrfy, NULL); - - /* initial register doesn't contain it */ - if (! secVrfy) { - ast_debug(3, "Adding MEDIASEC headers\n"); - ast_sip_add_header(tdata,"Security-Verify","msrp-tls;mediasec"); - ast_sip_add_header(tdata,"Security-Verify","sdes-srtp;mediasec"); - ast_sip_add_header(tdata,"Security-Verify","dtls-srtp;mediasec"); + if (response->client_state->support_mediasec) { + static const pj_str_t headerName = { "Security-Server", 15 }; + pjsip_generic_string_hdr *secSrv; + secSrv = pjsip_msg_find_hdr_by_name(response->rdata->msg_info.msg, &headerName, NULL); + if (secSrv) { + response->client_state->is494=0; + + static const pj_str_t headerNameVrfy = { "Security-Verify", 15 }; + pjsip_generic_string_hdr *secVrfy; + secVrfy = pjsip_msg_find_hdr_by_name(tdata->msg, &headerNameVrfy, NULL); + + /* initial register doesn't contain it */ + if (! secVrfy) { + ast_debug(3, "Adding MEDIASEC headers\n"); + ast_sip_add_header(tdata,"Security-Verify","msrp-tls;mediasec"); + ast_sip_add_header(tdata,"Security-Verify","sdes-srtp;mediasec"); + ast_sip_add_header(tdata,"Security-Verify","dtls-srtp;mediasec"); + } } } @@ -1782,6 +1796,7 @@ static int sip_outbound_registration_per state->client_state->max_retries = registration->max_retries; state->client_state->retries = 0; state->client_state->support_path = registration->support_path; + state->client_state->support_mediasec = registration->support_mediasec; state->client_state->support_outbound = registration->support_outbound; state->client_state->auth_rejection_permanent = registration->auth_rejection_permanent; @@ -1926,9 +1941,11 @@ static int unregister_task(void *obj) if (pjsip_regc_unregister(client, &tdata) == PJ_SUCCESS && add_configured_supported_headers(state->client_state, tdata)) { - ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec"); - ast_sip_add_header(tdata,"Proxy-Require","mediasec"); - ast_sip_add_header(tdata,"Require","mediasec"); + if (state->client_state->support_mediasec) { + ast_sip_add_header(tdata,"Security-Client","sdes-srtp;mediasec"); + ast_sip_add_header(tdata,"Proxy-Require","mediasec"); + ast_sip_add_header(tdata,"Require","mediasec"); + } registration_client_send(state->client_state, tdata); } @@ -2609,6 +2626,7 @@ static int load_module(void) ast_sorcery_object_field_register(ast_sip_get_sorcery(), "registration", "support_outbound", "no", OPT_YESNO_T, 1, FLDSET(struct sip_outbound_registration, support_outbound)); ast_sorcery_object_field_register(ast_sip_get_sorcery(), "registration", "line", "no", OPT_BOOL_T, 1, FLDSET(struct sip_outbound_registration, line)); ast_sorcery_object_field_register(ast_sip_get_sorcery(), "registration", "endpoint", "", OPT_STRINGFIELD_T, 0, STRFLDSET(struct sip_outbound_registration, endpoint)); + ast_sorcery_object_field_register(ast_sip_get_sorcery(), "registration", "support_mediasec", "no", OPT_BOOL_T, 1, FLDSET(struct sip_outbound_registration, support_mediasec)); /* * Register sorcery observers. diff -Nurp asterisk-18.12.1/res/res_pjsip_sdp_rtp.c asterisk-18.12.1-patched/res/res_pjsip_sdp_rtp.c --- asterisk-18.12.1/res/res_pjsip_sdp_rtp.c 2022-06-10 17:02:51.369384143 +0200 +++ asterisk-18.12.1-patched/res/res_pjsip_sdp_rtp.c 2022-06-10 16:59:52.765376863 +0200 @@ -1623,8 +1623,10 @@ static int add_crypto_to_stream(struct a } tmp = session_media->srtp; - attr = pjmedia_sdp_attr_create(pool, "3ge2ae", &STR_MEDSECREQ); - media->attr[media->attr_count++] = attr; + if (session->endpoint->support_mediasec && ! session->inv_session->neg) { + attr = pjmedia_sdp_attr_create(pool, "3ge2ae", &STR_MEDSECREQ); + media->attr[media->attr_count++] = attr; + } do { crypto_attribute = ast_sdp_srtp_get_attrib(tmp, diff -Nurp asterisk-18.12.1/res/res_pjsip_session.c asterisk-18.12.1-patched/res/res_pjsip_session.c --- asterisk-18.12.1/res/res_pjsip_session.c 2022-06-10 17:02:51.369384143 +0200 +++ asterisk-18.12.1-patched/res/res_pjsip_session.c 2022-06-10 16:59:52.769376863 +0200 @@ -2514,7 +2514,7 @@ static int sip_session_refresh(struct as SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_WARNING, "%s: on_request_creation failed.\n", ast_sip_session_get_name(session)); } } - if (session->endpoint->media.rtp.encryption == AST_SIP_MEDIA_ENCRYPT_SDES) { + if (session->endpoint->support_mediasec && session->endpoint->media.rtp.encryption == AST_SIP_MEDIA_ENCRYPT_SDES) { ast_debug(3, "INVITE: Adding MEDIASEC headers\n"); ast_sip_add_header(tdata,"Security-Verify","msrp-tls;mediasec"); ast_sip_add_header(tdata,"Security-Verify","sdes-srtp;mediasec"); @@ -2880,7 +2880,7 @@ int ast_sip_session_create_invite(struct SCOPE_EXIT_RTN_VALUE(-1, "pjsip_inv_invite failed\n"); } - if (session->endpoint->media.rtp.encryption == AST_SIP_MEDIA_ENCRYPT_SDES) { + if (session->endpoint->support_mediasec && session->endpoint->media.rtp.encryption == AST_SIP_MEDIA_ENCRYPT_SDES) { ast_debug(3, "INVITE: Adding MEDIASEC headers\n"); ast_sip_add_header(*tdata,"Security-Verify","msrp-tls;mediasec"); ast_sip_add_header(*tdata,"Security-Verify","sdes-srtp;mediasec");
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor