res_rtp_asterisk: Check remote ICE reset and reset local ice attrb
This change will check is the remote ICE session got reset or not by checking the offered ufrag and password with session. If the remote ICE reset session then Asterisk reset its local ufrag and password to reject binding request with Old ufrag and Password. ASTERISK-29266 Change-Id: I9c55e79a7af98a8fbb497d336b828ba41bc34eeb
This commit is contained in:
Salah Ahmed
Joshua Colp
parent
3286c04856
commit
df8d335ad1
|
|
@ -773,6 +773,43 @@ static void check_ice_support(struct ast_sip_session *session, struct ast_sip_se
|
|||
}
|
||||
}
|
||||
|
||||
static void process_ice_auth_attrb(struct ast_sip_session *session, struct ast_sip_session_media *session_media,
|
||||
const struct pjmedia_sdp_session *remote, const struct pjmedia_sdp_media *remote_stream)
|
||||
{
|
||||
struct ast_rtp_engine_ice *ice;
|
||||
const pjmedia_sdp_attr *ufrag_attr, *passwd_attr;
|
||||
char ufrag_attr_value[256];
|
||||
char passwd_attr_value[256];
|
||||
|
||||
/* If ICE support is not enabled or available exit early */
|
||||
if (!session->endpoint->media.rtp.ice_support || !(ice = ast_rtp_instance_get_ice(session_media->rtp))) {
|
||||
return;
|
||||
}
|
||||
|
||||
ufrag_attr = pjmedia_sdp_media_find_attr2(remote_stream, "ice-ufrag", NULL);
|
||||
if (!ufrag_attr) {
|
||||
ufrag_attr = pjmedia_sdp_attr_find2(remote->attr_count, remote->attr, "ice-ufrag", NULL);
|
||||
}
|
||||
if (ufrag_attr) {
|
||||
ast_copy_pj_str(ufrag_attr_value, (pj_str_t*)&ufrag_attr->value, sizeof(ufrag_attr_value));
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
passwd_attr = pjmedia_sdp_media_find_attr2(remote_stream, "ice-pwd", NULL);
|
||||
if (!passwd_attr) {
|
||||
passwd_attr = pjmedia_sdp_attr_find2(remote->attr_count, remote->attr, "ice-pwd", NULL);
|
||||
}
|
||||
if (passwd_attr) {
|
||||
ast_copy_pj_str(passwd_attr_value, (pj_str_t*)&passwd_attr->value, sizeof(passwd_attr_value));
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
|
||||
if (ufrag_attr && passwd_attr) {
|
||||
ice->set_authentication(session_media->rtp, ufrag_attr_value, passwd_attr_value);
|
||||
}
|
||||
}
|
||||
|
||||
/*! \brief Function which processes ICE attributes in an audio stream */
|
||||
static void process_ice_attributes(struct ast_sip_session *session, struct ast_sip_session_media *session_media,
|
||||
const struct pjmedia_sdp_session *remote, const struct pjmedia_sdp_media *remote_stream)
|
||||
|
|
@ -1509,6 +1546,11 @@ static int negotiate_incoming_sdp_stream(struct ast_sip_session *session,
|
|||
/* If ICE support is enabled find all the needed attributes */
|
||||
check_ice_support(session, session_media, stream);
|
||||
|
||||
/* If ICE support is enabled then check remote ICE started? */
|
||||
if (session_media->remote_ice) {
|
||||
process_ice_auth_attrb(session, session_media, sdp, stream);
|
||||
}
|
||||
|
||||
if (ast_sip_session_is_pending_stream_default(session, asterisk_stream) && media_type == AST_MEDIA_TYPE_AUDIO) {
|
||||
/* Check if incomming SDP is changing the remotely held state */
|
||||
if (ast_sockaddr_isnull(addrs) ||
|
||||
|
|
|
|||
|
|
@ -273,6 +273,8 @@ struct ast_ice_host_candidate {
|
|||
/*! \brief List of ICE host candidate mappings */
|
||||
static AST_RWLIST_HEAD_STATIC(host_candidates, ast_ice_host_candidate);
|
||||
|
||||
static char *generate_random_string(char *buf, size_t size);
|
||||
|
||||
#endif
|
||||
|
||||
#define FLAG_3389_WARNING (1 << 0)
|
||||
|
|
@ -766,14 +768,27 @@ static void ast_rtp_ice_candidate_destroy(void *obj)
|
|||
static void ast_rtp_ice_set_authentication(struct ast_rtp_instance *instance, const char *ufrag, const char *password)
|
||||
{
|
||||
struct ast_rtp *rtp = ast_rtp_instance_get_data(instance);
|
||||
int ice_attrb_reset = 0;
|
||||
|
||||
if (!ast_strlen_zero(ufrag)) {
|
||||
if (!ast_strlen_zero(rtp->remote_ufrag) && strcmp(ufrag, rtp->remote_ufrag)) {
|
||||
ice_attrb_reset = 1;
|
||||
}
|
||||
ast_copy_string(rtp->remote_ufrag, ufrag, sizeof(rtp->remote_ufrag));
|
||||
}
|
||||
|
||||
if (!ast_strlen_zero(password)) {
|
||||
if (!ast_strlen_zero(rtp->remote_passwd) && strcmp(password, rtp->remote_passwd)) {
|
||||
ice_attrb_reset = 1;
|
||||
}
|
||||
ast_copy_string(rtp->remote_passwd, password, sizeof(rtp->remote_passwd));
|
||||
}
|
||||
|
||||
/* If the remote ufrag or passwd changed, local ufrag and passwd need to regenerate */
|
||||
if (ice_attrb_reset) {
|
||||
generate_random_string(rtp->local_ufrag, sizeof(rtp->local_ufrag));
|
||||
generate_random_string(rtp->local_passwd, sizeof(rtp->local_passwd));
|
||||
}
|
||||
}
|
||||
|
||||
static int ice_candidate_cmp(void *obj, void *arg, int flags)
|
||||
|
|
|
|||
Loading…
Reference in New Issue