diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | configs/astmanproxy.conf | 3 | ||||
-rw-r--r-- | src/astmanproxy.c | 7 | ||||
-rw-r--r-- | src/config.c | 2 | ||||
-rw-r--r-- | src/config_perms.c | 2 | ||||
-rw-r--r-- | src/include/astmanproxy.h | 3 | ||||
-rw-r--r-- | src/proxyfunc.c | 9 |
7 files changed, 21 insertions, 9 deletions
@@ -60,7 +60,7 @@ DEFINES+='-DMDIR="$(MODDIR)"' '-DPDIR="$(PERMDIR)"' '-DPFILE="$(PERMFILE)"' VPATH = src # Add -g below for debug/GDB symbols -CFLAGS+= $(DEFINES) -g -Wall -O2 -D_REENTRANT -fPIC -Isrc/include -I/usr/include/openssl -I- +CFLAGS+= $(DEFINES) -Wall -O2 -D_REENTRANT -fPIC -Isrc/include -I/usr/include/openssl -I- # For printing only SRCS := $(MODS:%=%.c) @@ -77,7 +77,7 @@ $(OBJS): %.o: %.c $(SOBJS): %.so: %.o $(CC) $(SOLINK) $< -o $@ -SERIAL=0 +SERIAL=`date "+%Y%m%d%H%M%S"` cert: if [ ! -f $(PROXYCERT) ]; then \ diff --git a/configs/astmanproxy.conf b/configs/astmanproxy.conf index 3a017ac..6164e9c 100644 --- a/configs/astmanproxy.conf +++ b/configs/astmanproxy.conf @@ -57,6 +57,9 @@ listenport = 1234 ; in place and well understood. ; proxykey = foobar +; Do we require authentication (either proxykey or astmanproxy.users entry)? +authrequired = no + ; user and group for proxy to run as; will NOT run as root! proc_user = nobody proc_group = nobody diff --git a/src/astmanproxy.c b/src/astmanproxy.c index f6c0cd5..b84fdad 100644 --- a/src/astmanproxy.c +++ b/src/astmanproxy.c @@ -280,14 +280,17 @@ void *session_do(struct mansession *s) actionid = astman_get_header(&m, ACTION_ID); action = astman_get_header(&m, "Action"); if ( !strcasecmp(action, "Login") ) - ProxyLogin(s, &m); + if (!s->authenticated) + ProxyLogin(s, &m); + else + break; else if ( !strcasecmp(action, "Logoff") ) ProxyLogoff(s); else if ( !strcasecmp(action, "Challenge") ) ProxyChallenge(s, &m); else if ( !(*proxyaction == '\0') ) proxyaction_do(proxyaction, &m, s); - else if ( ValidateAction(&m, s ,0) ) { + else if ( ValidateAction(&m, s, 0) ) { if ( !(*actionid == '\0') ) setactionid(actionid, &m, s); if ( !WriteAsterisk(&m) ) diff --git a/src/config.c b/src/config.c index c8c9d80..f642aa6 100644 --- a/src/config.c +++ b/src/config.c @@ -107,6 +107,8 @@ void *processline(char *s) { pc.clientwritetimeout = atoi(value); else if (!strcmp(name,"sslclienthellotimeout") ) pc.sslclhellotimeout = atoi(value); + else if (!strcmp(name,"authrequired") ) + pc.authrequired = strcmp(value,"yes") ? 0 : 1; else if (!strcmp(name,"acceptencryptedconnection") ) pc.acceptencryptedconnection = strcmp(value,"yes") ? 0 : 1; else if (!strcmp(name,"acceptunencryptedconnection") ) diff --git a/src/config_perms.c b/src/config_perms.c index 939d90f..4dbeeb0 100644 --- a/src/config_perms.c +++ b/src/config_perms.c @@ -1,5 +1,3 @@ -/* #include <pwd.h> */ -/* #include <grp.h> */ #include "astmanproxy.h" extern pthread_mutex_t userslock; diff --git a/src/include/astmanproxy.h b/src/include/astmanproxy.h index db370dc..dc7ac87 100644 --- a/src/include/astmanproxy.h +++ b/src/include/astmanproxy.h @@ -61,7 +61,8 @@ struct proxyconfig { int listen_port; char inputformat[80]; char outputformat[80]; - int autofilter; + int autofilter; /* enable autofiltering? */ + int authrequired; /* is authentication required? */ char key[80]; char proc_user[40]; char proc_group[40]; diff --git a/src/proxyfunc.c b/src/proxyfunc.c index d1d5f38..434baff 100644 --- a/src/proxyfunc.c +++ b/src/proxyfunc.c @@ -156,10 +156,12 @@ void *ProxyLogin(struct mansession *s, struct message *m) { AddHeader(&mo, "Response: Success"); AddHeader(&mo, "Message: Authentication accepted"); s->output->write(s, &mo); - s->authenticated = 1; + pthread_mutex_lock(&s->lock); + s->authenticated = 1; strcpy(s->user.channel, pu->channel); strcpy(s->user.icontext, pu->icontext); strcpy(s->user.ocontext, pu->ocontext); + pthread_mutex_unlock(&s->lock); if( debug ) debugmsg("Login as: %s", user); break; @@ -171,11 +173,14 @@ void *ProxyLogin(struct mansession *s, struct message *m) { if( !pu ) { SendError(s, "Authentication failed"); + pthread_mutex_lock(&s->lock); s->authenticated = 0; + pthread_mutex_unlock(&s->lock); if( debug ) debugmsg("Login failed as: %s/%s", user, secret); } + return 0; } @@ -334,7 +339,7 @@ int ValidateAction(struct message *m, struct mansession *s, int inbound) { char *uchannel; char *ucontext; - if( !s->authenticated ) + if( pc.authrequired && !s->authenticated ) return 0; if( inbound ) |