diff options
| author | Kinsey Moore <kmoore@digium.com> | 2013-11-22 20:10:46 +0000 |
|---|---|---|
| committer | Kinsey Moore <kmoore@digium.com> | 2013-11-22 20:10:46 +0000 |
| commit | d9015a5356dfff70ce15ed2ea5726325de71d9e3 (patch) | |
| tree | b4b253dcc96a4cbc27f54ee294dae45264e12dbb /main | |
| parent | 1c45a32ee861fa427e0243abe03c729966fa4436 (diff) | |
ARI: Don't leak implementation details
This change prevents channels used as implementation details from
leaking out to ARI. It does this by preventing creation of JSON blobs
of channel snapshots created from those channels and sanitizing JSON
blobs of bridge snapshots as they are created. This introduces a
framework for excluding information from output targeted at Stasis
applications on a consumer-by-consumer basis using channel sanitization
callbacks which could be extended to bridges or endpoints if necessary.
This prevents unhelpful error messages from being generated by
ast_json_pack.
This also corrects a bug where BridgeCreated events would not be
created.
(closes issue ASTERISK-22744)
Review: https://reviewboard.asterisk.org/r/2987/
Reported by: David M. Lee
........
Merged revisions 403069 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@403070 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main')
| -rw-r--r-- | main/json.c | 2 | ||||
| -rw-r--r-- | main/rtp_engine.c | 17 | ||||
| -rw-r--r-- | main/stasis_bridges.c | 87 | ||||
| -rw-r--r-- | main/stasis_channels.c | 57 | ||||
| -rw-r--r-- | main/stasis_endpoints.c | 12 | ||||
| -rw-r--r-- | main/stasis_message.c | 6 |
6 files changed, 130 insertions, 51 deletions
diff --git a/main/json.c b/main/json.c index ce4c6cfc9..066a5df17 100644 --- a/main/json.c +++ b/main/json.c @@ -690,7 +690,7 @@ struct ast_json *ast_json_vpack(char const *format, va_list ap) struct ast_json *r = NULL; if (format) { r = (struct ast_json *)json_vpack_ex(&error, 0, format, ap); - if (!r) { + if (!r && !ast_strlen_zero(error.text)) { ast_log(LOG_ERROR, "Error building JSON from '%s': %s.\n", format, error.text); diff --git a/main/rtp_engine.c b/main/rtp_engine.c index b02c6bb1b..c63bab0ea 100644 --- a/main/rtp_engine.c +++ b/main/rtp_engine.c @@ -1780,13 +1780,14 @@ static struct ast_manager_event_blob *rtcp_report_to_ami(struct stasis_message * ast_str_buffer(packet_string)); } -static struct ast_json *rtcp_report_to_json(struct stasis_message *msg) +static struct ast_json *rtcp_report_to_json(struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize) { struct rtcp_message_payload *payload = stasis_message_data(msg); RAII_VAR(struct ast_json *, json_rtcp_report, NULL, ast_json_unref); RAII_VAR(struct ast_json *, json_rtcp_report_blocks, NULL, ast_json_unref); RAII_VAR(struct ast_json *, json_rtcp_sender_info, NULL, ast_json_unref); - struct ast_json * json_payload; + RAII_VAR(struct ast_json *, json_channel, NULL, ast_json_unref); int i; json_rtcp_report_blocks = ast_json_array_create(); @@ -1835,11 +1836,17 @@ static struct ast_json *rtcp_report_to_json(struct stasis_message *msg) return NULL; } - json_payload = ast_json_pack("{s: O, s: O, s: O}", - "channel", payload->snapshot ? ast_channel_snapshot_to_json(payload->snapshot) : ast_json_null(), + if (payload->snapshot) { + json_channel = ast_channel_snapshot_to_json(payload->snapshot, sanitize); + if (!json_channel) { + return NULL; + } + } + + return ast_json_pack("{s: O, s: O, s: O}", + "channel", payload->snapshot ? json_channel : ast_json_null(), "rtcp_report", json_rtcp_report, "blob", payload->blob); - return json_payload; } static void rtp_rtcp_report_dtor(void *obj) diff --git a/main/stasis_bridges.c b/main/stasis_bridges.c index 7d078f9d0..b92d048bc 100644 --- a/main/stasis_bridges.c +++ b/main/stasis_bridges.c @@ -135,9 +135,15 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") static struct ast_manager_event_blob *attended_transfer_to_ami(struct stasis_message *message); static struct ast_manager_event_blob *blind_transfer_to_ami(struct stasis_message *message); -static struct ast_json *ast_channel_entered_bridge_to_json(struct stasis_message *msg); -static struct ast_json *ast_channel_left_bridge_to_json(struct stasis_message *msg); -static struct ast_json *ast_bridge_merge_message_to_json(struct stasis_message *msg); +static struct ast_json *ast_channel_entered_bridge_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize); +static struct ast_json *ast_channel_left_bridge_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize); +static struct ast_json *ast_bridge_merge_message_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize); static struct stasis_cp_all *bridge_cache_all; @@ -316,17 +322,25 @@ static struct ast_bridge_merge_message *bridge_merge_message_create(struct ast_b return msg; } -static struct ast_json *ast_bridge_merge_message_to_json(struct stasis_message *msg) +static struct ast_json *ast_bridge_merge_message_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize) { - struct ast_bridge_merge_message *merge; + struct ast_bridge_merge_message *merge = stasis_message_data(msg); + RAII_VAR(struct ast_json *, json_bridge_to, + ast_bridge_snapshot_to_json(merge->to, sanitize), ast_json_unref); + RAII_VAR(struct ast_json *, json_bridge_from, + ast_bridge_snapshot_to_json(merge->from, sanitize), ast_json_unref); - merge = stasis_message_data(msg); + if (!json_bridge_to || !json_bridge_from) { + return NULL; + } - return ast_json_pack("{s: s, s: o, s: o, s: o}", + return ast_json_pack("{s: s, s: o, s: O, s: O}", "type", "BridgeMerged", "timestamp", ast_json_timeval(*stasis_message_timestamp(msg), NULL), - "bridge", ast_bridge_snapshot_to_json(merge->to), - "bridge_from", ast_bridge_snapshot_to_json(merge->from)); + "bridge", json_bridge_to, + "bridge_from", json_bridge_from); } void ast_bridge_publish_merge(struct ast_bridge *to, struct ast_bridge *from) @@ -443,45 +457,63 @@ static struct ast_json *simple_bridge_channel_event( const char *type, struct ast_bridge_snapshot *bridge_snapshot, struct ast_channel_snapshot *channel_snapshot, - const struct timeval *tv) + const struct timeval *tv, + const struct stasis_message_sanitizer *sanitize) { - return ast_json_pack("{s: s, s: o, s: o, s: o}", + RAII_VAR(struct ast_json *, json_bridge, + ast_bridge_snapshot_to_json(bridge_snapshot, sanitize), ast_json_unref); + RAII_VAR(struct ast_json *, json_channel, + ast_channel_snapshot_to_json(channel_snapshot, sanitize), ast_json_unref); + + if (!json_bridge || !json_channel) { + return NULL; + } + + return ast_json_pack("{s: s, s: o, s: O, s: O}", "type", type, "timestamp", ast_json_timeval(*tv, NULL), - "bridge", ast_bridge_snapshot_to_json(bridge_snapshot), - "channel", ast_channel_snapshot_to_json(channel_snapshot)); + "bridge", json_bridge, + "channel", json_channel); } -struct ast_json *ast_channel_entered_bridge_to_json(struct stasis_message *msg) +struct ast_json *ast_channel_entered_bridge_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize) { struct ast_bridge_blob *obj = stasis_message_data(msg); return simple_bridge_channel_event("ChannelEnteredBridge", obj->bridge, - obj->channel, stasis_message_timestamp(msg)); + obj->channel, stasis_message_timestamp(msg), sanitize); } -struct ast_json *ast_channel_left_bridge_to_json(struct stasis_message *msg) +struct ast_json *ast_channel_left_bridge_to_json( + struct stasis_message *msg, + const struct stasis_message_sanitizer *sanitize) { struct ast_bridge_blob *obj = stasis_message_data(msg); return simple_bridge_channel_event("ChannelLeftBridge", obj->bridge, - obj->channel, stasis_message_timestamp(msg)); + obj->channel, stasis_message_timestamp(msg), sanitize); } -typedef struct ast_json *(*json_item_serializer_cb)(void *obj); - -static struct ast_json *container_to_json_array(struct ao2_container *items, json_item_serializer_cb item_cb) +static struct ast_json *container_to_json_array(struct ao2_container *items, + const struct stasis_message_sanitizer *sanitize) { RAII_VAR(struct ast_json *, json_items, ast_json_array_create(), ast_json_unref); - void *item; + char *item; struct ao2_iterator it; if (!json_items) { return NULL; } - it = ao2_iterator_init(items, 0); - while ((item = ao2_iterator_next(&it))) { - if (ast_json_array_append(json_items, item_cb(item))) { + for (it = ao2_iterator_init(items, 0); + (item = ao2_iterator_next(&it)); ao2_cleanup(item)) { + if (sanitize && sanitize->channel_id && sanitize->channel_id(item)) { + continue; + } + + if (ast_json_array_append(json_items, ast_json_string_create(item))) { + ao2_cleanup(item); ao2_iterator_destroy(&it); return NULL; } @@ -500,7 +532,9 @@ static const char *capability2str(uint32_t capabilities) } } -struct ast_json *ast_bridge_snapshot_to_json(const struct ast_bridge_snapshot *snapshot) +struct ast_json *ast_bridge_snapshot_to_json( + const struct ast_bridge_snapshot *snapshot, + const struct stasis_message_sanitizer *sanitize) { RAII_VAR(struct ast_json *, json_bridge, NULL, ast_json_unref); struct ast_json *json_channels; @@ -509,8 +543,7 @@ struct ast_json *ast_bridge_snapshot_to_json(const struct ast_bridge_snapshot *s return NULL; } - json_channels = container_to_json_array(snapshot->channels, - (json_item_serializer_cb)ast_json_string_create); + json_channels = container_to_json_array(snapshot->channels, sanitize); if (!json_channels) { return NULL; } diff --git a/main/stasis_channels.c b/main/stasis_channels.c index f178df35b..38aac982e 100644 --- a/main/stasis_channels.c +++ b/main/stasis_channels.c @@ -755,11 +755,15 @@ void ast_publish_channel_state(struct ast_channel *chan) stasis_publish(ast_channel_topic(chan), message); } -struct ast_json *ast_channel_snapshot_to_json(const struct ast_channel_snapshot *snapshot) +struct ast_json *ast_channel_snapshot_to_json( + const struct ast_channel_snapshot *snapshot, + const struct stasis_message_sanitizer *sanitize) { RAII_VAR(struct ast_json *, json_chan, NULL, ast_json_unref); - if (snapshot == NULL) { + if (snapshot == NULL + || (sanitize && sanitize->channel_snapshot + && sanitize->channel_snapshot(snapshot))) { return NULL; } @@ -817,8 +821,10 @@ int ast_channel_snapshot_caller_id_equal( strcmp(old_snapshot->caller_name, new_snapshot->caller_name) == 0; } -static struct ast_json *channel_blob_to_json(struct stasis_message *message, - const char *type) +static struct ast_json *channel_blob_to_json( + struct stasis_message *message, + const char *type, + const struct stasis_message_sanitizer *sanitize) { RAII_VAR(struct ast_json *, out, NULL, ast_json_unref); struct ast_channel_blob *channel_blob = stasis_message_data(message); @@ -844,8 +850,13 @@ static struct ast_json *channel_blob_to_json(struct stasis_message *message, /* For global channel messages, the snapshot is optional */ if (snapshot) { - res |= ast_json_object_set(out, "channel", - ast_channel_snapshot_to_json(snapshot)); + struct ast_json *json_channel = ast_channel_snapshot_to_json(snapshot, sanitize); + + if (!json_channel) { + return NULL; + } + + res |= ast_json_object_set(out, "channel", json_channel); } if (res != 0) { @@ -855,7 +866,9 @@ static struct ast_json *channel_blob_to_json(struct stasis_message *message, return ast_json_ref(out); } -static struct ast_json *dtmf_end_to_json(struct stasis_message *message) +static struct ast_json *dtmf_end_to_json( + struct stasis_message *message, + const struct stasis_message_sanitizer *sanitize) { struct ast_channel_blob *channel_blob = stasis_message_data(message); struct ast_json *blob = channel_blob->blob; @@ -863,43 +876,59 @@ static struct ast_json *dtmf_end_to_json(struct stasis_message *message) const char *direction = ast_json_string_get(ast_json_object_get(blob, "direction")); const struct timeval *tv = stasis_message_timestamp(message); + struct ast_json *json_channel = ast_channel_snapshot_to_json(snapshot, sanitize); /* Only present received DTMF end events as JSON */ if (strcasecmp("Received", direction) != 0) { return NULL; } + if (!json_channel) { + return NULL; + } + return ast_json_pack("{s: s, s: o, s: O, s: O, s: o}", "type", "ChannelDtmfReceived", "timestamp", ast_json_timeval(*tv, NULL), "digit", ast_json_object_get(blob, "digit"), "duration_ms", ast_json_object_get(blob, "duration_ms"), - "channel", ast_channel_snapshot_to_json(snapshot)); + "channel", json_channel); } -static struct ast_json *user_event_to_json(struct stasis_message *message) +static struct ast_json *user_event_to_json( + struct stasis_message *message, + const struct stasis_message_sanitizer *sanitize) { struct ast_channel_blob *channel_blob = stasis_message_data(message); struct ast_json *blob = channel_blob->blob; struct ast_channel_snapshot *snapshot = channel_blob->snapshot; const struct timeval *tv = stasis_message_timestamp(message); + struct ast_json *json_channel = ast_channel_snapshot_to_json(snapshot, sanitize); + + if (!json_channel) { + return NULL; + } return ast_json_pack("{s: s, s: o, s: O, s: O, s: o}", "type", "ChannelUserevent", "timestamp", ast_json_timeval(*tv, NULL), "eventname", ast_json_object_get(blob, "eventname"), "userevent", blob, - "channel", ast_channel_snapshot_to_json(snapshot)); + "channel", json_channel); } -static struct ast_json *varset_to_json(struct stasis_message *message) +static struct ast_json *varset_to_json( + struct stasis_message *message, + const struct stasis_message_sanitizer *sanitize) { - return channel_blob_to_json(message, "ChannelVarset"); + return channel_blob_to_json(message, "ChannelVarset", sanitize); } -static struct ast_json *hangup_request_to_json(struct stasis_message *message) +static struct ast_json *hangup_request_to_json( + struct stasis_message *message, + const struct stasis_message_sanitizer *sanitize) { - return channel_blob_to_json(message, "ChannelHangupRequest"); + return channel_blob_to_json(message, "ChannelHangupRequest", sanitize); } /*! diff --git a/main/stasis_endpoints.c b/main/stasis_endpoints.c index 096770a3d..81c4f15a3 100644 --- a/main/stasis_endpoints.c +++ b/main/stasis_endpoints.c @@ -237,7 +237,8 @@ static const char *endpoint_snapshot_get_id(struct stasis_message *message) struct ast_json *ast_endpoint_snapshot_to_json( - const struct ast_endpoint_snapshot *snapshot) + const struct ast_endpoint_snapshot *snapshot, + const struct stasis_message_sanitizer *sanitize) { RAII_VAR(struct ast_json *, json, NULL, ast_json_unref); struct ast_json *channel_array; @@ -264,7 +265,14 @@ struct ast_json *ast_endpoint_snapshot_to_json( channel_array = ast_json_object_get(json, "channel_ids"); ast_assert(channel_array != NULL); for (i = 0; i < snapshot->num_channels; ++i) { - int res = ast_json_array_append(channel_array, + int res; + + if (sanitize && sanitize->channel_id + && sanitize->channel_id(snapshot->channel_ids[i])) { + continue; + } + + res = ast_json_array_append(channel_array, ast_json_string_create(snapshot->channel_ids[i])); if (res != 0) { return NULL; diff --git a/main/stasis_message.c b/main/stasis_message.c index b25d1f25a..240845aff 100644 --- a/main/stasis_message.c +++ b/main/stasis_message.c @@ -161,7 +161,9 @@ struct ast_manager_event_blob *stasis_message_to_ami(struct stasis_message *msg) return INVOKE_VIRTUAL(to_ami, msg); } -struct ast_json *stasis_message_to_json(struct stasis_message *msg) +struct ast_json *stasis_message_to_json( + struct stasis_message *msg, + struct stasis_message_sanitizer *sanitize) { - return INVOKE_VIRTUAL(to_json, msg); + return INVOKE_VIRTUAL(to_json, msg, sanitize); } |