Author: asanders Date: Fri Jan 30 11:21:50 2015 New Revision: 431484 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=431484 Log: HTTP: For httpd server, need option to define server name for security purposes
Added a new config property [servername] to the http.conf file; updated the http server to use the new property when sending responses, for showing http status through the CLI and when reporting status through the 'httpstatus' webpage. In this version, [servername] is uncommented by default. ASTERISK-24316 #close Reported By: Andrew Nagy Review: https://reviewboard.asterisk.org/r/4374/ ........ Merged revisions 431471 from http://svn.asterisk.org/svn/asterisk/branches/13 Modified: trunk/ (props changed) trunk/configs/samples/http.conf.sample trunk/include/asterisk/http.h trunk/main/http.c Propchange: trunk/ ------------------------------------------------------------------------------ Binary property 'branch-13-merged' - no diff available. Modified: trunk/configs/samples/http.conf.sample URL: http://svnview.digium.com/svn/asterisk/trunk/configs/samples/http.conf.sample?view=diff&rev=431484&r1=431483&r2=431484 ============================================================================== --- trunk/configs/samples/http.conf.sample (original) +++ trunk/configs/samples/http.conf.sample Fri Jan 30 11:21:50 2015 @@ -12,6 +12,16 @@ ; http://<server_ip>:<bindport>/static/docs/index.html ; [general] +; +; The name of the server, advertised in both the Server field in HTTP +; response message headers, as well as the <address /> element in certain HTTP +; response message bodies. If not furnished here, "Asterisk/{version}" will be +; used as a default value for the Server header field and the <address /> +; element. Setting this property to a blank value will result in the omission +; of the Server header field from HTTP response message headers and the +; <address /> element from HTTP response message bodies. +; +servername=Asterisk ; ; Whether HTTP/HTTPS interface is enabled or not. Default is no. ; This also affects manager/rawman/mxml access (see manager.conf) Modified: trunk/include/asterisk/http.h URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/http.h?view=diff&rev=431484&r1=431483&r2=431484 ============================================================================== --- trunk/include/asterisk/http.h (original) +++ trunk/include/asterisk/http.h Fri Jan 30 11:21:50 2015 @@ -200,6 +200,28 @@ int status_code, const char *status_title, struct ast_str *http_header, struct ast_str *out, int fd, unsigned int static_content); +/*! + * \brief Creates and sends a formatted http response message. + * \param ser TCP/TLS session object + * \param status_code HTTP response code (200/401/403/404/500) + * \param status_title English equivalent to the status_code parameter + * \param http_header_data The formatted text to use in the http header + * \param text Additional informational text to use in the + * response + * + * \note Function constructs response headers from the status_code, status_title and + * http_header_data parameters. + * + * The response body is created as HTML content, from the status_code, + * status_title, and the text parameters. + * + * The http_header_data parameter will be freed as a result of calling function. + * + * \since 13.2.0 + */ +void ast_http_create_response(struct ast_tcptls_session_instance *ser, int status_code, + const char *status_title, struct ast_str *http_header_data, const char *text); + /*! \brief Send http "401 Unauthorized" response and close socket */ void ast_http_auth(struct ast_tcptls_session_instance *ser, const char *realm, const unsigned long nonce, const unsigned long opaque, int stale, const char *text); Modified: trunk/main/http.c URL: http://svnview.digium.com/svn/asterisk/trunk/main/http.c?view=diff&rev=431484&r1=431483&r2=431484 ============================================================================== --- trunk/main/http.c (original) +++ trunk/main/http.c Fri Jan 30 11:21:50 2015 @@ -77,6 +77,10 @@ #define MIN_INITIAL_REQUEST_TIMEOUT 10000 /*! (ms) Idle time between HTTP requests */ #define DEFAULT_SESSION_KEEP_ALIVE 15000 +/*! Max size for the http server name */ +#define MAX_SERVER_NAME_LENGTH 128 +/*! Max size for the http response header */ +#define DEFAULT_RESPONSE_HEADER_LENGTH 512 /*! Maximum application/json or application/x-www-form-urlencoded body content length. */ #if !defined(LOW_MEMORY) @@ -91,6 +95,8 @@ #else #define MAX_HTTP_LINE_LENGTH 1024 #endif /* !defined(LOW_MEMORY) */ + +static char http_server_name[MAX_SERVER_NAME_LENGTH]; static int session_limit = DEFAULT_SESSION_LIMIT; static int session_inactivity = DEFAULT_SESSION_INACTIVITY; @@ -375,6 +381,7 @@ "<table bgcolor=\"#f1f1f1\" align=\"center\"><tr><td bgcolor=\"#e0e0ff\" colspan=\"2\" width=\"500\">\r\n" "<h2> Asterisk™ HTTP Status</h2></td></tr>\r\n"); + ast_str_append(&out, 0, "<tr><td><i>Server</i></td><td><b>%s</b></td></tr>\r\n", http_server_name); ast_str_append(&out, 0, "<tr><td><i>Prefix</i></td><td><b>%s</b></td></tr>\r\n", prefix); ast_str_append(&out, 0, "<tr><td><i>Bind Address</i></td><td><b>%s</b></td></tr>\r\n", ast_sockaddr_stringify_addr(&http_desc.old_address)); @@ -446,12 +453,21 @@ char timebuf[80]; int content_length = 0; int close_connection; - - if (!ser || !ser->f) { + struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH); + + if (!ser || !ser->f || !server_header_field) { /* The connection is not open. */ ast_free(http_header); ast_free(out); + ast_free(server_header_field); return; + } + + if(!ast_strlen_zero(http_server_name)) { + ast_str_set(&server_header_field, + 0, + "Server: %s\r\n", + http_server_name); } /* @@ -491,7 +507,7 @@ /* send http header */ fprintf(ser->f, "HTTP/1.1 %d %s\r\n" - "Server: Asterisk/%s\r\n" + "%s" "Date: %s\r\n" "%s" "%s" @@ -499,7 +515,7 @@ "Content-Length: %d\r\n" "\r\n", status_code, status_title ? status_title : "OK", - ast_get_version(), + ast_str_buffer(server_header_field), timebuf, close_connection ? "Connection: close\r\n" : "", static_content ? "" : "Cache-Control: no-cache, no-store\r\n", @@ -532,6 +548,7 @@ ast_free(http_header); ast_free(out); + ast_free(server_header_field); if (close_connection) { ast_debug(1, "HTTP closing session. status_code:%d\n", status_code); @@ -541,76 +558,101 @@ } } +void ast_http_create_response(struct ast_tcptls_session_instance *ser, int status_code, + const char *status_title, struct ast_str *http_header_data, const char *text) +{ + char server_name[MAX_SERVER_NAME_LENGTH]; + struct ast_str *server_address = ast_str_create(MAX_SERVER_NAME_LENGTH); + struct ast_str *out = ast_str_create(MAX_CONTENT_LENGTH); + + if (!http_header_data || !server_address || !out) { + ast_free(http_header_data); + ast_free(server_address); + ast_free(out); + if (ser && ser->f) { + ast_debug(1, "HTTP closing session. OOM.\n"); + ast_tcptls_close_session_file(ser); + } + return; + } + + if(!ast_strlen_zero(http_server_name)) { + ast_xml_escape(http_server_name, server_name, sizeof(server_name)); + ast_str_set(&server_address, + 0, + "<address>%s</address>\r\n", + server_name); + } + + ast_str_set(&out, + 0, + "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" + "<html><head>\r\n" + "<title>%d %s</title>\r\n" + "</head><body>\r\n" + "<h1>%s</h1>\r\n" + "<p>%s</p>\r\n" + "<hr />\r\n" + "%s" + "</body></html>\r\n", + status_code, + status_title, + status_title, + text ? text : "", + ast_str_buffer(server_address)); + + ast_free(server_address); + + ast_http_send(ser, + AST_HTTP_UNKNOWN, + status_code, + status_title, + http_header_data, + out, + 0, + 0); +} + void ast_http_auth(struct ast_tcptls_session_instance *ser, const char *realm, const unsigned long nonce, const unsigned long opaque, int stale, const char *text) { - struct ast_str *http_headers = ast_str_create(128); - struct ast_str *out = ast_str_create(512); - - if (!http_headers || !out) { - ast_free(http_headers); - ast_free(out); - if (ser && ser->f) { - ast_debug(1, "HTTP closing session. Auth OOM\n"); - ast_tcptls_close_session_file(ser); - } - return; - } - - ast_str_set(&http_headers, 0, - "WWW-authenticate: Digest algorithm=MD5, realm=\"%s\", nonce=\"%08lx\", qop=\"auth\", opaque=\"%08lx\"%s\r\n" - "Content-type: text/html\r\n", - realm ? realm : "Asterisk", - nonce, - opaque, - stale ? ", stale=true" : ""); - - ast_str_set(&out, 0, - "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" - "<html><head>\r\n" - "<title>401 Unauthorized</title>\r\n" - "</head><body>\r\n" - "<h1>401 Unauthorized</h1>\r\n" - "<p>%s</p>\r\n" - "<hr />\r\n" - "<address>Asterisk Server</address>\r\n" - "</body></html>\r\n", - text ? text : ""); - - ast_http_send(ser, AST_HTTP_UNKNOWN, 401, "Unauthorized", http_headers, out, 0, 0); -} - -void ast_http_error(struct ast_tcptls_session_instance *ser, int status_code, const char *status_title, const char *text) -{ - struct ast_str *http_headers = ast_str_create(40); - struct ast_str *out = ast_str_create(256); - - if (!http_headers || !out) { - ast_free(http_headers); - ast_free(out); - if (ser && ser->f) { - ast_debug(1, "HTTP closing session. error OOM\n"); - ast_tcptls_close_session_file(ser); - } - return; - } - - ast_str_set(&http_headers, 0, "Content-type: text/html\r\n"); - - ast_str_set(&out, 0, - "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\r\n" - "<html><head>\r\n" - "<title>%d %s</title>\r\n" - "</head><body>\r\n" - "<h1>%s</h1>\r\n" - "<p>%s</p>\r\n" - "<hr />\r\n" - "<address>Asterisk Server</address>\r\n" - "</body></html>\r\n", - status_code, status_title, status_title, text); - - ast_http_send(ser, AST_HTTP_UNKNOWN, status_code, status_title, http_headers, out, 0, 0); + int status_code = 401; + char *status_title = "Unauthorized"; + struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH); + + if (http_header_data) { + ast_str_set(&http_header_data, + 0, + "WWW-authenticate: Digest algorithm=MD5, realm=\"%s\", nonce=\"%08lx\", qop=\"auth\", opaque=\"%08lx\"%s\r\n" + "Content-type: text/html\r\n", + realm ? realm : "Asterisk", + nonce, + opaque, + stale ? ", stale=true" : ""); + } + + ast_http_create_response(ser, + status_code, + status_title, + http_header_data, + text); +} + +void ast_http_error(struct ast_tcptls_session_instance *ser, int status_code, + const char *status_title, const char *text) +{ + struct ast_str *http_header_data = ast_str_create(DEFAULT_RESPONSE_HEADER_LENGTH); + + if (http_header_data) { + ast_str_set(&http_header_data, 0, "Content-type: text/html\r\n"); + } + + ast_http_create_response(ser, + status_code, + status_title, + http_header_data, + text); } /*! @@ -2029,6 +2071,7 @@ int enabled=0; int newenablestatic=0; char newprefix[MAX_PREFIX] = ""; + char server_name[MAX_SERVER_NAME_LENGTH]; struct http_uri_redirect *redirect; struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 }; uint32_t bindport = DEFAULT_PORT; @@ -2070,6 +2113,8 @@ session_limit = DEFAULT_SESSION_LIMIT; session_inactivity = DEFAULT_SESSION_INACTIVITY; session_keep_alive = DEFAULT_SESSION_KEEP_ALIVE; + + snprintf(server_name, sizeof(server_name), "Asterisk/%s", ast_get_version()); v = ast_variable_browse(cfg, "general"); for (; v; v = v->next) { @@ -2087,7 +2132,13 @@ continue; } - if (!strcasecmp(v->name, "enabled")) { + if (!strcasecmp(v->name, "servername")) { + if (!ast_strlen_zero(v->value)) { + ast_copy_string(server_name, v->value, sizeof(server_name)); + } else { + server_name[0] = '\0'; + } + } else if (!strcasecmp(v->name, "enabled")) { enabled = ast_true(v->value); } else if (!strcasecmp(v->name, "enablestatic")) { newenablestatic = ast_true(v->value); @@ -2139,6 +2190,8 @@ if (strcmp(prefix, newprefix)) { ast_copy_string(prefix, newprefix, sizeof(prefix)); } + + ast_copy_string(http_server_name, server_name, sizeof(http_server_name)); enablestatic = newenablestatic; if (num_addrs && enabled) { @@ -2209,6 +2262,7 @@ } ast_cli(a->fd, "HTTP Server Status:\n"); ast_cli(a->fd, "Prefix: %s\n", prefix); + ast_cli(a->fd, "Server: %s\n", http_server_name); if (ast_sockaddr_isnull(&http_desc.old_address)) { ast_cli(a->fd, "Server Disabled\n\n"); } else { -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
