1 From c479abfc489c42923ca7bb9afad11ad5ba84793e Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3 Date: Thu, 2 Jun 2016 22:10:06 +0300
4 Subject: [PATCH] Implement internal abstraction for iostreams
6 fopencookie/funclose is a non-standard API and should not be used
7 in portable software. Additionally, the way FILE's fd is used in
8 non-blocking mode is undefined behaviour and cannot be relied on.
10 This introduces internal abstraction for io streams, that allows
11 implementing the desired virtualization of read/write operations
12 with necessary timeout handling.
17 Change-Id: Id916aef418b665ced6a7489aef74908b6e376e85
19 apps/app_externalivr.c | 119 ++++---
20 channels/chan_sip.c | 61 ++--
22 include/asterisk/iostream.h | 118 +++++++
23 include/asterisk/tcptls.h | 92 +-----
24 main/http.c | 109 ++-----
25 main/iostream.c | 553 ++++++++++++++++++++++++++++++++
26 main/manager.c | 137 ++++----
27 main/tcptls.c | 767 ++++++--------------------------------------
28 main/utils.c | 68 ----
29 res/res_http_post.c | 10 +-
30 res/res_http_websocket.c | 116 +++----
31 res/res_phoneprov.c | 2 +-
32 13 files changed, 993 insertions(+), 1163 deletions(-)
33 create mode 100644 include/asterisk/iostream.h
34 create mode 100644 main/iostream.c
36 --- a/apps/app_externalivr.c
37 +++ b/apps/app_externalivr.c
38 @@ -152,10 +152,12 @@ struct gen_state {
41 static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
42 - int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
43 + struct ast_iostream *eivr_events,
44 + struct ast_iostream *eivr_commands,
45 + struct ast_iostream *eivr_errors,
46 const struct ast_str *args, const struct ast_flags flags);
48 -static void send_eivr_event(FILE *handle, const char event, const char *data,
49 +static void send_eivr_event(struct ast_iostream *stream, const char event, const char *data,
50 const struct ast_channel *chan)
52 struct ast_str *tmp = ast_str_create(12);
53 @@ -164,9 +166,11 @@ static void send_eivr_event(FILE *handle
55 ast_str_append(&tmp, 0, ",%s", data);
57 + ast_str_append(&tmp, 0, "\n");
58 + ast_iostream_write(stream, ast_str_buffer(tmp), strlen(ast_str_buffer(tmp)));
59 + ast_str_truncate(tmp, -1);
61 - fprintf(handle, "%s\n", ast_str_buffer(tmp));
62 - ast_debug(1, "sent '%s'\n", ast_str_buffer(tmp));
63 + ast_debug(1, "sent '%s'", ast_str_buffer(tmp));
67 @@ -395,6 +399,8 @@ static int app_exec(struct ast_channel *
68 int child_stdin[2] = { -1, -1 };
69 int child_stdout[2] = { -1, -1 };
70 int child_stderr[2] = { -1, -1 };
71 + struct ast_iostream *stream_stdin = NULL, *stream_stdout = NULL,
72 + *stream_stderr = NULL;
76 @@ -526,7 +532,7 @@ static int app_exec(struct ast_channel *
80 - res = eivr_comm(chan, u, &ser->fd, &ser->fd, NULL, comma_delim_args, flags);
81 + res = eivr_comm(chan, u, ser->stream, ser->stream, NULL, comma_delim_args, flags);
84 if (pipe(child_stdin)) {
85 @@ -568,7 +574,12 @@ static int app_exec(struct ast_channel *
87 close(child_stderr[1]);
89 - res = eivr_comm(chan, u, &child_stdin[1], &child_stdout[0], &child_stderr[0], comma_delim_args, flags);
91 + stream_stdin = ast_iostream_from_fd(&child_stdin[1]);
92 + stream_stdout = ast_iostream_from_fd(&child_stdout[0]);
93 + stream_stderr = ast_iostream_from_fd(&child_stderr[0]);
95 + res = eivr_comm(chan, u, stream_stdin, stream_stdout, stream_stderr, comma_delim_args, flags);
99 @@ -576,6 +587,15 @@ static int app_exec(struct ast_channel *
101 ast_deactivate_generator(chan);
103 + if (stream_stdin) {
104 + ast_iostream_close(stream_stdin);
106 + if (stream_stdout) {
107 + ast_iostream_close(stream_stdout);
109 + if (stream_stderr) {
110 + ast_iostream_close(stream_stderr);
112 if (child_stdin[0] > -1) {
113 close(child_stdin[0]);
115 @@ -604,46 +624,25 @@ static int app_exec(struct ast_channel *
118 static int eivr_comm(struct ast_channel *chan, struct ivr_localuser *u,
119 - int *eivr_events_fd, int *eivr_commands_fd, int *eivr_errors_fd,
120 - const struct ast_str *args, const struct ast_flags flags)
121 + struct ast_iostream *eivr_events,
122 + struct ast_iostream *eivr_commands,
123 + struct ast_iostream *eivr_errors,
124 + const struct ast_str *args, const struct ast_flags flags)
127 struct playlist_entry *entry;
132 - int waitfds[2] = { *eivr_commands_fd, (eivr_errors_fd) ? *eivr_errors_fd : -1 };
135 struct ast_channel *rchan;
137 - int test_available_fd = -1;
138 int hangup_info_sent = 0;
140 - FILE *eivr_commands = NULL;
141 - FILE *eivr_errors = NULL;
142 - FILE *eivr_events = NULL;
144 - if (!(eivr_events = fdopen(*eivr_events_fd, "w"))) {
145 - ast_chan_log(LOG_ERROR, chan, "Could not open stream to send events\n");
148 - if (!(eivr_commands = fdopen(*eivr_commands_fd, "r"))) {
149 - ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive commands\n");
152 - if (eivr_errors_fd) { /* if opening a socket connection, error stream will not be used */
153 - if (!(eivr_errors = fdopen(*eivr_errors_fd, "r"))) {
154 - ast_chan_log(LOG_ERROR, chan, "Could not open stream to receive errors\n");
159 - test_available_fd = open("/dev/null", O_RDONLY);
161 - setvbuf(eivr_events, NULL, _IONBF, 0);
162 - setvbuf(eivr_commands, NULL, _IONBF, 0);
164 - setvbuf(eivr_errors, NULL, _IONBF, 0);
166 + waitfds[0] = ast_iostream_get_fd(eivr_commands);
167 + waitfds[1] = eivr_errors ? ast_iostream_get_fd(eivr_errors) : -1;
170 if (ast_test_flag(ast_channel_flags(chan), AST_FLAG_ZOMBIE)) {
171 @@ -667,7 +666,7 @@ static int eivr_comm(struct ast_channel
175 - rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors_fd) ? 2 : 1, &exception, &ready_fd, &ms);
176 + rchan = ast_waitfor_nandfds(&chan, 1, waitfds, (eivr_errors) ? 2 : 1, &exception, &ready_fd, &ms);
178 if (ast_channel_state(chan) == AST_STATE_UP && !AST_LIST_EMPTY(&u->finishlist)) {
179 AST_LIST_LOCK(&u->finishlist);
180 @@ -715,15 +714,18 @@ static int eivr_comm(struct ast_channel
184 - } else if (ready_fd == *eivr_commands_fd) {
187 - if (exception || (dup2(*eivr_commands_fd, test_available_fd) == -1) || feof(eivr_commands)) {
188 + } else if (ready_fd == waitfds[0]) {
190 ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
194 - if (!fgets(input, sizeof(input), eivr_commands)) {
195 + r = ast_iostream_gets(eivr_commands, input, sizeof(input));
198 + ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
204 @@ -869,16 +871,18 @@ static int eivr_comm(struct ast_channel
206 ast_chan_log(LOG_WARNING, chan, "Unknown option requested: %s\n", &input[2]);
208 - } else if (eivr_errors_fd && (ready_fd == *eivr_errors_fd)) {
211 - if (exception || feof(eivr_errors)) {
212 + } else if (ready_fd == waitfds[1]) {
214 ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
217 - if (fgets(input, sizeof(input), eivr_errors)) {
218 + r = ast_iostream_gets(eivr_errors, input, sizeof(input));
220 ast_chan_log(LOG_NOTICE, chan, "stderr: %s\n", ast_strip(input));
222 + } else if (r == 0) {
223 + ast_chan_log(LOG_ERROR, chan, "Child process went away\n");
226 } else if ((ready_fd < 0) && ms) {
227 if (errno == 0 || errno == EINTR)
229 @@ -888,23 +892,7 @@ static int eivr_comm(struct ast_channel
234 - if (test_available_fd > -1) {
235 - close(test_available_fd);
238 - fclose(eivr_events);
239 - *eivr_events_fd = -1;
241 - if (eivr_commands) {
242 - fclose(eivr_commands);
243 - *eivr_commands_fd = -1;
246 - fclose(eivr_errors);
247 - *eivr_errors_fd = -1;
253 static int unload_module(void)
254 --- a/channels/chan_sip.c
255 +++ b/channels/chan_sip.c
256 @@ -2541,7 +2541,7 @@ static struct sip_threadinfo *sip_thread
258 ao2_t_ref(tcptls_session, +1, "tcptls_session ref for sip_threadinfo object");
259 th->tcptls_session = tcptls_session;
260 - th->type = transport ? transport : (tcptls_session->ssl ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
261 + th->type = transport ? transport : (ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS: AST_TRANSPORT_TCP);
262 ao2_t_link(threadt, th, "Adding new tcptls helper thread");
263 ao2_t_ref(th, -1, "Decrementing threadinfo ref from alloc, only table ref remains");
265 @@ -2564,8 +2564,7 @@ static int sip_tcptls_write(struct ast_t
267 ao2_lock(tcptls_session);
269 - if ((tcptls_session->fd == -1) ||
270 - !(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
271 + if (!(th = ao2_t_find(threadt, &tmp, OBJ_POINTER, "ao2_find, getting sip_threadinfo in tcp helper thread")) ||
272 !(packet = ao2_alloc(sizeof(*packet), tcptls_packet_destructor)) ||
273 !(packet->data = ast_str_create(len))) {
274 goto tcptls_write_setup_error;
275 @@ -2878,7 +2877,7 @@ static int sip_tcptls_read(struct sip_re
279 - res = ast_wait_for_input(tcptls_session->fd, timeout);
280 + res = ast_wait_for_input(ast_iostream_get_fd(tcptls_session->stream), timeout);
282 ast_debug(2, "SIP TCP/TLS server :: ast_wait_for_input returned %d\n", res);
284 @@ -2887,7 +2886,7 @@ static int sip_tcptls_read(struct sip_re
288 - res = ast_tcptls_server_read(tcptls_session, readbuf, sizeof(readbuf) - 1);
289 + res = ast_iostream_read(tcptls_session->stream, readbuf, sizeof(readbuf) - 1);
291 if (errno == EAGAIN || errno == EINTR) {
293 @@ -2948,18 +2947,8 @@ static void *_sip_tcp_helper_thread(stru
297 - if ((flags = fcntl(tcptls_session->fd, F_GETFL)) == -1) {
298 - ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
302 - flags |= O_NONBLOCK;
303 - if (fcntl(tcptls_session->fd, F_SETFL, flags) == -1) {
304 - ast_log(LOG_ERROR, "error setting socket to non blocking mode, fcntl() failed: %s\n", strerror(errno));
308 - if (!(me = sip_threadinfo_create(tcptls_session, tcptls_session->ssl ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
309 + ast_iostream_nonblock(tcptls_session->stream);
310 + if (!(me = sip_threadinfo_create(tcptls_session, ast_iostream_get_ssl(tcptls_session->stream) ? AST_TRANSPORT_TLS : AST_TRANSPORT_TCP))) {
313 me->threadid = pthread_self();
314 @@ -2982,15 +2971,15 @@ static void *_sip_tcp_helper_thread(stru
318 - if (setsockopt(tcptls_session->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
319 + if (setsockopt(ast_iostream_get_fd(tcptls_session->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
320 ast_log(LOG_ERROR, "error enabling TCP keep-alives on sip socket: %s\n", strerror(errno));
324 - ast_debug(2, "Starting thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
325 + ast_debug(2, "Starting thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
327 /* set up pollfd to watch for reads on both the socket and the alert_pipe */
328 - fds[0].fd = tcptls_session->fd;
329 + fds[0].fd = ast_iostream_get_fd(tcptls_session->stream);
330 fds[1].fd = me->alert_pipe[0];
331 fds[0].events = fds[1].events = POLLIN | POLLPRI;
333 @@ -3010,9 +2999,9 @@ static void *_sip_tcp_helper_thread(stru
334 * We cannot let the stream exclusively wait for data to arrive.
335 * We have to wake up the task to send outgoing messages.
337 - ast_tcptls_stream_set_exclusive_input(tcptls_session->stream_cookie, 0);
338 + ast_iostream_set_exclusive_input(tcptls_session->stream, 0);
340 - ast_tcptls_stream_set_timeout_sequence(tcptls_session->stream_cookie, ast_tvnow(),
341 + ast_iostream_set_timeout_sequence(tcptls_session->stream, ast_tvnow(),
342 tcptls_session->client ? -1 : (authtimeout * 1000));
345 @@ -3020,7 +3009,7 @@ static void *_sip_tcp_helper_thread(stru
347 if (!tcptls_session->client && req.authenticated && !authenticated) {
349 - ast_tcptls_stream_set_timeout_disable(tcptls_session->stream_cookie);
350 + ast_iostream_set_timeout_disable(tcptls_session->stream);
351 ast_atomic_fetchadd_int(&unauth_sessions, -1);
354 @@ -3031,7 +3020,7 @@ static void *_sip_tcp_helper_thread(stru
358 - ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
359 + ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
363 @@ -3041,11 +3030,11 @@ static void *_sip_tcp_helper_thread(stru
364 if (ast_str_strlen(tcptls_session->overflow_buf) == 0) {
365 res = ast_poll(fds, 2, timeout); /* polls for both socket and alert_pipe */
367 - ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", tcptls_session->ssl ? "TLS": "TCP", res);
368 + ast_debug(2, "SIP %s server :: ast_wait_for_input returned %d\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP", res);
370 } else if (res == 0) {
372 - ast_debug(2, "SIP %s server timed out\n", tcptls_session->ssl ? "TLS": "TCP");
373 + ast_debug(2, "SIP %s server timed out\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS": "TCP");
377 @@ -3070,14 +3059,14 @@ static void *_sip_tcp_helper_thread(stru
379 memset(buf, 0, sizeof(buf));
381 - if (tcptls_session->ssl) {
382 + if (ast_iostream_get_ssl(tcptls_session->stream)) {
383 set_socket_transport(&req.socket, AST_TRANSPORT_TLS);
384 req.socket.port = htons(ourport_tls);
386 set_socket_transport(&req.socket, AST_TRANSPORT_TCP);
387 req.socket.port = htons(ourport_tcp);
389 - req.socket.fd = tcptls_session->fd;
390 + req.socket.fd = ast_iostream_get_fd(tcptls_session->stream);
392 res = sip_tcptls_read(&req, tcptls_session, authenticated, start);
394 @@ -3111,7 +3100,7 @@ static void *_sip_tcp_helper_thread(stru
398 - if (ast_tcptls_server_write(tcptls_session, ast_str_buffer(packet->data), packet->len) == -1) {
399 + if (ast_iostream_write(tcptls_session->stream, ast_str_buffer(packet->data), packet->len) == -1) {
400 ast_log(LOG_WARNING, "Failure to write to tcp/tls socket\n");
402 ao2_t_ref(packet, -1, "tcptls packet sent, this is no longer needed");
403 @@ -3123,7 +3112,7 @@ static void *_sip_tcp_helper_thread(stru
407 - ast_debug(2, "Shutting down thread for %s server\n", tcptls_session->ssl ? "TLS" : "TCP");
408 + ast_debug(2, "Shutting down thread for %s server\n", ast_iostream_get_ssl(tcptls_session->stream) ? "TLS" : "TCP");
411 if (tcptls_session && !tcptls_session->client && !authenticated) {
412 @@ -29178,9 +29167,8 @@ static int sip_prepare_socket(struct sip
415 if ((s->type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
416 - (s->tcptls_session) &&
417 - (s->tcptls_session->fd != -1)) {
418 - return s->tcptls_session->fd;
419 + s->tcptls_session) {
420 + return ast_iostream_get_fd(s->tcptls_session->stream);
422 if ((s->type & (AST_TRANSPORT_WS | AST_TRANSPORT_WSS))) {
423 return s->ws_session ? ast_websocket_fd(s->ws_session) : -1;
424 @@ -29210,7 +29198,7 @@ static int sip_prepare_socket(struct sip
425 /* 1. check for existing threads */
426 ast_sockaddr_copy(&sa_tmp, sip_real_dst(p));
427 if ((tcptls_session = sip_tcp_locate(&sa_tmp))) {
428 - s->fd = tcptls_session->fd;
429 + s->fd = ast_iostream_get_fd(tcptls_session->stream);
430 if (s->tcptls_session) {
431 ao2_ref(s->tcptls_session, -1);
432 s->tcptls_session = NULL;
433 @@ -29268,7 +29256,7 @@ static int sip_prepare_socket(struct sip
434 goto create_tcptls_session_fail;
437 - s->fd = s->tcptls_session->fd;
438 + s->fd = ast_iostream_get_fd(s->tcptls_session->stream);
440 /* client connections need to have the sip_threadinfo object created before
441 * the thread is detached. This ensures the alert_pipe is up before it will
442 @@ -30070,8 +30058,7 @@ static int sip_send_keepalive(const void
443 if ((peer->socket.fd != -1) && (peer->socket.type == AST_TRANSPORT_UDP)) {
444 res = ast_sendto(peer->socket.fd, keepalive, sizeof(keepalive), 0, &peer->addr);
445 } else if ((peer->socket.type & (AST_TRANSPORT_TCP | AST_TRANSPORT_TLS)) &&
446 - (peer->socket.tcptls_session) &&
447 - (peer->socket.tcptls_session->fd != -1)) {
448 + peer->socket.tcptls_session) {
449 res = sip_tcptls_write(peer->socket.tcptls_session, keepalive, sizeof(keepalive));
450 } else if (peer->socket.type == AST_TRANSPORT_UDP) {
451 res = ast_sendto(sipsock, keepalive, sizeof(keepalive), 0, &peer->addr);
454 @@ -823,10 +823,6 @@ AC_ARG_ENABLE([asteriskssl],
455 esac], [AST_ASTERISKSSL=yes])
456 AC_SUBST(AST_ASTERISKSSL)
458 -# https support (in main/http.c) uses funopen on BSD systems,
459 -# fopencookie on linux
460 -AC_CHECK_FUNCS([funopen fopencookie])
462 AC_CHECK_FUNCS([inet_aton])
464 # check if we have IP_PKTINFO constant defined
466 +++ b/include/asterisk/iostream.h
469 + * Asterisk -- An open source telephony toolkit.
471 + * Copyright (C) 1999 - 2015, Digium, Inc.
473 + * Timo Teräs <timo.teras@iki.fi>
475 + * See http://www.asterisk.org for more information about
476 + * the Asterisk project. Please do not directly contact
477 + * any of the maintainers of this project for assistance;
478 + * the project provides a web site, mailing lists and IRC
479 + * channels for your use.
481 + * This program is free software, distributed under the terms of
482 + * the GNU General Public License Version 2. See the LICENSE file
483 + * at the top of the source tree.
486 +#ifndef _ASTERISK_IOSTREAM_H
487 +#define _ASTERISK_IOSTREAM_H
492 + * \brief Generic abstraction for input/output streams.
495 +#if defined(HAVE_OPENSSL)
496 +#define DO_SSL /* comment in/out if you want to support ssl */
500 +#include <openssl/ssl.h>
501 +#include <openssl/err.h>
502 +#include <openssl/x509v3.h>
504 +/* declare dummy types so we can define a pointer to them */
505 +typedef struct {} SSL;
506 +typedef struct {} SSL_CTX;
509 +struct ast_iostream;
512 + * \brief Disable the iostream timeout timer.
514 + * \param stream iostream control data.
518 +void ast_iostream_set_timeout_disable(struct ast_iostream *stream);
521 + * \brief Set the iostream inactivity timeout timer.
523 + * \param stream iostream control data.
524 + * \param timeout Number of milliseconds to wait for data transfer with the peer.
526 + * \details This is basically how much time we are willing to spend
527 + * in an I/O call before we declare the peer unresponsive.
529 + * \note Setting timeout to -1 disables the timeout.
530 + * \note Setting this timeout replaces the I/O sequence timeout timer.
534 +void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout);
536 +void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset);
539 + * \brief Set the iostream I/O sequence timeout timer.
541 + * \param stream iostream control data.
542 + * \param start Time the I/O sequence timer starts.
543 + * \param timeout Number of milliseconds from the start time before timeout.
545 + * \details This is how much time are we willing to allow the peer
546 + * to complete an operation that can take several I/O calls. The
547 + * main use is as an authentication timer with us.
549 + * \note Setting timeout to -1 disables the timeout.
550 + * \note Setting this timeout replaces the inactivity timeout timer.
554 +void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout);
557 + * \brief Set the iostream if it can exclusively depend upon the set timeouts.
559 + * \param stream iostream control data.
560 + * \param exclusive_input TRUE if stream can exclusively wait for fd input.
561 + * Otherwise, the stream will not wait for fd input. It will wait while
562 + * trying to send data.
564 + * \note The stream timeouts still need to be set.
568 +void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input);
570 +int ast_iostream_get_fd(struct ast_iostream *stream);
571 +void ast_iostream_nonblock(struct ast_iostream *stream);
573 +SSL* ast_iostream_get_ssl(struct ast_iostream *stream);
575 +ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t count);
576 +ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count);
577 +ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t count);
578 +ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t count);
579 +ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...);
581 +struct ast_iostream* ast_iostream_from_fd(int *fd);
582 +int ast_iostream_start_tls(struct ast_iostream **stream, SSL_CTX *ctx, int client);
583 +int ast_iostream_close(struct ast_iostream *stream);
585 +#endif /* _ASTERISK_IOSTREAM_H */
586 --- a/include/asterisk/tcptls.h
587 +++ b/include/asterisk/tcptls.h
590 #include "asterisk/netsock2.h"
591 #include "asterisk/utils.h"
593 -#if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
594 -#define DO_SSL /* comment in/out if you want to support ssl */
598 -#include <openssl/ssl.h>
599 -#include <openssl/err.h>
600 -#include <openssl/x509v3.h>
602 -/* declare dummy types so we can define a pointer to them */
603 -typedef struct {} SSL;
604 -typedef struct {} SSL_CTX;
606 +#include "asterisk/iostream.h"
609 #define AST_CERTFILE "asterisk.pem"
610 @@ -157,72 +144,10 @@ struct ast_tcptls_session_args {
611 struct ast_tls_config *old_tls_cfg; /*!< copy of the SSL configuration to determine whether changes have been made */
614 -struct ast_tcptls_stream;
617 - * \brief Disable the TCP/TLS stream timeout timer.
619 - * \param stream TCP/TLS stream control data.
623 -void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream);
626 - * \brief Set the TCP/TLS stream inactivity timeout timer.
628 - * \param stream TCP/TLS stream control data.
629 - * \param timeout Number of milliseconds to wait for data transfer with the peer.
631 - * \details This is basically how much time we are willing to spend
632 - * in an I/O call before we declare the peer unresponsive.
634 - * \note Setting timeout to -1 disables the timeout.
635 - * \note Setting this timeout replaces the I/O sequence timeout timer.
639 -void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout);
642 - * \brief Set the TCP/TLS stream I/O sequence timeout timer.
644 - * \param stream TCP/TLS stream control data.
645 - * \param start Time the I/O sequence timer starts.
646 - * \param timeout Number of milliseconds from the start time before timeout.
648 - * \details This is how much time are we willing to allow the peer
649 - * to complete an operation that can take several I/O calls. The
650 - * main use is as an authentication timer with us.
652 - * \note Setting timeout to -1 disables the timeout.
653 - * \note Setting this timeout replaces the inactivity timeout timer.
657 -void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout);
660 - * \brief Set the TCP/TLS stream I/O if it can exclusively depend upon the set timeouts.
662 - * \param stream TCP/TLS stream control data.
663 - * \param exclusive_input TRUE if stream can exclusively wait for fd input.
664 - * Otherwise, the stream will not wait for fd input. It will wait while
665 - * trying to send data.
667 - * \note The stream timeouts still need to be set.
671 -void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input);
674 * describes a server instance
676 struct ast_tcptls_session_instance {
677 - FILE *f; /*!< fopen/funopen result */
678 - int fd; /*!< the socket returned by accept() */
679 - SSL *ssl; /*!< ssl state */
681 struct ast_sockaddr remote_address;
682 struct ast_tcptls_session_args *parent;
683 @@ -232,20 +157,12 @@ struct ast_tcptls_session_instance {
686 struct ast_str *overflow_buf;
687 - /*! ao2 FILE stream cookie object associated with f. */
688 - struct ast_tcptls_stream *stream_cookie;
689 + /*! ao2 stream object associated with this session. */
690 + struct ast_iostream *stream;
691 /*! ao2 object private data of parent->worker_fn */
695 -#if defined(HAVE_FUNOPEN)
699 -#define HOOK_T ssize_t
700 -#define LEN_T size_t
704 * \brief attempts to connect and start tcptls session, on error the tcptls_session's
705 * ref count is decremented, fd and file are closed, and NULL is returned.
706 @@ -301,7 +218,4 @@ void ast_ssl_teardown(struct ast_tls_con
708 int ast_tls_read_conf(struct ast_tls_config *tls_cfg, struct ast_tcptls_session_args *tls_desc, const char *varname, const char *value);
710 -HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *ser, void *buf, size_t count);
711 -HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *ser, const void *buf, size_t count);
713 #endif /* _ASTERISK_TCPTLS_H */
716 @@ -451,11 +451,14 @@ void ast_http_send(struct ast_tcptls_ses
717 struct timeval now = ast_tvnow();
722 int content_length = 0;
723 int close_connection;
724 struct ast_str *server_header_field = ast_str_create(MAX_SERVER_NAME_LENGTH);
727 - if (!ser || !ser->f || !server_header_field) {
728 + if (!ser || !server_header_field) {
729 /* The connection is not open. */
730 ast_free(http_header);
732 @@ -504,8 +507,10 @@ void ast_http_send(struct ast_tcptls_ses
733 lseek(fd, 0, SEEK_SET);
736 + send_content = method != AST_HTTP_HEAD || status_code >= 400;
738 /* send http header */
740 + ast_iostream_printf(ser->stream,
744 @@ -513,43 +518,25 @@ void ast_http_send(struct ast_tcptls_ses
747 "Content-Length: %d\r\n"
751 status_code, status_title ? status_title : "OK",
752 ast_str_buffer(server_header_field),
754 close_connection ? "Connection: close\r\n" : "",
755 static_content ? "" : "Cache-Control: no-cache, no-store\r\n",
756 http_header ? ast_str_buffer(http_header) : "",
759 + send_content && out && ast_str_strlen(out) ? ast_str_buffer(out) : ""
763 - if (method != AST_HTTP_HEAD || status_code >= 400) {
764 - if (out && ast_str_strlen(out)) {
766 - * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not
767 - * behave exactly as documented.
769 - if (fwrite(ast_str_buffer(out), ast_str_strlen(out), 1, ser->f) != 1) {
770 - ast_log(LOG_ERROR, "fwrite() failed: %s\n", strerror(errno));
771 + if (send_content && fd) {
772 + while ((len = read(fd, buf, sizeof(buf))) > 0) {
773 + if (ast_iostream_write(ser->stream, buf, len) != len) {
774 + ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
775 close_connection = 1;
783 - while ((len = read(fd, buf, sizeof(buf))) > 0) {
785 - * NOTE: Because ser->f is a non-standard FILE *, fwrite() will probably not
786 - * behave exactly as documented.
788 - if (fwrite(buf, len, 1, ser->f) != 1) {
789 - ast_log(LOG_WARNING, "fwrite() failed: %s\n", strerror(errno));
790 - close_connection = 1;
797 @@ -577,7 +564,7 @@ void ast_http_create_response(struct ast
798 ast_free(http_header_data);
799 ast_free(server_address);
801 - if (ser && ser->f) {
803 ast_debug(1, "HTTP closing session. OOM.\n");
804 ast_tcptls_close_session_file(ser);
806 @@ -931,14 +918,9 @@ static int http_body_read_contents(struc
811 - * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as
815 - /* Stay in fread until get all the expected data or timeout. */
816 - res = fread(buf, length, 1, ser->f);
818 + /* Stream is in exclusive mode so we get it all if possible. */
819 + res = ast_iostream_read(ser->stream, buf, length);
820 + if (res < length) {
821 ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d)\n",
822 what_getting, length);
824 @@ -960,28 +942,12 @@ static int http_body_read_contents(struc
826 static int http_body_discard_contents(struct ast_tcptls_session_instance *ser, int length, const char *what_getting)
829 - char buf[MAX_HTTP_LINE_LENGTH];/* Discard buffer */
832 - * NOTE: Because ser->f is a non-standard FILE *, fread() does not behave as
837 - /* Stay in fread until get all the expected data or timeout. */
838 - while (sizeof(buf) < length) {
839 - res = fread(buf, sizeof(buf), 1, ser->f);
841 - ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %zu of remaining %d)\n",
842 - what_getting, sizeof(buf), length);
845 - length -= sizeof(buf);
847 - res = fread(buf, length, 1, ser->f);
849 - ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d of remaining %d)\n",
850 - what_getting, length, length);
851 + res = ast_iostream_discard(ser->stream, length);
852 + if (res < length) {
853 + ast_log(LOG_WARNING, "Short HTTP request %s (Wanted %d but got %zd)\n",
854 + what_getting, length, res);
858 @@ -1057,7 +1023,7 @@ static int http_body_get_chunk_length(st
859 char header_line[MAX_HTTP_LINE_LENGTH];
861 /* get the line of hexadecimal giving chunk-size w/ optional chunk-extension */
862 - if (!fgets(header_line, sizeof(header_line), ser->f)) {
863 + if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
864 ast_log(LOG_WARNING, "Short HTTP read of chunked header\n");
867 @@ -1090,8 +1056,8 @@ static int http_body_check_chunk_sync(st
870 /* Stay in fread until get the expected CRLF or timeout. */
871 - res = fread(chunk_sync, sizeof(chunk_sync), 1, ser->f);
873 + res = ast_iostream_read(ser->stream, chunk_sync, sizeof(chunk_sync));
874 + if (res < sizeof(chunk_sync)) {
875 ast_log(LOG_WARNING, "Short HTTP chunk sync read (Wanted %zu)\n",
878 @@ -1120,7 +1086,7 @@ static int http_body_discard_chunk_trail
879 char header_line[MAX_HTTP_LINE_LENGTH];
882 - if (!fgets(header_line, sizeof(header_line), ser->f)) {
883 + if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
884 ast_log(LOG_WARNING, "Short HTTP read of chunked trailer header\n");
887 @@ -1783,7 +1749,7 @@ static int http_request_headers_get(stru
891 - if (!fgets(header_line, sizeof(header_line), ser->f)) {
892 + if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
893 ast_http_error(ser, 400, "Bad Request", "Timeout");
896 @@ -1857,7 +1823,7 @@ static int httpd_process_request(struct
898 char request_line[MAX_HTTP_LINE_LENGTH];
900 - if (!fgets(request_line, sizeof(request_line), ser->f)) {
901 + if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
905 @@ -1941,7 +1907,7 @@ static void *httpd_helper_thread(void *d
909 - if (!ser || !ser->f) {
914 @@ -1958,14 +1924,11 @@ static void *httpd_helper_thread(void *d
915 * This is necessary to prevent delays (caused by buffering) as we
916 * write to the socket in bits and pieces.
918 - if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
919 + if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
920 ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on HTTP connection: %s\n", strerror(errno));
921 + ast_log(LOG_WARNING, "Some HTTP requests may be slow to respond.\n");
924 - /* make sure socket is non-blocking */
925 - flags = fcntl(ser->fd, F_GETFL);
926 - flags |= O_NONBLOCK;
927 - fcntl(ser->fd, F_SETFL, flags);
928 + ast_iostream_nonblock(ser->stream);
930 /* Setup HTTP worker private data to keep track of request body reading. */
931 ao2_cleanup(ser->private_data);
932 @@ -1988,23 +1951,17 @@ static void *httpd_helper_thread(void *d
935 /* We can let the stream wait for data to arrive. */
936 - ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 1);
937 + ast_iostream_set_exclusive_input(ser->stream, 1);
942 /* Wait for next potential HTTP request message. */
943 - ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, timeout);
944 - ch = fgetc(ser->f);
945 - if (ch == EOF || ungetc(ch, ser->f) == EOF) {
946 - /* Between request idle timeout */
947 - ast_debug(1, "HTTP idle timeout or peer closed connection.\n");
948 + ast_iostream_set_timeout_idle_inactivity(ser->stream, timeout, session_inactivity);
949 + if (httpd_process_request(ser)) {
950 + /* Break the connection or the connection closed */
954 - ast_tcptls_stream_set_timeout_inactivity(ser->stream_cookie, session_inactivity);
955 - if (httpd_process_request(ser) || !ser->f || feof(ser->f)) {
956 - /* Break the connection or the connection closed */
957 + if (!ser->stream) {
958 + /* Web-socket or similar that took the connection */
962 @@ -2018,10 +1975,9 @@ static void *httpd_helper_thread(void *d
964 ast_atomic_fetchadd_int(&session_count, -1);
967 - ast_debug(1, "HTTP closing session. Top level\n");
968 - ast_tcptls_close_session_file(ser);
970 + ast_debug(1, "HTTP closing session. Top level\n");
971 + ast_tcptls_close_session_file(ser);
977 +++ b/main/iostream.c
980 + * Asterisk -- An open source telephony toolkit.
982 + * Copyright (C) 1999 - 2015, Digium, Inc.
984 + * Timo Teräs <timo.teras@iki.fi>
986 + * See http://www.asterisk.org for more information about
987 + * the Asterisk project. Please do not directly contact
988 + * any of the maintainers of this project for assistance;
989 + * the project provides a web site, mailing lists and IRC
990 + * channels for your use.
992 + * This program is free software, distributed under the terms of
993 + * the GNU General Public License Version 2. See the LICENSE file
994 + * at the top of the source tree.
997 +#include "asterisk.h"
1000 +#include <stdarg.h>
1002 +#include "asterisk/utils.h"
1003 +#include "asterisk/astobj2.h"
1004 +#include "asterisk/iostream.h"
1006 +struct ast_iostream {
1008 + struct timeval start;
1011 + int timeout_reset;
1012 + int exclusive_input;
1018 +#if defined(DO_SSL)
1019 +AST_THREADSTORAGE(err2str_threadbuf);
1020 +#define ERR2STR_BUFSIZE 128
1022 +static const char *ssl_error_to_string(int sslerr, int ret)
1025 + case SSL_ERROR_SSL:
1026 + return "Internal SSL error";
1027 + case SSL_ERROR_SYSCALL:
1029 + return "System call EOF";
1030 + } else if (ret == -1) {
1033 + buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE);
1038 + snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno));
1041 + return "System call other";
1051 +int ast_iostream_get_fd(struct ast_iostream *stream)
1053 + return stream->fd;
1056 +void ast_iostream_nonblock(struct ast_iostream *stream)
1058 + fcntl(stream->fd, F_SETFL, fcntl(stream->fd, F_GETFL) | O_NONBLOCK);
1061 +SSL *ast_iostream_get_ssl(struct ast_iostream *stream)
1063 + return stream->ssl;
1066 +void ast_iostream_set_timeout_disable(struct ast_iostream *stream)
1068 + ast_assert(stream != NULL);
1070 + stream->timeout = -1;
1071 + stream->timeout_reset = -1;
1074 +void ast_iostream_set_timeout_inactivity(struct ast_iostream *stream, int timeout)
1076 + ast_assert(stream != NULL);
1078 + stream->start.tv_sec = 0;
1079 + stream->timeout = timeout;
1080 + stream->timeout_reset = timeout;
1083 +void ast_iostream_set_timeout_idle_inactivity(struct ast_iostream *stream, int timeout, int timeout_reset)
1085 + ast_assert(stream != NULL);
1087 + stream->start.tv_sec = 0;
1088 + stream->timeout = timeout;
1089 + stream->timeout_reset = timeout_reset;
1092 +void ast_iostream_set_timeout_sequence(struct ast_iostream *stream, struct timeval start, int timeout)
1094 + ast_assert(stream != NULL);
1096 + stream->start = start;
1097 + stream->timeout = timeout;
1098 + stream->timeout_reset = timeout;
1101 +void ast_iostream_set_exclusive_input(struct ast_iostream *stream, int exclusive_input)
1103 + ast_assert(stream != NULL);
1105 + stream->exclusive_input = exclusive_input;
1108 +static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size)
1110 + struct timeval start;
1114 + if (stream->start.tv_sec) {
1115 + start = stream->start;
1117 + start = ast_tvnow();
1120 +#if defined(DO_SSL)
1121 + if (stream->ssl) {
1125 + res = SSL_read(stream->ssl, buf, size);
1127 + /* We read some payload data. */
1128 + stream->timeout = stream->timeout_reset;
1131 + sslerr = SSL_get_error(stream->ssl, res);
1133 + case SSL_ERROR_ZERO_RETURN:
1134 + /* Report EOF for a shutdown */
1135 + ast_debug(1, "TLS clean shutdown alert reading data\n");
1137 + case SSL_ERROR_WANT_READ:
1138 + if (!stream->exclusive_input) {
1139 + /* We cannot wait for data now. */
1143 + while ((ms = ast_remaining_ms(start, stream->timeout))) {
1144 + res = ast_wait_for_input(stream->fd, ms);
1146 + /* Socket is ready to be read. */
1150 + if (errno == EINTR || errno == EAGAIN) {
1154 + ast_debug(1, "TLS socket error waiting for read data: %s\n",
1160 + case SSL_ERROR_WANT_WRITE:
1161 + while ((ms = ast_remaining_ms(start, stream->timeout))) {
1162 + res = ast_wait_for_output(stream->fd, ms);
1164 + /* Socket is ready to be written. */
1168 + if (errno == EINTR || errno == EAGAIN) {
1172 + ast_debug(1, "TLS socket error waiting for write space: %s\n",
1179 + /* Report EOF for an undecoded SSL or transport error. */
1180 + ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
1181 + ssl_error_to_string(sslerr, res));
1185 + /* Report EOF for a timeout */
1186 + ast_debug(1, "TLS timeout reading data\n");
1191 +#endif /* defined(DO_SSL) */
1194 + res = read(stream->fd, buf, size);
1196 + /* Got data or we cannot wait for it. */
1197 + stream->timeout = stream->timeout_reset;
1200 + if (!stream->exclusive_input) {
1203 + if (errno != EINTR && errno != EAGAIN) {
1204 + /* Not a retryable error. */
1205 + ast_debug(1, "TCP socket error reading data: %s\n",
1209 + ms = ast_remaining_ms(start, stream->timeout);
1211 + /* Report EOF for a timeout */
1212 + ast_debug(1, "TCP timeout reading data\n");
1215 + ast_wait_for_input(stream->fd, ms);
1219 +ssize_t ast_iostream_read(struct ast_iostream *stream, void *buf, size_t size)
1222 + /* You asked for no data you got no data. */
1226 + if (!stream || stream->fd == -1) {
1231 + /* Get any remains from the read buffer */
1232 + if (stream->rbuflen) {
1234 + if (r > stream->rbuflen) {
1235 + r = stream->rbuflen;
1237 + memcpy(buf, stream->rbufhead, r);
1238 + stream->rbuflen -= r;
1239 + stream->rbufhead += r;
1243 + return iostream_read(stream, buf, size);
1246 +ssize_t ast_iostream_gets(struct ast_iostream *stream, char *buf, size_t count)
1252 + /* Search for newline */
1253 + newline = memchr(stream->rbufhead, '\n', stream->rbuflen);
1255 + r = newline - stream->rbufhead + 1;
1256 + if (r > count-1) {
1262 + /* Enough data? */
1263 + if (stream->rbuflen >= count - 1) {
1268 + /* Try to fill in line buffer */
1269 + if (stream->rbuflen && stream->rbuf != stream->rbufhead) {
1270 + memmove(&stream->rbuf, stream->rbufhead, stream->rbuflen);
1272 + stream->rbufhead = stream->rbuf;
1274 + r = iostream_read(stream, stream->rbufhead + stream->rbuflen, sizeof(stream->rbuf) - stream->rbuflen);
1278 + stream->rbuflen += r;
1281 + /* Return r bytes with termination byte */
1282 + memcpy(buf, stream->rbufhead, r);
1284 + stream->rbuflen -= r;
1285 + stream->rbufhead += r;
1290 +ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
1293 + size_t remaining = size;
1296 + while (remaining) {
1297 + ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
1307 +ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t size)
1309 + struct timeval start;
1316 + /* You asked to write no data you wrote no data. */
1320 + if (!stream || stream->fd == -1) {
1325 + if (stream->start.tv_sec) {
1326 + start = stream->start;
1328 + start = ast_tvnow();
1331 +#if defined(DO_SSL)
1332 + if (stream->ssl) {
1338 + res = SSL_write(stream->ssl, buf + written, remaining);
1339 + if (res == remaining) {
1340 + /* Everything was written. */
1344 + /* Successfully wrote part of the buffer. Try to write the rest. */
1349 + sslerr = SSL_get_error(stream->ssl, res);
1351 + case SSL_ERROR_ZERO_RETURN:
1352 + ast_debug(1, "TLS clean shutdown alert writing data\n");
1354 + /* Report partial write. */
1359 + case SSL_ERROR_WANT_READ:
1360 + ms = ast_remaining_ms(start, stream->timeout);
1362 + /* Report partial write. */
1363 + ast_debug(1, "TLS timeout writing data (want read)\n");
1366 + ast_wait_for_input(stream->fd, ms);
1368 + case SSL_ERROR_WANT_WRITE:
1369 + ms = ast_remaining_ms(start, stream->timeout);
1371 + /* Report partial write. */
1372 + ast_debug(1, "TLS timeout writing data (want write)\n");
1375 + ast_wait_for_output(stream->fd, ms);
1378 + /* Undecoded SSL or transport error. */
1379 + ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err),
1380 + ssl_error_to_string(sslerr, res));
1382 + /* Report partial write. */
1390 +#endif /* defined(DO_SSL) */
1395 + res = write(stream->fd, buf + written, remaining);
1396 + if (res == remaining) {
1397 + /* Yay everything was written. */
1401 + /* Successfully wrote part of the buffer. Try to write the rest. */
1406 + if (errno != EINTR && errno != EAGAIN) {
1407 + /* Not a retryable error. */
1408 + ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
1414 + ms = ast_remaining_ms(start, stream->timeout);
1416 + /* Report partial write. */
1417 + ast_debug(1, "TCP timeout writing data\n");
1420 + ast_wait_for_output(stream->fd, ms);
1424 +ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
1426 + char sbuf[512], *buf = sbuf;
1427 + int len, len2, ret = -1;
1430 + va_start(va, fmt);
1431 + len = vsnprintf(buf, sizeof(sbuf), fmt, va);
1434 + if (len > sizeof(sbuf) - 1) {
1435 + /* Add one to the string length to accommodate the NULL byte */
1436 + size_t buf_len = len + 1;
1438 + buf = ast_malloc(buf_len);
1442 + va_start(va, fmt);
1443 + len2 = vsnprintf(buf, buf_len, fmt, va);
1445 + if (len2 != len) {
1450 + if (ast_iostream_write(stream, buf, len) == len)
1454 + if (buf != sbuf) {
1461 +int ast_iostream_close(struct ast_iostream *stream)
1468 + if (stream->fd != -1) {
1469 +#if defined(DO_SSL)
1470 + if (stream->ssl) {
1474 + * According to the TLS standard, it is acceptable for an
1475 + * application to only send its shutdown alert and then
1476 + * close the underlying connection without waiting for
1477 + * the peer's response (this way resources can be saved,
1478 + * as the process can already terminate or serve another
1481 + res = SSL_shutdown(stream->ssl);
1483 + int sslerr = SSL_get_error(stream->ssl, res);
1485 + ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n",
1486 + ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
1489 + if (!stream->ssl->server) {
1490 + /* For client threads, ensure that the error stack is cleared */
1491 + ERR_remove_state(0);
1494 + SSL_free(stream->ssl);
1495 + stream->ssl = NULL;
1497 +#endif /* defined(DO_SSL) */
1500 + * Issuing shutdown() is necessary here to avoid a race
1501 + * condition where the last data written may not appear
1502 + * in the TCP stream. See ASTERISK-23548
1504 + shutdown(stream->fd, SHUT_RDWR);
1505 + if (close(stream->fd)) {
1506 + ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
1510 + ao2_t_ref(stream, -1, "Closed ast_iostream");
1515 +static void iostream_dtor(void *cookie)
1518 + /* Since the ast_assert below is the only one using stream,
1519 + * and ast_assert is only available with AST_DEVMODE, we
1520 + * put this in a conditional to avoid compiler warnings. */
1521 + struct ast_iostream *stream = cookie;
1524 + ast_assert(stream->fd == -1);
1527 +struct ast_iostream *ast_iostream_from_fd(int *fd)
1529 + struct ast_iostream *stream;
1531 + stream = ao2_alloc_options(sizeof(*stream), iostream_dtor,
1532 + AO2_ALLOC_OPT_LOCK_NOLOCK);
1534 + stream->timeout = -1;
1535 + stream->timeout_reset = -1;
1543 +int ast_iostream_start_tls(struct ast_iostream **pstream, SSL_CTX *ssl_ctx, int client)
1546 + struct ast_iostream *stream = *pstream;
1547 + int (*ssl_setup)(SSL *) = client ? SSL_connect : SSL_accept;
1550 + stream->ssl = SSL_new(ssl_ctx);
1551 + if (!stream->ssl) {
1552 + ast_log(LOG_ERROR, "Unable to create new SSL connection\n");
1558 + * This function takes struct ast_iostream **, so it can chain
1559 + * SSL over any ast_iostream. For now we assume it's a file descriptor.
1560 + * But later this should instead use BIO wrapper to tie SSL to another
1563 + SSL_set_fd(stream->ssl, stream->fd);
1565 + res = ssl_setup(stream->ssl);
1567 + int sslerr = SSL_get_error(stream->ssl, res);
1570 + ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n",
1571 + ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
1578 + ast_log(LOG_ERROR, "SSL not enabled in this build\n");
1583 --- a/main/manager.c
1584 +++ b/main/manager.c
1585 @@ -1543,8 +1543,7 @@ static void acl_change_stasis_unsubscrib
1586 struct mansession_session {
1587 /*! \todo XXX need to document which fields it is protecting */
1588 struct ast_sockaddr addr; /*!< address we are connecting from */
1589 - FILE *f; /*!< fdopen() on the underlying fd */
1590 - int fd; /*!< descriptor used for output. Either the socket (AMI) or a temporary file (HTTP) */
1591 + struct ast_iostream *stream; /*!< AMI stream */
1592 int inuse; /*!< number of HTTP sessions using this entry */
1593 int needdestroy; /*!< Whether an HTTP session should be destroyed */
1594 pthread_t waiting_thread; /*!< Sleeping thread using this descriptor */
1595 @@ -1586,9 +1585,8 @@ enum mansession_message_parsing {
1598 struct mansession_session *session;
1599 + struct ast_iostream *stream;
1600 struct ast_tcptls_session_instance *tcptls_session;
1603 enum mansession_message_parsing parsing;
1605 struct manager_custom_hook *hook;
1606 @@ -2160,10 +2158,6 @@ static void session_destructor(void *obj
1607 ast_datastore_free(datastore);
1610 - if (session->f != NULL) {
1611 - fflush(session->f);
1612 - fclose(session->f);
1615 ast_atomic_fetchadd_int(&eqe->usecount, -1);
1617 @@ -2198,7 +2192,6 @@ static struct mansession_session *build_
1621 - newsession->fd = -1;
1622 newsession->waiting_thread = AST_PTHREADT_NULL;
1623 newsession->writetimeout = 100;
1624 newsession->send_events = -1;
1625 @@ -2611,7 +2604,7 @@ static char *handle_showmanconn(struct a
1626 ast_sockaddr_stringify_addr(&session->addr),
1627 (int) (session->sessionstart),
1628 (int) (now - session->sessionstart),
1630 + session->stream ? ast_iostream_get_fd(session->stream) : -1,
1633 session->writeperm);
1634 @@ -2883,7 +2876,6 @@ int ast_hook_send_action(struct manager_
1635 * This is necessary to meet the previous design of manager.c
1638 - s.f = (void*)1; /* set this to something so our request will make it through all functions that test it*/
1640 ao2_lock(act_found);
1641 if (act_found->registered && act_found->func) {
1642 @@ -2914,9 +2906,8 @@ int ast_hook_send_action(struct manager_
1644 static int send_string(struct mansession *s, char *string)
1647 - FILE *f = s->f ? s->f : s->session->f;
1648 - int fd = s->f ? s->fd : s->session->fd;
1649 + struct ast_iostream *stream = s->stream ? s->stream : s->session->stream;
1652 /* It's a result from one of the hook's action invocation */
1654 @@ -2928,7 +2919,12 @@ static int send_string(struct mansession
1658 - if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
1659 + len = strlen(string);
1660 + ast_iostream_set_timeout_inactivity(stream, s->session->writetimeout);
1661 + res = ast_iostream_write(stream, string, len);
1662 + ast_iostream_set_timeout_disable(stream);
1668 @@ -2969,10 +2965,10 @@ void astman_append(struct mansession *s,
1672 - if (s->f != NULL || s->session->f != NULL) {
1673 + if (s->tcptls_session != NULL && s->tcptls_session->stream != NULL) {
1674 send_string(s, ast_str_buffer(buf));
1676 - ast_verbose("fd == -1 in astman_append, should not happen\n");
1677 + ast_verbose("No connection stream in astman_append, should not happen\n");
1681 @@ -4113,7 +4109,7 @@ static int action_waitevent(struct manse
1684 if (s->session->managerid == 0) { /* AMI session */
1685 - if (ast_wait_for_input(s->session->fd, 1000)) {
1686 + if (ast_wait_for_input(ast_iostream_get_fd(s->session->stream), 1000)) {
1689 } else { /* HTTP session */
1690 @@ -5896,7 +5892,7 @@ static int process_events(struct mansess
1693 ao2_lock(s->session);
1694 - if (s->session->f != NULL) {
1695 + if (s->session->stream != NULL) {
1696 struct eventqent *eqe = s->session->last_ev;
1698 while ((eqe = advance_event(eqe))) {
1699 @@ -6436,7 +6432,7 @@ static int get_input(struct mansession *
1700 s->session->waiting_thread = pthread_self();
1701 ao2_unlock(s->session);
1703 - res = ast_wait_for_input(s->session->fd, timeout);
1704 + res = ast_wait_for_input(ast_iostream_get_fd(s->session->stream), timeout);
1706 ao2_lock(s->session);
1707 s->session->waiting_thread = AST_PTHREADT_NULL;
1708 @@ -6454,13 +6450,7 @@ static int get_input(struct mansession *
1711 ao2_lock(s->session);
1713 - * It is worth noting here that you can all but ignore fread()'s documentation
1714 - * for the purposes of this call. The FILE * we are working with here was created
1715 - * as a result of a call to fopencookie() (or equivalent) in tcptls.c, and as such
1716 - * the behavior of fread() is not as documented. Frankly, I think this is gross.
1718 - res = fread(src + s->session->inlen, 1, maxlen - s->session->inlen, s->session->f);
1719 + res = ast_iostream_read(s->session->stream, src + s->session->inlen, maxlen - s->session->inlen);
1721 res = -1; /* error return */
1723 @@ -6598,7 +6588,7 @@ static void *session_do(void *data)
1724 struct ast_sockaddr ser_remote_address_tmp;
1726 if (ast_atomic_fetchadd_int(&unauth_sessions, +1) >= authlimit) {
1728 + ast_iostream_close(ser->stream);
1729 ast_atomic_fetchadd_int(&unauth_sessions, -1);
1732 @@ -6607,7 +6597,7 @@ static void *session_do(void *data)
1733 session = build_mansession(&ser_remote_address_tmp);
1735 if (session == NULL) {
1737 + ast_iostream_close(ser->stream);
1738 ast_atomic_fetchadd_int(&unauth_sessions, -1);
1741 @@ -6615,14 +6605,10 @@ static void *session_do(void *data)
1742 /* here we set TCP_NODELAY on the socket to disable Nagle's algorithm.
1743 * This is necessary to prevent delays (caused by buffering) as we
1744 * write to the socket in bits and pieces. */
1745 - if (setsockopt(ser->fd, IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
1746 + if (setsockopt(ast_iostream_get_fd(ser->stream), IPPROTO_TCP, TCP_NODELAY, (char *) &flags, sizeof(flags)) < 0) {
1747 ast_log(LOG_WARNING, "Failed to set TCP_NODELAY on manager connection: %s\n", strerror(errno));
1750 - /* make sure socket is non-blocking */
1751 - flags = fcntl(ser->fd, F_GETFL);
1752 - flags |= O_NONBLOCK;
1753 - fcntl(ser->fd, F_SETFL, flags);
1754 + ast_iostream_nonblock(ser->stream);
1757 /* Hook to the tail of the event queue */
1758 @@ -6631,8 +6617,7 @@ static void *session_do(void *data)
1759 ast_mutex_init(&s.lock);
1761 /* these fields duplicate those in the 'ser' structure */
1762 - session->fd = s.fd = ser->fd;
1763 - session->f = s.f = ser->f;
1764 + session->stream = s.stream = ser->stream;
1765 ast_sockaddr_copy(&session->addr, &ser_remote_address_tmp);
1766 s.session = session;
1768 @@ -6651,9 +6636,9 @@ static void *session_do(void *data)
1769 * We cannot let the stream exclusively wait for data to arrive.
1770 * We have to wake up the task to send async events.
1772 - ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
1773 + ast_iostream_set_exclusive_input(ser->stream, 0);
1775 - ast_tcptls_stream_set_timeout_sequence(ser->stream_cookie,
1776 + ast_iostream_set_timeout_sequence(ser->stream,
1777 ast_tvnow(), authtimeout * 1000);
1779 astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
1780 @@ -6662,7 +6647,7 @@ static void *session_do(void *data)
1783 if (session->authenticated) {
1784 - ast_tcptls_stream_set_timeout_disable(ser->stream_cookie);
1785 + ast_iostream_set_timeout_disable(ser->stream);
1788 /* session is over, explain why and terminate */
1789 @@ -7522,23 +7507,9 @@ static void xml_translate(struct ast_str
1791 static void close_mansession_file(struct mansession *s)
1794 - if (fclose(s->f)) {
1795 - ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
1799 - } else if (s->fd != -1) {
1801 - * Issuing shutdown() is necessary here to avoid a race
1802 - * condition where the last data written may not appear
1803 - * in the TCP stream. See ASTERISK-23548
1805 - shutdown(s->fd, SHUT_RDWR);
1806 - if (close(s->fd)) {
1807 - ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
1811 + ast_iostream_close(s->stream);
1814 ast_log(LOG_ERROR, "Attempted to close file/file descriptor on mansession without a valid file or file descriptor.\n");
1816 @@ -7547,17 +7518,20 @@ static void close_mansession_file(struct
1817 static void process_output(struct mansession *s, struct ast_str **out, struct ast_variable *params, enum output_format format)
1828 /* Ensure buffer is NULL-terminated */
1829 - fprintf(s->f, "%c", 0);
1831 + ast_iostream_write(s->stream, "", 1);
1833 + fd = ast_iostream_get_fd(s->stream);
1835 - if ((l = ftell(s->f)) > 0) {
1836 - if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) {
1837 + l = lseek(fd, SEEK_CUR, 0);
1839 + if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0))) {
1840 ast_log(LOG_WARNING, "mmap failed. Manager output was not processed\n");
1842 if (format == FORMAT_XML || format == FORMAT_HTML) {
1843 @@ -7584,6 +7558,7 @@ static int generic_http_callback(struct
1844 struct mansession s = { .session = NULL, .tcptls_session = ser };
1845 struct mansession_session *session = NULL;
1849 struct ast_variable *v;
1850 struct ast_variable *params = get_params;
1851 @@ -7639,17 +7614,17 @@ static int generic_http_callback(struct
1854 s.session = session;
1855 - s.fd = mkstemp(template); /* create a temporary file for command output */
1856 + fd = mkstemp(template); /* create a temporary file for command output */
1860 ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
1861 goto generic_callback_out;
1863 - s.f = fdopen(s.fd, "w+");
1865 + s.stream = ast_iostream_from_fd(&fd);
1867 ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
1868 ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
1871 goto generic_callback_out;
1874 @@ -7789,9 +7764,9 @@ generic_callback_out:
1876 session_destroy(session);
1879 - fclose(session->f);
1880 - session->f = NULL;
1881 + if (session->stream) {
1882 + ast_iostream_close(session->stream);
1883 + session->stream = NULL;
1885 unref_mansession(session);
1887 @@ -7816,6 +7791,7 @@ static int auth_http_callback(struct ast
1888 struct message m = { 0 };
1893 time_t time_now = time(NULL);
1894 unsigned long nonce = 0, nc;
1895 @@ -7994,17 +7970,17 @@ static int auth_http_callback(struct ast
1897 ast_mutex_init(&s.lock);
1898 s.session = session;
1899 - s.fd = mkstemp(template); /* create a temporary file for command output */
1900 + fd = mkstemp(template); /* create a temporary file for command output */
1904 ast_http_error(ser, 500, "Server Error", "Internal Server Error (mkstemp failed)");
1905 goto auth_callback_out;
1907 - s.f = fdopen(s.fd, "w+");
1909 + s.stream = ast_iostream_from_fd(&fd);
1911 ast_log(LOG_WARNING, "HTTP Manager, fdopen failed: %s!\n", strerror(errno));
1912 ast_http_error(ser, 500, "Server Error", "Internal Server Error (fdopen failed)");
1915 goto auth_callback_out;
1918 @@ -8055,7 +8031,7 @@ static int auth_http_callback(struct ast
1919 m.headers[idx] = NULL;
1922 - result_size = ftell(s.f); /* Calculate approx. size of result */
1923 + result_size = lseek(ast_iostream_get_fd(s.stream), SEEK_CUR, 0); /* Calculate approx. size of result */
1925 http_header = ast_str_create(80);
1926 out = ast_str_create(result_size * 2 + 512);
1927 @@ -8107,11 +8083,10 @@ auth_callback_out:
1932 - fclose(session->f);
1933 + if (session->stream) {
1934 + ast_iostream_close(session->stream);
1935 + session->stream = NULL;
1937 - session->f = NULL;
1939 ao2_unlock(session);
1941 if (session->needdestroy) {
1944 @@ -52,559 +52,13 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi
1945 #include "asterisk/pbx.h"
1946 #include "asterisk/app.h"
1948 -/*! ao2 object used for the FILE stream fopencookie()/funopen() cookie. */
1949 -struct ast_tcptls_stream {
1950 - /*! SSL state if not NULL */
1953 - * \brief Start time from when an I/O sequence must complete
1954 - * by struct ast_tcptls_stream.timeout.
1956 - * \note If struct ast_tcptls_stream.start.tv_sec is zero then
1957 - * start time is the current I/O request.
1959 - struct timeval start;
1961 - * \brief The socket returned by accept().
1963 - * \note Set to -1 if the stream is closed.
1967 - * \brief Timeout in ms relative to struct ast_tcptls_stream.start
1968 - * to wait for an event on struct ast_tcptls_stream.fd.
1970 - * \note Set to -1 to disable timeout.
1971 - * \note The socket needs to be set to non-blocking for the timeout
1972 - * feature to work correctly.
1975 - /*! TRUE if stream can exclusively wait for fd input. */
1976 - int exclusive_input;
1979 -#if defined(DO_SSL)
1980 -AST_THREADSTORAGE(err2str_threadbuf);
1981 -#define ERR2STR_BUFSIZE 128
1983 -static const char *ssl_error_to_string(int sslerr, int ret)
1986 - case SSL_ERROR_SSL:
1987 - return "Internal SSL error";
1988 - case SSL_ERROR_SYSCALL:
1990 - return "System call EOF";
1991 - } else if (ret == -1) {
1994 - buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE);
1999 - snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno));
2002 - return "System call other";
2012 -void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
2014 - ast_assert(stream != NULL);
2016 - stream->timeout = -1;
2019 -void ast_tcptls_stream_set_timeout_inactivity(struct ast_tcptls_stream *stream, int timeout)
2021 - ast_assert(stream != NULL);
2023 - stream->start.tv_sec = 0;
2024 - stream->timeout = timeout;
2027 -void ast_tcptls_stream_set_timeout_sequence(struct ast_tcptls_stream *stream, struct timeval start, int timeout)
2029 - ast_assert(stream != NULL);
2031 - stream->start = start;
2032 - stream->timeout = timeout;
2035 -void ast_tcptls_stream_set_exclusive_input(struct ast_tcptls_stream *stream, int exclusive_input)
2037 - ast_assert(stream != NULL);
2039 - stream->exclusive_input = exclusive_input;
2044 - * \brief fopencookie()/funopen() stream read function.
2046 - * \param cookie Stream control data.
2047 - * \param buf Where to put read data.
2048 - * \param size Size of the buffer.
2050 - * \retval number of bytes put into buf.
2051 - * \retval 0 on end of file.
2052 - * \retval -1 on error.
2054 -static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
2056 - struct ast_tcptls_stream *stream = cookie;
2057 - struct timeval start;
2062 - /* You asked for no data you got no data. */
2066 - if (!stream || stream->fd == -1) {
2071 - if (stream->start.tv_sec) {
2072 - start = stream->start;
2074 - start = ast_tvnow();
2077 -#if defined(DO_SSL)
2078 - if (stream->ssl) {
2083 - res = SSL_read(stream->ssl, buf, size);
2085 - /* We read some payload data. */
2089 - sslerr = SSL_get_error(stream->ssl, res);
2091 - case SSL_ERROR_ZERO_RETURN:
2092 - /* Report EOF for a shutdown */
2093 - ast_debug(1, "TLS clean shutdown alert reading data\n");
2095 - case SSL_ERROR_WANT_READ:
2096 - if (!stream->exclusive_input) {
2097 - /* We cannot wait for data now. */
2101 - while ((ms = ast_remaining_ms(start, stream->timeout))) {
2102 - res = ast_wait_for_input(stream->fd, ms);
2104 - /* Socket is ready to be read. */
2108 - if (errno == EINTR || errno == EAGAIN) {
2112 - ast_debug(1, "TLS socket error waiting for read data: %s\n",
2118 - case SSL_ERROR_WANT_WRITE:
2119 - while ((ms = ast_remaining_ms(start, stream->timeout))) {
2120 - res = ast_wait_for_output(stream->fd, ms);
2122 - /* Socket is ready to be written. */
2126 - if (errno == EINTR || errno == EAGAIN) {
2130 - ast_debug(1, "TLS socket error waiting for write space: %s\n",
2137 - /* Report EOF for an undecoded SSL or transport error. */
2138 - ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
2139 - ssl_error_to_string(sslerr, res));
2143 - /* Report EOF for a timeout */
2144 - ast_debug(1, "TLS timeout reading data\n");
2149 -#endif /* defined(DO_SSL) */
2152 - res = read(stream->fd, buf, size);
2153 - if (0 <= res || !stream->exclusive_input) {
2154 - /* Got data or we cannot wait for it. */
2157 - if (errno != EINTR && errno != EAGAIN) {
2158 - /* Not a retryable error. */
2159 - ast_debug(1, "TCP socket error reading data: %s\n",
2163 - ms = ast_remaining_ms(start, stream->timeout);
2165 - /* Report EOF for a timeout */
2166 - ast_debug(1, "TCP timeout reading data\n");
2169 - ast_wait_for_input(stream->fd, ms);
2175 - * \brief fopencookie()/funopen() stream write function.
2177 - * \param cookie Stream control data.
2178 - * \param buf Where to get data to write.
2179 - * \param size Size of the buffer.
2181 - * \retval number of bytes written from buf.
2182 - * \retval -1 on error.
2184 -static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
2186 - struct ast_tcptls_stream *stream = cookie;
2187 - struct timeval start;
2194 - /* You asked to write no data you wrote no data. */
2198 - if (!stream || stream->fd == -1) {
2203 - if (stream->start.tv_sec) {
2204 - start = stream->start;
2206 - start = ast_tvnow();
2209 -#if defined(DO_SSL)
2210 - if (stream->ssl) {
2217 - res = SSL_write(stream->ssl, buf + written, remaining);
2218 - if (res == remaining) {
2219 - /* Everything was written. */
2223 - /* Successfully wrote part of the buffer. Try to write the rest. */
2228 - sslerr = SSL_get_error(stream->ssl, res);
2230 - case SSL_ERROR_ZERO_RETURN:
2231 - ast_debug(1, "TLS clean shutdown alert writing data\n");
2233 - /* Report partial write. */
2238 - case SSL_ERROR_WANT_READ:
2239 - ms = ast_remaining_ms(start, stream->timeout);
2241 - /* Report partial write. */
2242 - ast_debug(1, "TLS timeout writing data (want read)\n");
2245 - ast_wait_for_input(stream->fd, ms);
2247 - case SSL_ERROR_WANT_WRITE:
2248 - ms = ast_remaining_ms(start, stream->timeout);
2250 - /* Report partial write. */
2251 - ast_debug(1, "TLS timeout writing data (want write)\n");
2254 - ast_wait_for_output(stream->fd, ms);
2257 - /* Undecoded SSL or transport error. */
2258 - ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err),
2259 - ssl_error_to_string(sslerr, res));
2261 - /* Report partial write. */
2269 -#endif /* defined(DO_SSL) */
2274 - res = write(stream->fd, buf + written, remaining);
2275 - if (res == remaining) {
2276 - /* Yay everything was written. */
2280 - /* Successfully wrote part of the buffer. Try to write the rest. */
2285 - if (errno != EINTR && errno != EAGAIN) {
2286 - /* Not a retryable error. */
2287 - ast_debug(1, "TCP socket error writing: %s\n", strerror(errno));
2293 - ms = ast_remaining_ms(start, stream->timeout);
2295 - /* Report partial write. */
2296 - ast_debug(1, "TCP timeout writing data\n");
2299 - ast_wait_for_output(stream->fd, ms);
2305 - * \brief fopencookie()/funopen() stream close function.
2307 - * \param cookie Stream control data.
2309 - * \retval 0 on success.
2310 - * \retval -1 on error.
2312 -static int tcptls_stream_close(void *cookie)
2314 - struct ast_tcptls_stream *stream = cookie;
2321 - if (stream->fd != -1) {
2322 -#if defined(DO_SSL)
2323 - if (stream->ssl) {
2327 - * According to the TLS standard, it is acceptable for an
2328 - * application to only send its shutdown alert and then
2329 - * close the underlying connection without waiting for
2330 - * the peer's response (this way resources can be saved,
2331 - * as the process can already terminate or serve another
2334 - res = SSL_shutdown(stream->ssl);
2336 - int sslerr = SSL_get_error(stream->ssl, res);
2339 - ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n",
2340 - ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
2343 -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
2344 - if (!SSL_is_server(stream->ssl)) {
2346 - if (!stream->ssl->server) {
2348 - /* For client threads, ensure that the error stack is cleared */
2349 -#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
2350 -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10000000L
2351 - ERR_remove_thread_state(NULL);
2353 - ERR_remove_state(0);
2354 -#endif /* openssl == 1.0 */
2355 -#endif /* openssl < 1.1 */
2358 - SSL_free(stream->ssl);
2359 - stream->ssl = NULL;
2361 -#endif /* defined(DO_SSL) */
2364 - * Issuing shutdown() is necessary here to avoid a race
2365 - * condition where the last data written may not appear
2366 - * in the TCP stream. See ASTERISK-23548
2368 - shutdown(stream->fd, SHUT_RDWR);
2369 - if (close(stream->fd)) {
2370 - ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
2374 - ao2_t_ref(stream, -1, "Closed tcptls stream cookie");
2381 - * \brief fopencookie()/funopen() stream destructor function.
2383 - * \param cookie Stream control data.
2387 -static void tcptls_stream_dtor(void *cookie)
2390 - /* Since the ast_assert below is the only one using stream,
2391 - * and ast_assert is only available with AST_DEVMODE, we
2392 - * put this in a conditional to avoid compiler warnings. */
2393 - struct ast_tcptls_stream *stream = cookie;
2396 - ast_assert(stream->fd == -1);
2401 - * \brief fopencookie()/funopen() stream allocation function.
2403 - * \retval stream_cookie on success.
2404 - * \retval NULL on error.
2406 -static struct ast_tcptls_stream *tcptls_stream_alloc(void)
2408 - struct ast_tcptls_stream *stream;
2410 - stream = ao2_alloc_options(sizeof(*stream), tcptls_stream_dtor,
2411 - AO2_ALLOC_OPT_LOCK_NOLOCK);
2414 - stream->timeout = -1;
2421 - * \brief Open a custom FILE stream for tcptls.
2423 - * \param stream Stream cookie control data.
2424 - * \param ssl SSL state if not NULL.
2425 - * \param fd Socket file descriptor.
2426 - * \param timeout ms to wait for an event on fd. -1 if timeout disabled.
2428 - * \retval fp on success.
2429 - * \retval NULL on error.
2431 -static FILE *tcptls_stream_fopen(struct ast_tcptls_stream *stream, SSL *ssl, int fd, int timeout)
2435 -#if defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
2436 - static const cookie_io_functions_t cookie_funcs = {
2437 - tcptls_stream_read,
2438 - tcptls_stream_write,
2440 - tcptls_stream_close
2442 -#endif /* defined(HAVE_FOPENCOOKIE) */
2445 - /* Socket not open. */
2449 - stream->ssl = ssl;
2451 - stream->timeout = timeout;
2452 - ao2_t_ref(stream, +1, "Opening tcptls stream cookie");
2454 -#if defined(HAVE_FUNOPEN) /* the BSD interface */
2455 - fp = funopen(stream, tcptls_stream_read, tcptls_stream_write, NULL,
2456 - tcptls_stream_close);
2457 -#elif defined(HAVE_FOPENCOOKIE) /* the glibc/linux interface */
2458 - fp = fopencookie(stream, "w+", cookie_funcs);
2460 - /* could add other methods here */
2461 - ast_debug(2, "No stream FILE methods attempted!\n");
2467 - ao2_t_ref(stream, -1, "Failed to open tcptls stream cookie");
2472 -HOOK_T ast_tcptls_server_read(struct ast_tcptls_session_instance *tcptls_session, void *buf, size_t count)
2474 - if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
2475 - ast_log(LOG_ERROR, "TCP/TLS read called on invalid stream.\n");
2480 - return tcptls_stream_read(tcptls_session->stream_cookie, buf, count);
2483 -HOOK_T ast_tcptls_server_write(struct ast_tcptls_session_instance *tcptls_session, const void *buf, size_t count)
2485 - if (!tcptls_session->stream_cookie || tcptls_session->stream_cookie->fd == -1) {
2486 - ast_log(LOG_ERROR, "TCP/TLS write called on invalid stream.\n");
2491 - return tcptls_stream_write(tcptls_session->stream_cookie, buf, count);
2494 static void session_instance_destructor(void *obj)
2496 struct ast_tcptls_session_instance *i = obj;
2498 - if (i->stream_cookie) {
2499 - ao2_t_ref(i->stream_cookie, -1, "Destroying tcptls session instance");
2500 - i->stream_cookie = NULL;
2502 + ast_iostream_close(i->stream);
2505 ast_free(i->overflow_buf);
2506 ao2_cleanup(i->private_data);
2507 @@ -650,8 +104,7 @@ static void *handle_tcptls_connection(vo
2509 struct ast_tcptls_session_instance *tcptls_session = data;
2511 - int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept;
2516 /* TCP/TLS connections are associated with external protocols, and
2517 @@ -666,127 +119,94 @@ static void *handle_tcptls_connection(vo
2521 - tcptls_session->stream_cookie = tcptls_stream_alloc();
2522 - if (!tcptls_session->stream_cookie) {
2523 - ast_tcptls_close_session_file(tcptls_session);
2524 - ao2_ref(tcptls_session, -1);
2527 + if (tcptls_session->parent->tls_cfg) {
2529 + if (ast_iostream_start_tls(&tcptls_session->stream, tcptls_session->parent->tls_cfg->ssl_ctx, tcptls_session->client) < 0) {
2530 + ast_tcptls_close_session_file(tcptls_session);
2531 + ao2_ref(tcptls_session, -1);
2536 - * open a FILE * as appropriate.
2538 - if (!tcptls_session->parent->tls_cfg) {
2539 - tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie, NULL,
2540 - tcptls_session->fd, -1);
2541 - if (tcptls_session->f) {
2542 - if (setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
2543 + ssl = ast_iostream_get_ssl(tcptls_session->stream);
2544 + if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
2545 + || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
2548 + peer = SSL_get_peer_certificate(ssl);
2550 + ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
2551 ast_tcptls_close_session_file(tcptls_session);
2552 + ao2_ref(tcptls_session, -1);
2558 - else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
2559 - SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
2560 - if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
2562 - int sslerr = SSL_get_error(tcptls_session->ssl, ret);
2564 - ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ERR_error_string(sslerr, err),
2565 - ssl_error_to_string(sslerr, ret));
2566 - } else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie,
2567 - tcptls_session->ssl, tcptls_session->fd, -1))) {
2568 - if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
2569 - || (!tcptls_session->client && ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_VERIFY_CLIENT))) {
2572 - peer = SSL_get_peer_certificate(tcptls_session->ssl);
2574 - ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
2575 - ast_tcptls_close_session_file(tcptls_session);
2576 - ao2_ref(tcptls_session, -1);
2580 - res = SSL_get_verify_result(tcptls_session->ssl);
2581 - if (res != X509_V_OK) {
2582 - ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
2584 - ast_tcptls_close_session_file(tcptls_session);
2585 - ao2_ref(tcptls_session, -1);
2587 + res = SSL_get_verify_result(ssl);
2588 + if (res != X509_V_OK) {
2589 + ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
2591 + ast_tcptls_close_session_file(tcptls_session);
2592 + ao2_ref(tcptls_session, -1);
2595 + if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
2597 + X509_NAME *name = X509_get_subject_name(peer);
2598 + STACK_OF(GENERAL_NAME) *alt_names;
2603 + /* Walk the certificate to check all available "Common Name" */
2604 + /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
2605 + pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
2609 + str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
2610 + if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
2615 - if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
2617 - X509_NAME *name = X509_get_subject_name(peer);
2618 - STACK_OF(GENERAL_NAME) *alt_names;
2623 - /* Walk the certificate to check all available "Common Name" */
2624 - /* XXX Probably should do a gethostbyname on the hostname and compare that as well */
2625 - pos = X509_NAME_get_index_by_NID(name, NID_commonName, pos);
2630 - str = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, pos));
2631 - if (!check_tcptls_cert_name(str, tcptls_session->parent->hostname, "common name")) {
2637 + alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
2638 + if (alt_names != NULL) {
2639 + int alt_names_count = sk_GENERAL_NAME_num(alt_names);
2641 + for (pos = 0; pos < alt_names_count; pos++) {
2642 + const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
2645 - alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
2646 - if (alt_names != NULL) {
2647 - int alt_names_count = sk_GENERAL_NAME_num(alt_names);
2649 - for (pos = 0; pos < alt_names_count; pos++) {
2650 - const GENERAL_NAME *alt_name = sk_GENERAL_NAME_value(alt_names, pos);
2652 - if (alt_name->type != GEN_DNS) {
2656 - if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
2660 + if (alt_name->type != GEN_DNS) {
2664 - sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
2665 + if (!check_tcptls_cert_name(alt_name->d.dNSName, tcptls_session->parent->hostname, "alt name")) {
2673 - ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
2675 - ast_tcptls_close_session_file(tcptls_session);
2676 - ao2_ref(tcptls_session, -1);
2678 + sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
2684 + ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
2686 + ast_tcptls_close_session_file(tcptls_session);
2687 + ao2_ref(tcptls_session, -1);
2693 - if (!tcptls_session->f) { /* no success opening descriptor stacking */
2694 - SSL_free(tcptls_session->ssl);
2697 -#endif /* DO_SSL */
2699 - if (!tcptls_session->f) {
2701 + ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
2702 ast_tcptls_close_session_file(tcptls_session);
2703 - ast_log(LOG_WARNING, "FILE * open failed!\n");
2705 - if (tcptls_session->parent->tls_cfg) {
2706 - ast_log(LOG_ERROR, "Attempted a TLS connection without OpenSSL support. This will not work!\n");
2709 ao2_ref(tcptls_session, -1);
2711 +#endif /* DO_SSL */
2714 if (tcptls_session->parent->worker_fn) {
2715 @@ -845,7 +265,13 @@ void *ast_tcptls_server_root(void *data)
2717 flags = fcntl(fd, F_GETFL);
2718 fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
2719 - tcptls_session->fd = fd;
2721 + tcptls_session->stream = ast_iostream_from_fd(&fd);
2722 + if (!tcptls_session->stream) {
2723 + ast_log(LOG_WARNING, "No memory for new session iostream\n");
2727 tcptls_session->parent = desc;
2728 ast_sockaddr_copy(&tcptls_session->remote_address, &addr);
2730 @@ -1094,7 +520,7 @@ client_start_error:
2732 struct ast_tcptls_session_instance *ast_tcptls_client_create(struct ast_tcptls_session_args *desc)
2736 struct ast_tcptls_session_instance *tcptls_session = NULL;
2738 /* Do nothing if nothing has changed */
2739 @@ -1110,8 +536,8 @@ struct ast_tcptls_session_instance *ast_
2740 close(desc->accept_fd);
2743 - desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
2744 - AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
2745 + fd = desc->accept_fd = socket(ast_sockaddr_is_ipv6(&desc->remote_address) ?
2746 + AF_INET6 : AF_INET, SOCK_STREAM, IPPROTO_TCP);
2747 if (desc->accept_fd < 0) {
2748 ast_log(LOG_ERROR, "Unable to allocate socket for %s: %s\n",
2749 desc->name, strerror(errno));
2750 @@ -1141,7 +567,11 @@ struct ast_tcptls_session_instance *ast_
2753 tcptls_session->client = 1;
2754 - tcptls_session->fd = desc->accept_fd;
2755 + tcptls_session->stream = ast_iostream_from_fd(&fd);
2756 + if (!tcptls_session->stream) {
2760 tcptls_session->parent = desc;
2761 tcptls_session->parent->worker_fn = NULL;
2762 ast_sockaddr_copy(&tcptls_session->remote_address,
2763 @@ -1301,24 +731,9 @@ error:
2765 void ast_tcptls_close_session_file(struct ast_tcptls_session_instance *tcptls_session)
2767 - if (tcptls_session->f) {
2768 - fflush(tcptls_session->f);
2769 - if (fclose(tcptls_session->f)) {
2770 - ast_log(LOG_ERROR, "fclose() failed: %s\n", strerror(errno));
2772 - tcptls_session->f = NULL;
2773 - tcptls_session->fd = -1;
2774 - } else if (tcptls_session->fd != -1) {
2776 - * Issuing shutdown() is necessary here to avoid a race
2777 - * condition where the last data written may not appear
2778 - * in the TCP stream. See ASTERISK-23548
2780 - shutdown(tcptls_session->fd, SHUT_RDWR);
2781 - if (close(tcptls_session->fd)) {
2782 - ast_log(LOG_ERROR, "close() failed: %s\n", strerror(errno));
2784 - tcptls_session->fd = -1;
2785 + if (tcptls_session->stream) {
2786 + ast_iostream_close(tcptls_session->stream);
2787 + tcptls_session->stream = NULL;
2789 ast_log(LOG_ERROR, "ast_tcptls_close_session_file invoked on session instance without file or file descriptor\n");
2793 @@ -1437,74 +1437,6 @@ int ast_carefulwrite(int fd, char *s, in
2797 -int ast_careful_fwrite(FILE *f, int fd, const char *src, size_t len, int timeoutms)
2799 - struct timeval start = ast_tvnow();
2804 - if (wait_for_output(fd, timeoutms - elapsed)) {
2805 - /* poll returned a fatal error, so bail out immediately. */
2809 - /* Clear any errors from a previous write */
2812 - n = fwrite(src, 1, len, f);
2814 - if (ferror(f) && errno != EINTR && errno != EAGAIN) {
2815 - /* fatal error from fwrite() */
2816 - if (errno == EPIPE) {
2817 - ast_debug(1, "fwrite() failed due to reading end being closed: EPIPE\n");
2818 - } else if (!feof(f)) {
2819 - /* Don't spam the logs if it was just that the connection is closed. */
2820 - ast_log(LOG_ERROR, "fwrite() returned error: %s\n", strerror(errno));
2826 - /* Update for data already written to the socket */
2830 - elapsed = ast_tvdiff_ms(ast_tvnow(), start);
2831 - if (elapsed >= timeoutms) {
2832 - /* We've taken too long to write
2833 - * This is only an error condition if we haven't finished writing. */
2840 - while (fflush(f)) {
2841 - if (errno == EAGAIN || errno == EINTR) {
2842 - /* fflush() does not appear to reset errno if it flushes
2843 - * and reaches EOF at the same time. It returns EOF with
2844 - * the last seen value of errno, causing a possible loop.
2845 - * Also usleep() to reduce CPU eating if it does loop */
2850 - if (errno && !feof(f)) {
2851 - if (errno == EPIPE) {
2852 - ast_debug(1, "fflush() failed due to reading end being closed: EPIPE\n");
2854 - /* Don't spam the logs if it was just that the connection is closed. */
2855 - ast_log(LOG_ERROR, "fflush() returned error: %s\n", strerror(errno));
2862 - return n < 0 ? -1 : 0;
2865 char *ast_strip_quoted(char *s, const char *beg_quotes, const char *end_quotes)
2868 --- a/res/res_http_post.c
2869 +++ b/res/res_http_post.c
2870 @@ -213,7 +213,7 @@ static int find_sequence(char * inbuf, i
2871 * This function has two modes. The first to find a boundary marker. The
2872 * second is to find the filename immediately after the boundary.
2874 -static int readmimefile(FILE *fin, FILE *fout, char *boundary, int contentlen)
2875 +static int readmimefile(struct ast_iostream *in, FILE *fout, char *boundary, int contentlen)
2877 int find_filename = 0;
2879 @@ -224,7 +224,7 @@ static int readmimefile(FILE *fin, FILE
2881 char * path_end, * path_start, * filespec;
2883 - if (NULL == fin || NULL == fout || NULL == boundary || 0 >= contentlen) {
2884 + if (NULL == in || NULL == fout || NULL == boundary || 0 >= contentlen) {
2888 @@ -238,8 +238,8 @@ static int readmimefile(FILE *fin, FILE
2891 if (0 < num_to_read) {
2892 - if (fread(&(buf[char_in_buf]), 1, num_to_read, fin) < num_to_read) {
2893 - ast_log(LOG_WARNING, "fread() failed: %s\n", strerror(errno));
2894 + if (ast_iostream_read(in, &(buf[char_in_buf]), num_to_read) < num_to_read) {
2895 + ast_log(LOG_WARNING, "read failed: %s\n", strerror(errno));
2898 contentlen -= num_to_read;
2899 @@ -380,7 +380,7 @@ static int http_post_callback(struct ast
2901 ast_http_body_read_status(ser, 0);
2903 - if (0 > readmimefile(ser->f, f, boundary_marker, content_len)) {
2904 + if (0 > readmimefile(ser->stream, f, boundary_marker, content_len)) {
2905 ast_debug(1, "Cannot find boundary marker in POST request.\n");
2907 ast_http_error(ser, 400, "Bad Request", "Cannot find boundary marker in POST request.");
2908 --- a/res/res_http_websocket.c
2909 +++ b/res/res_http_websocket.c
2910 @@ -87,8 +87,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi
2912 /*! \brief Structure definition for session */
2913 struct ast_websocket {
2914 - FILE *f; /*!< Pointer to the file instance used for writing and reading */
2915 - int fd; /*!< File descriptor for the session, only used for polling */
2916 + struct ast_iostream *stream; /*!< iostream of the connection */
2917 struct ast_sockaddr address; /*!< Address of the remote client */
2918 enum ast_websocket_opcode opcode; /*!< Cached opcode for multi-frame messages */
2919 size_t payload_len; /*!< Length of the payload */
2920 @@ -178,10 +177,11 @@ static void session_destroy_fn(void *obj
2922 struct ast_websocket *session = obj;
2925 + if (session->stream) {
2926 ast_websocket_close(session, 0);
2928 - fclose(session->f);
2929 + if (session->stream) {
2930 + ast_iostream_close(session->stream);
2931 + session->stream = NULL;
2932 ast_verb(2, "WebSocket connection %s '%s' closed\n", session->client ? "to" : "from",
2933 ast_sockaddr_stringify(&session->address));
2935 @@ -307,20 +307,22 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
2936 session->close_sent = 1;
2939 - res = ast_careful_fwrite(session->f, session->fd, frame, 4, session->timeout);
2940 + ast_iostream_set_timeout_inactivity(session->stream, session->timeout);
2941 + res = ast_iostream_write(session->stream, frame, sizeof(frame));
2942 + ast_iostream_set_timeout_disable(session->stream);
2944 /* If an error occurred when trying to close this connection explicitly terminate it now.
2945 * Doing so will cause the thread polling on it to wake up and terminate.
2948 - fclose(session->f);
2949 - session->f = NULL;
2950 + if (res != sizeof(frame)) {
2951 + ast_iostream_close(session->stream);
2952 + session->stream = NULL;
2953 ast_verb(2, "WebSocket connection %s '%s' forcefully closed due to fatal write error\n",
2954 session->client ? "to" : "from", ast_sockaddr_stringify(&session->address));
2957 ao2_unlock(session);
2959 + return res == sizeof(frame);
2962 static const char *opcode_map[] = {
2963 @@ -388,7 +390,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
2967 - if (ast_careful_fwrite(session->f, session->fd, frame, frame_size, session->timeout)) {
2968 + ast_iostream_set_timeout_sequence(session->stream, ast_tvnow(), session->timeout);
2969 + if (ast_iostream_write(session->stream, frame, frame_size) != frame_size) {
2970 ao2_unlock(session);
2971 /* 1011 - server terminating connection due to not being able to fulfill the request */
2972 ast_debug(1, "Closing WS with 1011 because we can't fulfill a write request\n");
2973 @@ -396,7 +399,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
2977 - fflush(session->f);
2978 + ast_iostream_set_timeout_disable(session->stream);
2979 ao2_unlock(session);
2982 @@ -424,7 +427,7 @@ void AST_OPTIONAL_API_NAME(ast_websocket
2984 int AST_OPTIONAL_API_NAME(ast_websocket_fd)(struct ast_websocket *session)
2986 - return session->closing ? -1 : session->fd;
2987 + return session->closing ? -1 : ast_iostream_get_fd(session->stream);
2990 struct ast_sockaddr * AST_OPTIONAL_API_NAME(ast_websocket_remote_address)(struct ast_websocket *session)
2991 @@ -439,18 +442,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
2993 int AST_OPTIONAL_API_NAME(ast_websocket_set_nonblock)(struct ast_websocket *session)
2997 - if ((flags = fcntl(session->fd, F_GETFL)) == -1) {
3001 - flags |= O_NONBLOCK;
3003 - if ((flags = fcntl(session->fd, F_SETFL, flags)) == -1) {
3007 + ast_iostream_nonblock(session->stream);
3008 + ast_iostream_set_exclusive_input(session->stream, 0);
3012 @@ -491,23 +484,22 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3014 static inline int ws_safe_read(struct ast_websocket *session, char *buf, int len, enum ast_websocket_opcode *opcode)
3023 - if (!session->f) {
3024 + if (!session->stream) {
3025 ao2_unlock(session);
3026 errno = ECONNABORTED;
3031 - clearerr(session->f);
3032 - rlen = fread(rbuf, 1, xlen, session->f);
3034 - if (feof(session->f)) {
3035 + rlen = ast_iostream_read(session->stream, rbuf, xlen);
3036 + if (rlen != xlen) {
3038 ast_log(LOG_WARNING, "Web socket closed abruptly\n");
3039 *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
3040 session->closing = 1;
3041 @@ -515,7 +507,7 @@ static inline int ws_safe_read(struct as
3045 - if (ferror(session->f) && errno != EAGAIN) {
3046 + if (rlen < 0 && errno != EAGAIN) {
3047 ast_log(LOG_ERROR, "Error reading from web socket: %s\n", strerror(errno));
3048 *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
3049 session->closing = 1;
3050 @@ -536,7 +528,7 @@ static inline int ws_safe_read(struct as
3054 - if (ast_wait_for_input(session->fd, 1000) < 0) {
3055 + if (ast_wait_for_input(ast_iostream_get_fd(session->stream), 1000) < 0) {
3056 ast_log(LOG_ERROR, "ast_wait_for_input returned err: %s\n", strerror(errno));
3057 *opcode = AST_WEBSOCKET_OPCODE_CLOSE;
3058 session->closing = 1;
3059 @@ -831,7 +823,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3060 ao2_ref(protocol_handler, -1);
3063 - session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
3064 + session->timeout = AST_DEFAULT_WEBSOCKET_WRITE_TIMEOUT;
3066 if (protocol_handler->session_attempted
3067 && protocol_handler->session_attempted(ser, get_vars, headers)) {
3068 @@ -852,7 +844,8 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3072 - fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
3073 + ast_iostream_printf(ser->stream,
3074 + "HTTP/1.1 101 Switching Protocols\r\n"
3076 "Connection: Upgrade\r\n"
3077 "Sec-WebSocket-Accept: %s\r\n"
3078 @@ -861,15 +854,14 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3079 websocket_combine_key(key, base64, sizeof(base64)),
3082 - fprintf(ser->f, "HTTP/1.1 101 Switching Protocols\r\n"
3083 + ast_iostream_printf(ser->stream,
3084 + "HTTP/1.1 101 Switching Protocols\r\n"
3086 "Connection: Upgrade\r\n"
3087 "Sec-WebSocket-Accept: %s\r\n\r\n",
3089 websocket_combine_key(key, base64, sizeof(base64)));
3095 /* Specification defined in http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75 or completely unknown */
3096 @@ -881,7 +873,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3099 /* Enable keepalive on all sessions so the underlying user does not have to */
3100 - if (setsockopt(ser->fd, SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
3101 + if (setsockopt(ast_iostream_get_fd(ser->stream), SOL_SOCKET, SO_KEEPALIVE, &flags, sizeof(flags))) {
3102 ast_log(LOG_WARNING, "WebSocket connection from '%s' could not be accepted - failed to enable keepalive\n",
3103 ast_sockaddr_stringify(&ser->remote_address));
3104 websocket_bad_request(ser);
3105 @@ -893,25 +885,23 @@ int AST_OPTIONAL_API_NAME(ast_websocket_
3106 ast_verb(2, "WebSocket connection from '%s' for protocol '%s' accepted using version '%d'\n", ast_sockaddr_stringify(&ser->remote_address), protocol ? : "", version);
3108 /* Populate the session with all the needed details */
3109 - session->f = ser->f;
3110 - session->fd = ser->fd;
3111 + session->stream = ser->stream;
3112 ast_sockaddr_copy(&session->address, &ser->remote_address);
3113 session->opcode = -1;
3114 session->reconstruct = DEFAULT_RECONSTRUCTION_CEILING;
3115 - session->secure = ser->ssl ? 1 : 0;
3116 + session->secure = ast_iostream_get_ssl(ser->stream) ? 1 : 0;
3118 /* Give up ownership of the socket and pass it to the protocol handler */
3119 - ast_tcptls_stream_set_exclusive_input(ser->stream_cookie, 0);
3120 + ast_iostream_set_exclusive_input(session->stream, 0);
3121 protocol_handler->session_established(session, get_vars, headers);
3122 ao2_ref(protocol_handler, -1);
3125 - * By dropping the FILE* and fd from the session the connection
3126 + * By dropping the stream from the session the connection
3127 * won't get closed when the HTTP server cleans up because we
3128 * passed the connection to the protocol handler.
3132 + ser->stream = NULL;
3136 @@ -1245,7 +1235,7 @@ static enum ast_websocket_result websock
3138 int has_protocol = 0;
3140 - if (!fgets(buf, sizeof(buf), client->ser->f)) {
3141 + if (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) <= 0) {
3142 ast_log(LOG_ERROR, "Unable to retrieve HTTP status line.");
3143 return WS_BAD_STATUS;
3145 @@ -1258,7 +1248,7 @@ static enum ast_websocket_result websock
3147 /* Ignoring line folding - assuming header field values are contained
3148 within a single line */
3149 - while (fgets(buf, sizeof(buf), client->ser->f)) {
3150 + while (ast_iostream_gets(client->ser->stream, buf, sizeof(buf)) > 0) {
3152 int parsed = ast_http_header_parse(buf, &name, &value);
3154 @@ -1311,19 +1301,19 @@ static enum ast_websocket_result websock
3158 - if (fprintf(client->ser->f,
3159 - "GET /%s HTTP/1.1\r\n"
3160 - "Sec-WebSocket-Version: %d\r\n"
3161 - "Upgrade: websocket\r\n"
3162 - "Connection: Upgrade\r\n"
3164 - "Sec-WebSocket-Key: %s\r\n"
3166 - client->resource_name ? ast_str_buffer(client->resource_name) : "",
3171 + if (ast_iostream_printf(client->ser->stream,
3172 + "GET /%s HTTP/1.1\r\n"
3173 + "Sec-WebSocket-Version: %d\r\n"
3174 + "Upgrade: websocket\r\n"
3175 + "Connection: Upgrade\r\n"
3177 + "Sec-WebSocket-Key: %s\r\n"
3179 + client->resource_name ? ast_str_buffer(client->resource_name) : "",
3184 ast_log(LOG_ERROR, "Failed to send handshake.\n");
3185 return WS_WRITE_ERROR;
3187 @@ -1347,9 +1337,9 @@ static enum ast_websocket_result websock
3191 - ws->f = ws->client->ser->f;
3192 - ws->fd = ws->client->ser->fd;
3193 - ws->secure = ws->client->ser->ssl ? 1 : 0;
3194 + ws->stream = ws->client->ser->stream;
3195 + ws->secure = ast_iostream_get_ssl(ws->stream) ? 1 : 0;
3196 + ws->client->ser->stream = NULL;
3197 ast_sockaddr_copy(&ws->address, &ws->client->ser->remote_address);
3200 --- a/res/res_phoneprov.c
3201 +++ b/res/res_phoneprov.c
3202 @@ -950,7 +950,7 @@ static int phoneprov_callback(struct ast
3203 socklen_t namelen = sizeof(name.sa);
3206 - if ((res = getsockname(ser->fd, &name.sa, &namelen))) {
3207 + if ((res = getsockname(ast_iostream_get_fd(ser->stream), &name.sa, &namelen))) {
3208 ast_log(LOG_WARNING, "Could not get server IP, breakage likely.\n");
3210 struct extension *exten_iter;