Access Control of various sorts. More...
#include "asterisk/network.h"#include "asterisk/linkedlists.h"#include "asterisk/netsock2.h"#include "asterisk/io.h"
Go to the source code of this file.
Data Structures | |
| struct | ast_acl |
| an ast_acl is a linked list node of ast_ha structs which may have names. More... | |
| struct | ast_acl_list |
| Wrapper for an ast_acl linked list. More... | |
| struct | ast_ha |
| internal representation of ACL entries In principle user applications would have no need for this, but there is sometimes a need to extract individual items, e.g. to print them, and rather than defining iterators to navigate the list, and an externally visible 'struct ast_ha_entry', at least in the short term it is more convenient to make the whole thing public and let users play with them. More... | |
Defines | |
| #define | ACL_NAME_LENGTH 80 |
Enumerations | |
| enum | ast_acl_sense { AST_SENSE_DENY, AST_SENSE_ALLOW } |
Functions | |
| int | ast_acl_list_is_empty (struct ast_acl_list *acl_list) |
| Determines if an ACL is empty or if it contains entries. | |
| void | ast_append_acl (const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag) |
| Add a rule to an ACL struct. | |
| struct ast_ha * | ast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error) |
| Add a new rule to a list of HAs. | |
| enum ast_acl_sense | ast_apply_acl (struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose) |
| Apply a set of rules to a given IP address. | |
| enum ast_acl_sense | ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr) |
| Apply a set of rules to a given IP address. | |
| void | ast_copy_ha (const struct ast_ha *from, struct ast_ha *to) |
| Copy the contents of one HA to another. | |
| struct ast_acl_list * | ast_duplicate_acl_list (struct ast_acl_list *original) |
| Duplicates the contests of a list of lists of host access rules. | |
| struct ast_ha * | ast_duplicate_ha_list (struct ast_ha *original) |
| Duplicate the contents of a list of host access rules. | |
| int | ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family) |
| Find our IP address. | |
| struct ast_acl_list * | ast_free_acl_list (struct ast_acl_list *acl) |
| Free a list of ACLs. | |
| void | ast_free_ha (struct ast_ha *ha) |
| Free a list of HAs. | |
| int | ast_get_ip (struct ast_sockaddr *addr, const char *hostname) |
| Get the IP address given a hostname. | |
| int | ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service) |
| Get the IP address given a hostname and optional service. | |
| int | ast_lookup_iface (char *iface, struct ast_sockaddr *address) |
| Find an IP address associated with a specific interface. | |
| struct ast_ha * | ast_named_acl_find (const char *name, int *is_realtime, int *is_undefined) |
| Retrieve a named ACL. | |
| int | ast_named_acl_init (void) |
| Initialize and configure the named ACL system. | |
| int | ast_named_acl_reload (void) |
| reload/reconfigure the named ACL system. | |
| int | ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us) |
| Get our local IP address when contacting a remote host. | |
| int | ast_str2cos (const char *value, unsigned int *cos) |
| Convert a string to the appropriate COS value. | |
| int | ast_str2tos (const char *value, unsigned int *tos) |
| Convert a string to the appropriate TOS value. | |
| const char * | ast_tos2str (unsigned int tos) |
| Convert a TOS value into its string representation. | |
Detailed Description
Access Control of various sorts.
Definition in file acl.h.
Define Documentation
| #define ACL_NAME_LENGTH 80 |
Enumeration Type Documentation
| enum ast_acl_sense |
Function Documentation
| int ast_acl_list_is_empty | ( | struct ast_acl_list * | acl_list | ) |
Determines if an ACL is empty or if it contains entries.
- Parameters:
-
acl_list The ACL list being checked
- Return values:
-
0 - the list is not empty 1 - the list is empty
Definition at line 581 of file acl.c.
References AST_LIST_FIRST, AST_LIST_LOCK, and AST_LIST_UNLOCK.
Referenced by _sip_show_peer(), _sip_show_peers_one(), handle_cli_iax2_show_peer(), handle_cli_iax2_show_users(), handle_showmanager(), sip_show_user(), sip_show_users(), and users_data_provider_get().
{
struct ast_acl *head;
if (!acl_list) {
return 1;
}
AST_LIST_LOCK(acl_list);
head = AST_LIST_FIRST(acl_list);
AST_LIST_UNLOCK(acl_list);
if (head) {
return 0;
}
return 1;
}
| void ast_append_acl | ( | const char * | sense, |
| const char * | stuff, | ||
| struct ast_acl_list ** | path, | ||
| int * | error, | ||
| int * | named_acl_flag | ||
| ) |
Add a rule to an ACL struct.
This adds a named ACL or an ACL rule to an ast_acl container. It works in a similar way to ast_append_ha.
- Parameters:
-
sense Can be any among "permit", "deny", or "acl" this controls whether the rule being added will simply modify the unnamed ACL at the head of the list or if a new named ACL will be added to that ast_acl. stuff If sense is 'permit'/'deny', this is the ip address and subnet mask separated with a '/' like in ast_append ha. If it sense is 'acl', then this will be the name of the ACL being appended to the container. path Address of the ACL list being appended [out] error The int that error points to will be set to 1 if an error occurs. [out] named_acl_flag This will raise a flag under certain conditions to indicate that a named ACL has been added by this operation. This may be used to indicate that an event subscription should be made against the named ACL subsystem. Note: This flag may be raised by this function, but it will never be lowered by it.
Definition at line 473 of file acl.c.
References ast_acl::acl, acl_new(), ast_append_ha(), ast_calloc, AST_LIST_FIRST, AST_LIST_HEAD_INIT, AST_LIST_INSERT_HEAD, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log(), ast_named_acl_find(), ast_skip_blanks(), ast_strlen_zero(), ast_acl::is_invalid, ast_acl::is_realtime, LOG_ERROR, and ast_acl::name.
Referenced by __init_manager(), build_peer(), build_user(), and reload_config().
{
struct ast_acl *acl = NULL;
struct ast_acl *current;
struct ast_acl_list *working_list;
char *tmp, *list;
/* If the ACL list is currently uninitialized, it must be initialized. */
if (*path == NULL) {
struct ast_acl_list *list;
list = ast_calloc(1, sizeof(*list));
if (!list) {
/* Allocation Error */
if (error) {
*error = 1;
}
return;
}
AST_LIST_HEAD_INIT(list);
*path = list;
}
working_list = *path;
AST_LIST_LOCK(working_list);
/* First we need to determine if we will need to add a new ACL node or if we can use an existing one. */
if (strncasecmp(sense, "a", 1)) {
/* The first element in the path should be the unnamed, base ACL. If that's the case, we use it. If not,
* we have to make one and link it up appropriately. */
current = AST_LIST_FIRST(working_list);
if (!current || !ast_strlen_zero(current->name)) {
if (acl_new(&acl, "")) {
if (error) {
*error = 1;
}
}
// Need to INSERT the ACL at the head here.
AST_LIST_INSERT_HEAD(working_list, acl, list);
} else {
/* If the first element was already the unnamed base ACL, we just use that one. */
acl = current;
}
/* With the proper ACL set for modification, we can just pass this off to the ast_ha append function. */
acl->acl = ast_append_ha(sense, stuff, acl->acl, error);
AST_LIST_UNLOCK(working_list);
return;
}
/* We are in ACL append mode, so we know we'll be adding one or more named ACLs. */
list = ast_strdupa(stuff);
while ((tmp = strsep(&list, ","))) {
struct ast_ha *named_ha;
int already_included = 0;
/* Remove leading whitespace from the string in case the user put spaces between items */
tmp = ast_skip_blanks(tmp);
/* The first step is to check for a duplicate */
AST_LIST_TRAVERSE(working_list, current, list) {
if (!strcasecmp(current->name, tmp)) { /* ACL= */
/* Inclusion of the same ACL multiple times isn't a catastrophic error, but it will raise the error flag and skip the entry. */
ast_log(LOG_ERROR, "Named ACL '%s' is already included in the ast_acl container.", tmp);
if (error) {
*error = 1;
}
already_included = 1;
break;
}
}
if (already_included) {
continue;
}
if (acl_new(&acl, tmp)) {
/* This is a catastrophic allocation error and we'll return immediately if this happens. */
if (error) {
*error = 1;
}
AST_LIST_UNLOCK(working_list);
return;
}
/* Attempt to grab the Named ACL we are looking for. */
named_ha = ast_named_acl_find(tmp, &acl->is_realtime, &acl->is_invalid);
/* Set the ACL's ast_ha to the duplicated named ACL retrieved above. */
acl->acl = named_ha;
/* Raise the named_acl_flag since we are adding a named ACL to the ACL container. */
if (named_acl_flag) {
*named_acl_flag = 1;
}
/* Now insert the new ACL at the end of the list. */
AST_LIST_INSERT_TAIL(working_list, acl, list);
}
AST_LIST_UNLOCK(working_list);
}
| struct ast_ha* ast_append_ha | ( | const char * | sense, |
| const char * | stuff, | ||
| struct ast_ha * | path, | ||
| int * | error | ||
| ) | [read] |
Add a new rule to a list of HAs.
This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.
- Parameters:
-
sense Either "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial) stuff The IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32). path The head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list [out] error The integer error points to will be set non-zero if an error occurs
- Returns:
- The head of the HA list
Definition at line 600 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_calloc, ast_debug, ast_free_ha(), ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_parse(), ast_sockaddr_stringify(), LOG_NOTICE, LOG_WARNING, ast_ha::netmask, ast_ha::next, parse_cidr_mask(), PARSE_PORT_FORBID, and ast_ha::sense.
Referenced by acl_handler_fn(), add_calltoken_ignore(), ast_append_acl(), build_callno_limits(), build_device(), build_gateway(), build_peer(), build_user(), config_parse_variables(), named_acl_find_realtime(), and reload_config().
{
struct ast_ha *ha;
struct ast_ha *prev = NULL;
struct ast_ha *ret;
char *tmp, *list = ast_strdupa(stuff);
char *address = NULL, *mask = NULL;
int addr_is_v4;
int allowing = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
const char *parsed_addr, *parsed_mask;
ret = path;
while (path) {
prev = path;
path = path->next;
}
while ((tmp = strsep(&list, ","))) {
if (!(ha = ast_calloc(1, sizeof(*ha)))) {
if (error) {
*error = 1;
}
return ret;
}
address = strsep(&tmp, "/");
if (!address) {
address = tmp;
} else {
mask = tmp;
}
if (*address == '!') {
ha->sense = (allowing == AST_SENSE_DENY) ? AST_SENSE_ALLOW : AST_SENSE_DENY;
address++;
} else {
ha->sense = allowing;
}
if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
ast_free_ha(ha);
if (error) {
*error = 1;
}
return ret;
}
/* If someone specifies an IPv4-mapped IPv6 address,
* we just convert this to an IPv4 ACL
*/
if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
"Converting to an IPv4 ACL network address.\n");
}
addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
if (!mask) {
parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
} else if (strchr(mask, ':') || strchr(mask, '.')) {
int mask_is_v4;
/* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */
if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
ast_free_ha(ha);
if (error) {
*error = 1;
}
return ret;
}
/* If someone specifies an IPv4-mapped IPv6 netmask,
* we just convert this to an IPv4 ACL
*/
if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
"Converting to an IPv4 ACL netmask.\n");
}
mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
if (addr_is_v4 ^ mask_is_v4) {
ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
ast_free_ha(ha);
if (error) {
*error = 1;
}
return ret;
}
} else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
ast_free_ha(ha);
if (error) {
*error = 1;
}
return ret;
}
if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
/* This shouldn't happen because ast_sockaddr_parse would
* have failed much earlier on an unsupported address scheme
*/
char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
ast_free_ha(ha);
if (error) {
*error = 1;
}
return ret;
}
if (prev) {
prev->next = ha;
} else {
ret = ha;
}
prev = ha;
parsed_addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
parsed_mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
ast_debug(3, "%s/%s sense %d appended to ACL\n", parsed_addr, parsed_mask, ha->sense);
}
return ret;
}
| enum ast_acl_sense ast_apply_acl | ( | struct ast_acl_list * | acl_list, |
| const struct ast_sockaddr * | addr, | ||
| const char * | purpose | ||
| ) |
Apply a set of rules to a given IP address.
Similar to the above, only uses an acl container, which is a whole slew of ast_ha lists. It runs ast_apply_ha on each of the ast_ha structs contained in the acl container. It will deny if any of the ast_ha lists fail, and it will pass only if all of the rules pass.
- Parameters:
-
acl The head of the list of ACLs to evaluate addr An ast_sockaddr whose address is considered when matching rules purpose Context for which the ACL is being applied - Establishes purpose of a notice when rejected
- Return values:
-
AST_SENSE_ALLOW The IP address passes our ACLs AST_SENSE_DENY The IP address fails our ACLs
Definition at line 726 of file acl.c.
References ast_acl::acl, ast_apply_ha(), AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_stringify_addr(), ast_strlen_zero(), ast_acl::is_invalid, ast_acl::list, LOG_NOTICE, LOG_WARNING, and ast_acl::name.
Referenced by apply_directmedia_acl(), auth_http_callback(), authenticate(), check_access(), check_peer_ok(), parse_register_contact(), and register_verify().
{
struct ast_acl *acl;
/* If the list is NULL, there are no rules, so we'll allow automatically. */
if (!acl_list) {
return AST_SENSE_ALLOW;
}
AST_LIST_LOCK(acl_list);
AST_LIST_TRAVERSE(acl_list, acl, list) {
if (acl->is_invalid) {
/* In this case, the baseline ACL shouldn't ever trigger this, but if that somehow happens, it'll still be shown. */
ast_log(LOG_WARNING, "%sRejecting '%s' due to use of an invalid ACL '%s'.\n", purpose ? purpose : "", ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
AST_LIST_UNLOCK(acl_list);
return AST_SENSE_DENY;
}
if (acl->acl) {
if (ast_apply_ha(acl->acl, addr) == AST_SENSE_DENY) {
ast_log(LOG_NOTICE, "%sRejecting '%s' due to a failure to pass ACL '%s'\n", purpose ? purpose : "", ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
AST_LIST_UNLOCK(acl_list);
return AST_SENSE_DENY;
}
}
}
AST_LIST_UNLOCK(acl_list);
return AST_SENSE_ALLOW;
}
| enum ast_acl_sense ast_apply_ha | ( | const struct ast_ha * | ha, |
| const struct ast_sockaddr * | addr | ||
| ) |
Apply a set of rules to a given IP address.
The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.
- Parameters:
-
ha The head of the list of host access rules to follow addr An ast_sockaddr whose address is considered when matching rules
- Return values:
-
AST_SENSE_ALLOW The IP address passes our ACL AST_SENSE_DENY The IP address fails our ACL
Definition at line 761 of file acl.c.
References ast_ha::addr, apply_netmask(), ast_copy_string(), ast_debug, ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_sockaddr_stringify(), LOG_ERROR, ast_ha::netmask, ast_ha::next, and ast_ha::sense.
Referenced by ast_apply_acl(), ast_sip_ouraddrfor(), and skinny_register().
{
/* Start optimistic */
enum ast_acl_sense res = AST_SENSE_ALLOW;
const struct ast_ha *current_ha;
for (current_ha = ha; current_ha; current_ha = current_ha->next) {
struct ast_sockaddr result;
struct ast_sockaddr mapped_addr;
const struct ast_sockaddr *addr_to_use;
#if 0 /* debugging code */
char iabuf[INET_ADDRSTRLEN];
char iabuf2[INET_ADDRSTRLEN];
/* DEBUG */
ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
#endif
if (ast_sockaddr_is_ipv4(&ha->addr)) {
if (ast_sockaddr_is_ipv6(addr)) {
if (ast_sockaddr_is_ipv4_mapped(addr)) {
/* IPv4 ACLs apply to IPv4-mapped addresses */
if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
ast_sockaddr_stringify(addr));
continue;
}
addr_to_use = &mapped_addr;
} else {
/* An IPv4 ACL does not apply to an IPv6 address */
continue;
}
} else {
/* Address is IPv4 and ACL is IPv4. No biggie */
addr_to_use = addr;
}
} else {
if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
addr_to_use = addr;
} else {
/* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
continue;
}
}
/* For each rule, if this address and the netmask = the net address
apply the current rule */
if (apply_netmask(addr_to_use, ¤t_ha->netmask, &result)) {
/* Unlikely to happen since we know the address to be IPv4 or IPv6 */
continue;
}
if (!ast_sockaddr_cmp_addr(&result, ¤t_ha->addr)) {
res = current_ha->sense;
}
}
return res;
}
| void ast_copy_ha | ( | const struct ast_ha * | from, |
| struct ast_ha * | to | ||
| ) |
Copy the contents of one HA to another.
This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function
- Parameters:
-
from Source HA to copy to Destination HA to copy to
- Return values:
-
void
Definition at line 256 of file acl.c.
References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.
Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().
{
ast_sockaddr_copy(&to->addr, &from->addr);
ast_sockaddr_copy(&to->netmask, &from->netmask);
to->sense = from->sense;
}
| struct ast_acl_list* ast_duplicate_acl_list | ( | struct ast_acl_list * | original | ) | [read] |
Duplicates the contests of a list of lists of host access rules.
A deep copy of an ast_acl list is made (which in turn means a deep copy of each of the ast_ha structs contained within). The returned value is allocated on the heap and must be freed independently of the input paramater when finished.
- Parameters:
-
original The ast_acl_list to copy
- Return values:
-
The new duplicated ast_acl_list
Definition at line 311 of file acl.c.
References ast_acl::acl, acl_new(), ast_calloc, ast_duplicate_ha_list(), AST_LIST_HEAD_INIT, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log(), ast_acl::is_invalid, ast_acl::is_realtime, ast_acl::list, LOG_WARNING, and ast_acl::name.
Referenced by create_addr_from_peer(), and sip_allow_anyrtp_remote().
{
struct ast_acl_list *clone;
struct ast_acl *current_cursor;
struct ast_acl *current_clone;
/* Early return if we receive a duplication request for a NULL original. */
if (!original) {
return NULL;
}
if (!(clone = ast_calloc(1, sizeof(*clone)))) {
ast_log(LOG_WARNING, "Failed to allocate ast_acl_list struct while cloning an ACL\n");
return NULL;
}
AST_LIST_HEAD_INIT(clone);
AST_LIST_LOCK(original);
AST_LIST_TRAVERSE(original, current_cursor, list) {
if ((acl_new(¤t_clone, current_cursor->name))) {
ast_log(LOG_WARNING, "Failed to allocate ast_acl struct while cloning an ACL.");
continue;
}
/* Copy data from original ACL to clone ACL */
current_clone->acl = ast_duplicate_ha_list(current_cursor->acl);
current_clone->is_invalid = current_cursor->is_invalid;
current_clone->is_realtime = current_cursor->is_realtime;
AST_LIST_INSERT_TAIL(clone, current_clone, list);
}
AST_LIST_UNLOCK(original);
return clone;
}
| struct ast_ha* ast_duplicate_ha_list | ( | struct ast_ha * | original | ) | [read] |
Duplicate the contents of a list of host access rules.
A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.
- Parameters:
-
original The ast_ha to copy
- Return values:
-
The head of the list of duplicated ast_has
Definition at line 278 of file acl.c.
References ast_duplicate_ha(), and ast_ha::next.
Referenced by ast_duplicate_acl_list(), and ast_named_acl_find().
{
struct ast_ha *start = original;
struct ast_ha *ret = NULL;
struct ast_ha *current, *prev = NULL;
while (start) {
current = ast_duplicate_ha(start); /* Create copy of this object */
if (prev) {
prev->next = current; /* Link previous to this object */
}
if (!ret) {
ret = current; /* Save starting point */
}
start = start->next; /* Go to next object */
prev = current; /* Save pointer to this object */
}
return ret; /* Return start of list */
}
| int ast_find_ourip | ( | struct ast_sockaddr * | ourip, |
| const struct ast_sockaddr * | bindaddr, | ||
| int | family | ||
| ) |
Find our IP address.
This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:
- If bindaddr has a non-zero IP address, that is copied into ourip
- We use a combination of gethostname and ast_gethostbyname to find our IP address.
- We use ast_ouraddrfor with 198.41.0.4 as the destination IP address
- We try some platform-specific socket operations to find the IP address
- Parameters:
-
[out] ourip Our IP address is written here when it is found bindaddr A hint used for finding our IP. See the steps above for more details family Only addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families.
- Return values:
-
0 Success -1 Failure
Definition at line 987 of file acl.c.
References ast_debug, ast_log(), ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, get_local_address(), LOG_WARNING, ourhost, PARSE_PORT_FORBID, and resolve_first().
Referenced by __oh323_rtp_create(), gtalk_get_local_ip(), jingle_create_candidates(), load_module(), and reload_config().
{
char ourhost[MAXHOSTNAMELEN] = "";
struct ast_sockaddr root;
int res, port = ast_sockaddr_port(ourip);
/* just use the bind address if it is nonzero */
if (!ast_sockaddr_is_any(bindaddr)) {
ast_sockaddr_copy(ourip, bindaddr);
ast_debug(3, "Attached to given IP address\n");
return 0;
}
/* try to use our hostname */
if (gethostname(ourhost, sizeof(ourhost) - 1)) {
ast_log(LOG_WARNING, "Unable to get hostname\n");
} else {
if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
/* reset port since resolve_first wipes this out */
ast_sockaddr_set_port(ourip, port);
return 0;
}
}
ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
/* A.ROOT-SERVERS.NET. */
if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
!ast_ouraddrfor(&root, ourip)) {
/* reset port since resolve_first wipes this out */
ast_sockaddr_set_port(ourip, port);
return 0;
}
res = get_local_address(ourip);
ast_sockaddr_set_port(ourip, port);
return res;
}
| struct ast_acl_list* ast_free_acl_list | ( | struct ast_acl_list * | acl | ) | [read] |
Free a list of ACLs.
Given the head of a list of ast_acl structs, it and all appended acl structs will be freed. This includes the ast_ha structs within the individual nodes.
- Parameters:
-
acl The list of ACLs to free
- Return values:
-
NULL
Definition at line 234 of file acl.c.
References ast_acl::acl, ast_free, ast_free_ha(), AST_LIST_HEAD_DESTROY, AST_LIST_LOCK, AST_LIST_REMOVE_HEAD, AST_LIST_UNLOCK, and ast_acl::list.
Referenced by __init_manager(), __sip_destroy(), build_peer(), build_user(), manager_free_user(), peer_destructor(), reload_config(), sip_allow_anyrtp_remote(), sip_destroy_peer(), unload_module(), and user_destructor().
{
struct ast_acl *current;
if (!acl_list) {
return NULL;
}
AST_LIST_LOCK(acl_list);
while ((current = AST_LIST_REMOVE_HEAD(acl_list, list))) {
ast_free_ha(current->acl);
ast_free(current);
}
AST_LIST_UNLOCK(acl_list);
AST_LIST_HEAD_DESTROY(acl_list);
ast_free(acl_list);
return NULL;
}
| void ast_free_ha | ( | struct ast_ha * | ha | ) |
Free a list of HAs.
Given the head of a list of HAs, it and all appended HAs are freed
- Parameters:
-
ha The head of the list of HAs to free
- Return values:
-
void
Definition at line 223 of file acl.c.
References ast_free, and ast_ha::next.
Referenced by add_calltoken_ignore(), ast_append_ha(), ast_free_acl_list(), build_callno_limits(), build_peer(), build_user(), destroy_gateway(), destroy_named_acl(), named_acl_find_realtime(), oh323_destroy_peer(), oh323_destroy_user(), reload_config(), and unload_module().
| int ast_get_ip | ( | struct ast_sockaddr * | addr, |
| const char * | hostname | ||
| ) |
Get the IP address given a hostname.
Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.
- Parameters:
-
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. hostname The hostname to look up
- Return values:
-
0 Success -1 Failure
Definition at line 943 of file acl.c.
References ast_get_ip_or_srv().
Referenced by build_gateway(), build_peer(), build_user(), config_parse_variables(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().
{
return ast_get_ip_or_srv(addr, hostname, NULL);
}
| int ast_get_ip_or_srv | ( | struct ast_sockaddr * | addr, |
| const char * | hostname, | ||
| const char * | service | ||
| ) |
Get the IP address given a hostname and optional service.
If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.
- Parameters:
-
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned. hostname The hostname to look up service A specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
- Return values:
-
0 Success -1 Failure
Definition at line 840 of file acl.c.
References ast_get_srv(), ast_sockaddr_set_port, PARSE_PORT_FORBID, resolve_first(), and ast_sockaddr::ss.
Referenced by ast_get_ip(), create_addr(), dnsmgr_refresh(), internal_dnsmgr_lookup(), and proxy_update().
{
char srv[256];
char host[256];
int srv_ret = 0;
int tportno;
if (service) {
snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
hostname = host;
}
}
if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
return -1;
}
if (srv_ret > 0) {
ast_sockaddr_set_port(addr, tportno);
}
return 0;
}
| int ast_lookup_iface | ( | char * | iface, |
| struct ast_sockaddr * | address | ||
| ) |
Find an IP address associated with a specific interface.
Given an interface such as "eth0" we find the primary IP address associated with it using the SIOCGIFADDR ioctl. If the ioctl call should fail, we populate address with 0s.
- Note:
- This function is not actually used anywhere
- Parameters:
-
iface The interface name whose IP address we wish to find [out] address The interface's IP address is placed into this param
- Return values:
-
-1 Failure. address is filled with 0s 0 Success
| struct ast_ha* ast_named_acl_find | ( | const char * | name, |
| int * | is_realtime, | ||
| int * | is_undefined | ||
| ) | [read] |
Retrieve a named ACL.
This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.
- Parameters:
-
name Name of the ACL sought [out] is_realtime will be true if the ACL being returned is from realtime [out] is_undefined will be true if no ACL profile can be found for the requested name
- Return values:
-
A copy of the named ACL as an ast_ha NULL if no ACL could be found.
Definition at line 312 of file named_acl.c.
References ACL_FAMILY, ao2_cleanup, ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_log(), ast_realtime_is_mapping_defined(), globals, named_acl::ha, LOG_ERROR, LOG_NOTICE, LOG_WARNING, named_acl_find(), and named_acl_find_realtime().
Referenced by ast_append_acl().
{
struct ast_ha *ha = NULL;
RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
if (is_realtime) {
*is_realtime = 0;
}
if (is_undefined) {
*is_undefined = 0;
}
/* If the config or its named_acl_list hasn't been initialized, abort immediately. */
if ((!cfg) || (!(cfg->named_acl_list))) {
ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
return NULL;
}
named_acl = named_acl_find(cfg->named_acl_list, name);
/* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
if (!named_acl) {
RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
/* Attempt to create from realtime */
if ((realtime_acl = named_acl_find_realtime(name))) {
if (is_realtime) {
*is_realtime = 1;
}
ha = ast_duplicate_ha_list(realtime_acl->ha);
return ha;
}
/* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
if (ast_realtime_is_mapping_defined(ACL_FAMILY) && !ast_check_realtime(ACL_FAMILY)) {
ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
"This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
"Fix this establishing preload for the backend in 'modules.conf'.\n", name);
} else {
ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
}
if (is_undefined) {
*is_undefined = 1;
}
return NULL;
}
ha = ast_duplicate_ha_list(named_acl->ha);
if (!ha) {
ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
}
return ha;
}
| int ast_named_acl_init | ( | void | ) |
Initialize and configure the named ACL system.
This function will prepare the named ACL system for use. For this reason, it needs to be called before other things that use ACLs are initialized.
Definition at line 566 of file named_acl.c.
References ACO_EXACT, aco_info_destroy(), aco_info_init(), aco_option_register, aco_process_config(), ARRAY_LEN, ast_cli_register_multiple(), ast_register_atexit(), FLDSET, named_acl_cleanup(), and OPT_ACL_T.
Referenced by main().
{
ast_cli_register_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
ast_register_atexit(named_acl_cleanup);
if (aco_info_init(&cfg_info)) {
return 0;
}
/* Register the per level options. */
aco_option_register(&cfg_info, "permit", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha));
aco_option_register(&cfg_info, "deny", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 0, FLDSET(struct named_acl, ha));
if (aco_process_config(&cfg_info, 0)) {
aco_info_destroy(&cfg_info);
return 0;
}
return 0;
}
| int ast_named_acl_reload | ( | void | ) |
reload/reconfigure the named ACL system.
This function is designed to trigger an event upon a successful reload that may update ACL consumers.
Definition at line 407 of file named_acl.c.
References aco_process_config(), ACO_PROCESS_ERROR, ACO_PROCESS_UNCHANGED, ast_log(), LOG_WARNING, push_acl_change_event(), and status.
{
enum aco_process_status status;
status = aco_process_config(&cfg_info, 1);
if (status == ACO_PROCESS_ERROR) {
ast_log(LOG_WARNING, "Could not reload ACL config\n");
return 0;
}
if (status == ACO_PROCESS_UNCHANGED) {
/* We don't actually log anything if the config was unchanged,
* but we don't need to send a config change event either.
*/
return 0;
}
/* We need to push an ACL change event with no ACL name so that all subscribers update with all ACLs */
push_acl_change_event("");
return 0;
}
| int ast_ouraddrfor | ( | const struct ast_sockaddr * | them, |
| struct ast_sockaddr * | us | ||
| ) |
Get our local IP address when contacting a remote host.
This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.
- Parameters:
-
them The IP address to which we wish to attempt to connect [out] us The source IP address used to connect to them
- Return values:
-
-1 Failure 0 Success
Definition at line 948 of file acl.c.
References ast_connect(), ast_debug, ast_getsockname(), ast_log(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), LOG_ERROR, and LOG_WARNING.
Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_gateway(), find_subchannel_and_lock(), gtalk_get_local_ip(), and sip_acf_channel_read().
{
int port;
int s;
port = ast_sockaddr_port(us);
if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
SOCK_DGRAM, 0)) < 0) {
ast_log(LOG_ERROR, "Cannot create socket\n");
return -1;
}
if (ast_connect(s, them)) {
ast_log(LOG_WARNING, "Cannot connect\n");
close(s);
return -1;
}
if (ast_getsockname(s, us)) {
ast_log(LOG_WARNING, "Cannot get socket name\n");
close(s);
return -1;
}
close(s);
{
const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
ast_debug(3, "For destination '%s', our source address is '%s'.\n",
them_addr, us_addr);
}
ast_sockaddr_set_port(us, port);
return 0;
}
| int ast_str2cos | ( | const char * | value, |
| unsigned int * | cos | ||
| ) |
Convert a string to the appropriate COS value.
- Parameters:
-
value The COS string to convert [out] cos The integer representation of that COS value
- Return values:
-
-1 Failure 0 Success
Definition at line 896 of file acl.c.
Referenced by config_parse_variables(), reload_config(), and set_config().
| int ast_str2tos | ( | const char * | value, |
| unsigned int * | tos | ||
| ) |
Convert a string to the appropriate TOS value.
- Parameters:
-
value The TOS string to convert [out] tos The integer representation of that TOS value
- Return values:
-
-1 Failure 0 Success
Definition at line 910 of file acl.c.
References ARRAY_LEN, name, and dscp_codepoint::space.
Referenced by config_parse_variables(), iax_template_parse(), reload_config(), and set_config().
{
int fval;
unsigned int x;
if (sscanf(value, "%30i", &fval) == 1) {
*tos = fval & 0xFF;
return 0;
}
for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
if (!strcasecmp(value, dscp_pool1[x].name)) {
*tos = dscp_pool1[x].space << 2;
return 0;
}
}
return -1;
}
| const char* ast_tos2str | ( | unsigned int | tos | ) |
Convert a TOS value into its string representation.
- Parameters:
-
tos The TOS value to look up
- Returns:
- The string equivalent of the TOS value
Definition at line 930 of file acl.c.
References ARRAY_LEN, dscp_codepoint::name, and dscp_codepoint::space.
Referenced by sip_show_settings().
{
unsigned int x;
for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
if (dscp_pool1[x].space == (tos >> 2)) {
return dscp_pool1[x].name;
}
}
return "unknown";
}
