42 const char * invalid_acls[] = {
48 "1.3.3.7/92342348927389492307420",
52 "1.3.3.7/255.255.255.255.255",
56 "400.32.201029.-6/24",
68 "1234:5678:90ab:cdef:1234:5678:90ab:cdef:1234/56",
72 "::ffff:255.255.255/128",
76 "fe80::1234/255.255.255.0",
85 info->name =
"invalid_acl";
86 info->category =
"/main/acl/";
87 info->summary =
"Invalid ACL unit test";
89 "Ensures that garbage ACL values are not accepted";
95 for (i = 0; i <
ARRAY_LEN(invalid_acls); ++i) {
120#define TACL_A AST_SENSE_ALLOW
121#define TACL_D AST_SENSE_DENY
127 for (i = 0; i <
len; ++i) {
130 acl[i].host,
acl[i].access, acl_name);
141 struct acl permitallv4 = {
"0.0.0.0/0",
"permit" };
142 struct acl denyallv4 = {
"0.0.0.0/0",
"deny" };
143 struct acl permitallv6 = {
"::/0",
"permit" };
144 struct acl denyallv6 = {
"::/0",
"deny" };
146 struct acl acl1[] = {
147 {
"0.0.0.0/0.0.0.0",
"deny" },
148 {
"10.0.0.0/255.0.0.0",
"permit" },
149 {
"192.168.0.0/255.255.255.0",
"permit" },
152 struct acl acl2[] = {
153 {
"10.0.0.0/8",
"deny" },
154 {
"10.0.0.0/8",
"permit" },
155 {
"10.0.0.0/16",
"deny" },
156 {
"10.0.0.0/24",
"permit" },
159 struct acl acl3[] = {
161 {
"fe80::/64",
"permit" },
164 struct acl acl4[] = {
166 {
"fe80::/64",
"permit" },
167 {
"fe80::ffff:0:0:0/80",
"deny" },
168 {
"fe80::ffff:0:ffff:0/112",
"permit" },
171 struct acl acl5[] = {
172 {
"0.0.0.0/0.0.0.0",
"deny" },
173 {
"10.0.0.0/255.0.0.0,192.168.0.0/255.255.255.0",
"permit" },
176 struct acl acl6[] = {
177 {
"10.0.0.0/8",
"deny" },
178 {
"10.0.0.0/8",
"permit" },
179 {
"10.0.0.0/16,!10.0.0.0/24",
"deny" },
182 struct acl acl7[] = {
183 {
"::/0,!fe80::/64",
"deny" },
184 {
"fe80::ffff:0:0:0/80",
"deny" },
185 {
"fe80::ffff:0:ffff:0/112",
"permit" },
189 const char *test_address;
190 int v4_permitall_result;
191 int v4_denyall_result;
192 int v6_permitall_result;
193 int v6_denyall_result;
202 {
"10.1.1.5",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A },
203 {
"192.168.0.5",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A },
204 {
"192.168.1.5",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A },
205 {
"10.0.0.1",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A },
206 {
"10.0.10.10",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A },
207 {
"172.16.0.1",
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A },
208 {
"fe80::1234",
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A },
209 {
"fe80::ffff:1213:dead:beef",
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_D },
210 {
"fe80::ffff:0:ffff:ABCD",
TACL_A,
TACL_A,
TACL_A,
TACL_D,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A,
TACL_A },
232 info->category =
"/main/acl/";
233 info->summary =
"ACL unit test";
235 "Tests that hosts are properly permitted or denied";
293 for (i = 0; i <
ARRAY_LEN(acl_tests); ++i) {
321 if (permit_resv4 != acl_tests[i].v4_permitall_result) {
323 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_permitall_result, permit_resv4);
328 if (deny_resv4 != acl_tests[i].v4_denyall_result) {
330 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_denyall_result, deny_resv4);
335 if (permit_resv6 != acl_tests[i].v6_permitall_result) {
337 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_permitall_result, permit_resv6);
342 if (deny_resv6 != acl_tests[i].v6_denyall_result) {
344 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_denyall_result, deny_resv6);
349 if (acl1_res != acl_tests[i].acl1_result) {
351 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl1_result, acl1_res);
356 if (acl2_res != acl_tests[i].acl2_result) {
358 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl2_result, acl2_res);
363 if (acl3_res != acl_tests[i].acl3_result) {
365 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl3_result, acl3_res);
370 if (acl4_res != acl_tests[i].acl4_result) {
372 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl4_result, acl4_res);
377 if (acl5_res != acl_tests[i].acl5_result) {
379 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl5_result, acl5_res);
384 if (acl6_res != acl_tests[i].acl6_result) {
386 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl6_result, acl6_res);
391 if (acl7_res != acl_tests[i].acl7_result) {
393 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl7_result, acl7_res);
Access Control of various sorts.
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
Apply a set of rules to a given IP address.
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Asterisk main include file. File version handling, generic pbx functions.
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
Configuration File Parser.
Asterisk module definitions.
#define AST_MODULE_INFO_STANDARD(keystr, desc)
#define ASTERISK_GPL_KEY
The text the key() function should return.
@ AST_MODULE_LOAD_SUCCESS
int ast_sockaddr_parse(struct ast_sockaddr *addr, const char *str, int flags)
Parse an IPv4 or IPv6 address string.
internal representation of ACL entries In principle user applications would have no need for this,...
Socket address structure.
#define AST_TEST_REGISTER(cb)
#define ast_test_status_update(a, b, c...)
#define AST_TEST_UNREGISTER(cb)
AST_TEST_DEFINE(invalid_acl)
static int load_module(void)
static int build_ha(const struct acl *acl, size_t len, struct ast_ha **ha, const char *acl_name, int *err, struct ast_test *test, enum ast_test_result_state *res)
static int unload_module(void)