39#define generate_bool_handler_functions(param_name) \
40static const char *param_name ## _map[] = { \
41 [ param_name ## _NOT_SET ] = "not_set", \
42 [ param_name ## _YES ] = "yes", \
43 [ param_name ## _NO ] = "no", \
45enum param_name ## _enum \
46 param_name ## _from_str(const char *value) \
48 if (!strcasecmp(value, param_name ## _map[param_name ## _NOT_SET])) { \
49 return param_name ## _NOT_SET; \
50 } else if (ast_true(value)) { \
51 return param_name ## _YES; \
52 } else if (ast_false(value)) { \
53 return param_name ## _NO; \
55 ast_log(LOG_WARNING, "Unknown " #param_name " response value '%s'\n", value); \
56 return param_name ## _UNKNOWN; \
58const char *param_name ## _to_str(enum param_name ## _enum value) \
60 return ARRAY_IN_BOUNDS(value, param_name ## _map) ? \
61 param_name ## _map[value] : NULL; \
78#define generate_enum_string_functions(param_name, default_value, ...)\
79static struct enum_name_xref_entry param_name ## _map[] = { \
82enum param_name ## _enum param_name ## _from_str( \
86 for (i = 0; i < ARRAY_LEN(param_name ## _map); i++) { \
87 if (strcasecmp(value, param_name ##_map[i].name) == 0) { \
88 return param_name ##_map[i].value; \
91 return param_name ## _ ## default_value; \
93const char *param_name ## _to_str( \
94 enum param_name ## _enum value) \
97 for (i = 0; i < ARRAY_LEN(param_name ## _map); i++) { \
98 if (value == param_name ## _map[i].value) return param_name ## _map[i].name; \
104 {attest_level_NOT_SET,
"not_set"},
105 {attest_level_A,
"A"},
106 {attest_level_B,
"B"},
107 {attest_level_C,
"C"},
111 {endpoint_behavior_OFF,
"off"},
112 {endpoint_behavior_OFF,
"none"},
113 {endpoint_behavior_ATTEST,
"attest"},
114 {endpoint_behavior_VERIFY,
"verify"},
115 {endpoint_behavior_ON,
"on"},
116 {endpoint_behavior_ON,
"both"}
129 || strcmp(
val,
"not_set") == 0) {
152#define print_acl_cert_store(cfg, a, max_name_len) \
154 if (cfg->vcfg_common.acl) { \
155 ast_cli(a->fd, "x5u_acl:\n"); \
156 print_acl(a->fd, cfg->vcfg_common.acl, " "); \
158 ast_cli(a->fd, "%-*s: (none)\n", max_name_len, "x5u_acl"); \
160 if (cfg->vcfg_common.tcs) { \
162 ast_cli(a->fd, "%-*s:\n", max_name_len, "Verification CA certificate store"); \
163 count = crypto_show_cli_store(cfg->vcfg_common.tcs, a->fd); \
164 if (count == 0 && (!ast_strlen_zero(cfg->vcfg_common.ca_path) \
165 || !ast_strlen_zero(cfg->vcfg_common.crl_path))) { \
166 ast_cli(a->fd, " Note: Certs in ca_path or crl_path won't show until used.\n"); \
169 ast_cli(a->fd, "%-*s: (none)\n", max_name_len, "Verification CA certificate store"); \
179 const char *title =
NULL;
180 const char *cfg_name =
NULL;
181 int max_name_len = 0;
184 ast_cli(
a->fd,
"No stir/shaken configuration found\n");
189 title = cli_data->
title;
193 max_name_len = strlen(title);
198 max_name_len += strlen(cfg_name) + 2 ;
208 int nlen = strlen(i->
name);
209 max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
212 ast_cli(
a->fd,
"\n==============================================================================\n");
216 ast_cli(
a->fd,
"%s: %s\n", title, cfg_name);
218 ast_cli(
a->fd,
"------------------------------------------------------------------------------\n");
236 ast_cli(
a->fd,
"---------------------------------------------\n\n"); \
245 int wordlen = strlen(
word);
271 size_t len = tn ? strlen(tn) : 0;
272 char *new_tn = dest_tn;
284 for (i = 0; i <
len; i++) {
285 if (isdigit(*s) || *s ==
'#' || *s ==
'*') {
310 const char *errmsg =
NULL;
314 e->
command =
"stir_shaken verify certificate_file";
316 "Usage: stir_shaken verify certificate_file <certificate_file> [ <profile> ]\n"
317 " Verify an external certificate file against the global or profile verification store\n";
334 ast_cli(
a->fd,
"Profile %s doesn't exist\n",
a->argv[4]);
337 if (!profile->vcfg_common.tcs) {
338 ast_cli(
a->fd,
"Profile %s doesn't have a certificate store\n",
a->argv[4]);
341 tcs = profile->vcfg_common.tcs;
345 ast_cli(
a->fd,
"No verification store found\n");
348 tcs = vs_cfg->vcfg_common.tcs;
353 ast_cli(
a->fd,
"Failed to load certificate from %s. See log for details\n",
a->argv[3]);
358 ast_cli(
a->fd,
"Certificate %s trusted\n",
a->argv[3]);
360 ast_cli(
a->fd,
"Certificate %s NOT trusted: %s\n",
a->argv[3], errmsg);
364 sk_X509_pop_free(cert_chain, X509_free);
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
void ast_cli_unregister_multiple(void)
Asterisk main include file. File version handling, generic pbx functions.
#define ast_strdup(str)
A wrapper for strdup()
#define ast_malloc(len)
A wrapper for malloc()
#define ao2_iterator_next(iter)
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
int as_load()
Load the stir/shaken attestation service.
int as_unload()
Load the stir/shaken attestation service.
int as_reload()
Load the stir/shaken attestation service.
Standard Command Line Interface.
#define AST_CLI_DEFINE(fn, txt,...)
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
void ast_cli(int fd, const char *fmt,...)
#define ast_cli_register_multiple(e, len)
Register multiple commands.
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
char * config_object_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
static const char * translate_value(const char *val)
int common_config_unload(void)
static struct ast_cli_entry cli_commands[]
static char * cli_verify_cert(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
struct stasis_subscription * named_acl_changed_sub
int common_config_reload(void)
char * canonicalize_tn_alloc(const char *tn)
Canonicalize a TN into nre buffer.
int common_config_load(void)
static void named_acl_changed_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
#define generate_enum_string_functions(param_name, default_value,...)
static struct ast_sorcery * sorcery
char * canonicalize_tn(const char *tn, char *dest_tn)
Canonicalize a TN.
#define generate_bool_handler_functions(param_name)
#define print_acl_cert_store(cfg, a, max_name_len)
static void print_acl(int fd, struct ast_acl_list *acl_list, const char *prefix)
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
@ config_object_type_profile
@ config_object_type_verification
struct verification_cfg * vs_get_cfg(void)
int tn_config_unload(void)
struct profile_cfg * profile_get_cfg(const char *id)
struct ao2_container * profile_get_all(void)
int tn_config_reload(void)
X509 * crypto_load_cert_chain_from_file(const char *filename, STACK_OF(X509) **cert_chain)
Load an X509 Cert and any chained certs from a file.
int crypto_is_cert_trusted(struct crypto_cert_store *store, X509 *cert, STACK_OF(X509) *cert_chain, const char **err_msg)
Check if the cert is trusted.
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
#define SCOPE_ENTER(level,...)
static char prefix[MAX_PREFIX]
struct ast_variable * ast_variable_list_sort(struct ast_variable *head)
Performs an in-place sort on the variable list by ascending name.
void ast_variables_destroy(struct ast_variable *var)
Free variable list.
Support for logging to various files, console and syslog Configuration in file logger....
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
#define AST_LIST_LOCK(head)
Locks a list.
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Asterisk module definitions.
@ AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
static struct stasis_subscription * sub
Statsd channel stats. Exmaple of how to subscribe to Stasis events.
struct ao2_container * container
@ stir_shaken_failure_action_CONTINUE
@ stir_shaken_failure_action_CONTINUE_RETURN_REASON
@ stir_shaken_failure_action_REJECT_REQUEST
Security Event Reporting API.
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
#define ast_sorcery_unref(sorcery)
Decrease the reference count of a sorcery structure.
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
const char * ast_sorcery_object_get_type(const void *object)
Get the type of a sorcery object.
@ AST_HANDLER_ONLY_STRING
Use string handler only.
#define ast_sorcery_open()
Open a new sorcery structure.
struct ast_variable * ast_sorcery_objectset_create2(const struct ast_sorcery *sorcery, const void *object, enum ast_sorcery_field_handler_flags flags)
Create an object set (KVP list) for an object.
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
struct stasis_subscription * stasis_unsubscribe(struct stasis_subscription *subscription)
Cancel a subscription.
#define stasis_subscribe(topic, callback, data)
int ast_strings_equal(const char *str1, const char *str2)
Compare strings for equality checking for NULL.
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
static force_inline int attribute_pure ast_strlen_zero(const char *s)
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Wrapper for an ast_acl linked list.
an ast_acl is a linked list node of ast_ha structs which may have names.
struct ast_acl::@191 list
descriptor for a cli entry.
Full structure for sorcery.
Structure for variables, used for configurations and for channel variables.
struct ast_variable * next
enum config_object_type object_type
ao2 object wrapper for X509_STORE that provides locking and refcounting
STACK_OF(X509_CRL) *crl_stack
Profile configuration for stir/shaken.
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
int vs_load()
Load the stir/shaken verification service.
int vs_unload()
Unload the stir/shaken verification service.
int vs_reload()
Reload the stir/shaken verification service.
