Asterisk - The Open Source Telephony Project GIT-master-fe341c2
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
common_config.c
Go to the documentation of this file.
1/*
2 * Asterisk -- An open source telephony toolkit.
3 *
4 * Copyright (C) 2023, Sangoma Technologies Corporation
5 *
6 * George Joseph <gjoseph@sangoma.com>
7 *
8 * See http://www.asterisk.org for more information about
9 * the Asterisk project. Please do not directly contact
10 * any of the maintainers of this project for assistance;
11 * the project provides a web site, mailing lists and IRC
12 * channels for your use.
13 *
14 * This program is free software, distributed under the terms of
15 * the GNU General Public License Version 2. See the LICENSE file
16 * at the top of the source tree.
17 */
18
19#include "asterisk.h"
20#include "asterisk/cli.h"
21#include "asterisk/cli.h"
22#include "asterisk/logger.h"
23#include "asterisk/module.h"
24#include "asterisk/utils.h"
25#include "asterisk/stasis.h"
27
28#define AST_API_MODULE
29#include "stir_shaken.h"
30
31static struct ast_sorcery *sorcery;
33
35{
36 return sorcery;
37}
38
39#define generate_bool_handler_functions(param_name) \
40static const char *param_name ## _map[] = { \
41 [ param_name ## _NOT_SET ] = "not_set", \
42 [ param_name ## _YES ] = "yes", \
43 [ param_name ## _NO ] = "no", \
44}; \
45enum param_name ## _enum \
46 param_name ## _from_str(const char *value) \
47{ \
48 if (!strcasecmp(value, param_name ## _map[param_name ## _NOT_SET])) { \
49 return param_name ## _NOT_SET; \
50 } else if (ast_true(value)) { \
51 return param_name ## _YES; \
52 } else if (ast_false(value)) { \
53 return param_name ## _NO; \
54 } \
55 ast_log(LOG_WARNING, "Unknown " #param_name " response value '%s'\n", value); \
56 return param_name ## _UNKNOWN; \
57}\
58const char *param_name ## _to_str(enum param_name ## _enum value) \
59{ \
60 return ARRAY_IN_BOUNDS(value, param_name ## _map) ? \
61 param_name ## _map[value] : NULL; \
62}
63
64generate_bool_handler_functions(use_rfc9410_responses);
65generate_bool_handler_functions(ignore_sip_date_header);
67generate_bool_handler_functions(check_tn_cert_public_url);
68generate_bool_handler_functions(relax_x5u_port_scheme_restrictions);
69generate_bool_handler_functions(relax_x5u_path_restrictions);
70
72
74 int value;
75 const char *name;
76};
77
78#define generate_enum_string_functions(param_name, default_value, ...)\
79static struct enum_name_xref_entry param_name ## _map[] = { \
80 __VA_ARGS__ \
81} ; \
82enum param_name ## _enum param_name ## _from_str( \
83 const char *value) \
84{ \
85 int i; \
86 for (i = 0; i < ARRAY_LEN(param_name ## _map); i++) { \
87 if (strcasecmp(value, param_name ##_map[i].name) == 0) { \
88 return param_name ##_map[i].value; \
89 } \
90 } \
91 return param_name ## _ ## default_value; \
92} \
93const char *param_name ## _to_str( \
94 enum param_name ## _enum value) \
95{ \
96 int i; \
97 for (i = 0; i < ARRAY_LEN(param_name ## _map); i++) { \
98 if (value == param_name ## _map[i].value) return param_name ## _map[i].name; \
99 } \
100 return NULL; \
101}
102
104 {attest_level_NOT_SET, "not_set"},
105 {attest_level_A, "A"},
106 {attest_level_B, "B"},
107 {attest_level_C, "C"},
108);
109
110generate_enum_string_functions(endpoint_behavior, OFF,
111 {endpoint_behavior_OFF, "off"},
112 {endpoint_behavior_OFF, "none"},
113 {endpoint_behavior_ATTEST, "attest"},
114 {endpoint_behavior_VERIFY, "verify"},
115 {endpoint_behavior_ON, "on"},
116 {endpoint_behavior_ON, "both"}
117);
118
119generate_enum_string_functions(stir_shaken_failure_action, CONTINUE,
122 {stir_shaken_failure_action_CONTINUE_RETURN_REASON, "continue_return_reason"},
123);
124
125static const char *translate_value(const char *val)
126{
127 if (val[0] == '0'
128 || val[0] == '\0'
129 || strcmp(val, "not_set") == 0) {
130 return "";
131 }
132
133 return val;
134}
135
136static void print_acl(int fd, struct ast_acl_list *acl_list, const char *prefix)
137{
138 struct ast_acl *acl;
139
140 AST_LIST_LOCK(acl_list);
141 AST_LIST_TRAVERSE(acl_list, acl, list) {
142 if (ast_strlen_zero(acl->name)) {
143 ast_cli(fd, "%s(permit/deny)\n", prefix);
144 } else {
145 ast_cli(fd, "%s%s\n", prefix, acl->name);
146 }
147 ast_ha_output(fd, acl->acl, prefix);
148 }
149 AST_LIST_UNLOCK(acl_list);
150}
151
152#define print_acl_cert_store(cfg, a, max_name_len) \
153({ \
154 if (cfg->vcfg_common.acl) { \
155 ast_cli(a->fd, "x5u_acl:\n"); \
156 print_acl(a->fd, cfg->vcfg_common.acl, " "); \
157 } else { \
158 ast_cli(a->fd, "%-*s: (none)\n", max_name_len, "x5u_acl"); \
159 }\
160 if (cfg->vcfg_common.tcs) { \
161 int count = 0; \
162 ast_cli(a->fd, "%-*s:\n", max_name_len, "Verification CA certificate store"); \
163 count = crypto_show_cli_store(cfg->vcfg_common.tcs, a->fd); \
164 if (count == 0 && (!ast_strlen_zero(cfg->vcfg_common.ca_path) \
165 || !ast_strlen_zero(cfg->vcfg_common.crl_path))) { \
166 ast_cli(a->fd, " Note: Certs in ca_path or crl_path won't show until used.\n"); \
167 } \
168 } else { \
169 ast_cli(a->fd, "%-*s: (none)\n", max_name_len, "Verification CA certificate store"); \
170 } \
171})
172
173int config_object_cli_show(void *obj, void *arg, void *data, int flags)
174{
175 struct ast_cli_args *a = arg;
176 struct config_object_cli_data *cli_data = data;
177 struct ast_variable *options;
178 struct ast_variable *i;
179 const char *title = NULL;
180 const char *cfg_name = NULL;
181 int max_name_len = 0;
182
183 if (!obj) {
184 ast_cli(a->fd, "No stir/shaken configuration found\n");
185 return 0;
186 }
187
188 if (!ast_strlen_zero(cli_data->title)) {
189 title = cli_data->title;
190 } else {
191 title = ast_sorcery_object_get_type(obj);
192 }
193 max_name_len = strlen(title);
194
196 || cli_data->object_type == config_object_type_tn) {
197 cfg_name = ast_sorcery_object_get_id(obj);
198 max_name_len += strlen(cfg_name) + 2 /* ": " */;
199 }
200
203 if (!options) {
204 return 0;
205 }
206
207 for (i = options; i; i = i->next) {
208 int nlen = strlen(i->name);
209 max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
210 }
211
212 ast_cli(a->fd, "\n==============================================================================\n");
213 if (ast_strlen_zero(cfg_name)) {
214 ast_cli(a->fd, "%s\n", title);
215 } else {
216 ast_cli(a->fd, "%s: %s\n", title, cfg_name);
217 }
218 ast_cli(a->fd, "------------------------------------------------------------------------------\n");
219
220 for (i = options; i; i = i->next) {
221 if (!ast_strings_equal(i->name, "x5u_acl")) {
222 ast_cli(a->fd, "%-*s: %s\n", max_name_len, i->name,
224 }
225 }
226
228
229 if (cli_data->object_type == config_object_type_profile) {
230 struct profile_cfg *cfg = obj;
231 print_acl_cert_store(cfg, a, max_name_len);
232 } else if (cli_data->object_type == config_object_type_verification) {
233 struct verification_cfg *cfg = obj;
234 print_acl_cert_store(cfg, a, max_name_len);
235 }
236 ast_cli(a->fd, "---------------------------------------------\n\n"); \
237
238 return 0;
239}
240
242{
243 void *obj;
244 struct ao2_iterator it;
245 int wordlen = strlen(word);
246 int ret;
247
249 while ((obj = ao2_iterator_next(&it))) {
250 if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
252 if (ret) {
253 ao2_ref(obj, -1);
254 break;
255 }
256 }
257 ao2_ref(obj, -1);
258 }
260
261 return NULL;
262}
263
264
265/* Remove everything except 0-9, *, and # in telephone number according to RFC 8224
266 * (required by RFC 8225 as part of canonicalization) */
267char *canonicalize_tn(const char *tn, char *dest_tn)
268{
269 int i;
270 const char *s = tn;
271 size_t len = tn ? strlen(tn) : 0;
272 char *new_tn = dest_tn;
273 SCOPE_ENTER(3, "tn: %s\n", S_OR(tn, "(null)"));
274
275 if (ast_strlen_zero(tn)) {
276 *dest_tn = '\0';
277 SCOPE_EXIT_RTN_VALUE(NULL, "Empty TN\n");
278 }
279
280 if (!dest_tn) {
281 SCOPE_EXIT_RTN_VALUE(NULL, "No destination buffer\n");
282 }
283
284 for (i = 0; i < len; i++) {
285 if (isdigit(*s) || *s == '#' || *s == '*') { /* Only characters allowed */
286 *new_tn++ = *s;
287 }
288 s++;
289 }
290 *new_tn = '\0';
291 SCOPE_EXIT_RTN_VALUE(dest_tn, "Canonicalized '%s' -> '%s'\n", tn, dest_tn);
292}
293
294char *canonicalize_tn_alloc(const char *tn)
295{
296 char *canon_tn = ast_strlen_zero(tn) ? NULL : ast_malloc(strlen(tn) + 1);
297 if (!canon_tn) {
298 return NULL;
299 }
300 return canonicalize_tn(tn, canon_tn);
301}
302
303static char *cli_verify_cert(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
304{
305 RAII_VAR(struct profile_cfg *, profile, NULL, ao2_cleanup);
306 RAII_VAR(struct verification_cfg *, vs_cfg, NULL, ao2_cleanup);
307 struct crypto_cert_store *tcs;
308 X509 *cert = NULL;
309 const char *errmsg = NULL;
310
311 switch(cmd) {
312 case CLI_INIT:
313 e->command = "stir_shaken verify certificate_file";
314 e->usage =
315 "Usage: stir_shaken verify certificate_file <certificate_file> [ <profile> ]\n"
316 " Verify an external certificate file against the global or profile verification store\n";
317 return NULL;
318 case CLI_GENERATE:
319 if (a->pos == 4) {
321 } else {
322 return NULL;
323 }
324 }
325
326 if (a->argc < 4) {
327 return CLI_SHOWUSAGE;
328 }
329
330 if (a->argc == 5) {
331 profile = profile_get_cfg(a->argv[4]);
332 if (!profile) {
333 ast_cli(a->fd, "Profile %s doesn't exist\n", a->argv[4]);
334 return CLI_SUCCESS;
335 }
336 if (!profile->vcfg_common.tcs) {
337 ast_cli(a->fd,"Profile %s doesn't have a certificate store\n", a->argv[4]);
338 return CLI_SUCCESS;
339 }
340 tcs = profile->vcfg_common.tcs;
341 } else {
342 vs_cfg = vs_get_cfg();
343 if (!vs_cfg) {
344 ast_cli(a->fd, "No verification store found\n");
345 return CLI_SUCCESS;
346 }
347 tcs = vs_cfg->vcfg_common.tcs;
348 }
349
350 cert = crypto_load_cert_from_file(a->argv[3]);
351 if (!cert) {
352 ast_cli(a->fd, "Failed to load certificate from %s. See log for details\n", a->argv[3]);
353 return CLI_SUCCESS;
354 }
355
356 if (crypto_is_cert_trusted(tcs, cert, &errmsg)) {
357 ast_cli(a->fd, "Certificate %s trusted\n", a->argv[3]);
358 } else {
359 ast_cli(a->fd, "Certificate %s NOT trusted: %s\n", a->argv[3], errmsg);
360 }
361 X509_free(cert);
362
363 return CLI_SUCCESS;
364}
365
366static struct ast_cli_entry cli_commands[] = {
367 AST_CLI_DEFINE(cli_verify_cert, "Verify a certificate file against the global or a profile verification store"),
368};
369
371{
372 SCOPE_ENTER(2, "Stir Shaken Reload\n");
373 if (vs_reload()) {
374 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS Reload failed\n");
375 }
376
377 if (as_reload()) {
378 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS Reload failed\n");
379 }
380
381 if (tn_config_reload()) {
382 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN Reload failed\n");
383 }
384
385 if (profile_reload()) {
386 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken Profile Reload failed\n");
387 }
388
389 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Reload Done\n");
390}
391
393{
395
398 as_unload();
399 vs_unload();
400
404 }
406 sorcery = NULL;
407
408 return 0;
409}
410
411static void named_acl_changed_cb(void *data,
413{
415 return;
416 }
417 ast_log(LOG_NOTICE, "Named acl changed. Reloading verification and profile\n");
419}
420
422{
423 SCOPE_ENTER(2, "Stir Shaken Load\n");
424
425 if (!(sorcery = ast_sorcery_open())) {
427 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken sorcery load failed\n");
428 }
429
430 if (vs_load()) {
432 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS load failed\n");
433 }
434
435 if (as_load()) {
437 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS load failed\n");
438 }
439
440 if (tn_config_load()) {
442 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN load failed\n");
443 }
444
445 if (profile_load()) {
447 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken profile load failed\n");
448 }
449
455 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken acl change subscribe failed\n");
456 }
459 }
460
462
463 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Load Done\n");
464}
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1103
Asterisk main include file. File version handling, generic pbx functions.
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:241
#define ast_malloc(len)
A wrapper for malloc()
Definition: astmm.h:191
#define ast_log
Definition: astobj2.c:42
#define ao2_iterator_next(iter)
Definition: astobj2.h:1911
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
int as_load()
Load the stir/shaken attestation service.
Definition: attestation.c:440
int as_unload()
Load the stir/shaken attestation service.
Definition: attestation.c:434
int as_reload()
Load the stir/shaken attestation service.
Definition: attestation.c:427
Standard Command Line Interface.
#define CLI_SHOWUSAGE
Definition: cli.h:45
#define CLI_SUCCESS
Definition: cli.h:44
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30
#define AST_CLI_DEFINE(fn, txt,...)
Definition: cli.h:197
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition: main/cli.c:2768
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
@ CLI_INIT
Definition: cli.h:152
@ CLI_GENERATE
Definition: cli.h:153
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
short word
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
char * config_object_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
static const char * translate_value(const char *val)
int common_config_unload(void)
static struct ast_cli_entry cli_commands[]
static char * cli_verify_cert(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
struct stasis_subscription * named_acl_changed_sub
Definition: common_config.c:32
int common_config_reload(void)
char * canonicalize_tn_alloc(const char *tn)
Canonicalize a TN into nre buffer.
int common_config_load(void)
static void named_acl_changed_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
#define generate_enum_string_functions(param_name, default_value,...)
Definition: common_config.c:78
static struct ast_sorcery * sorcery
Definition: common_config.c:31
char * canonicalize_tn(const char *tn, char *dest_tn)
Canonicalize a TN.
#define generate_bool_handler_functions(param_name)
Definition: common_config.c:39
#define print_acl_cert_store(cfg, a, max_name_len)
static void print_acl(int fd, struct ast_acl_list *acl_list, const char *prefix)
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition: common_config.c:34
@ config_object_type_tn
@ config_object_type_profile
@ config_object_type_verification
int profile_unload(void)
int profile_load(void)
int tn_config_load(void)
Definition: tn_config.c:268
struct verification_cfg * vs_get_cfg(void)
int tn_config_unload(void)
Definition: tn_config.c:260
struct profile_cfg * profile_get_cfg(const char *id)
struct ao2_container * profile_get_all(void)
int tn_config_reload(void)
Definition: tn_config.c:253
int profile_reload(void)
int crypto_is_cert_trusted(struct crypto_cert_store *store, X509 *cert, const char **err_msg)
Check if the cert is trusted.
Definition: crypto_utils.c:740
X509 * crypto_load_cert_from_file(const char *filename)
Load an X509 Cert from a file.
Definition: crypto_utils.c:189
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
#define SCOPE_ENTER(level,...)
static char prefix[MAX_PREFIX]
Definition: http.c:144
struct ast_variable * ast_variable_list_sort(struct ast_variable *head)
Performs an in-place sort on the variable list by ascending name.
Definition: main/config.c:706
void ast_variables_destroy(struct ast_variable *var)
Free variable list.
Definition: extconf.c:1262
Support for logging to various files, console and syslog Configuration in file logger....
#define LOG_NOTICE
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
Asterisk module definitions.
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78
struct stasis_forward * sub
Definition: res_corosync.c:240
struct ao2_container * container
Definition: res_fax.c:531
@ UNKNOWN
Definition: res_pjsip.h:440
@ stir_shaken_failure_action_CONTINUE
@ stir_shaken_failure_action_CONTINUE_RETURN_REASON
@ stir_shaken_failure_action_REJECT_REQUEST
#define NULL
Definition: resample.c:96
Security Event Reporting API.
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
#define ast_sorcery_unref(sorcery)
Decrease the reference count of a sorcery structure.
Definition: sorcery.h:1500
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2317
const char * ast_sorcery_object_get_type(const void *object)
Get the type of a sorcery object.
Definition: sorcery.c:2329
@ AST_HANDLER_ONLY_STRING
Use string handler only.
Definition: sorcery.h:137
#define ast_sorcery_open()
Open a new sorcery structure.
Definition: sorcery.h:406
struct ast_variable * ast_sorcery_objectset_create2(const struct ast_sorcery *sorcery, const void *object, enum ast_sorcery_field_handler_flags flags)
Create an object set (KVP list) for an object.
Definition: sorcery.c:1511
Stasis Message Bus API. See Stasis Message Bus API for detailed documentation.
struct stasis_message_type * stasis_message_type(const struct stasis_message *msg)
Get the message type for a stasis_message.
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
Definition: stasis.c:1050
struct stasis_subscription * stasis_unsubscribe(struct stasis_subscription *subscription)
Cancel a subscription.
Definition: stasis.c:998
#define stasis_subscribe(topic, callback, data)
Definition: stasis.h:649
int ast_strings_equal(const char *str1, const char *str2)
Compare strings for equality checking for NULL.
Definition: strings.c:238
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition: strings.h:80
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
Definition: test_acl.c:111
Generic container type.
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1821
Wrapper for an ast_acl linked list.
Definition: acl.h:76
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
struct ast_ha * acl
Definition: acl.h:68
struct ast_acl::@180 list
descriptor for a cli entry.
Definition: cli.h:171
char * command
Definition: cli.h:186
const char * usage
Definition: cli.h:177
Full structure for sorcery.
Definition: sorcery.c:230
Structure for variables, used for configurations and for channel variables.
struct ast_variable * next
enum config_object_type object_type
ao2 object wrapper for X509_STORE that provides locking and refcounting
Definition: crypto_utils.h:179
Definition: common_config.c:73
const char * name
Definition: common_config.c:75
int value
Definition: common_config.c:74
Profile configuration for stir/shaken.
Definition: ast_expr2.c:325
static struct test_options options
static struct test_val a
Utility functions.
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
#define ARRAY_LEN(a)
Definition: utils.h:666
int vs_load()
Load the stir/shaken verification service.
int vs_unload()
Unload the stir/shaken verification service.
int vs_reload()
Reload the stir/shaken verification service.