Asterisk - The Open Source Telephony Project GIT-master-a63eec2
Loading...
Searching...
No Matches
Data Structures | Macros | Enumerations | Functions
common_config.h File Reference
#include <openssl/evp.h>
#include "asterisk.h"
#include "asterisk/paths.h"
#include "asterisk/sorcery.h"
#include "asterisk/stringfields.h"
Include dependency graph for common_config.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  attestation_cfg
 
struct  attestation_cfg_common
 Attestation Service configuration for stir/shaken. More...
 
struct  config_object_cli_data
 
struct  profile_cfg
 Profile configuration for stir/shaken. More...
 
struct  tn_cfg
 TN configuration for stir/shaken. More...
 
struct  verification_cfg
 
struct  verification_cfg_common
 Verification Service configuration for stir/shaken. More...
 

Macros

#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)    cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __field ## _NOT_SET, __field ## _UNKNOWN)
 
#define cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __not_set, __unknown)
 cfg_enum_copy
 
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
 cfg_copy_wrapper
 
#define cfg_stringfield_copy(__cfg_dst, __cfg_src, __field)
 Common config copy utilities.
 
#define cfg_uint_copy(__cfg_dst, __cfg_src, __field)
 cfg_uint_copy
 
#define EFFECTIVE_ENUM(__enum1, __enum2, __field, __default)
 
#define EFFECTIVE_ENUM_BOOL(__enum1, __enum2, __field, __default)
 
#define ENUM_BOOL(__enum1, __field)    (__enum1 == ( __field ## _ ## YES ))
 
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)    enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)
 
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)
 
#define generate_acfg_common_sorcery_handlers(object)
 
#define generate_bool_string_prototypes(param_name)
 Boolean field to/from string prototype generator.
 
#define generate_enum_string_prototypes(param_name, ...)
 Enum field to/from string prototype generator.
 
#define generate_sorcery_acl_from_str(__struct, __lc_param, __unknown)
 
#define generate_sorcery_acl_to_str(__struct, __lc_param)
 
#define generate_sorcery_enum_from_str(__struct, __substruct, __lc_param, __unknown)    generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param, __unknown) \
 
#define generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __base_enum, __unknown)
 
#define generate_sorcery_enum_to_str(__struct, __substruct, __lc_param)    generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __lc_param)
 
#define generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __base_enum)
 Enum sorcery handler generator.
 
#define generate_vcfg_common_sorcery_handlers(object)
 
#define PROFILE_ALLOW_ATTEST(__profile)
 
#define PROFILE_ALLOW_VERIFY(__profile)
 
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
 
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
 
#define stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
 Sorcery fields register helpers.
 
#define uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
 

Enumerations

enum  config_object_type { config_object_type_attestation = 0 , config_object_type_verification , config_object_type_profile , config_object_type_tn }
 

Functions

void acfg_cleanup (struct attestation_cfg_common *cfg)
 
int as_check_common_config (const char *id, struct attestation_cfg_common *acfg_common)
 
int as_config_load (void)
 
int as_config_reload (void)
 
int as_config_unload (void)
 
int as_copy_cfg_common (const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
 
struct attestation_cfgas_get_cfg (void)
 
int as_is_config_loaded (void)
 
char * canonicalize_tn (const char *tn, char *dest_tn)
 Canonicalize a TN.
 
char * canonicalize_tn_alloc (const char *tn)
 Canonicalize a TN into nre buffer.
 
int common_config_load (void)
 
int common_config_reload (void)
 
int common_config_unload (void)
 
int config_object_cli_show (void *obj, void *arg, void *data, int flags)
 Output configuration settings to the Asterisk CLI.
 
char * config_object_tab_complete_name (const char *word, struct ao2_container *container)
 Tab completion for name matching with STIR/SHAKEN CLI commands.
 
struct ao2_containereprofile_get_all (void)
 
struct profile_cfgeprofile_get_cfg (const char *id)
 
 generate_bool_string_prototypes (check_tn_cert_public_url)
 
 generate_bool_string_prototypes (ignore_sip_date_header)
 
 generate_bool_string_prototypes (load_system_certs)
 
 generate_bool_string_prototypes (relax_x5u_path_restrictions)
 
 generate_bool_string_prototypes (relax_x5u_port_scheme_restrictions)
 
 generate_bool_string_prototypes (send_mky)
 
 generate_bool_string_prototypes (use_rfc9410_responses)
 
 generate_enum_string_prototypes (attest_level, attest_level_UNKNOWN=-1, attest_level_NOT_SET=0, attest_level_A, attest_level_B, attest_level_C,)
 
 generate_enum_string_prototypes (endpoint_behavior, endpoint_behavior_UNKNOWN=-1, endpoint_behavior_OFF=0, endpoint_behavior_ATTEST, endpoint_behavior_VERIFY, endpoint_behavior_ON, endpoint_behavior_NOT_SET)
 
struct ast_acl_listget_default_acl_list (void)
 
struct ao2_containerprofile_get_all (void)
 
struct profile_cfgprofile_get_cfg (const char *id)
 
int profile_load (void)
 
int profile_reload (void)
 
int profile_unload (void)
 
enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str (const char *action_str)
 
const char * stir_shaken_failure_action_to_str (enum stir_shaken_failure_action_enum action)
 
int tn_config_load (void)
 
int tn_config_reload (void)
 
int tn_config_unload (void)
 
struct tn_cfgtn_get_cfg (const char *tn)
 
struct tn_cfgtn_get_etn (const char *tn, struct profile_cfg *eprofile)
 
enum attest_level_enum unknown_tn_attest_level_from_str (const char *value)
 
const char * unknown_tn_attest_level_to_str (enum attest_level_enum value)
 
void vcfg_cleanup (struct verification_cfg_common *cfg)
 
int vs_check_common_config (const char *id, struct verification_cfg_common *vcfg_common)
 
int vs_config_load (void)
 
int vs_config_reload (void)
 
int vs_config_unload (void)
 
int vs_copy_cfg_common (const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
 
struct verification_cfgvs_get_cfg (void)
 
int vs_is_config_loaded (void)
 

Macro Definition Documentation

◆ cfg_enum_copy

#define cfg_enum_copy (   __cfg_dst,
  __cfg_src,
  __field 
)     cfg_enum_copy_ex(__cfg_dst, __cfg_src, __field, __field ## _NOT_SET, __field ## _UNKNOWN)

Definition at line 285 of file common_config.h.

293 {
295 AST_STRING_FIELD(private_key_file);
296 AST_STRING_FIELD(public_cert_url);
297 );
298 enum attest_level_enum attest_level;
299 enum check_tn_cert_public_url_enum check_tn_cert_public_url;
300 enum send_mky_enum send_mky;
301 unsigned char *raw_key;
302 size_t raw_key_length;
303};
304
305#define generate_acfg_common_sorcery_handlers(object) \
306 generate_sorcery_enum_from_str(object, acfg_common., check_tn_cert_public_url, UNKNOWN); \
307 generate_sorcery_enum_to_str(object, acfg_common., check_tn_cert_public_url); \
308 generate_sorcery_enum_from_str(object, acfg_common., send_mky, UNKNOWN); \
309 generate_sorcery_enum_to_str(object, acfg_common., send_mky); \
310 generate_sorcery_enum_from_str(object, acfg_common., attest_level, UNKNOWN); \
311 generate_sorcery_enum_to_str(object, acfg_common., attest_level);
312
313int as_check_common_config(const char *id,
314 struct attestation_cfg_common *acfg_common);
315
316int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst,
317 struct attestation_cfg_common *cfg_src);
318
319void acfg_cleanup(struct attestation_cfg_common *cfg);
320
321struct attestation_cfg {
322 SORCERY_OBJECT(details);
323 /*
324 * We need an empty AST_DECLARE_STRING_FIELDS() here
325 * because when STRFLDSET is used with sorcery, the
326 * memory for all sub-structures that have stringfields
327 * is allocated from the parent's stringfield pool.
328 */
331 enum attest_level_enum unknown_tn_attest_level;
332 int global_disable;
333};
334
335struct attestation_cfg *as_get_cfg(void);
336int as_is_config_loaded(void);
337int as_config_load(void);
338int as_config_reload(void);
339int as_config_unload(void);
340
341/*!
342 * \brief Verification Service configuration for stir/shaken
343 *
344 * The common structure also appears in profile_cfg.
345 */
355 );
356 unsigned int curl_timeout;
357 unsigned int max_iat_age;
358 unsigned int max_date_header_age;
359 unsigned int max_cache_entry_age;
360 unsigned int max_cache_size;
363 enum use_rfc9410_responses_enum use_rfc9410_responses;
364 enum relax_x5u_port_scheme_restrictions_enum
366 enum relax_x5u_path_restrictions_enum
368 enum load_system_certs_enum load_system_certs;
369 enum ignore_sip_date_header_enum ignore_sip_date_header;
370 struct ast_acl_list *acl;
371 struct crypto_cert_store *tcs;
372};
373
374#define generate_vcfg_common_sorcery_handlers(object) \
375 generate_sorcery_enum_from_str(object, vcfg_common.,use_rfc9410_responses, UNKNOWN); \
376 generate_sorcery_enum_to_str(object, vcfg_common.,use_rfc9410_responses); \
377 generate_sorcery_enum_from_str(object, vcfg_common.,stir_shaken_failure_action, UNKNOWN); \
378 generate_sorcery_enum_to_str(object, vcfg_common.,stir_shaken_failure_action); \
379 generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions, UNKNOWN); \
380 generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_port_scheme_restrictions); \
381 generate_sorcery_enum_from_str(object, vcfg_common.,relax_x5u_path_restrictions, UNKNOWN); \
382 generate_sorcery_enum_to_str(object, vcfg_common.,relax_x5u_path_restrictions); \
383 generate_sorcery_enum_from_str(object, vcfg_common.,load_system_certs, UNKNOWN); \
384 generate_sorcery_enum_to_str(object, vcfg_common.,load_system_certs); \
385 generate_sorcery_enum_from_str(object, vcfg_common.,ignore_sip_date_header, UNKNOWN); \
386 generate_sorcery_enum_to_str(object, vcfg_common.,ignore_sip_date_header); \
387 generate_sorcery_acl_from_str(object, acl, NULL); \
388 generate_sorcery_acl_to_str(object, acl);
389
390int vs_check_common_config(const char *id,
391 struct verification_cfg_common *vcfg_common);
392
393int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst,
394 struct verification_cfg_common *cfg_src);
395
396void vcfg_cleanup(struct verification_cfg_common *cfg);
397
398struct verification_cfg {
399 SORCERY_OBJECT(details);
400 /*
401 * We need an empty AST_DECLARE_STRING_FIELDS() here
402 * because when STRFLDSET is used with sorcery, the
403 * memory for all sub-structures that have stringfields
404 * is allocated from the parent's stringfield pool.
405 */
408 int global_disable;
409};
410
411struct verification_cfg *vs_get_cfg(void);
412int vs_is_config_loaded(void);
413int vs_config_load(void);
414int vs_config_reload(void);
415int vs_config_unload(void);
416
417/*!
418 * \brief Profile configuration for stir/shaken
419 */
420struct profile_cfg {
421 SORCERY_OBJECT(details);
422 /*
423 * We need an empty AST_DECLARE_STRING_FIELDS() here
424 * because when STRFLDSET is used with sorcery, the
425 * memory for all sub-structures that have stringfields
426 * is allocated from the parent's stringfield pool.
427 */
431 enum endpoint_behavior_enum endpoint_behavior;
432 enum attest_level_enum unknown_tn_attest_level;
433 struct profile_cfg *eprofile;
434};
435
436struct profile_cfg *profile_get_cfg(const char *id);
437struct ao2_container *profile_get_all(void);
438struct profile_cfg *eprofile_get_cfg(const char *id);
439struct ao2_container *eprofile_get_all(void);
440int profile_load(void);
441int profile_reload(void);
442int profile_unload(void);
443
444#define PROFILE_ALLOW_ATTEST(__profile) \
445 (__profile->endpoint_behavior == endpoint_behavior_ON || \
446 __profile->endpoint_behavior == endpoint_behavior_ATTEST)
447
448#define PROFILE_ALLOW_VERIFY(__profile) \
449 (__profile->endpoint_behavior == endpoint_behavior_ON || \
450 __profile->endpoint_behavior == endpoint_behavior_VERIFY)
451
452/*!
453 * \brief TN configuration for stir/shaken
454 *
455 * TN-specific attestation_cfg.
456 */
457
458struct tn_cfg {
459 SORCERY_OBJECT(details);
460 /*
461 * We need an empty AST_DECLARE_STRING_FIELDS() here
462 * because when STRFLDSET is used with sorcery, the
463 * memory for all sub-structures that have stringfields
464 * is allocated from the parent's stringfield pool.
465 */
468};
469
470struct tn_cfg *tn_get_cfg(const char *tn);
471struct tn_cfg *tn_get_etn(const char *tn,
472 struct profile_cfg *eprofile);
473int tn_config_load(void);
474int tn_config_reload(void);
475int tn_config_unload(void);
476
477/*!
478 * \brief Sorcery fields register helpers
479 *
480 * Most of the fields on attestation_cfg and verification_cfg are also
481 * in profile_cfg. To prevent having to maintain duplicate sets of
482 * sorcery register statements, we can do this once here and call
483 * register_common_verification_fields() from both profile_config and
484 * verification_config and call register_common_attestation_fields()
485 * from profile_cfg and attestation_config.
486 *
487 * Most of the fields in question are in sub-structures like
488 * verification_cfg.vcfg_common which is why there are separate name
489 * and field parameters. For verification_cfg.vcfg_common.ca_file
490 * for instance, name would be ca_file and field would be
491 * vcfg_common.ca_file.
492 *
493 *\note These macros depend on default values being defined
494 * in the 4 _config.c files as DEFAULT_<field_name>.
495 *
496 */
497#define stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
498 ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
499 DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
500 STRFLDSET(struct object, field))
501
502#define uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc) \
503 ast_sorcery_object_field_register ## nodoc(sorcery, CONFIG_TYPE, #name, \
504 __stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
505 FLDSET(struct object, field))
506
507#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc) \
508 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, \
509 #name, function_prefix ## _to_str(DEFAULT_ ## field), \
510 sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)
511
512#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc) \
513 enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)
514
515#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc) \
516({ \
517 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_file, vcfg_common.ca_file, nodoc); \
518 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_path, vcfg_common.ca_path, nodoc); \
519 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_file, vcfg_common.crl_file, nodoc); \
520 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_path, vcfg_common.crl_path, nodoc); \
521 stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_file, vcfg_common.untrusted_cert_file, nodoc); \
522 stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_path, vcfg_common.untrusted_cert_path, nodoc); \
523 stringfield_option_register(sorcery, CONFIG_TYPE, object, cert_cache_dir, vcfg_common.cert_cache_dir, nodoc); \
524\
525 uint_option_register(sorcery, CONFIG_TYPE, object, curl_timeout, vcfg_common.curl_timeout, nodoc);\
526 uint_option_register(sorcery, CONFIG_TYPE, object, max_iat_age, vcfg_common.max_iat_age, nodoc);\
527 uint_option_register(sorcery, CONFIG_TYPE, object, max_date_header_age, vcfg_common.max_date_header_age, nodoc);\
528 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_entry_age, vcfg_common.max_cache_entry_age, nodoc);\
529 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_size, vcfg_common.max_cache_size, nodoc);\
530\
531 enum_option_register_ex(sorcery, CONFIG_TYPE, failure_action, stir_shaken_failure_action, stir_shaken_failure_action, nodoc); \
532 enum_option_register(sorcery, CONFIG_TYPE, use_rfc9410_responses, nodoc); \
533 enum_option_register(sorcery, CONFIG_TYPE, \
534 relax_x5u_port_scheme_restrictions, nodoc); \
535 enum_option_register(sorcery, CONFIG_TYPE, \
536 relax_x5u_path_restrictions, nodoc); \
537 enum_option_register(sorcery, CONFIG_TYPE, \
538 load_system_certs, nodoc); \
539 enum_option_register(sorcery, CONFIG_TYPE, ignore_sip_date_header, nodoc); \
540\
541 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_deny", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
542 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_permit", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
543 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_acl", "", sorcery_acl_from_str, sorcery_acl_to_str, NULL, 0, 0); \
544})
545
546#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc) \
547({ \
548 stringfield_option_register(sorcery, CONFIG_TYPE, object, private_key_file, acfg_common.private_key_file, nodoc); \
549 stringfield_option_register(sorcery, CONFIG_TYPE, object, public_cert_url, acfg_common.public_cert_url, nodoc); \
550 enum_option_register(sorcery, CONFIG_TYPE, attest_level, nodoc); \
551 enum_option_register(sorcery, CONFIG_TYPE, check_tn_cert_public_url, nodoc); \
552 enum_option_register(sorcery, CONFIG_TYPE, send_mky, nodoc); \
553})
554
555int common_config_load(void);
556int common_config_unload(void);
557int common_config_reload(void);
558
564};
565
567 const char *title;
569};
570
571/*!
572 * \brief Output configuration settings to the Asterisk CLI
573 *
574 * \param obj A sorcery object containing configuration data
575 * \param arg Asterisk CLI argument object
576 * \param flags ao2 container flags
577 *
578 * \retval 0
579 */
580int config_object_cli_show(void *obj, void *arg, void *data, int flags);
581
582/*!
583 * \brief Tab completion for name matching with STIR/SHAKEN CLI commands
584 *
585 * \param word The word to tab complete on
586 * \param container The sorcery container to iterate through
587 *
588 * \retval The tab completion options
589 */
591
592/*!
593 * \brief Canonicalize a TN
594 *
595 * \param tn TN to canonicalize
596 * \param dest_tn Pointer to destination buffer to receive the new TN
597 *
598 * \retval dest_tn or NULL on failure
599 */
600char *canonicalize_tn(const char *tn, char *dest_tn);
601
602/*!
603 * \brief Canonicalize a TN into nre buffer
604 *
605 * \param tn TN to canonicalize
606 *
607 * \retval dest_tn (which must be freed with ast_free) or NULL on failure
608 */
609char *canonicalize_tn_alloc(const char *tn);
610
611#endif /* COMMON_CONFIG_H_ */
short word
int as_config_unload(void)
int as_config_reload(void)
config_object_type
@ config_object_type_attestation
@ config_object_type_tn
@ config_object_type_profile
@ config_object_type_verification
int vs_config_reload(void)
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
char * config_object_tab_complete_name(const char *word, struct ao2_container *container)
Tab completion for name matching with STIR/SHAKEN CLI commands.
int common_config_unload(void)
int profile_unload(void)
int common_config_reload(void)
struct attestation_cfg * as_get_cfg(void)
int profile_load(void)
int vs_is_config_loaded(void)
char * canonicalize_tn_alloc(const char *tn)
Canonicalize a TN into nre buffer.
int common_config_load(void)
int tn_config_load(void)
Definition tn_config.c:268
struct tn_cfg * tn_get_cfg(const char *tn)
Definition tn_config.c:39
struct verification_cfg * vs_get_cfg(void)
struct profile_cfg * eprofile_get_cfg(const char *id)
int tn_config_unload(void)
Definition tn_config.c:260
int as_check_common_config(const char *id, struct attestation_cfg_common *acfg_common)
struct ao2_container * eprofile_get_all(void)
struct profile_cfg * profile_get_cfg(const char *id)
struct ao2_container * profile_get_all(void)
int as_config_load(void)
char * canonicalize_tn(const char *tn, char *dest_tn)
Canonicalize a TN.
int vs_copy_cfg_common(const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
int as_is_config_loaded(void)
int vs_config_load(void)
int tn_config_reload(void)
Definition tn_config.c:253
int profile_reload(void)
struct tn_cfg * tn_get_etn(const char *tn, struct profile_cfg *eprofile)
Definition tn_config.c:111
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
int vs_config_unload(void)
int vs_check_common_config(const char *id, struct verification_cfg_common *vcfg_common)
void vcfg_cleanup(struct verification_cfg_common *cfg)
void acfg_cleanup(struct attestation_cfg_common *cfg)
struct ao2_container * container
Definition res_fax.c:603
stir_shaken_failure_action_enum
#define SORCERY_OBJECT(details)
Macro which must be used at the beginning of each sorcery capable object.
Definition sorcery.h:356
#define AST_DECLARE_STRING_FIELDS(field_list)
Declare the fields needed in a structure.
#define AST_STRING_FIELD(name)
Declare a string field.
Generic container type.
Wrapper for an ast_acl linked list.
Definition acl.h:76
Attestation Service configuration for stir/shaken.
struct attestation_cfg_common acfg_common
enum attest_level_enum unknown_tn_attest_level
enum config_object_type object_type
ao2 object wrapper for X509_STORE that provides locking and refcounting
Profile configuration for stir/shaken.
enum endpoint_behavior_enum endpoint_behavior
struct attestation_cfg_common acfg_common
struct profile_cfg * eprofile
enum attest_level_enum unknown_tn_attest_level
struct verification_cfg_common vcfg_common
TN configuration for stir/shaken.
struct attestation_cfg_common acfg_common
Verification Service configuration for stir/shaken.
struct crypto_cert_store * tcs
enum stir_shaken_failure_action_enum stir_shaken_failure_action
enum use_rfc9410_responses_enum use_rfc9410_responses
const ast_string_field cert_cache_dir
const ast_string_field ca_path
enum relax_x5u_path_restrictions_enum relax_x5u_path_restrictions
const ast_string_field crl_file
const ast_string_field crl_path
enum load_system_certs_enum load_system_certs
enum ignore_sip_date_header_enum ignore_sip_date_header
const ast_string_field ca_file
enum relax_x5u_port_scheme_restrictions_enum relax_x5u_port_scheme_restrictions
unsigned int max_date_header_age
const ast_string_field untrusted_cert_file
struct ast_acl_list * acl
const ast_string_field untrusted_cert_path
unsigned int max_cache_entry_age
struct verification_cfg_common vcfg_common

◆ cfg_enum_copy_ex

#define cfg_enum_copy_ex (   __cfg_dst,
  __cfg_src,
  __field,
  __not_set,
  __unknown 
)

cfg_enum_copy

Copy an enum from the source to the dest only if the source is neither NOT_SET nor UNKNOWN

Definition at line 277 of file common_config.h.

278 { \
279 if (__cfg_src->__field != __not_set \
280 && __cfg_src->__field != __unknown) { \
281 __cfg_dst->__field = __cfg_src->__field; \
282 } \
283})

◆ cfg_sf_copy_wrapper

#define cfg_sf_copy_wrapper (   id,
  __cfg_dst,
  __cfg_src,
  __field 
)

cfg_copy_wrapper

Invoke cfg_stringfield_copy and cause the calling runction to return a -1 of the copy fails.

Definition at line 248 of file common_config.h.

249{ \
250 int rc = cfg_stringfield_copy(__cfg_dst, __cfg_src, __field); \
251 if (rc != 0) { \
252 ast_log(LOG_ERROR, "%s: Unable to copy field %s from %s to %s\n", \
253 id, #__field, #__cfg_src, #__cfg_dst); \
254 return -1; \
255 } \
256}
#define cfg_stringfield_copy(__cfg_dst, __cfg_src, __field)
Common config copy utilities.
#define LOG_ERROR

◆ cfg_stringfield_copy

#define cfg_stringfield_copy (   __cfg_dst,
  __cfg_src,
  __field 
)

Common config copy utilities.

These macros are designed to be called from as_copy_cfg_common and vs_copy_cfg_common only. They'll only copy a field if the field contains a vaild value. Thus a NOT_SET value in the source won't override a pre-existing good value in the dest. A good value in the source WILL overwrite a good value in the dest.

Definition at line 233 of file common_config.h.

234 { \
235 int __res = 0; \
236 if (!ast_strlen_zero(__cfg_src->__field)) { \
237 __res = ast_string_field_set(__cfg_dst, __field, __cfg_src->__field); \
238 } \
239 __res; \
240})
#define ast_string_field_set(x, field, data)
Set a field to a simple string value.
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition strings.h:65

◆ cfg_uint_copy

#define cfg_uint_copy (   __cfg_dst,
  __cfg_src,
  __field 
)
Value:
({ \
if (__cfg_src->__field > 0) { \
__cfg_dst->__field = __cfg_src->__field; \
} \
})

cfg_uint_copy

Copy a uint from the source to the dest only if the source > 0. For stir-shaken, 0 isn't a valid value for any uint fields.

Definition at line 264 of file common_config.h.

265 { \
266 if (__cfg_src->__field > 0) { \
267 __cfg_dst->__field = __cfg_src->__field; \
268 } \
269})

◆ EFFECTIVE_ENUM

#define EFFECTIVE_ENUM (   __enum1,
  __enum2,
  __field,
  __default 
)
Value:
( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
(__enum2 != __field ## _ ## NOT_SET ? \
__enum2 : __default ))
#define _(msgid)

Definition at line 210 of file common_config.h.

211 : \
212 (__enum2 != __field ## _ ## NOT_SET ? \
213 __enum2 : __default ))

◆ EFFECTIVE_ENUM_BOOL

#define EFFECTIVE_ENUM_BOOL (   __enum1,
  __enum2,
  __field,
  __default 
)
Value:
(( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
(__enum2 != __field ## _ ## NOT_SET ? \
__enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

Definition at line 215 of file common_config.h.

216 : \
217 (__enum2 != __field ## _ ## NOT_SET ? \
218 __enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

◆ ENUM_BOOL

#define ENUM_BOOL (   __enum1,
  __field 
)     (__enum1 == ( __field ## _ ## YES ))

Definition at line 220 of file common_config.h.

◆ enum_option_register

#define enum_option_register (   sorcery,
  CONFIG_TYPE,
  name,
  nodoc 
)     enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, name, nodoc)

Definition at line 513 of file common_config.h.

◆ enum_option_register_ex

#define enum_option_register_ex (   sorcery,
  CONFIG_TYPE,
  name,
  field,
  function_prefix,
  nodoc 
)
Value:
#name, function_prefix ## _to_str(DEFAULT_ ## field), \
sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)
#define CONFIG_TYPE
static const char name[]
Definition format_mp3.c:68
static struct ast_sorcery * sorcery
#define NULL
Definition resample.c:96
#define ast_sorcery_object_field_register_custom(sorcery, type, name, default_val, config_handler, sorcery_handler, multiple_handler, flags,...)
Register a field within an object with custom handlers.
Definition sorcery.h:1005

Definition at line 508 of file common_config.h.

◆ generate_acfg_common_sorcery_handlers

#define generate_acfg_common_sorcery_handlers (   object)

Definition at line 306 of file common_config.h.

◆ generate_bool_string_prototypes

#define generate_bool_string_prototypes (   param_name)

Boolean field to/from string prototype generator.

Most of the boolean fields that appear in the verification and attestation objects can be ovrridden in the profile object; "use_rfc9410_responses" for instance. If they were registered as normal YESNO types, we couldn't tell if a "0" value in the profile object meant the user set it to "no" to override a value of "yes" in the verification object, or it just defaulted to "0". By making the _NOT_SET enum a non-0/1 and making it the default value, we can tell the difference. The _UNKNOWN enum gets set if the string value provided to the _from_str function wasn't recognized as one of the values acceptable to ast_true() or ast_false().

The result of calling the generator for a field will look like:

enum use_rfc9410_responses_enum {
use_rfc9410_responses_UNKNOWN = -1,
use_rfc9410_responses_NO = 0,
use_rfc9410_responses_YES,
use_rfc9410_responses_NOT_SET,
};
enum use_rfc9410_responses_enum
use_rfc9410_responses_from_str(const char *value);
const char *use_rfc9410_responses_to_str(enum use_rfc9410_responses_enum value);
int value
Definition syslog.c:37

Most of the macros that follow depend on enum values formatted as <param_name>SOMETHING and their defaults as DEFAULT<param_name>.

Definition at line 60 of file common_config.h.

61 { \
62 param_name ## _UNKNOWN = -1, \
63 param_name ## _NO = 0, \
64 param_name ## _YES, \
65 param_name ## _NOT_SET, \
66}; \
67enum param_name ## _enum \
68 param_name ## _from_str(const char *value); \
69const char *param_name ## _to_str(enum param_name ## _enum value);

◆ generate_enum_string_prototypes

#define generate_enum_string_prototypes (   param_name,
  ... 
)

Enum field to/from string prototype generator.

This operates like the bool generator except you supply a list of the enum values. The first one MUST be param_name_UNKNOWN with a value of -1 and the rest running sequentially with the last being param_name_NOT_SET.

Definition at line 96 of file common_config.h.

97 { \
98 __VA_ARGS__ \
99}; \
100enum param_name ## _enum \
101 param_name ## _from_str(const char *value); \
102const char *param_name ## _to_str(enum param_name ## _enum value);

◆ generate_sorcery_acl_from_str

#define generate_sorcery_acl_from_str (   __struct,
  __lc_param,
  __unknown 
)

Definition at line 194 of file common_config.h.

196{ \
197 struct __struct *cfg = obj; \
198 int error = 0; \
199 int ignore; \
200 const char *name = var->name + strlen("x5u_"); \
201 if (ast_strlen_zero(var->value)) { \
202 return 0; \
203 } \
204 ast_append_acl(name, var->value, &cfg->vcfg_common.acl, &error, &ignore); \
205 return error; \
206}
#define var
Definition ast_expr2f.c:605
ignore(key=None, val=None, section=None, pjsip=None, nmapped=None, type='endpoint')
int error(const char *format,...)

◆ generate_sorcery_acl_to_str

#define generate_sorcery_acl_to_str (   __struct,
  __lc_param 
)

Definition at line 175 of file common_config.h.

177{ \
178 const struct __struct *cfg = obj; \
179 struct ast_acl *first_acl; \
180 if (!ast_acl_list_is_empty(cfg->vcfg_common.acl)) { \
181 AST_LIST_LOCK(cfg->vcfg_common.acl); \
182 first_acl = AST_LIST_FIRST(cfg->vcfg_common.acl); \
183 if (ast_strlen_zero(first_acl->name)) { \
184 *buf = "deny/permit"; \
185 } else { \
186 *buf = first_acl->name; \
187 } \
188 AST_LIST_UNLOCK(cfg->vcfg_common.acl); \
189 } \
190 *buf = ast_strdup(*buf); \
191 return 0; \
192}
int ast_acl_list_is_empty(struct ast_acl_list *acl_list)
Determines if an ACL is empty or if it contains entries.
Definition acl.c:540
#define ast_strdup(str)
A wrapper for strdup()
Definition astmm.h:241
char buf[BUFSIZE]
Definition eagi_proxy.c:66
#define AST_LIST_FIRST(head)
Returns the first entry contained in a list.
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition acl.h:67
char name[ACL_NAME_LENGTH]
Definition acl.h:71

◆ generate_sorcery_enum_from_str

#define generate_sorcery_enum_from_str (   __struct,
  __substruct,
  __lc_param,
  __unknown 
)     generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param, __unknown) \

Definition at line 171 of file common_config.h.

◆ generate_sorcery_enum_from_str_ex

#define generate_sorcery_enum_from_str_ex (   __struct,
  __substruct,
  __lc_param,
  __base_enum,
  __unknown 
)

Definition at line 158 of file common_config.h.

160{ \
161 struct __struct *cfg = obj; \
162 cfg->__substruct __lc_param = __base_enum ## _from_str (var->value); \
163 if (cfg->__substruct __lc_param == __base_enum ## _ ## __unknown) { \
164 ast_log(LOG_WARNING, "Unknown value '%s' specified for %s\n", \
165 var->value, var->name); \
166 return -1; \
167 } \
168 return 0; \
169}
#define LOG_WARNING

◆ generate_sorcery_enum_to_str

#define generate_sorcery_enum_to_str (   __struct,
  __substruct,
  __lc_param 
)     generate_sorcery_enum_to_str_ex(__struct, __substruct, __lc_param, __lc_param)

Definition at line 155 of file common_config.h.

◆ generate_sorcery_enum_to_str_ex

#define generate_sorcery_enum_to_str_ex (   __struct,
  __substruct,
  __lc_param,
  __base_enum 
)

Enum sorcery handler generator.

These macros can create the two functions needed to register an enum field with sorcery as long as there are _to_str and _from_str functions defined elsewhere.

Definition at line 147 of file common_config.h.

149{ \
150 const struct __struct *cfg = obj; \
151 *buf = ast_strdup(__base_enum ## _to_str(cfg->__substruct __lc_param)); \
152 return *buf ? 0 : -1; \
153}

◆ generate_vcfg_common_sorcery_handlers

#define generate_vcfg_common_sorcery_handlers (   object)

Definition at line 375 of file common_config.h.

◆ PROFILE_ALLOW_ATTEST

#define PROFILE_ALLOW_ATTEST (   __profile)
Value:
(__profile->endpoint_behavior == endpoint_behavior_ON || \
__profile->endpoint_behavior == endpoint_behavior_ATTEST)

Definition at line 445 of file common_config.h.

◆ PROFILE_ALLOW_VERIFY

#define PROFILE_ALLOW_VERIFY (   __profile)
Value:
(__profile->endpoint_behavior == endpoint_behavior_ON || \
__profile->endpoint_behavior == endpoint_behavior_VERIFY)

Definition at line 449 of file common_config.h.

◆ register_common_attestation_fields

#define register_common_attestation_fields (   sorcery,
  object,
  CONFIG_TYPE,
  nodoc 
)

Definition at line 547 of file common_config.h.

548 { \
549 stringfield_option_register(sorcery, CONFIG_TYPE, object, private_key_file, acfg_common.private_key_file, nodoc); \
550 stringfield_option_register(sorcery, CONFIG_TYPE, object, public_cert_url, acfg_common.public_cert_url, nodoc); \
551 enum_option_register(sorcery, CONFIG_TYPE, attest_level, nodoc); \
552 enum_option_register(sorcery, CONFIG_TYPE, check_tn_cert_public_url, nodoc); \
553 enum_option_register(sorcery, CONFIG_TYPE, send_mky, nodoc); \
554})

◆ register_common_verification_fields

#define register_common_verification_fields (   sorcery,
  object,
  CONFIG_TYPE,
  nodoc 
)

Definition at line 516 of file common_config.h.

517 { \
518 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_file, vcfg_common.ca_file, nodoc); \
519 stringfield_option_register(sorcery, CONFIG_TYPE, object, ca_path, vcfg_common.ca_path, nodoc); \
520 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_file, vcfg_common.crl_file, nodoc); \
521 stringfield_option_register(sorcery, CONFIG_TYPE, object, crl_path, vcfg_common.crl_path, nodoc); \
522 stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_file, vcfg_common.untrusted_cert_file, nodoc); \
523 stringfield_option_register(sorcery, CONFIG_TYPE, object, untrusted_cert_path, vcfg_common.untrusted_cert_path, nodoc); \
524 stringfield_option_register(sorcery, CONFIG_TYPE, object, cert_cache_dir, vcfg_common.cert_cache_dir, nodoc); \
525\
526 uint_option_register(sorcery, CONFIG_TYPE, object, curl_timeout, vcfg_common.curl_timeout, nodoc);\
527 uint_option_register(sorcery, CONFIG_TYPE, object, max_iat_age, vcfg_common.max_iat_age, nodoc);\
528 uint_option_register(sorcery, CONFIG_TYPE, object, max_date_header_age, vcfg_common.max_date_header_age, nodoc);\
529 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_entry_age, vcfg_common.max_cache_entry_age, nodoc);\
530 uint_option_register(sorcery, CONFIG_TYPE, object, max_cache_size, vcfg_common.max_cache_size, nodoc);\
531\
532 enum_option_register_ex(sorcery, CONFIG_TYPE, failure_action, stir_shaken_failure_action, stir_shaken_failure_action, nodoc); \
533 enum_option_register(sorcery, CONFIG_TYPE, use_rfc9410_responses, nodoc); \
534 enum_option_register(sorcery, CONFIG_TYPE, \
535 relax_x5u_port_scheme_restrictions, nodoc); \
536 enum_option_register(sorcery, CONFIG_TYPE, \
537 relax_x5u_path_restrictions, nodoc); \
538 enum_option_register(sorcery, CONFIG_TYPE, \
539 load_system_certs, nodoc); \
540 enum_option_register(sorcery, CONFIG_TYPE, ignore_sip_date_header, nodoc); \
541\
542 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_deny", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
543 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_permit", "", sorcery_acl_from_str, NULL, NULL, 0, 0); \
544 ast_sorcery_object_field_register_custom ## nodoc(sorcery, CONFIG_TYPE, "x5u_acl", "", sorcery_acl_from_str, sorcery_acl_to_str, NULL, 0, 0); \
545})

◆ stringfield_option_register

#define stringfield_option_register (   sorcery,
  CONFIG_TYPE,
  object,
  name,
  field,
  nodoc 
)
Value:
DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
STRFLDSET(struct object, field))
#define STRFLDSET(type,...)
Convert a struct and a list of stringfield fields to an argument list of field offsets.
@ OPT_STRINGFIELD_T
Type for default option handler for stringfields.
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Definition sorcery.h:955

Sorcery fields register helpers.

Most of the fields on attestation_cfg and verification_cfg are also in profile_cfg. To prevent having to maintain duplicate sets of sorcery register statements, we can do this once here and call register_common_verification_fields() from both profile_config and verification_config and call register_common_attestation_fields() from profile_cfg and attestation_config.

Most of the fields in question are in sub-structures like verification_cfg.vcfg_common which is why there are separate name and field parameters. For verification_cfg.vcfg_common.ca_file for instance, name would be ca_file and field would be vcfg_common.ca_file.

Note
These macros depend on default values being defined in the 4 config.c files as DEFAULT<field_name>.

Definition at line 498 of file common_config.h.

◆ uint_option_register

#define uint_option_register (   sorcery,
  CONFIG_TYPE,
  object,
  name,
  field,
  nodoc 
)
Value:
__stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
FLDSET(struct object, field))
#define __stringify(x)
Definition asterisk.h:216
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
@ OPT_UINT_T
Type for default option handler for unsigned integers.

Definition at line 503 of file common_config.h.

Enumeration Type Documentation

◆ config_object_type

Enumerator
config_object_type_attestation 
config_object_type_verification 
config_object_type_profile 
config_object_type_tn 

Definition at line 560 of file common_config.h.

Function Documentation

◆ acfg_cleanup()

void acfg_cleanup ( struct attestation_cfg_common cfg)

Definition at line 68 of file attestation_config.c.

69{
70 if (!acfg_common) {
71 return;
72 }
74 ao2_cleanup(acfg_common->raw_key);
75}
#define ao2_cleanup(obj)
Definition astobj2.h:1934
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object

References attestation_cfg::acfg_common, ao2_cleanup, ast_string_field_free_memory, and attestation_cfg_common::raw_key.

Referenced by attestation_destructor(), profile_destructor(), and tn_destructor().

◆ as_check_common_config()

int as_check_common_config ( const char *  id,
struct attestation_cfg_common acfg_common 
)

Definition at line 139 of file attestation_config.c.

140{
141 SCOPE_ENTER(3, "%s: Checking common config\n", id);
142
143 if (!ast_strlen_zero(acfg_common->private_key_file)
144 && !ast_file_is_readable(acfg_common->private_key_file)) {
145 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: default_private_key_path %s is missing or not readable\n", id,
146 acfg_common->private_key_file);
147 }
148
149 if (ENUM_BOOL(acfg_common->check_tn_cert_public_url,
150 check_tn_cert_public_url)
151 && !ast_strlen_zero(acfg_common->public_cert_url)) {
152 RAII_VAR(char *, public_cert_data, NULL, ast_std_free);
153 X509 *public_cert;
154 size_t public_cert_len;
155 int rc = 0;
156 long http_code;
157 SCOPE_ENTER(3 , "%s: Checking public cert url '%s'\n",
158 id, acfg_common->public_cert_url);
159
160 http_code = curl_download_to_memory(acfg_common->public_cert_url,
161 &public_cert_len, &public_cert_data, NULL);
162 if (http_code / 100 != 2) {
163 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be downloaded\n", id,
164 acfg_common->public_cert_url);
165 }
166
167 public_cert = crypto_load_cert_chain_from_memory(public_cert_data,
168 public_cert_len, NULL);
169 if (!public_cert) {
170 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be parsed as a certificate\n", id,
171 acfg_common->public_cert_url);
172 }
173 rc = crypto_is_cert_time_valid(public_cert, 0);
174 X509_free(public_cert);
175 if (!rc) {
176 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' is not valid yet or has expired\n", id,
177 acfg_common->public_cert_url);
178 }
179
180 rc = crypto_has_private_key_from_memory(public_cert_data, public_cert_len);
181 if (rc) {
182 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: DANGER!!! public_cert_url '%s' has a private key in the file!!!\n", id,
183 acfg_common->public_cert_url);
184 }
185 SCOPE_EXIT("%s: Done\n", id);
186 }
187
188 if (!ast_strlen_zero(acfg_common->private_key_file)) {
189 EVP_PKEY *private_key;
190 RAII_VAR(unsigned char *, raw_key, NULL, ast_free);
191
192 private_key = crypto_load_privkey_from_file(acfg_common->private_key_file);
193 if (!private_key) {
194 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
195 acfg_common->private_key_file);
196 }
197
198 acfg_common->raw_key_length = crypto_extract_raw_privkey(private_key, &raw_key);
199 EVP_PKEY_free(private_key);
200 if (acfg_common->raw_key_length == 0 || raw_key == NULL) {
201 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
202 acfg_common->private_key_file);
203 }
204
205 /*
206 * We're making this an ao2 object so it can be referenced
207 * by a profile instead of having to copy it.
208 */
209 acfg_common->raw_key = ao2_alloc(acfg_common->raw_key_length, NULL);
210 if (!acfg_common->raw_key) {
212 "%s: Could not allocate memory for raw private key\n", id);
213 }
214 memcpy(acfg_common->raw_key, raw_key, acfg_common->raw_key_length);
215
216 }
217
218 SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
219}
void ast_std_free(void *ptr)
Definition astmm.c:1734
#define ast_free(a)
Definition astmm.h:180
#define ao2_alloc(data_size, destructor_fn)
Definition astobj2.h:409
#define ENUM_BOOL(__enum1, __field)
X509 * crypto_load_cert_chain_from_memory(const char *buffer, size_t size, STACK_OF(X509) **cert_chain)
Load an X509 Cert and any chained certs from a NULL terminated buffer.
EVP_PKEY * crypto_load_privkey_from_file(const char *filename)
Load a private key from a file.
int crypto_extract_raw_privkey(EVP_PKEY *key, unsigned char **buffer)
Extract raw private key from EVP_PKEY.
int crypto_is_cert_time_valid(X509 *cert, time_t reftime)
Check if the reftime is within the cert's valid dates.
int crypto_has_private_key_from_memory(const char *buffer, size_t size)
Check if the supplied buffer has a private key.
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
#define SCOPE_ENTER(level,...)
#define SCOPE_EXIT(...)
long curl_download_to_memory(const char *url, size_t *returned_length, char **returned_data, struct ast_variable **headers)
Really simple document retrieval to memory.
Definition curl_utils.c:300
enum check_tn_cert_public_url_enum check_tn_cert_public_url
unsigned char * raw_key
const ast_string_field public_cert_url
const ast_string_field private_key_file
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition utils.h:978
int ast_file_is_readable(const char *filename)
Test that a file exists and is readable by the effective user.
Definition utils.c:3143

References attestation_cfg::acfg_common, ao2_alloc, ast_file_is_readable(), ast_free, ast_std_free(), ast_strlen_zero(), attestation_cfg_common::check_tn_cert_public_url, crypto_extract_raw_privkey(), crypto_has_private_key_from_memory(), crypto_is_cert_time_valid(), crypto_load_cert_chain_from_memory(), crypto_load_privkey_from_file(), curl_download_to_memory(), ENUM_BOOL, LOG_ERROR, NULL, attestation_cfg_common::private_key_file, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT, SCOPE_EXIT_LOG_RTN_VALUE, and SCOPE_EXIT_RTN_VALUE.

Referenced by attestation_apply(), profile_apply(), and tn_apply().

◆ as_config_load()

int as_config_load ( void  )

Definition at line 300 of file attestation_config.c.

301{
302 struct ast_sorcery *sorcery = get_sorcery();
303
305 "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
306
309 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
310 return -1;
311 }
312
314 "", OPT_NOOP_T, 0, 0);
315
317 DEFAULT_global_disable ? "yes" : "no",
318 OPT_YESNO_T, 1, FLDSET(struct attestation_cfg, global_disable));
319
320 enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,
321 unknown_tn_attest_level, attest_level,);
322
324
326
327 if (!as_is_config_loaded()) {
328 ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled. Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
329 }
330 if (!empty_cfg) {
332 if (!empty_cfg) {
333 return -1;
334 }
336 }
337
340
341 return 0;
342}
#define ast_log
Definition astobj2.c:42
static struct ast_cli_entry attestation_cli[]
static struct attestation_cfg * empty_cfg
#define DEFAULT_global_disable
int as_is_config_loaded(void)
static void * attestation_alloc(const char *name)
static int attestation_apply(const struct ast_sorcery *sorcery, void *obj)
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition cli.h:265
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, function_prefix, nodoc)
@ OPT_NOOP_T
Type for a default handler that should do nothing.
@ OPT_YESNO_T
Type for default option handler for bools (ast_true/ast_false)
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Definition sorcery.h:987
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
Definition sorcery.h:837
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
Definition sorcery.c:1457
#define ast_sorcery_apply_default(sorcery, type, name, data)
Definition sorcery.h:476
Full structure for sorcery.
Definition sorcery.c:231
#define ARRAY_LEN(a)
Definition utils.h:703

References ARRAY_LEN, as_is_config_loaded(), ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, attestation_alloc(), attestation_apply(), attestation_cli, CONFIG_TYPE, DEFAULT_global_disable, empty_cfg, enum_option_register_ex, FLDSET, get_sorcery(), attestation_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_attestation_fields, and sorcery.

Referenced by as_load().

◆ as_config_reload()

int as_config_reload ( void  )

Definition at line 272 of file attestation_config.c.

273{
274 struct ast_sorcery *sorcery = get_sorcery();
276
277 if (!as_is_config_loaded()) {
278 ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled. Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
279 }
280 if (!empty_cfg) {
282 if (!empty_cfg) {
283 return -1;
284 }
286 }
287
288 return 0;
289}
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Definition sorcery.c:1521

References as_is_config_loaded(), ast_log, ast_sorcery_force_reload_object(), attestation_alloc(), CONFIG_TYPE, empty_cfg, get_sorcery(), attestation_cfg::global_disable, LOG_WARNING, and sorcery.

Referenced by as_reload().

◆ as_config_unload()

int as_config_unload ( void  )

Definition at line 291 of file attestation_config.c.

292{
296
297 return 0;
298}
void ast_cli_unregister_multiple(void)
Definition ael_main.c:408

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), attestation_cli, and empty_cfg.

Referenced by as_unload().

◆ as_copy_cfg_common()

int as_copy_cfg_common ( const char *  id,
struct attestation_cfg_common cfg_dst,
struct attestation_cfg_common cfg_src 
)

Definition at line 113 of file attestation_config.c.

115{
116 int rc = 0;
117
118 if (!cfg_dst || !cfg_src) {
119 return -1;
120 }
121
122 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, private_key_file);
123 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, public_cert_url);
124
125 cfg_enum_copy(cfg_dst, cfg_src, attest_level);
126 cfg_enum_copy(cfg_dst, cfg_src, check_tn_cert_public_url);
127 cfg_enum_copy(cfg_dst, cfg_src, send_mky);
128
129 if (cfg_src->raw_key) {
130 /* Free and overwrite the destination */
131 ao2_cleanup(cfg_dst->raw_key);
132 cfg_dst->raw_key = ao2_bump(cfg_src->raw_key);
133 cfg_dst->raw_key_length = cfg_src->raw_key_length;
134 }
135
136 return rc;
137}
#define ao2_bump(obj)
Bump refcount on an AO2 object by one, returning the object.
Definition astobj2.h:480
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
cfg_copy_wrapper
#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)

References ao2_bump, ao2_cleanup, cfg_enum_copy, cfg_sf_copy_wrapper, attestation_cfg_common::raw_key, and attestation_cfg_common::raw_key_length.

Referenced by create_effective_profile(), and tn_get_etn().

◆ as_get_cfg()

struct attestation_cfg * as_get_cfg ( void  )

Definition at line 43 of file attestation_config.c.

44{
47 if (cfg) {
48 return cfg;
49 }
50
51 return empty_cfg ? ao2_bump(empty_cfg) : NULL;
52}
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Definition sorcery.c:1917

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), attestation_show(), and create_effective_profile().

◆ as_is_config_loaded()

int as_is_config_loaded ( void  )

◆ canonicalize_tn()

char * canonicalize_tn ( const char *  tn,
char *  dest_tn 
)

Canonicalize a TN.

Parameters
tnTN to canonicalize
dest_tnPointer to destination buffer to receive the new TN
Return values
dest_tnor NULL on failure

Definition at line 267 of file common_config.c.

268{
269 int i;
270 const char *s = tn;
271 size_t len = tn ? strlen(tn) : 0;
272 char *new_tn = dest_tn;
273 SCOPE_ENTER(3, "tn: %s\n", S_OR(tn, "(null)"));
274
275 if (ast_strlen_zero(tn)) {
276 *dest_tn = '\0';
277 SCOPE_EXIT_RTN_VALUE(NULL, "Empty TN\n");
278 }
279
280 if (!dest_tn) {
281 SCOPE_EXIT_RTN_VALUE(NULL, "No destination buffer\n");
282 }
283
284 for (i = 0; i < len; i++) {
285 if (isdigit(*s) || *s == '#' || *s == '*') { /* Only characters allowed */
286 *new_tn++ = *s;
287 }
288 s++;
289 }
290 *new_tn = '\0';
291 SCOPE_EXIT_RTN_VALUE(dest_tn, "Canonicalized '%s' -> '%s'\n", tn, dest_tn);
292}
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition strings.h:80

References ast_strlen_zero(), len(), NULL, S_OR, SCOPE_ENTER, and SCOPE_EXIT_RTN_VALUE.

Referenced by canonicalize_tn_alloc().

◆ canonicalize_tn_alloc()

char * canonicalize_tn_alloc ( const char *  tn)

Canonicalize a TN into nre buffer.

Parameters
tnTN to canonicalize
Return values
dest_tn(which must be freed with ast_free) or NULL on failure

Definition at line 294 of file common_config.c.

295{
296 char *canon_tn = ast_strlen_zero(tn) ? NULL : ast_malloc(strlen(tn) + 1);
297 if (!canon_tn) {
298 return NULL;
299 }
300 return canonicalize_tn(tn, canon_tn);
301}
#define ast_malloc(len)
A wrapper for malloc()
Definition astmm.h:191
char * canonicalize_tn(const char *tn, char *dest_tn)
Canonicalize a TN.

References ast_malloc, ast_strlen_zero(), canonicalize_tn(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), and ast_stir_shaken_vs_ctx_create().

◆ common_config_load()

int common_config_load ( void  )

Definition at line 425 of file common_config.c.

426{
427 SCOPE_ENTER(2, "Stir Shaken Load\n");
428
429 if (!(sorcery = ast_sorcery_open())) {
431 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken sorcery load failed\n");
432 }
433
434 if (vs_load()) {
436 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS load failed\n");
437 }
438
439 if (as_load()) {
441 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS load failed\n");
442 }
443
444 if (tn_config_load()) {
446 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN load failed\n");
447 }
448
449 if (profile_load()) {
451 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken profile load failed\n");
452 }
453
459 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken acl change subscribe failed\n");
460 }
463 }
464
466
467 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Load Done\n");
468}
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
int as_load()
Load the stir/shaken attestation service.
int common_config_unload(void)
static struct ast_cli_entry cli_commands[]
struct stasis_subscription * named_acl_changed_sub
static void named_acl_changed_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
static struct ast_sorcery * sorcery
@ AST_MODULE_LOAD_SUCCESS
Definition module.h:70
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition module.h:78
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
#define ast_sorcery_open()
Open a new sorcery structure.
Definition sorcery.h:406
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
Definition stasis.c:1090
#define stasis_subscribe(topic, callback, data)
Definition stasis.h:649
int vs_load()
Load the stir/shaken verification service.

References ARRAY_LEN, as_load(), ast_cli_register_multiple, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), ast_security_topic(), ast_sorcery_open, cli_commands, common_config_unload(), named_acl_changed_cb(), named_acl_changed_sub, NULL, profile_load(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, sorcery, stasis_subscribe, stasis_subscription_accept_message_type(), tn_config_load(), and vs_load().

Referenced by load_module().

◆ common_config_reload()

int common_config_reload ( void  )

Definition at line 374 of file common_config.c.

375{
376 SCOPE_ENTER(2, "Stir Shaken Reload\n");
377 if (vs_reload()) {
378 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS Reload failed\n");
379 }
380
381 if (as_reload()) {
382 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS Reload failed\n");
383 }
384
385 if (tn_config_reload()) {
386 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN Reload failed\n");
387 }
388
389 if (profile_reload()) {
390 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken Profile Reload failed\n");
391 }
392
393 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Reload Done\n");
394}
int as_reload()
Load the stir/shaken attestation service.
int vs_reload()
Reload the stir/shaken verification service.

References as_reload(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, profile_reload(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, tn_config_reload(), and vs_reload().

Referenced by named_acl_changed_cb(), and reload_module().

◆ common_config_unload()

int common_config_unload ( void  )

Definition at line 396 of file common_config.c.

397{
399
402 as_unload();
403 vs_unload();
404
408 }
410 sorcery = NULL;
411
412 return 0;
413}
int as_unload()
Load the stir/shaken attestation service.
#define ast_sorcery_unref(sorcery)
Decrease the reference count of a sorcery structure.
Definition sorcery.h:1500
struct stasis_subscription * stasis_unsubscribe(struct stasis_subscription *subscription)
Cancel a subscription.
Definition stasis.c:1038
int vs_unload()
Unload the stir/shaken verification service.

References ARRAY_LEN, as_unload(), ast_cli_unregister_multiple(), ast_sorcery_unref, cli_commands, named_acl_changed_sub, NULL, profile_unload(), sorcery, stasis_unsubscribe(), tn_config_unload(), and vs_unload().

Referenced by common_config_load(), and unload_module().

◆ config_object_cli_show()

int config_object_cli_show ( void *  obj,
void *  arg,
void *  data,
int  flags 
)

Output configuration settings to the Asterisk CLI.

Parameters
objA sorcery object containing configuration data
argAsterisk CLI argument object
flagsao2 container flags
Return values
0

Definition at line 173 of file common_config.c.

174{
175 struct ast_cli_args *a = arg;
176 struct config_object_cli_data *cli_data = data;
177 struct ast_variable *options;
178 struct ast_variable *i;
179 const char *title = NULL;
180 const char *cfg_name = NULL;
181 int max_name_len = 0;
182
183 if (!obj) {
184 ast_cli(a->fd, "No stir/shaken configuration found\n");
185 return 0;
186 }
187
188 if (!ast_strlen_zero(cli_data->title)) {
189 title = cli_data->title;
190 } else {
191 title = ast_sorcery_object_get_type(obj);
192 }
193 max_name_len = strlen(title);
194
196 || cli_data->object_type == config_object_type_tn) {
197 cfg_name = ast_sorcery_object_get_id(obj);
198 max_name_len += strlen(cfg_name) + 2 /* ": " */;
199 }
200
203 if (!options) {
204 return 0;
205 }
206
207 for (i = options; i; i = i->next) {
208 int nlen = strlen(i->name);
209 max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
210 }
211
212 ast_cli(a->fd, "\n==============================================================================\n");
213 if (ast_strlen_zero(cfg_name)) {
214 ast_cli(a->fd, "%s\n", title);
215 } else {
216 ast_cli(a->fd, "%s: %s\n", title, cfg_name);
217 }
218 ast_cli(a->fd, "------------------------------------------------------------------------------\n");
219
220 for (i = options; i; i = i->next) {
221 if (!ast_strings_equal(i->name, "x5u_acl")) {
222 ast_cli(a->fd, "%-*s: %s\n", max_name_len, i->name,
224 }
225 }
226
228
229 if (cli_data->object_type == config_object_type_profile) {
230 struct profile_cfg *cfg = obj;
231 print_acl_cert_store(cfg, a, max_name_len);
232 } else if (cli_data->object_type == config_object_type_verification) {
233 struct verification_cfg *cfg = obj;
234 print_acl_cert_store(cfg, a, max_name_len);
235 }
236 ast_cli(a->fd, "---------------------------------------------\n\n"); \
237
238 return 0;
239}
void ast_cli(int fd, const char *fmt,...)
Definition clicompat.c:6
static const char * translate_value(const char *val)
#define print_acl_cert_store(cfg, a, max_name_len)
struct ast_variable * ast_variable_list_sort(struct ast_variable *head)
Performs an in-place sort on the variable list by ascending name.
void ast_variables_destroy(struct ast_variable *var)
Free variable list.
Definition extconf.c:1260
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition sorcery.c:2381
const char * ast_sorcery_object_get_type(const void *object)
Get the type of a sorcery object.
Definition sorcery.c:2393
@ AST_HANDLER_ONLY_STRING
Use string handler only.
Definition sorcery.h:137
struct ast_variable * ast_sorcery_objectset_create2(const struct ast_sorcery *sorcery, const void *object, enum ast_sorcery_field_handler_flags flags)
Create an object set (KVP list) for an object.
Definition sorcery.c:1575
int ast_strings_equal(const char *str1, const char *str2)
Compare strings for equality checking for NULL.
Definition strings.c:238
Structure for variables, used for configurations and for channel variables.
struct ast_variable * next
static struct test_options options
static struct test_val a

References a, ast_cli(), AST_HANDLER_ONLY_STRING, ast_sorcery_object_get_id(), ast_sorcery_object_get_type(), ast_sorcery_objectset_create2(), ast_strings_equal(), ast_strlen_zero(), ast_variable_list_sort(), ast_variables_destroy(), config_object_type_profile, config_object_type_tn, config_object_type_verification, get_sorcery(), ast_variable::name, ast_variable::next, NULL, config_object_cli_data::object_type, options, print_acl_cert_store, config_object_cli_data::title, translate_value(), and ast_variable::value.

Referenced by attestation_show(), cli_eprofile_show(), cli_eprofile_show_all(), cli_profile_show(), cli_profile_show_all(), cli_tn_show(), cli_tn_show_all(), and cli_verification_show().

◆ config_object_tab_complete_name()

char * config_object_tab_complete_name ( const char *  word,
struct ao2_container container 
)

Tab completion for name matching with STIR/SHAKEN CLI commands.

Parameters
wordThe word to tab complete on
containerThe sorcery container to iterate through
Return values
Thetab completion options

Definition at line 241 of file common_config.c.

242{
243 void *obj;
244 struct ao2_iterator it;
245 int wordlen = strlen(word);
246 int ret;
247
249 while ((obj = ao2_iterator_next(&it))) {
250 if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
252 if (ret) {
253 ao2_ref(obj, -1);
254 break;
255 }
256 }
257 ao2_ref(obj, -1);
258 }
260
261 return NULL;
262}
#define ao2_iterator_next(iter)
Definition astobj2.h:1911
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition astobj2.h:459
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition main/cli.c:2737
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition astobj2.h:1821

References ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_sorcery_object_get_id(), ast_strdup, container, and NULL.

Referenced by cli_eprofile_show(), cli_profile_show(), cli_tn_show(), and cli_verify_cert().

◆ eprofile_get_all()

struct ao2_container * eprofile_get_all ( void  )

Definition at line 121 of file profile_config.c.

122{
123 return ast_sorcery_retrieve_by_fields(get_sorcery(), "eprofile",
125}
@ AST_RETRIEVE_FLAG_MULTIPLE
Return all matching objects.
Definition sorcery.h:120
@ AST_RETRIEVE_FLAG_ALL
Perform no matching, return all objects.
Definition sorcery.h:123
void * ast_sorcery_retrieve_by_fields(const struct ast_sorcery *sorcery, const char *type, unsigned int flags, struct ast_variable *fields)
Retrieve an object or multiple objects using specific fields.
Definition sorcery.c:1961

References AST_RETRIEVE_FLAG_ALL, AST_RETRIEVE_FLAG_MULTIPLE, ast_sorcery_retrieve_by_fields(), get_sorcery(), and NULL.

Referenced by cli_eprofile_show(), and cli_eprofile_show_all().

◆ eprofile_get_cfg()

struct profile_cfg * eprofile_get_cfg ( const char *  id)

Definition at line 127 of file profile_config.c.

128{
129 if (ast_strlen_zero(id)) {
130 return NULL;
131 }
132 return ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
133}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), ast_stir_shaken_vs_ctx_create(), and cli_eprofile_show().

◆ generate_bool_string_prototypes() [1/7]

generate_bool_string_prototypes ( check_tn_cert_public_url  )

◆ generate_bool_string_prototypes() [2/7]

generate_bool_string_prototypes ( ignore_sip_date_header  )

◆ generate_bool_string_prototypes() [3/7]

generate_bool_string_prototypes ( load_system_certs  )

◆ generate_bool_string_prototypes() [4/7]

generate_bool_string_prototypes ( relax_x5u_path_restrictions  )

◆ generate_bool_string_prototypes() [5/7]

generate_bool_string_prototypes ( relax_x5u_port_scheme_restrictions  )

◆ generate_bool_string_prototypes() [6/7]

generate_bool_string_prototypes ( send_mky  )

◆ generate_bool_string_prototypes() [7/7]

generate_bool_string_prototypes ( use_rfc9410_responses  )

◆ generate_enum_string_prototypes() [1/2]

generate_enum_string_prototypes ( attest_level  ,
attest_level_UNKNOWN  = -1,
attest_level_NOT_SET  = 0,
attest_level_A  ,
attest_level_B  ,
attest_level_C   
)

◆ generate_enum_string_prototypes() [2/2]

generate_enum_string_prototypes ( endpoint_behavior  ,
endpoint_behavior_UNKNOWN  = -1,
endpoint_behavior_OFF  = 0,
endpoint_behavior_ATTEST  ,
endpoint_behavior_VERIFY  ,
endpoint_behavior_ON  ,
endpoint_behavior_NOT_SET   
)

◆ get_default_acl_list()

struct ast_acl_list * get_default_acl_list ( void  )

◆ profile_get_all()

struct ao2_container * profile_get_all ( void  )

◆ profile_get_cfg()

struct profile_cfg * profile_get_cfg ( const char *  id)

Definition at line 113 of file profile_config.c.

114{
115 if (ast_strlen_zero(id)) {
116 return NULL;
117 }
119}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show(), and cli_verify_cert().

◆ profile_load()

int profile_load ( void  )

Definition at line 440 of file profile_config.c.

441{
442 struct ast_sorcery *sorcery = get_sorcery();
443 enum ast_sorcery_apply_result apply_rc;
444
445 /*
446 * eprofile MUST be registered first because profile needs it.
447 */
448 apply_rc = ast_sorcery_apply_default(sorcery, "eprofile", "memory", NULL);
449 if (apply_rc != AST_SORCERY_APPLY_SUCCESS) {
450 abort();
451 }
454 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", "eprofile");
455 return -1;
456 }
457
458 ast_sorcery_object_field_register_nodoc(sorcery, "eprofile", "type", "", OPT_NOOP_T, 0, 0);
459 enum_option_register(sorcery, "eprofile", endpoint_behavior, _nodoc);
460 enum_option_register_ex(sorcery, "eprofile", unknown_tn_attest_level,
461 unknown_tn_attest_level, attest_level,_nodoc);
462
465
466 /*
467 * Now we can do profile
468 */
469 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=profile");
472 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
473 return -1;
474 }
475
477 enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
478 enum_option_register_ex(sorcery, CONFIG_TYPE, unknown_tn_attest_level,
479 unknown_tn_attest_level, attest_level,);
480
483
485 ast_sorcery_load_object(sorcery, "eprofile");
486
489
490 return 0;
491}
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)
static int eprofile_apply(const struct ast_sorcery *sorcery, void *obj)
static void * profile_alloc(const char *name)
static struct ast_cli_entry stir_shaken_profile_cli[]
static int profile_apply(const struct ast_sorcery *sorcery, void *obj)
#define ast_sorcery_internal_object_register(sorcery, type, alloc, transform, apply)
Register an internal, hidden object type.
Definition sorcery.h:867
ast_sorcery_apply_result
Definition sorcery.h:423
@ AST_SORCERY_APPLY_SUCCESS
Definition sorcery.h:427

References ARRAY_LEN, ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, AST_SORCERY_APPLY_SUCCESS, ast_sorcery_internal_object_register, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, enum_option_register, enum_option_register_ex, eprofile_apply(), get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, profile_alloc(), profile_apply(), register_common_attestation_fields, register_common_verification_fields, sorcery, and stir_shaken_profile_cli.

Referenced by common_config_load().

◆ profile_reload()

int profile_reload ( void  )

◆ profile_unload()

int profile_unload ( void  )

◆ stir_shaken_failure_action_from_str()

enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str ( const char *  action_str)

◆ stir_shaken_failure_action_to_str()

const char * stir_shaken_failure_action_to_str ( enum stir_shaken_failure_action_enum  action)

◆ tn_config_load()

int tn_config_load ( void  )

Definition at line 268 of file tn_config.c.

269{
270 struct ast_sorcery *sorcery = get_sorcery();
271
272 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=tn");
273
275 NULL, tn_apply)) {
276 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
278 }
279
281 OPT_NOOP_T, 0, 0);
282
284
286
289
291}
static struct ast_cli_entry stir_shaken_certificate_cli[]
Definition tn_config.c:248
static void * tn_alloc(const char *name)
Definition tn_config.c:79
#define CONFIG_TYPE
Definition tn_config.c:31
static int tn_apply(const struct ast_sorcery *sorcery, void *obj)
Definition tn_config.c:164

References ARRAY_LEN, ast_cli_register_multiple, ast_log, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_register, CONFIG_TYPE, get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, register_common_attestation_fields, sorcery, stir_shaken_certificate_cli, tn_alloc(), and tn_apply().

Referenced by common_config_load().

◆ tn_config_reload()

int tn_config_reload ( void  )

◆ tn_config_unload()

int tn_config_unload ( void  )

◆ tn_get_cfg()

struct tn_cfg * tn_get_cfg ( const char *  tn)

Definition at line 39 of file tn_config.c.

References ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_tn_show().

◆ tn_get_etn()

struct tn_cfg * tn_get_etn ( const char *  tn,
struct profile_cfg eprofile 
)

Definition at line 111 of file tn_config.c.

112{
113 const char *profile_id = eprofile ? ast_sorcery_object_get_id(eprofile) : "unknown";
114 RAII_VAR(struct tn_cfg *, tn,
117 RAII_VAR(struct tn_cfg *, etn, etn_alloc(id), ao2_cleanup);
118 enum attest_level_enum effective_al = attest_level_NOT_SET;
119 int rc = 0;
120 SCOPE_ENTER(3, "%s:%s: Getting effective TN\n", profile_id, S_OR(id, ""));
121
122 if (ast_strlen_zero(id) || !eprofile || !etn) {
123 SCOPE_EXIT_RTN_VALUE(NULL, "Missing params\n");
124 }
125
126 if (!tn) {
127 if (eprofile->unknown_tn_attest_level != attest_level_NOT_SET
128 && eprofile->unknown_tn_attest_level != attest_level_UNKNOWN) {
129 effective_al = eprofile->unknown_tn_attest_level;
130 ast_trace(-1, "%s:%s: TN not found. Using unknown_tn_attest_level %s\n",
131 profile_id, id, attest_level_to_str(effective_al));
132 } else {
133 SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: TN not found and unknown_tn_attest_level not set\n", profile_id, id);
134 }
135 }
136
137 /* Initialize with the acfg from the eprofile first */
138 rc = as_copy_cfg_common(id, &etn->acfg_common,
139 &eprofile->acfg_common);
140 if (rc != 0) {
141 SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: Couldn't copy from eprofile\n", profile_id, id);
142 }
143
144 /* Overwrite with anything in the TN itself */
145 if (tn) {
146 rc = as_copy_cfg_common(id, &etn->acfg_common,
147 &tn->acfg_common);
148 if (rc != 0) {
149 SCOPE_EXIT_RTN_VALUE(NULL, "%s:%s: Couldn't copy from tn\n", profile_id, id);
150 }
151 } else {
152 etn->acfg_common.attest_level = effective_al;
153 }
154
155 /*
156 * Unlike profile, we're not going to actually add a
157 * new object to sorcery because, although unlikely,
158 * the same TN could be used with multiple profiles.
159 */
160
161 SCOPE_EXIT_RTN_VALUE(ao2_bump(etn), "%s:%s: Done\n", profile_id, id);
162}
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
#define ast_trace(level,...)
static void * etn_alloc(const char *name)
Definition tn_config.c:95

References profile_cfg::acfg_common, ao2_bump, ao2_cleanup, as_copy_cfg_common(), ast_sorcery_object_get_id(), ast_sorcery_retrieve_by_id(), ast_strlen_zero(), ast_trace, CONFIG_TYPE, etn_alloc(), get_sorcery(), NULL, RAII_VAR, S_OR, SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, and profile_cfg::unknown_tn_attest_level.

Referenced by ast_stir_shaken_as_ctx_create().

◆ unknown_tn_attest_level_from_str()

enum attest_level_enum unknown_tn_attest_level_from_str ( const char *  value)

◆ unknown_tn_attest_level_to_str()

const char * unknown_tn_attest_level_to_str ( enum attest_level_enum  value)

◆ vcfg_cleanup()

void vcfg_cleanup ( struct verification_cfg_common cfg)

Definition at line 77 of file verification_config.c.

78{
79 if (!vcfg_common) {
80 return;
81 }
83 if (vcfg_common->tcs) {
84 crypto_free_cert_store(vcfg_common->tcs);
85 }
86 ast_free_acl_list(vcfg_common->acl);
87}
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl)
Free a list of ACLs.
Definition acl.c:233
#define crypto_free_cert_store(store)
Free an X509 store.

References verification_cfg_common::acl, ast_free_acl_list(), ast_string_field_free_memory, crypto_free_cert_store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_destructor(), and verification_destructor().

◆ vs_check_common_config()

int vs_check_common_config ( const char *  id,
struct verification_cfg_common vcfg_common 
)

Definition at line 167 of file verification_config.c.

169{
170 SCOPE_ENTER(3, "%s: Checking common config\n", id);
171
172 if (!ast_strlen_zero(vcfg_common->ca_file)
173 && !ast_file_is_readable(vcfg_common->ca_file)) {
175 "%s: ca_file '%s' not found, or is unreadable\n",
176 id, vcfg_common->ca_file);
177 }
178
179 if (!ast_strlen_zero(vcfg_common->ca_path)
180 && !ast_file_is_readable(vcfg_common->ca_path)) {
182 "%s: ca_path '%s' not found, or is unreadable\n",
183 id, vcfg_common->ca_path);
184 }
185
186 if (!ast_strlen_zero(vcfg_common->crl_file)
187 && !ast_file_is_readable(vcfg_common->crl_file)) {
189 "%s: crl_file '%s' not found, or is unreadable\n",
190 id, vcfg_common->crl_file);
191 }
192
193 if (!ast_strlen_zero(vcfg_common->crl_path)
194 && !ast_file_is_readable(vcfg_common->crl_path)) {
196 "%s: crl_path '%s' not found, or is unreadable\n",
197 id, vcfg_common->crl_path);
198 }
199
200 if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
201 && !ast_file_is_readable(vcfg_common->untrusted_cert_file)) {
203 "%s: untrusted_cert_file '%s' not found, or is unreadable\n",
204 id, vcfg_common->untrusted_cert_file);
205 }
206
207 if (!ast_strlen_zero(vcfg_common->untrusted_cert_path)
208 && !ast_file_is_readable(vcfg_common->untrusted_cert_path)) {
210 "%s: untrusted_cert_path '%s' not found, or is unreadable\n",
211 id, vcfg_common->untrusted_cert_path);
212 }
213
214 if (!ast_strlen_zero(vcfg_common->ca_file)
215 || !ast_strlen_zero(vcfg_common->ca_path)) {
216 int rc = 0;
217
218 if (!vcfg_common->tcs) {
219 vcfg_common->tcs = crypto_create_cert_store();
220 if (!vcfg_common->tcs) {
222 "%s: Unable to create CA cert store\n", id);
223 }
224 }
225 rc = crypto_load_cert_store(vcfg_common->tcs,
226 vcfg_common->ca_file, vcfg_common->ca_path);
227 if (rc != 0) {
229 "%s: Unable to load CA cert store from '%s' or '%s'\n",
230 id, vcfg_common->ca_file, vcfg_common->ca_path);
231 }
232 }
233
234 if (!ast_strlen_zero(vcfg_common->crl_file)
235 || !ast_strlen_zero(vcfg_common->crl_path)) {
236 int rc = 0;
237
238 if (!vcfg_common->tcs) {
239 vcfg_common->tcs = crypto_create_cert_store();
240 if (!vcfg_common->tcs) {
242 "%s: Unable to create CA cert store\n", id);
243 }
244 }
245 rc = crypto_load_crl_store(vcfg_common->tcs,
246 vcfg_common->crl_file, vcfg_common->crl_path);
247 if (rc != 0) {
249 "%s: Unable to load CA CRL store from '%s' or '%s'\n",
250 id, vcfg_common->crl_file, vcfg_common->crl_path);
251 }
252 }
253
254 if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
255 || !ast_strlen_zero(vcfg_common->untrusted_cert_path)) {
256 int rc = 0;
257
258 if (!vcfg_common->tcs) {
259 vcfg_common->tcs = crypto_create_cert_store();
260 if (!vcfg_common->tcs) {
262 "%s: Unable to create CA cert store\n", id);
263 }
264 }
265 rc = crypto_load_untrusted_cert_store(vcfg_common->tcs,
266 vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
267 if (rc != 0) {
269 "%s: Unable to load CA CRL store from '%s' or '%s'\n",
270 id, vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
271 }
272 }
273
274 if (vcfg_common->tcs) {
275 if (ENUM_BOOL(vcfg_common->load_system_certs, load_system_certs)) {
276 X509_STORE_set_default_paths(vcfg_common->tcs->certs);
277 }
278
279 if (!ast_strlen_zero(vcfg_common->crl_file)
280 || !ast_strlen_zero(vcfg_common->crl_path)) {
281 X509_STORE_set_flags(vcfg_common->tcs->certs, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_EXTENDED_CRL_SUPPORT);
282 }
283 }
284
285 if (!ast_strlen_zero(vcfg_common->cert_cache_dir)) {
286 FILE *fp;
287 char *testfile;
288
289 if (ast_asprintf(&testfile, "%s/testfile", vcfg_common->cert_cache_dir) <= 0) {
291 "%s: Unable to allocate memory for testfile\n", id);
292 }
293
294 fp = fopen(testfile, "w+");
295 if (!fp) {
296 ast_free(testfile);
298 "%s: cert_cache_dir '%s' was not writable\n",
299 id, vcfg_common->cert_cache_dir);
300 }
301 fclose(fp);
302 remove(testfile);
303 ast_free(testfile);
304 }
305
306 SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
307}
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
Definition astmm.h:267
int crypto_load_crl_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with certificate revocation lists.
int crypto_load_untrusted_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with untrusted certificates.
struct crypto_cert_store * crypto_create_cert_store(void)
Create an empty X509 store.
int crypto_load_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with either certificates or CRLs.
#define remove
X509_STORE * certs

References ast_asprintf, ast_file_is_readable(), ast_free, ast_strlen_zero(), verification_cfg_common::ca_file, verification_cfg_common::ca_path, verification_cfg_common::cert_cache_dir, crypto_cert_store::certs, verification_cfg_common::crl_file, verification_cfg_common::crl_path, crypto_create_cert_store(), crypto_load_cert_store(), crypto_load_crl_store(), crypto_load_untrusted_cert_store(), ENUM_BOOL, verification_cfg_common::load_system_certs, LOG_ERROR, remove, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, verification_cfg_common::tcs, verification_cfg_common::untrusted_cert_file, verification_cfg_common::untrusted_cert_path, and verification_cfg::vcfg_common.

Referenced by profile_apply(), and verification_apply().

◆ vs_config_load()

int vs_config_load ( void  )

Definition at line 446 of file verification_config.c.

447{
448 struct ast_sorcery *sorcery = get_sorcery();
449
450 snprintf(DEFAULT_cert_cache_dir, sizeof(DEFAULT_cert_cache_dir), "%s/keys/%s/cache",
452
454 "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
455
458 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
459 return -1;
460 }
461
463 OPT_NOOP_T, 0, 0);
464
466 DEFAULT_global_disable ? "yes" : "no",
467 OPT_YESNO_T, 1, FLDSET(struct verification_cfg, global_disable));
468
470
472
473 if (!vs_is_config_loaded()) {
474 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
475 }
476 if (!empty_cfg) {
478 if (!empty_cfg) {
479 return -1;
480 }
482 }
483
486
487 return 0;
488}
const char * ast_config_AST_DATA_DIR
Definition options.c:159
static int verification_apply(const struct ast_sorcery *sorcery, void *obj)
static struct ast_cli_entry verification_cli[]
int vs_is_config_loaded(void)
#define STIR_SHAKEN_DIR_NAME
static void * verification_alloc(const char *name)
static char DEFAULT_cert_cache_dir[PATH_MAX]
#define DEFAULT_global_disable
static struct verification_cfg * empty_cfg
#define CONFIG_TYPE

References ARRAY_LEN, ast_cli_register_multiple, ast_config_AST_DATA_DIR, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, DEFAULT_cert_cache_dir, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), verification_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_verification_fields, sorcery, STIR_SHAKEN_DIR_NAME, verification_alloc(), verification_apply(), verification_cli, and vs_is_config_loaded().

Referenced by vs_load().

◆ vs_config_reload()

int vs_config_reload ( void  )

Definition at line 418 of file verification_config.c.

419{
420 struct ast_sorcery *sorcery = get_sorcery();
422
423 if (!vs_is_config_loaded()) {
424 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
425 }
426 if (!empty_cfg) {
428 if (!empty_cfg) {
429 return -1;
430 }
432 }
433
434 return 0;
435}

References ast_log, ast_sorcery_force_reload_object(), CONFIG_TYPE, empty_cfg, get_sorcery(), verification_cfg::global_disable, LOG_WARNING, sorcery, verification_alloc(), and vs_is_config_loaded().

Referenced by vs_reload().

◆ vs_config_unload()

int vs_config_unload ( void  )

◆ vs_copy_cfg_common()

int vs_copy_cfg_common ( const char *  id,
struct verification_cfg_common cfg_dst,
struct verification_cfg_common cfg_src 
)

Definition at line 124 of file verification_config.c.

126{
127 int rc = 0;
128
129 if (!cfg_dst || !cfg_src) {
130 return -1;
131 }
132
133 if (!cfg_dst->tcs && cfg_src->tcs) {
134 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_file);
135 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_path);
136 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_file);
137 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_path);
138 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_file);
139 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_path);
140 ao2_bump(cfg_src->tcs);
141 cfg_dst->tcs = cfg_src->tcs;
142 }
143
144 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, cert_cache_dir);
145
146 cfg_uint_copy(cfg_dst, cfg_src, curl_timeout);
147 cfg_uint_copy(cfg_dst, cfg_src, max_iat_age);
148 cfg_uint_copy(cfg_dst, cfg_src, max_date_header_age);
149 cfg_uint_copy(cfg_dst, cfg_src, max_cache_entry_age);
150 cfg_uint_copy(cfg_dst, cfg_src, max_cache_size);
151
152 cfg_enum_copy(cfg_dst, cfg_src, stir_shaken_failure_action);
153 cfg_enum_copy(cfg_dst, cfg_src, use_rfc9410_responses);
154 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
155 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
156 cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
157 cfg_enum_copy(cfg_dst, cfg_src, ignore_sip_date_header);
158
159 if (cfg_src->acl) {
160 ast_free_acl_list(cfg_dst->acl);
161 cfg_dst->acl = ast_duplicate_acl_list(cfg_src->acl);
162 }
163
164 return rc;
165}
struct ast_acl_list * ast_duplicate_acl_list(struct ast_acl_list *original)
Duplicates the contests of a list of lists of host access rules.
Definition acl.c:315
#define cfg_uint_copy(__cfg_dst, __cfg_src, __field)
cfg_uint_copy

References verification_cfg_common::acl, ao2_bump, ast_duplicate_acl_list(), ast_free_acl_list(), cfg_enum_copy, cfg_sf_copy_wrapper, cfg_uint_copy, and verification_cfg_common::tcs.

Referenced by create_effective_profile().

◆ vs_get_cfg()

struct verification_cfg * vs_get_cfg ( void  )

◆ vs_is_config_loaded()

int vs_is_config_loaded ( void  )