Asterisk - The Open Source Telephony Project GIT-master-55f4e6d
Data Structures | Macros | Enumerations | Functions
common_config.h File Reference
#include <openssl/evp.h>
#include "asterisk.h"
#include "asterisk/paths.h"
#include "asterisk/sorcery.h"
#include "asterisk/stringfields.h"
Include dependency graph for common_config.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  attestation_cfg
 
struct  attestation_cfg_common
 Attestation Service configuration for stir/shaken. More...
 
struct  config_object_cli_data
 
struct  profile_cfg
 Profile configuration for stir/shaken. More...
 
struct  tn_cfg
 TN configuration for stir/shaken. More...
 
struct  verification_cfg
 
struct  verification_cfg_common
 Verification Service configuration for stir/shaken. More...
 

Macros

#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)
 cfg_enum_copy More...
 
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
 cfg_copy_wrapper More...
 
#define cfg_stringfield_copy(__cfg_dst, __cfg_src, __field)
 Common config copy utilities. More...
 
#define cfg_uint_copy(__cfg_dst, __cfg_src, __field)
 cfg_uint_copy More...
 
#define EFFECTIVE_ENUM(__enum1, __enum2, __field, __default)
 
#define EFFECTIVE_ENUM_BOOL(__enum1, __enum2, __field, __default)
 
#define ENUM_BOOL(__enum1, __field)    (__enum1 == ( __field ## _ ## YES ))
 
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)    enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, nodoc)
 
#define enum_option_register_ex(sorcery, CONFIG_TYPE, name, field, nodoc)
 
#define generate_acfg_common_sorcery_handlers(object)
 
#define generate_bool_string_prototypes(param_name)
 Boolean field to/from string prototype generator. More...
 
#define generate_enum_string_prototypes(param_name, ...)
 Enum field to/from string prototype generator. More...
 
#define generate_sorcery_acl_from_str(__struct, __lc_param, __unknown)
 
#define generate_sorcery_acl_to_str(__struct, __lc_param)
 
#define generate_sorcery_enum_from_str(__struct, __substruct, __lc_param, __unknown)    generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param ## _ ## __unknown) \
 
#define generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __unknown)
 
#define generate_sorcery_enum_to_str(__struct, __substruct, __lc_param)
 Enum sorcery handler generator. More...
 
#define generate_vcfg_common_sorcery_handlers(object)
 
#define PROFILE_ALLOW_ATTEST(__profile)
 
#define PROFILE_ALLOW_VERIFY(__profile)
 
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
 
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
 
#define stringfield_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
 Sorcery fields register helpers. More...
 
#define uint_option_register(sorcery, CONFIG_TYPE, object, name, field, nodoc)
 

Enumerations

enum  config_object_type { config_object_type_attestation = 0 , config_object_type_verification , config_object_type_profile , config_object_type_tn }
 

Functions

void acfg_cleanup (struct attestation_cfg_common *cfg)
 
int as_check_common_config (const char *id, struct attestation_cfg_common *acfg_common)
 
int as_config_load (void)
 
int as_config_reload (void)
 
int as_config_unload (void)
 
int as_copy_cfg_common (const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
 
struct attestation_cfgas_get_cfg (void)
 
int as_is_config_loaded (void)
 
char * canonicalize_tn (const char *tn, char *dest_tn)
 Canonicalize a TN. More...
 
char * canonicalize_tn_alloc (const char *tn)
 Canonicalize a TN into nre buffer. More...
 
int common_config_load (void)
 
int common_config_reload (void)
 
int common_config_unload (void)
 
int config_object_cli_show (void *obj, void *arg, void *data, int flags)
 Output configuration settings to the Asterisk CLI. More...
 
char * config_object_tab_complete_name (const char *word, struct ao2_container *container)
 Tab completion for name matching with STIR/SHAKEN CLI commands. More...
 
struct profile_cfgeprofile_get_cfg (const char *id)
 
 generate_bool_string_prototypes (check_tn_cert_public_url)
 
 generate_bool_string_prototypes (load_system_certs)
 
 generate_bool_string_prototypes (relax_x5u_path_restrictions)
 
 generate_bool_string_prototypes (relax_x5u_port_scheme_restrictions)
 
 generate_bool_string_prototypes (send_mky)
 
 generate_bool_string_prototypes (use_rfc9410_responses)
 
 generate_enum_string_prototypes (attest_level, attest_level_UNKNOWN=-1, attest_level_A=0, attest_level_B, attest_level_C, attest_level_NOT_SET,)
 
 generate_enum_string_prototypes (endpoint_behavior, endpoint_behavior_UNKNOWN=-1, endpoint_behavior_OFF=0, endpoint_behavior_ATTEST, endpoint_behavior_VERIFY, endpoint_behavior_ON, endpoint_behavior_NOT_SET)
 
struct ast_acl_listget_default_acl_list (void)
 
struct profile_cfgprofile_get_cfg (const char *id)
 
int profile_load (void)
 
int profile_reload (void)
 
int profile_unload (void)
 
enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str (const char *action_str)
 
const char * stir_shaken_failure_action_to_str (enum stir_shaken_failure_action_enum action)
 
int tn_config_load (void)
 
int tn_config_reload (void)
 
int tn_config_unload (void)
 
struct tn_cfgtn_get_cfg (const char *tn)
 
struct tn_cfgtn_get_etn (const char *tn, struct profile_cfg *eprofile)
 
void vcfg_cleanup (struct verification_cfg_common *cfg)
 
int vs_check_common_config (const char *id, struct verification_cfg_common *vcfg_common)
 
int vs_config_load (void)
 
int vs_config_reload (void)
 
int vs_config_unload (void)
 
int vs_copy_cfg_common (const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
 
struct verification_cfgvs_get_cfg (void)
 
int vs_is_config_loaded (void)
 

Macro Definition Documentation

◆ cfg_enum_copy

#define cfg_enum_copy (   __cfg_dst,
  __cfg_src,
  __field 
)

cfg_enum_copy

Copy an enum from the source to the dest only if the source is neither NOT_SET nor UNKNOWN

Definition at line 266 of file common_config.h.

◆ cfg_sf_copy_wrapper

#define cfg_sf_copy_wrapper (   id,
  __cfg_dst,
  __cfg_src,
  __field 
)

cfg_copy_wrapper

Invoke cfg_stringfield_copy and cause the calling runction to return a -1 of the copy fails.

Definition at line 237 of file common_config.h.

◆ cfg_stringfield_copy

#define cfg_stringfield_copy (   __cfg_dst,
  __cfg_src,
  __field 
)

Common config copy utilities.

These macros are designed to be called from as_copy_cfg_common and vs_copy_cfg_common only. They'll only copy a field if the field contains a vaild value. Thus a NOT_SET value in the source won't override a pre-existing good value in the dest. A good value in the source WILL overwrite a good value in the dest.

Definition at line 222 of file common_config.h.

◆ cfg_uint_copy

#define cfg_uint_copy (   __cfg_dst,
  __cfg_src,
  __field 
)
Value:
({ \
if (__cfg_src->__field > 0) { \
__cfg_dst->__field = __cfg_src->__field; \
} \
})

cfg_uint_copy

Copy a uint from the source to the dest only if the source > 0. For stir-shaken, 0 isn't a valid value for any uint fields.

Definition at line 253 of file common_config.h.

◆ EFFECTIVE_ENUM

#define EFFECTIVE_ENUM (   __enum1,
  __enum2,
  __field,
  __default 
)
Value:
( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
(__enum2 != __field ## _ ## NOT_SET ? \
__enum2 : __default ))
#define _(msgid)

Definition at line 199 of file common_config.h.

◆ EFFECTIVE_ENUM_BOOL

#define EFFECTIVE_ENUM_BOOL (   __enum1,
  __enum2,
  __field,
  __default 
)
Value:
(( __enum1 != ( __field ## _ ## NOT_SET ) ? __enum1 : \
(__enum2 != __field ## _ ## NOT_SET ? \
__enum2 : __field ## _ ## __default )) == __field ## _ ## YES)

Definition at line 204 of file common_config.h.

◆ ENUM_BOOL

#define ENUM_BOOL (   __enum1,
  __field 
)     (__enum1 == ( __field ## _ ## YES ))

Definition at line 209 of file common_config.h.

◆ enum_option_register

#define enum_option_register (   sorcery,
  CONFIG_TYPE,
  name,
  nodoc 
)     enum_option_register_ex(sorcery, CONFIG_TYPE, name, name, nodoc)

Definition at line 490 of file common_config.h.

◆ enum_option_register_ex

#define enum_option_register_ex (   sorcery,
  CONFIG_TYPE,
  name,
  field,
  nodoc 
)
Value:
#name, field ## _to_str(DEFAULT_ ## field), \
sorcery_ ## field ## _from_str, sorcery_ ## field ## _to_str, NULL, 0, 0)
#define CONFIG_TYPE
static const char name[]
Definition: format_mp3.c:68
static struct ast_sorcery * sorcery
#define NULL
Definition: resample.c:96
#define ast_sorcery_object_field_register_custom(sorcery, type, name, default_val, config_handler, sorcery_handler, multiple_handler, flags,...)
Register a field within an object with custom handlers.
Definition: sorcery.h:1005

Definition at line 485 of file common_config.h.

◆ generate_acfg_common_sorcery_handlers

#define generate_acfg_common_sorcery_handlers (   object)

Definition at line 291 of file common_config.h.

◆ generate_bool_string_prototypes

#define generate_bool_string_prototypes (   param_name)

Boolean field to/from string prototype generator.

Most of the boolean fields that appear in the verification and attestation objects can be ovrridden in the profile object; "use_rfc9410_responses" for instance. If they were registered as normal YESNO types, we couldn't tell if a "0" value in the profile object meant the user set it to "no" to override a value of "yes" in the verification object, or it just defaulted to "0". By making the _NOT_SET enum a non-0/1 and making it the default value, we can tell the difference. The _UNKNOWN enum gets set if the string value provided to the _from_str function wasn't recognized as one of the values acceptable to ast_true() or ast_false().

The result of calling the generator for a field will look like:

enum use_rfc9410_responses_enum {
use_rfc9410_responses_UNKNOWN = -1,
use_rfc9410_responses_NO = 0,
use_rfc9410_responses_YES,
use_rfc9410_responses_NOT_SET,
};
enum use_rfc9410_responses_enum
use_rfc9410_responses_from_str(const char *value);
const char *use_rfc9410_responses_to_str(enum use_rfc9410_responses_enum value);
int value
Definition: syslog.c:37

Most of the macros that follow depend on enum values formatted as <param_name>SOMETHING and their defaults as DEFAULT<param_name>.

Definition at line 60 of file common_config.h.

◆ generate_enum_string_prototypes

#define generate_enum_string_prototypes (   param_name,
  ... 
)

Enum field to/from string prototype generator.

This operates like the bool generator except you supply a list of the enum values. The first one MUST be param_name_UNKNOWN with a value of -1 and the rest running sequentially with the last being param_name_NOT_SET.

Definition at line 94 of file common_config.h.

◆ generate_sorcery_acl_from_str

#define generate_sorcery_acl_from_str (   __struct,
  __lc_param,
  __unknown 
)

Definition at line 183 of file common_config.h.

◆ generate_sorcery_acl_to_str

#define generate_sorcery_acl_to_str (   __struct,
  __lc_param 
)

Definition at line 164 of file common_config.h.

◆ generate_sorcery_enum_from_str

#define generate_sorcery_enum_from_str (   __struct,
  __substruct,
  __lc_param,
  __unknown 
)     generate_sorcery_enum_from_str_ex(__struct, __substruct, __lc_param, __lc_param ## _ ## __unknown) \

Definition at line 160 of file common_config.h.

◆ generate_sorcery_enum_from_str_ex

#define generate_sorcery_enum_from_str_ex (   __struct,
  __substruct,
  __lc_param,
  __unknown 
)

Definition at line 147 of file common_config.h.

◆ generate_sorcery_enum_to_str

#define generate_sorcery_enum_to_str (   __struct,
  __substruct,
  __lc_param 
)

Enum sorcery handler generator.

These macros can create the two functions needed to register an enum field with sorcery as long as there are _to_str and _from_str functions defined elsewhere.

Definition at line 139 of file common_config.h.

◆ generate_vcfg_common_sorcery_handlers

#define generate_vcfg_common_sorcery_handlers (   object)

Definition at line 357 of file common_config.h.

◆ PROFILE_ALLOW_ATTEST

#define PROFILE_ALLOW_ATTEST (   __profile)
Value:
(__profile->endpoint_behavior == endpoint_behavior_ON || \
__profile->endpoint_behavior == endpoint_behavior_ATTEST)

Definition at line 422 of file common_config.h.

◆ PROFILE_ALLOW_VERIFY

#define PROFILE_ALLOW_VERIFY (   __profile)
Value:
(__profile->endpoint_behavior == endpoint_behavior_ON || \
__profile->endpoint_behavior == endpoint_behavior_VERIFY)

Definition at line 426 of file common_config.h.

◆ register_common_attestation_fields

#define register_common_attestation_fields (   sorcery,
  object,
  CONFIG_TYPE,
  nodoc 
)

Definition at line 521 of file common_config.h.

◆ register_common_verification_fields

#define register_common_verification_fields (   sorcery,
  object,
  CONFIG_TYPE,
  nodoc 
)

Definition at line 493 of file common_config.h.

◆ stringfield_option_register

#define stringfield_option_register (   sorcery,
  CONFIG_TYPE,
  object,
  name,
  field,
  nodoc 
)
Value:
DEFAULT_ ## name, OPT_STRINGFIELD_T, 0, \
STRFLDSET(struct object, field))
#define STRFLDSET(type,...)
Convert a struct and a list of stringfield fields to an argument list of field offsets.
@ OPT_STRINGFIELD_T
Type for default option handler for stringfields.
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Definition: sorcery.h:955

Sorcery fields register helpers.

Most of the fields on attestation_cfg and verification_cfg are also in profile_cfg. To prevent having to maintain duplicate sets of sorcery register statements, we can do this once here and call register_common_verification_fields() from both profile_config and verification_config and call register_common_attestation_fields() from profile_cfg and attestation_config.

Most of the fields in question are in sub-structures like verification_cfg.vcfg_common which is why there are separate name and field parameters. For verification_cfg.vcfg_common.ca_file for instance, name would be ca_file and field would be vcfg_common.ca_file.

Note
These macros depend on default values being defined in the 4 config.c files as DEFAULT<field_name>.

Definition at line 475 of file common_config.h.

◆ uint_option_register

#define uint_option_register (   sorcery,
  CONFIG_TYPE,
  object,
  name,
  field,
  nodoc 
)
Value:
__stringify(DEFAULT_ ## name), OPT_UINT_T, 0, \
FLDSET(struct object, field))
#define __stringify(x)
Definition: asterisk.h:216
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
@ OPT_UINT_T
Type for default option handler for unsigned integers.

Definition at line 480 of file common_config.h.

Enumeration Type Documentation

◆ config_object_type

Enumerator
config_object_type_attestation 
config_object_type_verification 
config_object_type_profile 
config_object_type_tn 

Definition at line 534 of file common_config.h.

534 {
539};
@ config_object_type_attestation
@ config_object_type_tn
@ config_object_type_profile
@ config_object_type_verification

Function Documentation

◆ acfg_cleanup()

void acfg_cleanup ( struct attestation_cfg_common cfg)

Definition at line 60 of file attestation_config.c.

61{
62 if (!acfg_common) {
63 return;
64 }
66 ao2_cleanup(acfg_common->raw_key);
67}
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Definition: stringfields.h:374

References attestation_cfg::acfg_common, ao2_cleanup, ast_string_field_free_memory, and attestation_cfg_common::raw_key.

Referenced by attestation_destructor(), generate_sorcery_enum_from_str(), and profile_destructor().

◆ as_check_common_config()

int as_check_common_config ( const char *  id,
struct attestation_cfg_common acfg_common 
)

Definition at line 131 of file attestation_config.c.

132{
133 SCOPE_ENTER(3, "%s: Checking common config\n", id);
134
135 if (!ast_strlen_zero(acfg_common->private_key_file)
136 && !ast_file_is_readable(acfg_common->private_key_file)) {
137 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: default_private_key_path %s is missing or not readable\n", id,
138 acfg_common->private_key_file);
139 }
140
141 if (ENUM_BOOL(acfg_common->check_tn_cert_public_url,
142 check_tn_cert_public_url)
143 && !ast_strlen_zero(acfg_common->public_cert_url)) {
144 RAII_VAR(char *, public_cert_data, NULL, ast_std_free);
145 X509 *public_cert;
146 size_t public_cert_len;
147 int rc = 0;
148 long http_code;
149 SCOPE_ENTER(3 , "%s: Checking public cert url '%s'\n",
150 id, acfg_common->public_cert_url);
151
152 http_code = curl_download_to_memory(acfg_common->public_cert_url,
153 &public_cert_len, &public_cert_data, NULL);
154 if (http_code / 100 != 2) {
155 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be downloaded\n", id,
156 acfg_common->public_cert_url);
157 }
158
159 public_cert = crypto_load_cert_from_memory(public_cert_data,
160 public_cert_len);
161 if (!public_cert) {
162 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' could not be parsed as a certificate\n", id,
163 acfg_common->public_cert_url);
164 }
165 rc = crypto_is_cert_time_valid(public_cert, 0);
166 X509_free(public_cert);
167 if (!rc) {
168 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: public_cert '%s' is not valid yet or has expired\n", id,
169 acfg_common->public_cert_url);
170 }
171
172 rc = crypto_has_private_key_from_memory(public_cert_data, public_cert_len);
173 if (rc) {
174 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: DANGER!!! public_cert_url '%s' has a private key in the file!!!\n", id,
175 acfg_common->public_cert_url);
176 }
177 SCOPE_EXIT("%s: Done\n", id);
178 }
179
180 if (!ast_strlen_zero(acfg_common->private_key_file)) {
181 EVP_PKEY *private_key;
182 RAII_VAR(unsigned char *, raw_key, NULL, ast_free);
183
184 private_key = crypto_load_privkey_from_file(acfg_common->private_key_file);
185 if (!private_key) {
186 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
187 acfg_common->private_key_file);
188 }
189
190 acfg_common->raw_key_length = crypto_extract_raw_privkey(private_key, &raw_key);
191 EVP_PKEY_free(private_key);
192 if (acfg_common->raw_key_length == 0 || raw_key == NULL) {
193 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR, "%s: Could not extract raw private key from file '%s'\n", id,
194 acfg_common->private_key_file);
195 }
196
197 /*
198 * We're making this an ao2 object so it can be referenced
199 * by a profile instead of having to copy it.
200 */
201 acfg_common->raw_key = ao2_alloc(acfg_common->raw_key_length, NULL);
202 if (!acfg_common->raw_key) {
204 "%s: Could not allocate memory for raw private key\n", id);
205 }
206 memcpy(acfg_common->raw_key, raw_key, acfg_common->raw_key_length);
207
208 }
209
210 SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
211}
void ast_std_free(void *ptr)
Definition: astmm.c:1734
#define ast_free(a)
Definition: astmm.h:180
#define ao2_alloc(data_size, destructor_fn)
Definition: astobj2.h:409
#define ENUM_BOOL(__enum1, __field)
X509 * crypto_load_cert_from_memory(const char *buffer, size_t size)
Load an X509 Cert from a NULL terminated buffer.
Definition: crypto_utils.c:185
EVP_PKEY * crypto_load_privkey_from_file(const char *filename)
Load a private key from a file.
Definition: crypto_utils.c:137
int crypto_extract_raw_privkey(EVP_PKEY *key, unsigned char **buffer)
Extract raw private key from EVP_PKEY.
Definition: crypto_utils.c:292
int crypto_is_cert_time_valid(X509 *cert, time_t reftime)
Check if the reftime is within the cert's valid dates.
Definition: crypto_utils.c:383
int crypto_has_private_key_from_memory(const char *buffer, size_t size)
Check if the supplied buffer has a private key.
Definition: crypto_utils.c:238
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
#define SCOPE_ENTER(level,...)
#define SCOPE_EXIT(...)
long curl_download_to_memory(const char *url, size_t *returned_length, char **returned_data, struct ast_variable **headers)
Really simple document retrieval to memory.
Definition: curl_utils.c:300
#define LOG_ERROR
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
enum check_tn_cert_public_url_enum check_tn_cert_public_url
unsigned char * raw_key
const ast_string_field public_cert_url
const ast_string_field private_key_file
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
int ast_file_is_readable(const char *filename)
Test that a file exists and is readable by the effective user.
Definition: utils.c:3107

References attestation_cfg::acfg_common, ao2_alloc, ast_file_is_readable(), ast_free, ast_std_free(), ast_strlen_zero(), attestation_cfg_common::check_tn_cert_public_url, crypto_extract_raw_privkey(), crypto_has_private_key_from_memory(), crypto_is_cert_time_valid(), crypto_load_cert_from_memory(), crypto_load_privkey_from_file(), curl_download_to_memory(), ENUM_BOOL, LOG_ERROR, NULL, attestation_cfg_common::private_key_file, attestation_cfg_common::public_cert_url, RAII_VAR, attestation_cfg_common::raw_key, attestation_cfg_common::raw_key_length, SCOPE_ENTER, SCOPE_EXIT, SCOPE_EXIT_LOG_RTN_VALUE, and SCOPE_EXIT_RTN_VALUE.

Referenced by attestation_apply(), profile_apply(), and tn_apply().

◆ as_config_load()

int as_config_load ( void  )

Definition at line 287 of file attestation_config.c.

288{
289 struct ast_sorcery *sorcery = get_sorcery();
290
292 "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
293
296 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
297 return -1;
298 }
299
301 "", OPT_NOOP_T, 0, 0);
302
304 DEFAULT_global_disable ? "yes" : "no",
305 OPT_YESNO_T, 1, FLDSET(struct attestation_cfg, global_disable));
306
308
310
311 if (!as_is_config_loaded()) {
312 ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled. Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
313 }
314 if (!empty_cfg) {
316 if (!empty_cfg) {
317 return -1;
318 }
320 }
321
324
325 return 0;
326}
#define ast_log
Definition: astobj2.c:42
static struct ast_cli_entry attestation_cli[]
static struct attestation_cfg * empty_cfg
#define DEFAULT_global_disable
int as_is_config_loaded(void)
static void * attestation_alloc(const char *name)
static int attestation_apply(const struct ast_sorcery *sorcery, void *obj)
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition: common_config.c:34
#define register_common_attestation_fields(sorcery, object, CONFIG_TYPE, nodoc)
@ OPT_NOOP_T
Type for a default handler that should do nothing.
@ OPT_YESNO_T
Type for default option handler for bools (ast_true/ast_false)
#define LOG_WARNING
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Definition: sorcery.h:987
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
Definition: sorcery.h:837
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
Definition: sorcery.c:1393
#define ast_sorcery_apply_default(sorcery, type, name, data)
Definition: sorcery.h:476
Full structure for sorcery.
Definition: sorcery.c:230
#define ARRAY_LEN(a)
Definition: utils.h:666

References ARRAY_LEN, as_is_config_loaded(), ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, attestation_alloc(), attestation_apply(), attestation_cli, CONFIG_TYPE, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), attestation_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_attestation_fields, and sorcery.

Referenced by as_load().

◆ as_config_reload()

int as_config_reload ( void  )

Definition at line 259 of file attestation_config.c.

260{
261 struct ast_sorcery *sorcery = get_sorcery();
263
264 if (!as_is_config_loaded()) {
265 ast_log(LOG_WARNING,"Stir/Shaken attestation service disabled. Either there were errors in the 'attestation' object in stir_shaken.conf or it was missing altogether.\n");
266 }
267 if (!empty_cfg) {
269 if (!empty_cfg) {
270 return -1;
271 }
273 }
274
275 return 0;
276}
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Definition: sorcery.c:1457

References as_is_config_loaded(), ast_log, ast_sorcery_force_reload_object(), attestation_alloc(), CONFIG_TYPE, empty_cfg, get_sorcery(), attestation_cfg::global_disable, LOG_WARNING, and sorcery.

Referenced by as_reload().

◆ as_config_unload()

int as_config_unload ( void  )

Definition at line 278 of file attestation_config.c.

279{
283
284 return 0;
285}
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), attestation_cli, and empty_cfg.

Referenced by as_unload().

◆ as_copy_cfg_common()

int as_copy_cfg_common ( const char *  id,
struct attestation_cfg_common cfg_dst,
struct attestation_cfg_common cfg_src 
)

Definition at line 105 of file attestation_config.c.

107{
108 int rc = 0;
109
110 if (!cfg_dst || !cfg_src) {
111 return -1;
112 }
113
114 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, private_key_file);
115 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, public_cert_url);
116
117 cfg_enum_copy(cfg_dst, cfg_src, attest_level);
118 cfg_enum_copy(cfg_dst, cfg_src, check_tn_cert_public_url);
119 cfg_enum_copy(cfg_dst, cfg_src, send_mky);
120
121 if (cfg_src->raw_key) {
122 /* Free and overwrite the destination */
123 ao2_cleanup(cfg_dst->raw_key);
124 cfg_dst->raw_key = ao2_bump(cfg_src->raw_key);
125 cfg_dst->raw_key_length = cfg_src->raw_key_length;
126 }
127
128 return rc;
129}
#define ao2_bump(obj)
Bump refcount on an AO2 object by one, returning the object.
Definition: astobj2.h:480
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
cfg_copy_wrapper
#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)
cfg_enum_copy

References ao2_bump, ao2_cleanup, cfg_enum_copy, cfg_sf_copy_wrapper, attestation_cfg_common::raw_key, and attestation_cfg_common::raw_key_length.

Referenced by create_effective_profile(), and tn_get_etn().

◆ as_get_cfg()

struct attestation_cfg * as_get_cfg ( void  )

Definition at line 38 of file attestation_config.c.

39{
42 if (cfg) {
43 return cfg;
44 }
45
46 return empty_cfg ? ao2_bump(empty_cfg) : NULL;
47}
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Definition: sorcery.c:1853

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), attestation_show(), and create_effective_profile().

◆ as_is_config_loaded()

int as_is_config_loaded ( void  )

Definition at line 49 of file attestation_config.c.

50{
53 ao2_cleanup(cfg);
54
55 return !!cfg;
56}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by as_config_load(), and as_config_reload().

◆ canonicalize_tn()

char * canonicalize_tn ( const char *  tn,
char *  dest_tn 
)

Canonicalize a TN.

Parameters
tnTN to canonicalize
dest_tnPointer to destination buffer to receive the new TN
Return values
dest_tnor NULL on failure

Definition at line 357 of file common_config.c.

358{
359 int i;
360 const char *s = tn;
361 size_t len = tn ? strlen(tn) : 0;
362 char *new_tn = dest_tn;
363 SCOPE_ENTER(3, "tn: %s\n", S_OR(tn, "(null)"));
364
365 if (ast_strlen_zero(tn)) {
366 *dest_tn = '\0';
367 SCOPE_EXIT_RTN_VALUE(NULL, "Empty TN\n");
368 }
369
370 if (!dest_tn) {
371 SCOPE_EXIT_RTN_VALUE(NULL, "No destination buffer\n");
372 }
373
374 for (i = 0; i < len; i++) {
375 if (isdigit(*s) || *s == '#' || *s == '*') { /* Only characters allowed */
376 *new_tn++ = *s;
377 }
378 s++;
379 }
380 *new_tn = '\0';
381 SCOPE_EXIT_RTN_VALUE(dest_tn, "Canonicalized '%s' -> '%s'\n", tn, dest_tn);
382}
static int len(struct ast_channel *chan, const char *cmd, char *data, char *buf, size_t buflen)
#define S_OR(a, b)
returns the equivalent of logic or for strings: first one if not empty, otherwise second one.
Definition: strings.h:80

References ast_strlen_zero(), len(), NULL, S_OR, SCOPE_ENTER, and SCOPE_EXIT_RTN_VALUE.

Referenced by canonicalize_tn_alloc().

◆ canonicalize_tn_alloc()

char * canonicalize_tn_alloc ( const char *  tn)

Canonicalize a TN into nre buffer.

Parameters
tnTN to canonicalize
Return values
dest_tn(which must be freed with ast_free) or NULL on failure

Definition at line 384 of file common_config.c.

385{
386 char *canon_tn = ast_strlen_zero(tn) ? NULL : ast_malloc(strlen(tn) + 1);
387 if (!canon_tn) {
388 return NULL;
389 }
390 return canonicalize_tn(tn, canon_tn);
391}
#define ast_malloc(len)
A wrapper for malloc()
Definition: astmm.h:191
char * canonicalize_tn(const char *tn, char *dest_tn)
Canonicalize a TN.

References ast_malloc, ast_strlen_zero(), canonicalize_tn(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), and ast_stir_shaken_vs_ctx_create().

◆ common_config_load()

int common_config_load ( void  )

Definition at line 311 of file common_config.c.

312{
313 SCOPE_ENTER(2, "Stir Shaken Load\n");
314
315 if (!(sorcery = ast_sorcery_open())) {
317 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken sorcery load failed\n");
318 }
319
320 if (vs_load()) {
322 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS load failed\n");
323 }
324
325 if (as_load()) {
327 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS load failed\n");
328 }
329
330 if (tn_config_load()) {
332 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN load failed\n");
333 }
334
335 if (profile_load()) {
337 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken profile load failed\n");
338 }
339
345 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken acl change subscribe failed\n");
346 }
349 }
350
351 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Load Done\n");
352}
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
int as_load()
Load the stir/shaken attestation service.
Definition: attestation.c:439
int common_config_unload(void)
struct stasis_subscription * named_acl_changed_sub
Definition: common_config.c:32
static void named_acl_changed_cb(void *data, struct stasis_subscription *sub, struct stasis_message *message)
static struct ast_sorcery * sorcery
Definition: common_config.c:31
int profile_load(void)
int tn_config_load(void)
Definition: tn_config.c:258
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70
@ AST_MODULE_LOAD_DECLINE
Module has failed to load, may be in an inconsistent state.
Definition: module.h:78
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
#define ast_sorcery_open()
Open a new sorcery structure.
Definition: sorcery.h:406
int stasis_subscription_accept_message_type(struct stasis_subscription *subscription, const struct stasis_message_type *type)
Indicate to a subscription that we are interested in a message type.
Definition: stasis.c:1023
#define stasis_subscribe(topic, callback, data)
Definition: stasis.h:649
int vs_load()
Load the stir/shaken verification service.

References as_load(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), ast_security_topic(), ast_sorcery_open, common_config_unload(), named_acl_changed_cb(), named_acl_changed_sub, NULL, profile_load(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, sorcery, stasis_subscribe, stasis_subscription_accept_message_type(), tn_config_load(), and vs_load().

Referenced by load_module().

◆ common_config_reload()

int common_config_reload ( void  )

Definition at line 262 of file common_config.c.

263{
264 SCOPE_ENTER(2, "Stir Shaken Reload\n");
265 if (vs_reload()) {
266 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken VS Reload failed\n");
267 }
268
269 if (as_reload()) {
270 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken AS Reload failed\n");
271 }
272
273 if (tn_config_reload()) {
274 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken TN Reload failed\n");
275 }
276
277 if (profile_reload()) {
278 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_DECLINE, "Stir Shaken Profile Reload failed\n");
279 }
280
281 SCOPE_EXIT_RTN_VALUE(AST_MODULE_LOAD_SUCCESS, "Stir Shaken Reload Done\n");
282}
int as_reload()
Load the stir/shaken attestation service.
Definition: attestation.c:426
int tn_config_reload(void)
Definition: tn_config.c:243
int profile_reload(void)
int vs_reload()
Reload the stir/shaken verification service.

References as_reload(), AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, profile_reload(), SCOPE_ENTER, SCOPE_EXIT_RTN_VALUE, tn_config_reload(), and vs_reload().

Referenced by named_acl_changed_cb(), and reload_module().

◆ common_config_unload()

int common_config_unload ( void  )

Definition at line 284 of file common_config.c.

285{
288 as_unload();
289 vs_unload();
290
294 }
296 sorcery = NULL;
297
298 return 0;
299}
int as_unload()
Load the stir/shaken attestation service.
Definition: attestation.c:433
int profile_unload(void)
int tn_config_unload(void)
Definition: tn_config.c:250
#define ast_sorcery_unref(sorcery)
Decrease the reference count of a sorcery structure.
Definition: sorcery.h:1500
struct stasis_subscription * stasis_unsubscribe(struct stasis_subscription *subscription)
Cancel a subscription.
Definition: stasis.c:971
int vs_unload()
Unload the stir/shaken verification service.

References as_unload(), ast_sorcery_unref, named_acl_changed_sub, NULL, profile_unload(), sorcery, stasis_unsubscribe(), tn_config_unload(), and vs_unload().

Referenced by common_config_load(), and unload_module().

◆ config_object_cli_show()

int config_object_cli_show ( void *  obj,
void *  arg,
void *  data,
int  flags 
)

Output configuration settings to the Asterisk CLI.

Parameters
objA sorcery object containing configuration data
argAsterisk CLI argument object
flagsao2 container flags
Return values
0

Definition at line 171 of file common_config.c.

172{
173 struct ast_cli_args *a = arg;
174 struct config_object_cli_data *cli_data = data;
175 struct ast_variable *options;
176 struct ast_variable *i;
177 const char *title = NULL;
178 const char *cfg_name = NULL;
179 int max_name_len = 0;
180
181 if (!obj) {
182 ast_cli(a->fd, "No stir/shaken configuration found\n");
183 return 0;
184 }
185
186 if (!ast_strlen_zero(cli_data->title)) {
187 title = cli_data->title;
188 } else {
189 title = ast_sorcery_object_get_type(obj);
190 }
191 max_name_len = strlen(title);
192
194 || cli_data->object_type == config_object_type_tn) {
195 cfg_name = ast_sorcery_object_get_id(obj);
196 max_name_len += strlen(cfg_name) + 2 /* ": " */;
197 }
198
201 if (!options) {
202 return 0;
203 }
204
205 for (i = options; i; i = i->next) {
206 int nlen = strlen(i->name);
207 max_name_len = (nlen > max_name_len) ? nlen : max_name_len;
208 }
209
210 ast_cli(a->fd, "\n==============================================================================\n");
211 if (ast_strlen_zero(cfg_name)) {
212 ast_cli(a->fd, "%s\n", title);
213 } else {
214 ast_cli(a->fd, "%s: %s\n", title, cfg_name);
215 }
216 ast_cli(a->fd, "------------------------------------------------------------------------------\n");
217
218 for (i = options; i; i = i->next) {
219 if (!ast_strings_equal(i->name, "x5u_acl")) {
220 ast_cli(a->fd, "%-*s: %s\n", max_name_len, i->name,
222 }
223 }
224
226
227 if (cli_data->object_type == config_object_type_profile) {
228 struct profile_cfg *cfg = obj;
229 print_acl_cert_store(cfg, a, max_name_len);
230 } else if (cli_data->object_type == config_object_type_verification) {
231 struct verification_cfg *cfg = obj;
232 print_acl_cert_store(cfg, a, max_name_len);
233 }
234 ast_cli(a->fd, "---------------------------------------------\n\n"); \
235
236 return 0;
237}
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
static const char * translate_value(const char *val)
#define print_acl_cert_store(cfg, a, max_name_len)
struct ast_variable * ast_variable_list_sort(struct ast_variable *head)
Performs an in-place sort on the variable list by ascending name.
Definition: main/config.c:620
void ast_variables_destroy(struct ast_variable *var)
Free variable list.
Definition: extconf.c:1262
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2317
const char * ast_sorcery_object_get_type(const void *object)
Get the type of a sorcery object.
Definition: sorcery.c:2329
@ AST_HANDLER_ONLY_STRING
Use string handler only.
Definition: sorcery.h:137
struct ast_variable * ast_sorcery_objectset_create2(const struct ast_sorcery *sorcery, const void *object, enum ast_sorcery_field_handler_flags flags)
Create an object set (KVP list) for an object.
Definition: sorcery.c:1511
int ast_strings_equal(const char *str1, const char *str2)
Compare strings for equality checking for NULL.
Definition: strings.c:238
Structure for variables, used for configurations and for channel variables.
struct ast_variable * next
enum config_object_type object_type
Profile configuration for stir/shaken.
static struct test_options options
static struct test_val a

References a, ast_cli(), AST_HANDLER_ONLY_STRING, ast_sorcery_object_get_id(), ast_sorcery_object_get_type(), ast_sorcery_objectset_create2(), ast_strings_equal(), ast_strlen_zero(), ast_variable_list_sort(), ast_variables_destroy(), config_object_type_profile, config_object_type_tn, config_object_type_verification, get_sorcery(), ast_variable::name, ast_variable::next, NULL, config_object_cli_data::object_type, options, print_acl_cert_store, config_object_cli_data::title, translate_value(), and ast_variable::value.

Referenced by attestation_show(), cli_eprofile_show(), cli_eprofile_show_all(), cli_profile_show(), cli_profile_show_all(), cli_tn_show(), cli_tn_show_all(), and cli_verification_show().

◆ config_object_tab_complete_name()

char * config_object_tab_complete_name ( const char *  word,
struct ao2_container container 
)

Tab completion for name matching with STIR/SHAKEN CLI commands.

Parameters
wordThe word to tab complete on
containerThe sorcery container to iterate through
Return values
Thetab completion options

Definition at line 239 of file common_config.c.

240{
241 void *obj;
242 struct ao2_iterator it;
243 int wordlen = strlen(word);
244 int ret;
245
247 while ((obj = ao2_iterator_next(&it))) {
248 if (!strncasecmp(word, ast_sorcery_object_get_id(obj), wordlen)) {
250 if (ret) {
251 ao2_ref(obj, -1);
252 break;
253 }
254 }
255 ao2_ref(obj, -1);
256 }
258
259 return NULL;
260}
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:241
#define ao2_iterator_next(iter)
Definition: astobj2.h:1911
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition: main/cli.c:2761
short word
struct ao2_container * container
Definition: res_fax.c:501
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1821

References ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_sorcery_object_get_id(), ast_strdup, container, and NULL.

Referenced by cli_eprofile_show(), cli_profile_show(), and cli_tn_show().

◆ eprofile_get_cfg()

struct profile_cfg * eprofile_get_cfg ( const char *  id)

Definition at line 123 of file profile_config.c.

124{
125 if (ast_strlen_zero(id)) {
126 return NULL;
127 }
128 return ast_sorcery_retrieve_by_id(get_sorcery(), "eprofile", id);
129}

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), get_sorcery(), and NULL.

Referenced by ast_stir_shaken_as_ctx_create(), ast_stir_shaken_vs_ctx_create(), and cli_eprofile_show().

◆ generate_bool_string_prototypes() [1/6]

generate_bool_string_prototypes ( check_tn_cert_public_url  )

◆ generate_bool_string_prototypes() [2/6]

generate_bool_string_prototypes ( load_system_certs  )

◆ generate_bool_string_prototypes() [3/6]

generate_bool_string_prototypes ( relax_x5u_path_restrictions  )

◆ generate_bool_string_prototypes() [4/6]

generate_bool_string_prototypes ( relax_x5u_port_scheme_restrictions  )

◆ generate_bool_string_prototypes() [5/6]

generate_bool_string_prototypes ( send_mky  )

◆ generate_bool_string_prototypes() [6/6]

generate_bool_string_prototypes ( use_rfc9410_responses  )

◆ generate_enum_string_prototypes() [1/2]

generate_enum_string_prototypes ( attest_level  ,
attest_level_UNKNOWN  = -1,
attest_level_A  = 0,
attest_level_B  ,
attest_level_C  ,
attest_level_NOT_SET   
)

◆ generate_enum_string_prototypes() [2/2]

generate_enum_string_prototypes ( endpoint_behavior  ,
endpoint_behavior_UNKNOWN  = -1,
endpoint_behavior_OFF  = 0,
endpoint_behavior_ATTEST  ,
endpoint_behavior_VERIFY  ,
endpoint_behavior_ON  ,
endpoint_behavior_NOT_SET   
)

◆ get_default_acl_list()

struct ast_acl_list * get_default_acl_list ( void  )

◆ profile_get_cfg()

struct profile_cfg * profile_get_cfg ( const char *  id)

Definition at line 109 of file profile_config.c.

110{
111 if (ast_strlen_zero(id)) {
112 return NULL;
113 }
115}
#define CONFIG_TYPE

References ast_sorcery_retrieve_by_id(), ast_strlen_zero(), CONFIG_TYPE, get_sorcery(), and NULL.

Referenced by cli_profile_show().

◆ profile_load()

int profile_load ( void  )

Definition at line 426 of file profile_config.c.

427{
428 struct ast_sorcery *sorcery = get_sorcery();
429 enum ast_sorcery_apply_result apply_rc;
430
431 /*
432 * eprofile MUST be registered first because profile needs it.
433 */
434 apply_rc = ast_sorcery_apply_default(sorcery, "eprofile", "memory", NULL);
435 if (apply_rc != AST_SORCERY_APPLY_SUCCESS) {
436 abort();
437 }
440 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", "eprofile");
441 return -1;
442 }
443
444 ast_sorcery_object_field_register_nodoc(sorcery, "eprofile", "type", "", OPT_NOOP_T, 0, 0);
445 enum_option_register(sorcery, "eprofile", endpoint_behavior, _nodoc);
448
449 /*
450 * Now we can do profile
451 */
452 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=profile");
455 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
456 return -1;
457 }
458
460 enum_option_register(sorcery, CONFIG_TYPE, endpoint_behavior,);
463
465 ast_sorcery_load_object(sorcery, "eprofile");
466
469
470 return 0;
471}
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
#define enum_option_register(sorcery, CONFIG_TYPE, name, nodoc)
static int eprofile_apply(const struct ast_sorcery *sorcery, void *obj)
static void * profile_alloc(const char *name)
static struct ast_cli_entry stir_shaken_profile_cli[]
static int profile_apply(const struct ast_sorcery *sorcery, void *obj)
#define ast_sorcery_internal_object_register(sorcery, type, alloc, transform, apply)
Register an internal, hidden object type.
Definition: sorcery.h:867
ast_sorcery_apply_result
Definition: sorcery.h:423
@ AST_SORCERY_APPLY_SUCCESS
Definition: sorcery.h:427

References ARRAY_LEN, ast_cli_register_multiple, ast_log, ast_sorcery_apply_default, AST_SORCERY_APPLY_SUCCESS, ast_sorcery_internal_object_register, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, enum_option_register, eprofile_apply(), get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, profile_alloc(), profile_apply(), register_common_attestation_fields, register_common_verification_fields, sorcery, and stir_shaken_profile_cli.

Referenced by common_config_load().

◆ profile_reload()

int profile_reload ( void  )

◆ profile_unload()

int profile_unload ( void  )

◆ stir_shaken_failure_action_from_str()

enum stir_shaken_failure_action_enum stir_shaken_failure_action_from_str ( const char *  action_str)

◆ stir_shaken_failure_action_to_str()

const char * stir_shaken_failure_action_to_str ( enum stir_shaken_failure_action_enum  action)

◆ tn_config_load()

int tn_config_load ( void  )

Definition at line 258 of file tn_config.c.

259{
260 struct ast_sorcery *sorcery = get_sorcery();
261
262 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config", "stir_shaken.conf,criteria=type=tn");
263
265 NULL, tn_apply)) {
266 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
268 }
269
271 OPT_NOOP_T, 0, 0);
272
274
276
279
281}
TN configuration for stir/shaken.
static struct ast_cli_entry stir_shaken_certificate_cli[]
Definition: tn_config.c:238
static void * tn_alloc(const char *name)
Definition: tn_config.c:84
#define CONFIG_TYPE
Definition: tn_config.c:29
static int tn_apply(const struct ast_sorcery *sorcery, void *obj)
Definition: tn_config.c:154

References ARRAY_LEN, ast_cli_register_multiple, ast_log, AST_MODULE_LOAD_DECLINE, AST_MODULE_LOAD_SUCCESS, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_register, CONFIG_TYPE, get_sorcery(), LOG_ERROR, NULL, OPT_NOOP_T, register_common_attestation_fields, sorcery, stir_shaken_certificate_cli, tn_alloc(), and tn_apply().

Referenced by common_config_load().

◆ tn_config_reload()

int tn_config_reload ( void  )

◆ tn_config_unload()

int tn_config_unload ( void  )

◆ tn_get_cfg()

struct tn_cfg * tn_get_cfg ( const char *  tn)

Definition at line 37 of file tn_config.c.

References ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_tn_show().

◆ tn_get_etn()

struct tn_cfg * tn_get_etn ( const char *  tn,
struct profile_cfg eprofile 
)

Definition at line 116 of file tn_config.c.

117{
118 RAII_VAR(struct tn_cfg *, tn,
121 struct tn_cfg *etn = etn_alloc(id);
122 int rc = 0;
123
124 if (!tn || !eprofile || !etn) {
125 ao2_cleanup(etn);
126 return NULL;
127 }
128
129 /* Initialize with the acfg from the eprofile first */
130 rc = as_copy_cfg_common(id, &etn->acfg_common,
131 &eprofile->acfg_common);
132 if (rc != 0) {
133 ao2_cleanup(etn);
134 return NULL;
135 }
136
137 /* Overwrite with anything in the TN itself */
138 rc = as_copy_cfg_common(id, &etn->acfg_common,
139 &tn->acfg_common);
140 if (rc != 0) {
141 ao2_cleanup(etn);
142 return NULL;
143 }
144
145 /*
146 * Unlike profile, we're not going to actually add a
147 * new object to sorcery because, although unlikely,
148 * the same TN could be used with multiple profiles.
149 */
150
151 return etn;
152}
int as_copy_cfg_common(const char *id, struct attestation_cfg_common *cfg_dst, struct attestation_cfg_common *cfg_src)
struct attestation_cfg_common acfg_common
struct attestation_cfg_common acfg_common
static void * etn_alloc(const char *name)
Definition: tn_config.c:100

References profile_cfg::acfg_common, tn_cfg::acfg_common, ao2_cleanup, as_copy_cfg_common(), ast_sorcery_retrieve_by_id(), CONFIG_TYPE, etn_alloc(), get_sorcery(), NULL, RAII_VAR, and S_OR.

Referenced by ast_stir_shaken_as_ctx_create().

◆ vcfg_cleanup()

void vcfg_cleanup ( struct verification_cfg_common cfg)

Definition at line 71 of file verification_config.c.

72{
73 if (!vcfg_common) {
74 return;
75 }
77 if (vcfg_common->tcs) {
78 crypto_free_cert_store(vcfg_common->tcs);
79 }
80 ast_free_acl_list(vcfg_common->acl);
81}
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl)
Free a list of ACLs.
Definition: acl.c:233
#define crypto_free_cert_store(store)
Free an X509 store.
Definition: crypto_utils.h:180

References verification_cfg_common::acl, ast_free_acl_list(), ast_string_field_free_memory, crypto_free_cert_store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_destructor(), and verification_destructor().

◆ vs_check_common_config()

int vs_check_common_config ( const char *  id,
struct verification_cfg_common vcfg_common 
)

Definition at line 158 of file verification_config.c.

160{
161 SCOPE_ENTER(3, "%s: Checking common config\n", id);
162
163 if (!ast_strlen_zero(vcfg_common->ca_file)
164 && !ast_file_is_readable(vcfg_common->ca_file)) {
166 "%s: ca_file '%s' not found, or is unreadable\n",
167 id, vcfg_common->ca_file);
168 }
169
170 if (!ast_strlen_zero(vcfg_common->ca_path)
171 && !ast_file_is_readable(vcfg_common->ca_path)) {
173 "%s: ca_path '%s' not found, or is unreadable\n",
174 id, vcfg_common->ca_path);
175 }
176
177 if (!ast_strlen_zero(vcfg_common->crl_file)
178 && !ast_file_is_readable(vcfg_common->crl_file)) {
180 "%s: crl_file '%s' not found, or is unreadable\n",
181 id, vcfg_common->crl_file);
182 }
183
184 if (!ast_strlen_zero(vcfg_common->crl_path)
185 && !ast_file_is_readable(vcfg_common->crl_path)) {
187 "%s: crl_path '%s' not found, or is unreadable\n",
188 id, vcfg_common->crl_path);
189 }
190
191 if (!ast_strlen_zero(vcfg_common->ca_file)
192 || !ast_strlen_zero(vcfg_common->ca_path)) {
193 int rc = 0;
194
195 if (!vcfg_common->tcs) {
196 vcfg_common->tcs = crypto_create_cert_store();
197 if (!vcfg_common->tcs) {
199 "%s: Unable to create CA cert store\n", id);
200 }
201 }
202 rc = crypto_load_cert_store(vcfg_common->tcs,
203 vcfg_common->ca_file, vcfg_common->ca_path);
204 if (rc != 0) {
206 "%s: Unable to load CA cert store from '%s' or '%s'\n",
207 id, vcfg_common->ca_file, vcfg_common->ca_path);
208 }
209 }
210
211 if (!ast_strlen_zero(vcfg_common->crl_file)
212 || !ast_strlen_zero(vcfg_common->crl_path)) {
213 int rc = 0;
214
215 if (!vcfg_common->tcs) {
216 vcfg_common->tcs = crypto_create_cert_store();
217 if (!vcfg_common->tcs) {
219 "%s: Unable to create CA cert store\n", id);
220 }
221 }
222 rc = crypto_load_cert_store(vcfg_common->tcs,
223 vcfg_common->crl_file, vcfg_common->crl_path);
224 if (rc != 0) {
226 "%s: Unable to load CA CRL store from '%s' or '%s'\n",
227 id, vcfg_common->crl_file, vcfg_common->crl_path);
228 }
229 }
230
231 if (vcfg_common->tcs) {
232 if (ENUM_BOOL(vcfg_common->load_system_certs, load_system_certs)) {
233 X509_STORE_set_default_paths(vcfg_common->tcs->store);
234 }
235
236 if (!ast_strlen_zero(vcfg_common->crl_file)
237 || !ast_strlen_zero(vcfg_common->crl_path)) {
238 X509_STORE_set_flags(vcfg_common->tcs->store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
239 }
240 }
241
242 if (!ast_strlen_zero(vcfg_common->cert_cache_dir)) {
243 FILE *fp;
244 char *testfile;
245
246 if (ast_asprintf(&testfile, "%s/testfile", vcfg_common->cert_cache_dir) <= 0) {
248 "%s: Unable to allocate memory for testfile\n", id);
249 }
250
251 fp = fopen(testfile, "w+");
252 if (!fp) {
253 ast_free(testfile);
255 "%s: cert_cache_dir '%s' was not writable\n",
256 id, vcfg_common->cert_cache_dir);
257 }
258 fclose(fp);
259 remove(testfile);
260 ast_free(testfile);
261 }
262
263 SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
264}
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
Definition: astmm.h:267
struct crypto_cert_store * crypto_create_cert_store(void)
Create an empty X509 store.
Definition: crypto_utils.c:315
int crypto_load_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with either certificates or CRLs.
Definition: crypto_utils.c:333
#define remove
X509_STORE * store
Definition: crypto_utils.h:171
struct crypto_cert_store * tcs
const ast_string_field cert_cache_dir
const ast_string_field ca_path
const ast_string_field crl_file
const ast_string_field crl_path
enum load_system_certs_enum load_system_certs
const ast_string_field ca_file

References ast_asprintf, ast_file_is_readable(), ast_free, ast_strlen_zero(), verification_cfg_common::ca_file, verification_cfg_common::ca_path, verification_cfg_common::cert_cache_dir, verification_cfg_common::crl_file, verification_cfg_common::crl_path, crypto_create_cert_store(), crypto_load_cert_store(), ENUM_BOOL, verification_cfg_common::load_system_certs, LOG_ERROR, remove, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, crypto_cert_store::store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_apply(), and verification_apply().

◆ vs_config_load()

int vs_config_load ( void  )

Definition at line 398 of file verification_config.c.

399{
400 struct ast_sorcery *sorcery = get_sorcery();
401
402 snprintf(DEFAULT_cert_cache_dir, sizeof(DEFAULT_cert_cache_dir), "%s/keys/%s/cache",
404
406 "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
407
410 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
411 return -1;
412 }
413
415 OPT_NOOP_T, 0, 0);
416
418 DEFAULT_global_disable ? "yes" : "no",
419 OPT_YESNO_T, 1, FLDSET(struct verification_cfg, global_disable));
420
422
424
425 if (!vs_is_config_loaded()) {
426 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
427 }
428 if (!empty_cfg) {
430 if (!empty_cfg) {
431 return -1;
432 }
434 }
435
438
439 return 0;
440}
const char * ast_config_AST_DATA_DIR
Definition: options.c:158
static int verification_apply(const struct ast_sorcery *sorcery, void *obj)
static struct ast_cli_entry verification_cli[]
int vs_is_config_loaded(void)
#define STIR_SHAKEN_DIR_NAME
static void * verification_alloc(const char *name)
static char DEFAULT_cert_cache_dir[PATH_MAX]
#define DEFAULT_global_disable
static struct verification_cfg * empty_cfg
#define CONFIG_TYPE

References ARRAY_LEN, ast_cli_register_multiple, ast_config_AST_DATA_DIR, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, DEFAULT_cert_cache_dir, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), verification_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_verification_fields, sorcery, STIR_SHAKEN_DIR_NAME, verification_alloc(), verification_apply(), verification_cli, and vs_is_config_loaded().

Referenced by vs_load().

◆ vs_config_reload()

int vs_config_reload ( void  )

Definition at line 370 of file verification_config.c.

371{
372 struct ast_sorcery *sorcery = get_sorcery();
374
375 if (!vs_is_config_loaded()) {
376 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
377 }
378 if (!empty_cfg) {
380 if (!empty_cfg) {
381 return -1;
382 }
384 }
385
386 return 0;
387}

References ast_log, ast_sorcery_force_reload_object(), CONFIG_TYPE, empty_cfg, get_sorcery(), verification_cfg::global_disable, LOG_WARNING, sorcery, verification_alloc(), and vs_is_config_loaded().

Referenced by vs_reload().

◆ vs_config_unload()

int vs_config_unload ( void  )

◆ vs_copy_cfg_common()

int vs_copy_cfg_common ( const char *  id,
struct verification_cfg_common cfg_dst,
struct verification_cfg_common cfg_src 
)

Definition at line 118 of file verification_config.c.

120{
121 int rc = 0;
122
123 if (!cfg_dst || !cfg_src) {
124 return -1;
125 }
126
127 if (!cfg_dst->tcs && cfg_src->tcs) {
128 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_file);
129 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_path);
130 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_file);
131 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_path);
132 ao2_bump(cfg_src->tcs);
133 cfg_dst->tcs = cfg_src->tcs;
134 }
135
136 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, cert_cache_dir);
137
138 cfg_uint_copy(cfg_dst, cfg_src, curl_timeout);
139 cfg_uint_copy(cfg_dst, cfg_src, max_iat_age);
140 cfg_uint_copy(cfg_dst, cfg_src, max_date_header_age);
141 cfg_uint_copy(cfg_dst, cfg_src, max_cache_entry_age);
142 cfg_uint_copy(cfg_dst, cfg_src, max_cache_size);
143
144 cfg_enum_copy(cfg_dst, cfg_src, stir_shaken_failure_action);
145 cfg_enum_copy(cfg_dst, cfg_src, use_rfc9410_responses);
146 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
147 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
148 cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
149
150 if (cfg_src->acl) {
151 ast_free_acl_list(cfg_dst->acl);
152 cfg_dst->acl = ast_duplicate_acl_list(cfg_src->acl);
153 }
154
155 return rc;
156}
struct ast_acl_list * ast_duplicate_acl_list(struct ast_acl_list *original)
Duplicates the contests of a list of lists of host access rules.
Definition: acl.c:315
#define cfg_uint_copy(__cfg_dst, __cfg_src, __field)
cfg_uint_copy
struct ast_acl_list * acl

References verification_cfg_common::acl, ao2_bump, ast_duplicate_acl_list(), ast_free_acl_list(), cfg_enum_copy, cfg_sf_copy_wrapper, cfg_uint_copy, and verification_cfg_common::tcs.

Referenced by create_effective_profile().

◆ vs_get_cfg()

struct verification_cfg * vs_get_cfg ( void  )

◆ vs_is_config_loaded()

int vs_is_config_loaded ( void  )

Definition at line 60 of file verification_config.c.

61{
64 ao2_cleanup(cfg);
65
66 return !!cfg;
67}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by vs_config_load(), and vs_config_reload().