Asterisk - The Open Source Telephony Project GIT-master-f36a736
Data Structures | Macros | Enumerations | Functions
acl.h File Reference

Access Control of various sorts. More...

#include "asterisk/network.h"
#include "asterisk/linkedlists.h"
#include "asterisk/netsock2.h"
#include "asterisk/io.h"
Include dependency graph for acl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ast_acl
 an ast_acl is a linked list node of ast_ha structs which may have names. More...
 
struct  ast_acl_list
 Wrapper for an ast_acl linked list. More...
 
struct  ast_ha
 internal representation of ACL entries In principle user applications would have no need for this, but there is sometimes a need to extract individual items, e.g. to print them, and rather than defining iterators to navigate the list, and an externally visible 'struct ast_ha_entry', at least in the short term it is more convenient to make the whole thing public and let users play with them. More...
 

Macros

#define ACL_NAME_LENGTH   80
 

Enumerations

enum  ast_acl_sense { AST_SENSE_DENY , AST_SENSE_ALLOW }
 

Functions

int ast_acl_list_is_empty (struct ast_acl_list *acl_list)
 Determines if an ACL is empty or if it contains entries. More...
 
void ast_acl_output (int fd, struct ast_acl_list *acl, const char *prefix)
 output an ACL to the provided fd More...
 
void ast_append_acl (const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag)
 Add a rule to an ACL struct. More...
 
struct ast_haast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule to a list of HAs. More...
 
struct ast_haast_append_ha_with_port (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule with optional port to a list of HAs. More...
 
enum ast_acl_sense ast_apply_acl (struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose)
 Apply a set of rules to a given IP address. More...
 
enum ast_acl_sense ast_apply_acl_nolog (struct ast_acl_list *acl_list, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address, don't log failure. More...
 
enum ast_acl_sense ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address. More...
 
void ast_copy_ha (const struct ast_ha *from, struct ast_ha *to)
 Copy the contents of one HA to another. More...
 
struct ast_acl_listast_duplicate_acl_list (struct ast_acl_list *original)
 Duplicates the contests of a list of lists of host access rules. More...
 
struct ast_haast_duplicate_ha_list (struct ast_ha *original)
 Duplicate the contents of a list of host access rules. More...
 
int ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
 Find our IP address. More...
 
struct ast_acl_listast_free_acl_list (struct ast_acl_list *acl)
 Free a list of ACLs. More...
 
void ast_free_ha (struct ast_ha *ha)
 Free a list of HAs. More...
 
int ast_get_ip (struct ast_sockaddr *addr, const char *hostname)
 Get the IP address given a hostname. More...
 
int ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service)
 Get the IP address given a hostname and optional service. More...
 
int ast_get_ip_or_srv_with_preference (struct ast_sockaddr *addr, const char *hostname, const char *service, struct ast_sockaddr *preference)
 Get the IP address given a hostname and optional service with a preferred result. More...
 
void ast_ha_join (const struct ast_ha *ha, struct ast_str **buf)
 Convert HAs to a comma separated string value. More...
 
void ast_ha_join_cidr (const struct ast_ha *ha, struct ast_str **buf)
 Convert HAs to a comma separated string value using CIDR notation. More...
 
void ast_ha_output (int fd, const struct ast_ha *ha, const char *prefix)
 output an HA to the provided fd More...
 
int ast_lookup_iface (char *iface, struct ast_sockaddr *address)
 Find an IP address associated with a specific interface. More...
 
struct stasis_message_typeast_named_acl_change_type (void)
 a stasis_message_type for changes against a named ACL or the set of all named ACLs More...
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL. More...
 
int ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us)
 Get our local IP address when contacting a remote host. More...
 
int ast_str2cos (const char *value, unsigned int *cos)
 Convert a string to the appropriate COS value. More...
 
int ast_str2tos (const char *value, unsigned int *tos)
 Convert a string to the appropriate TOS value. More...
 
const char * ast_tos2str (unsigned int tos)
 Convert a TOS value into its string representation. More...
 

Detailed Description

Access Control of various sorts.

Definition in file acl.h.

Macro Definition Documentation

◆ ACL_NAME_LENGTH

#define ACL_NAME_LENGTH   80

Definition at line 59 of file acl.h.

Enumeration Type Documentation

◆ ast_acl_sense

Enumerator
AST_SENSE_DENY 
AST_SENSE_ALLOW 

Definition at line 36 of file acl.h.

36 {
39};
@ AST_SENSE_ALLOW
Definition: acl.h:38
@ AST_SENSE_DENY
Definition: acl.h:37

Function Documentation

◆ ast_acl_list_is_empty()

int ast_acl_list_is_empty ( struct ast_acl_list acl_list)

Determines if an ACL is empty or if it contains entries.

Parameters
acl_listThe ACL list being checked
Return values
0the list is not empty
1the list is empty

Definition at line 540 of file acl.c.

541{
542 struct ast_acl *head;
543
544 if (!acl_list) {
545 return 1;
546 }
547
548 AST_LIST_LOCK(acl_list);
549 head = AST_LIST_FIRST(acl_list);
550 AST_LIST_UNLOCK(acl_list);
551
552 if (head) {
553 return 0;
554 }
555
556 return 1;
557}
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
#define AST_LIST_FIRST(head)
Returns the first entry contained in a list.
Definition: linkedlists.h:421
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67

References AST_LIST_FIRST, AST_LIST_LOCK, and AST_LIST_UNLOCK.

Referenced by acl_to_str(), apply_acl(), apply_contact_acl(), apply_endpoint_acl(), apply_endpoint_contact_acl(), contact_acl_to_str(), curl_open_socket_cb(), handle_cli_iax2_show_peer(), handle_cli_iax2_show_users(), and handle_showmanager().

◆ ast_acl_output()

void ast_acl_output ( int  fd,
struct ast_acl_list acl,
const char *  prefix 
)

output an ACL to the provided fd

This function can be used centrally to output HAs as used in ACLs from other modules. It follows the format as originally used for named ACLs in named_acl.c.

Parameters
fdThe file-descriptor to which to output the ACL.
aclThe ACL to output.
prefixIf you need a specific prefix output on each line, give it here, may be NULL.
Since
13.33.0, 16.10.0, 17.4.0

Definition at line 1115 of file acl.c.

1116{
1117 struct ast_acl *acl;
1118
1119 AST_LIST_LOCK(acl_list);
1120 AST_LIST_TRAVERSE(acl_list, acl, list) {
1121 ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",
1122 prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,
1123 acl->is_realtime ? " (realtime)" : "");
1124
1125 ast_ha_output(fd, acl->acl, prefix);
1126 }
1127 AST_LIST_UNLOCK(acl_list);
1128
1129}
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1103
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
static char prefix[MAX_PREFIX]
Definition: http.c:144
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
Definition: test_acl.c:111
struct ast_ha * acl
Definition: acl.h:68
struct ast_acl::@180 list

References ast_acl::acl, ast_cli(), ast_ha_output(), AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_strlen_zero(), ast_acl::list, and prefix.

Referenced by handle_showmanager().

◆ ast_append_acl()

void ast_append_acl ( const char *  sense,
const char *  stuff,
struct ast_acl_list **  path,
int *  error,
int *  named_acl_flag 
)

Add a rule to an ACL struct.

This adds a named ACL or an ACL rule to an ast_acl container. It works in a similar way to ast_append_ha.

Parameters
senseCan be any among "permit", "deny", or "acl" this controls whether the rule being added will simply modify the unnamed ACL at the head of the list or if a new named ACL will be added to that ast_acl.
stuffIf sense is 'permit'/'deny', this is the ip address and subnet mask separated with a '/' like in ast_append ha. If it sense is 'acl', then this will be the name of the ACL being appended to the container.
pathAddress of the ACL list being appended
[out]errorThe int that error points to will be set to 1 if an error occurs.
[out]named_acl_flagThis will raise a flag under certain conditions to indicate that a named ACL has been added by this operation. This may be used to indicate that an event subscription should be made against the named ACL subsystem. Note: This flag may be raised by this function, but it will never be lowered by it.

Definition at line 429 of file acl.c.

430{
431 struct ast_acl *acl = NULL;
432 struct ast_acl *current;
433 struct ast_acl_list *working_list;
434
435 char *tmp, *list;
436
437 /* If the ACL list is currently uninitialized, it must be initialized. */
438 if (*path == NULL) {
439 struct ast_acl_list *list;
440 list = ast_calloc(1, sizeof(*list));
441 if (!list) {
442 /* Allocation Error */
443 if (error) {
444 *error = 1;
445 }
446 return;
447 }
448
449 AST_LIST_HEAD_INIT(list);
450 *path = list;
451 }
452
453 working_list = *path;
454
455 AST_LIST_LOCK(working_list);
456
457 /* First we need to determine if we will need to add a new ACL node or if we can use an existing one. */
458 if (strncasecmp(sense, "a", 1)) {
459 /* The first element in the path should be the unnamed, base ACL. If that's the case, we use it. If not,
460 * we have to make one and link it up appropriately. */
461 current = AST_LIST_FIRST(working_list);
462
463 if (!current || !ast_strlen_zero(current->name)) {
464 if (acl_new(&acl, "")) {
465 if (error) {
466 *error = 1;
467 }
468 AST_LIST_UNLOCK(working_list);
469 return;
470 }
471 // Need to INSERT the ACL at the head here.
472 AST_LIST_INSERT_HEAD(working_list, acl, list);
473 } else {
474 /* If the first element was already the unnamed base ACL, we just use that one. */
475 acl = current;
476 }
477
478 /* With the proper ACL set for modification, we can just pass this off to the ast_ha append function. */
479 acl->acl = ast_append_ha(sense, stuff, acl->acl, error);
480
481 AST_LIST_UNLOCK(working_list);
482 return;
483 }
484
485 /* We are in ACL append mode, so we know we'll be adding one or more named ACLs. */
486 list = ast_strdupa(stuff);
487
488 while ((tmp = strsep(&list, ","))) {
489 struct ast_ha *named_ha;
490 int already_included = 0;
491
492 /* Remove leading whitespace from the string in case the user put spaces between items */
494
495 /* The first step is to check for a duplicate */
496 AST_LIST_TRAVERSE(working_list, current, list) {
497 if (!strcasecmp(current->name, tmp)) { /* ACL= */
498 /* Inclusion of the same ACL multiple times isn't a catastrophic error, but it will raise the error flag and skip the entry. */
499 ast_log(LOG_ERROR, "Named ACL '%s' occurs multiple times in ACL definition. "
500 "Please update your ACL configuration.\n", tmp);
501 if (error) {
502 *error = 1;
503 }
504 already_included = 1;
505 break;
506 }
507 }
508
509 if (already_included) {
510 continue;
511 }
512
513 if (acl_new(&acl, tmp)) {
514 /* This is a catastrophic allocation error and we'll return immediately if this happens. */
515 if (error) {
516 *error = 1;
517 }
518 AST_LIST_UNLOCK(working_list);
519 return;
520 }
521
522 /* Attempt to grab the Named ACL we are looking for. */
523 named_ha = ast_named_acl_find(tmp, &acl->is_realtime, &acl->is_invalid);
524
525 /* Set the ACL's ast_ha to the duplicated named ACL retrieved above. */
526 acl->acl = named_ha;
527
528 /* Raise the named_acl_flag since we are adding a named ACL to the ACL container. */
529 if (named_acl_flag) {
530 *named_acl_flag = 1;
531 }
532
533 /* Now insert the new ACL at the end of the list. */
534 AST_LIST_INSERT_TAIL(working_list, acl, list);
535 }
536
537 AST_LIST_UNLOCK(working_list);
538}
static int acl_new(struct ast_acl **pointer, const char *name)
Definition: acl.c:304
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition: acl.c:712
struct ast_ha * ast_named_acl_find(const char *name, int *is_realtime, int *is_undefined)
Retrieve a named ACL.
Definition: named_acl.c:293
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202
#define ast_log
Definition: astobj2.c:42
static int tmp()
Definition: bt_open.c:389
char * strsep(char **str, const char *delims)
#define LOG_ERROR
#define AST_LIST_INSERT_TAIL(head, elm, field)
Appends a list entry to the tail of a list.
Definition: linkedlists.h:731
#define AST_LIST_HEAD_INIT(head)
Initializes a list head structure.
Definition: linkedlists.h:626
#define AST_LIST_INSERT_HEAD(head, elm, field)
Inserts a list entry at the head of a list.
Definition: linkedlists.h:711
size_t current
Definition: main/cli.c:113
#define NULL
Definition: resample.c:96
char * ast_skip_blanks(const char *str)
Gets a pointer to the first non-whitespace character in a string.
Definition: strings.h:161
Wrapper for an ast_acl linked list.
Definition: acl.h:76
internal representation of ACL entries In principle user applications would have no need for this,...
Definition: acl.h:51
int error(const char *format,...)
Definition: utils/frame.c:999

References acl_new(), ast_append_ha(), ast_calloc, AST_LIST_FIRST, AST_LIST_HEAD_INIT, AST_LIST_INSERT_HEAD, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log, ast_named_acl_find(), ast_skip_blanks(), ast_strdupa, ast_strlen_zero(), current, error(), LOG_ERROR, NULL, strsep(), and tmp().

Referenced by __init_manager(), acl_handler(), build_peer(), build_user(), endpoint_acl_handler(), rtp_reload(), and verification_apply().

◆ ast_append_ha()

struct ast_ha * ast_append_ha ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
)

Add a new rule to a list of HAs.

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters
senseEither "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuffThe IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32).
pathThe head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out]errorThe integer error points to will be set non-zero if an error occurs
Returns
The head of the HA list

Definition at line 712 of file acl.c.

713{
714 return append_ha_core(sense, stuff, path, error, PARSE_PORT_FORBID);
715}
static struct ast_ha * append_ha_core(const char *sense, const char *stuff, struct ast_ha *path, int *error, int port_flags)
Definition: acl.c:575

References append_ha_core(), error(), PARSE_PORT_FORBID, and ast_ha::sense.

Referenced by acl_handler_fn(), add_calltoken_ignore(), ast_append_acl(), AST_TEST_DEFINE(), build_callno_limits(), build_device(), build_ha(), named_acl_find_realtime(), and transport_localnet_handler().

◆ ast_append_ha_with_port()

struct ast_ha * ast_append_ha_with_port ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
)

Add a new rule with optional port to a list of HAs.

Since
13.31.0, 16.8.0, 17.2.0

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters
senseEither "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuffThe IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32). A port can be provided by placing it after the IP address, separated with a ':'.
pathThe head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out]errorThe integer error points to will be set non-zero if an error occurs
Returns
The head of the HA list

Definition at line 717 of file acl.c.

718{
719 return append_ha_core(sense, stuff, path, error, 0);
720}

References append_ha_core(), error(), and ast_ha::sense.

Referenced by ip_identify_match_handler(), ip_identify_match_host_lookup(), and pjsip_enable_logger_host().

◆ ast_apply_acl()

enum ast_acl_sense ast_apply_acl ( struct ast_acl_list acl_list,
const struct ast_sockaddr addr,
const char *  purpose 
)

Apply a set of rules to a given IP address.

Similar to the above, only uses an acl container, which is a whole slew of ast_ha lists. It runs ast_apply_ha on each of the ast_ha structs contained in the acl container. It will deny if any of the ast_ha lists fail, and it will pass only if all of the rules pass.

Parameters
acl_listThe head of the list of ACLs to evaluate
addrAn ast_sockaddr whose address is considered when matching rules
purposeContext for which the ACL is being applied - Establishes purpose of a notice when rejected
Return values
AST_SENSE_ALLOWThe IP address passes our ACLs
AST_SENSE_DENYThe IP address fails our ACLs

Definition at line 799 of file acl.c.

799 {
800 return ast_apply_acl_internal(acl_list, addr, purpose ?: "");
801}
static enum ast_acl_sense ast_apply_acl_internal(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *log_prefix)
Definition: acl.c:757

References ast_apply_acl_internal().

Referenced by apply_acl(), apply_contact_acl(), apply_endpoint_acl(), apply_endpoint_contact_acl(), auth_http_callback(), authenticate(), check_access(), curl_open_socket_cb(), and register_verify().

◆ ast_apply_acl_nolog()

enum ast_acl_sense ast_apply_acl_nolog ( struct ast_acl_list acl_list,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address, don't log failure.

Exactly like ast_apply_acl, except that it will never log anything.

Parameters
acl_listThe head of the list of ACLs to evaluate
addrAn ast_sockaddr whose address is considered when matching rules
Return values
AST_SENSE_ALLOWThe IP address passes our ACLs
AST_SENSE_DENYThe IP address fails our ACLs

Definition at line 803 of file acl.c.

803 {
804 return ast_apply_acl_internal(acl_list, addr, NULL);
805}

References ast_apply_acl_internal(), and NULL.

◆ ast_apply_ha()

enum ast_acl_sense ast_apply_ha ( const struct ast_ha ha,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address.

The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.

Parameters
haThe head of the list of host access rules to follow
addrAn ast_sockaddr whose address is considered when matching rules
Return values
AST_SENSE_ALLOWThe IP address passes our ACL
AST_SENSE_DENYThe IP address fails our ACL

Definition at line 807 of file acl.c.

808{
809 /* Start optimistic */
811 const struct ast_ha *current_ha;
812
813 for (current_ha = ha; current_ha; current_ha = current_ha->next) {
814 struct ast_sockaddr result;
815 struct ast_sockaddr mapped_addr;
816 const struct ast_sockaddr *addr_to_use;
817 uint16_t save_port;
818#if 0 /* debugging code */
819 char iabuf[INET_ADDRSTRLEN];
820 char iabuf2[INET_ADDRSTRLEN];
821 /* DEBUG */
822 ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf));
823 ast_copy_string(iabuf2, ast_sockaddr_stringify(&current_ha->addr), sizeof(iabuf2));
824 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
825#endif
826 if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
827 if (ast_sockaddr_is_ipv6(addr)) {
828 if (ast_sockaddr_is_ipv4_mapped(addr)) {
829 /* IPv4 ACLs apply to IPv4-mapped addresses */
830 if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
831 ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
833 continue;
834 }
835 addr_to_use = &mapped_addr;
836 } else {
837 /* An IPv4 ACL does not apply to an IPv6 address */
838 continue;
839 }
840 } else {
841 /* Address is IPv4 and ACL is IPv4. No biggie */
842 addr_to_use = addr;
843 }
844 } else {
846 addr_to_use = addr;
847 } else {
848 /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
849 continue;
850 }
851 }
852
853 /* ast_sockaddr_apply_netmask() does not preserve the port, so we need to save and
854 * restore it */
855 save_port = ast_sockaddr_port(addr_to_use);
856
857 /* For each rule, if this address and the netmask = the net address
858 apply the current rule */
859 if (ast_sockaddr_apply_netmask(addr_to_use, &current_ha->netmask, &result)) {
860 /* Unlikely to happen since we know the address to be IPv4 or IPv6 */
861 continue;
862 }
863
864 ast_sockaddr_set_port(&result, save_port);
865
866 if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)
867 && (!ast_sockaddr_port(&current_ha->addr)
868 || ast_sockaddr_port(&current_ha->addr) == ast_sockaddr_port(&result))) {
869 res = current_ha->sense;
870 }
871 }
872 return res;
873}
ast_acl_sense
Definition: acl.h:36
static PGresult * result
Definition: cel_pgsql.c:84
#define ast_debug(level,...)
Log a DEBUG message.
int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
Convert an IPv4-mapped IPv6 address into an IPv4 address.
Definition: netsock2.c:37
static char * ast_sockaddr_stringify(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() with default format.
Definition: netsock2.h:256
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
Determine if this is an IPv6 address.
Definition: netsock2.c:524
int ast_sockaddr_apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result)
Apply a netmask to an address and store the result in a separate structure.
Definition: netsock2.c:357
int ast_sockaddr_cmp_addr(const struct ast_sockaddr *a, const struct ast_sockaddr *b)
Compares the addresses of two ast_sockaddr structures.
Definition: netsock2.c:413
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
Determine if the address is an IPv4 address.
Definition: netsock2.c:497
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
Determine if this is an IPv4-mapped IPv6 address.
Definition: netsock2.c:507
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425
struct ast_sockaddr addr
Definition: acl.h:53
struct ast_sockaddr netmask
Definition: acl.h:54
struct ast_ha * next
Definition: acl.h:56
enum ast_acl_sense sense
Definition: acl.h:55
Socket address structure.
Definition: netsock2.h:97

References ast_ha::addr, ast_copy_string(), ast_debug, ast_log, AST_SENSE_ALLOW, ast_sockaddr_apply_netmask(), ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify(), LOG_ERROR, ast_ha::netmask, ast_ha::next, result, and ast_ha::sense.

Referenced by ast_apply_acl_internal(), AST_TEST_DEFINE(), ip_identify_match_check(), ip_identify_match_host_lookup(), and pjsip_log_test_filter().

◆ ast_copy_ha()

void ast_copy_ha ( const struct ast_ha from,
struct ast_ha to 
)

Copy the contents of one HA to another.

This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function

Parameters
fromSource HA to copy
toDestination HA to copy to

Definition at line 255 of file acl.c.

256{
257 ast_sockaddr_copy(&to->addr, &from->addr);
258 ast_sockaddr_copy(&to->netmask, &from->netmask);
259 to->sense = from->sense;
260}
static void ast_sockaddr_copy(struct ast_sockaddr *dst, const struct ast_sockaddr *src)
Copies the data from one ast_sockaddr to another.
Definition: netsock2.h:167

References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.

Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().

◆ ast_duplicate_acl_list()

struct ast_acl_list * ast_duplicate_acl_list ( struct ast_acl_list original)

Duplicates the contests of a list of lists of host access rules.

A deep copy of an ast_acl list is made (which in turn means a deep copy of each of the ast_ha structs contained within). The returned value is allocated on the heap and must be freed independently of the input paramater when finished.

Parameters
originalThe ast_acl_list to copy
Returns
The new duplicated ast_acl_list

Definition at line 315 of file acl.c.

316{
317 struct ast_acl_list *clone;
318 struct ast_acl *current_cursor;
319 struct ast_acl *current_clone;
320
321 /* Early return if we receive a duplication request for a NULL original. */
322 if (!original) {
323 return NULL;
324 }
325
326 if (!(clone = ast_calloc(1, sizeof(*clone)))) {
327 ast_log(LOG_ERROR, "Failed to allocate ast_acl_list struct while cloning an ACL\n");
328 return NULL;
329 }
330 AST_LIST_HEAD_INIT(clone);
331
332 AST_LIST_LOCK(original);
333
334 AST_LIST_TRAVERSE(original, current_cursor, list) {
335 if ((acl_new(&current_clone, current_cursor->name))) {
336 ast_log(LOG_ERROR, "Failed to allocate ast_acl struct while cloning an ACL.\n");
337 ast_free_acl_list(clone);
338 clone = NULL;
339 break;
340 }
341
342 /* Copy data from original ACL to clone ACL */
343 current_clone->acl = ast_duplicate_ha_list(current_cursor->acl);
344
345 current_clone->is_invalid = current_cursor->is_invalid;
346 current_clone->is_realtime = current_cursor->is_realtime;
347
348 AST_LIST_INSERT_TAIL(clone, current_clone, list);
349
350 if (current_cursor->acl && !current_clone->acl) {
351 /* Deal with failure after adding to clone so we don't have to free
352 * current_clone separately. */
353 ast_log(LOG_ERROR, "Failed to duplicate HA list while cloning ACL.\n");
354 ast_free_acl_list(clone);
355 clone = NULL;
356 break;
357 }
358 }
359
360 AST_LIST_UNLOCK(original);
361
362 return clone;
363}
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl_list)
Free a list of ACLs.
Definition: acl.c:233
int is_invalid
Definition: acl.h:70
int is_realtime
Definition: acl.h:69
char name[ACL_NAME_LENGTH]
Definition: acl.h:71

References ast_acl::acl, acl_new(), ast_calloc, ast_duplicate_ha_list(), ast_free_acl_list(), AST_LIST_HEAD_INIT, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_log, ast_acl::is_invalid, ast_acl::is_realtime, ast_acl::list, LOG_ERROR, ast_acl::name, and NULL.

Referenced by vs_copy_cfg_common().

◆ ast_duplicate_ha_list()

struct ast_ha * ast_duplicate_ha_list ( struct ast_ha original)

Duplicate the contents of a list of host access rules.

A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.

Parameters
originalThe ast_ha to copy
Returns
The head of the list of duplicated ast_has

Definition at line 276 of file acl.c.

277{
278 struct ast_ha *start = original;
279 struct ast_ha *ret = NULL;
280 struct ast_ha *current, *prev = NULL;
281
282 while (start) {
283 current = ast_duplicate_ha(start); /* Create copy of this object */
284 if (!current) {
285 ast_free_ha(ret);
286
287 return NULL;
288 }
289
290 if (prev) {
291 prev->next = current; /* Link previous to this object */
292 }
293
294 if (!ret) {
295 ret = current; /* Save starting point */
296 }
297
298 start = start->next; /* Go to next object */
299 prev = current; /* Save pointer to this object */
300 }
301 return ret; /* Return start of list */
302}
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222
static struct ast_ha * ast_duplicate_ha(struct ast_ha *original)
Definition: acl.c:263

References ast_duplicate_ha(), ast_free_ha(), current, ast_ha::next, and NULL.

Referenced by ast_duplicate_acl_list(), and ast_named_acl_find().

◆ ast_find_ourip()

int ast_find_ourip ( struct ast_sockaddr ourip,
const struct ast_sockaddr bindaddr,
int  family 
)

Find our IP address.

This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:

  • If bindaddr has a non-zero IP address, that is copied into ourip
  • We use a combination of gethostname and ast_gethostbyname to find our IP address.
  • We use ast_ouraddrfor with 198.41.0.4 as the destination IP address
  • We try some platform-specific socket operations to find the IP address
Parameters
[out]ouripOur IP address is written here when it is found
bindaddrA hint used for finding our IP. See the steps above for more details
familyOnly addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families.
Return values
0Success
-1Failure

Definition at line 1068 of file acl.c.

1069{
1070 char ourhost[MAXHOSTNAMELEN] = "";
1071 struct ast_sockaddr root;
1072 int res, port = ast_sockaddr_port(ourip);
1073
1074 /* just use the bind address if it is nonzero */
1077 ast_debug(3, "Attached to given IP address\n");
1078 return 0;
1079 }
1080 /* try to use our hostname */
1081 if (gethostname(ourhost, sizeof(ourhost) - 1)) {
1082 ast_log(LOG_WARNING, "Unable to get hostname\n");
1083 } else {
1084 if (resolve_match_or_first(ourip, ourhost, PARSE_PORT_FORBID, family, NULL) == 0) {
1085 /* reset port since resolve_match_or_first wipes this out */
1086 ast_sockaddr_set_port(ourip, port);
1087 return 0;
1088 }
1089 }
1090 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
1091 /* A.ROOT-SERVERS.NET. */
1092 if (!resolve_match_or_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0, NULL) &&
1093 !ast_ouraddrfor(&root, ourip)) {
1094 /* reset port since resolve_match_or_first wipes this out */
1095 ast_sockaddr_set_port(ourip, port);
1096 return 0;
1097 }
1098 res = get_local_address(ourip);
1099 ast_sockaddr_set_port(ourip, port);
1100 return res;
1101}
static int resolve_match_or_first(struct ast_sockaddr *addr, const char *name, int flag, int family, struct ast_sockaddr *preference)
Definition: acl.c:875
int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
Get our local IP address when contacting a remote host.
Definition: acl.c:1021
static int get_local_address(struct ast_sockaddr *ourip)
Definition: acl.c:118
struct ast_sockaddr bindaddr
Definition: chan_ooh323.c:353
#define LOG_WARNING
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)
Determine if the address type is unspecified, or "any" address.
Definition: netsock2.c:534
#define MAXHOSTNAMELEN
Definition: network.h:69

References ast_debug, ast_log, ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, bindaddr, get_local_address(), LOG_WARNING, MAXHOSTNAMELEN, NULL, PARSE_PORT_FORBID, and resolve_match_or_first().

Referenced by ast_rtp_prop_set().

◆ ast_free_acl_list()

struct ast_acl_list * ast_free_acl_list ( struct ast_acl_list acl)

Free a list of ACLs.

Given the head of a list of ast_acl structs, it and all appended acl structs will be freed. This includes the ast_ha structs within the individual nodes.

Parameters
aclThe list of ACLs to free
Return values
NULL

Definition at line 233 of file acl.c.

234{
235 struct ast_acl *current;
236
237 if (!acl_list) {
238 return NULL;
239 }
240
241 AST_LIST_LOCK(acl_list);
242 while ((current = AST_LIST_REMOVE_HEAD(acl_list, list))) {
243 ast_free_ha(current->acl);
245 }
246 AST_LIST_UNLOCK(acl_list);
247
248 AST_LIST_HEAD_DESTROY(acl_list);
249 ast_free(acl_list);
250
251 return NULL;
252}
#define ast_free(a)
Definition: astmm.h:180
#define AST_LIST_HEAD_DESTROY(head)
Destroys a list head structure.
Definition: linkedlists.h:653
#define AST_LIST_REMOVE_HEAD(head, field)
Removes and returns the head entry from a list.
Definition: linkedlists.h:833

References ast_free, ast_free_ha(), AST_LIST_HEAD_DESTROY, AST_LIST_LOCK, AST_LIST_REMOVE_HEAD, AST_LIST_UNLOCK, current, ast_acl::list, and NULL.

Referenced by __init_manager(), acl_destroy(), ast_duplicate_acl_list(), build_peer(), build_user(), endpoint_destructor(), manager_free_user(), peer_destructor(), rtp_reload(), user_destructor(), vcfg_cleanup(), verification_apply(), and vs_copy_cfg_common().

◆ ast_free_ha()

void ast_free_ha ( struct ast_ha ha)

Free a list of HAs.

Given the head of a list of HAs, it and all appended HAs are freed

Parameters
haThe head of the list of HAs to free

Definition at line 222 of file acl.c.

223{
224 struct ast_ha *hal;
225 while (ha) {
226 hal = ha;
227 ha = ha->next;
228 ast_free(hal);
229 }
230}

References ast_free, and ast_ha::next.

Referenced by add_calltoken_ignore(), append_ha_core(), ast_duplicate_ha_list(), ast_free_acl_list(), AST_TEST_DEFINE(), build_callno_limits(), destroy_named_acl(), destroy_sip_transport_state(), ip_identify_destroy(), named_acl_find_realtime(), pjsip_disable_logger(), pjsip_enable_logger_host(), pjsip_logger_session_destroy(), test_item_destructor(), and transport_localnet_handler().

◆ ast_get_ip()

int ast_get_ip ( struct ast_sockaddr addr,
const char *  hostname 
)

Get the IP address given a hostname.

Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.

Parameters
addrThe IP address found. The address family is used as an input parameter to filter the returned addresses. If it is AST_AF_UNSPEC, both IPv4 and IPv6 addresses can be returned.
hostnameThe hostname to look up
Return values
0Success
-1Failure

Definition at line 1016 of file acl.c.

1017{
1018 return ast_get_ip_or_srv(addr, hostname, NULL);
1019}
int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
Get the IP address given a hostname and optional service.
Definition: acl.c:933
static char hostname[MAXHOSTNAMELEN]
Definition: logger.c:119

References ast_get_ip_or_srv(), hostname, and NULL.

Referenced by build_peer(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().

◆ ast_get_ip_or_srv()

int ast_get_ip_or_srv ( struct ast_sockaddr addr,
const char *  hostname,
const char *  service 
)

Get the IP address given a hostname and optional service.

If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.

Parameters
addrThe IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostnameThe hostname to look up
serviceA specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
Return values
0Success
-1Failure

Definition at line 933 of file acl.c.

934{
936}
int ast_get_ip_or_srv_with_preference(struct ast_sockaddr *addr, const char *hostname, const char *service, struct ast_sockaddr *preference)
Get the IP address given a hostname and optional service with a preferred result.
Definition: acl.c:907
enum ast_cc_service_type service
Definition: ccss.c:383

References ast_get_ip_or_srv_with_preference(), hostname, NULL, and service.

Referenced by ast_get_ip(), create_addr(), and internal_dnsmgr_lookup().

◆ ast_get_ip_or_srv_with_preference()

int ast_get_ip_or_srv_with_preference ( struct ast_sockaddr addr,
const char *  hostname,
const char *  service,
struct ast_sockaddr preference 
)

Get the IP address given a hostname and optional service with a preferred result.

If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.

Parameters
addrThe IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostnameThe hostname to look up
serviceA specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
preferenceThe preferred IP address to return. If multiple results are available and this IP address is in the list then it will be returned. If NULL, or if the none of the returned IP addresses match, then the first IP address will be returned.
Return values
0Success
-1Failure

Definition at line 907 of file acl.c.

909{
910 char srv[256];
911 char host[256];
912 int srv_ret = 0;
913 int tportno;
914
915 if (service) {
916 snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
917 if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
918 hostname = host;
919 }
920 }
921
922 if (resolve_match_or_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family, preference) != 0) {
923 return -1;
924 }
925
926 if (srv_ret > 0) {
927 ast_sockaddr_set_port(addr, tportno);
928 }
929
930 return 0;
931}
int ast_get_srv(struct ast_channel *chan, char *host, int hostlen, int *port, const char *service)
Lookup entry in SRV records Returns 1 if found, 0 if not found, -1 on hangup.
Definition: srv.c:260
struct sockaddr_storage ss
Definition: netsock2.h:98

References ast_get_srv(), ast_sockaddr_set_port, hostname, NULL, PARSE_PORT_FORBID, resolve_match_or_first(), service, and ast_sockaddr::ss.

Referenced by ast_get_ip_or_srv(), and dnsmgr_refresh().

◆ ast_ha_join()

void ast_ha_join ( const struct ast_ha ha,
struct ast_str **  buf 
)

Convert HAs to a comma separated string value.

Parameters
hathe starting ha head
bufstring buffer to convert data to

Definition at line 722 of file acl.c.

723{
724 for (; ha; ha = ha->next) {
725 const char *addr;
726
727 if (ast_sockaddr_port(&ha->addr)) {
728 addr = ast_sockaddr_stringify(&ha->addr);
729 } else {
731 }
732
733 ast_str_append(buf, 0, "%s%s/",
734 ha->sense == AST_SENSE_ALLOW ? "!" : "",
735 addr);
736 /* Separated to avoid duplicating stringified addresses. */
738 if (ha->next) {
739 ast_str_append(buf, 0, ",");
740 }
741 }
742}
char buf[BUFSIZE]
Definition: eagi_proxy.c:66
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139

References ast_ha::addr, AST_SENSE_ALLOW, ast_sockaddr_port, ast_sockaddr_stringify(), ast_sockaddr_stringify_addr(), ast_str_append(), buf, ast_ha::netmask, ast_ha::next, and ast_ha::sense.

Referenced by localnet_to_str(), and match_to_str().

◆ ast_ha_join_cidr()

void ast_ha_join_cidr ( const struct ast_ha ha,
struct ast_str **  buf 
)

Convert HAs to a comma separated string value using CIDR notation.

Parameters
hathe starting ha head
bufstring buffer to convert data to

Definition at line 744 of file acl.c.

745{
746 for (; ha; ha = ha->next) {
747 const char *addr = ast_sockaddr_stringify_addr(&ha->addr);
748 ast_str_append(buf, 0, "%s%s/%d",
749 ha->sense == AST_SENSE_ALLOW ? "!" : "",
750 addr, ast_sockaddr_cidr_bits(&ha->netmask));
751 if (ha->next) {
752 ast_str_append(buf, 0, ",");
753 }
754 }
755}
int ast_sockaddr_cidr_bits(const struct ast_sockaddr *sa)
Count the 1 bits in a netmask.
Definition: netsock2.c:130

References ast_ha::addr, AST_SENSE_ALLOW, ast_sockaddr_cidr_bits(), ast_sockaddr_stringify_addr(), ast_str_append(), buf, ast_ha::netmask, ast_ha::next, and ast_ha::sense.

◆ ast_ha_output()

void ast_ha_output ( int  fd,
const struct ast_ha ha,
const char *  prefix 
)

output an HA to the provided fd

This function can be used centrally to output HAs as used in ACLs from other modules. It follows the format as originally used for named ACLs in named_acl.c.

Parameters
fdThe file-descriptor to which to output the HA.
haThe HA to output.
prefixIf you need a specific prefix output on each line, give it here, may be NULL.
Since
13.33.0, 16.10.0, 17.4.0

Definition at line 1103 of file acl.c.

1104{
1105 char addr[AST_SOCKADDR_BUFLEN];
1106 char *mask;
1107 int index = 0;
1108 for (; ha; ha = ha->next, ++index) {
1109 strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
1111 ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
1112 }
1113}
#define AST_SOCKADDR_BUFLEN
Definition: netsock2.h:46

References ast_ha::addr, ast_cli(), AST_SENSE_ALLOW, AST_SOCKADDR_BUFLEN, ast_sockaddr_stringify_addr(), ast_ha::netmask, ast_ha::next, prefix, and ast_ha::sense.

Referenced by ast_acl_output(), cli_display_named_acl(), and print_acl().

◆ ast_lookup_iface()

int ast_lookup_iface ( char *  iface,
struct ast_sockaddr address 
)

Find an IP address associated with a specific interface.

Given an interface such as "eth0" we find the primary IP address associated with it using the SIOCGIFADDR ioctl. If the ioctl call should fail, we populate address with 0s.

Note
This function is not actually used anywhere
Parameters
ifaceThe interface name whose IP address we wish to find
[out]addressThe interface's IP address is placed into this param
Return values
-1Failure, address is filled with 0s
0Success

◆ ast_named_acl_change_type()

struct stasis_message_type * ast_named_acl_change_type ( void  )

a stasis_message_type for changes against a named ACL or the set of all named ACLs

Since
12
Return values
NULLon error
Returns
stasis_message_type for named ACL changes
Note
Messages of this type should always be issued on and expected from the ast_security_topic stasis_topic

Referenced by acl_change_stasis_cb(), acl_change_stasis_subscribe(), ast_res_pjsip_initialize_configuration(), common_config_load(), load_module(), named_acl_changed_cb(), publish_acl_change(), rtp_reload(), and unload_module().

◆ ast_named_acl_find()

struct ast_ha * ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Returns
A copy of the named ACL as an ast_ha
Return values
NULLif no ACL could be found.

Definition at line 293 of file named_acl.c.

294{
295 struct ast_ha *ha = NULL;
296
299
300 if (is_realtime) {
301 *is_realtime = 0;
302 }
303
304 if (is_undefined) {
305 *is_undefined = 0;
306 }
307
308 /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
309 if ((!cfg) || (!(cfg->named_acl_list))) {
310 ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
311 return NULL;
312 }
313
314 named_acl = named_acl_find(cfg->named_acl_list, name);
315
316 /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
317 if (!named_acl) {
318 RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
319
320 /* Attempt to create from realtime */
321 if ((realtime_acl = named_acl_find_realtime(name))) {
322 if (is_realtime) {
323 *is_realtime = 1;
324 }
325 ha = ast_duplicate_ha_list(realtime_acl->ha);
326 return ha;
327 }
328
329 /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
331 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
332 "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
333 "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
334 } else {
335 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
336 }
337
338 if (is_undefined) {
339 *is_undefined = 1;
340 }
341
342 return NULL;
343 }
344
346
347 if (!ha) {
348 ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
349 }
350
351 return ha;
352}
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
#define ao2_global_obj_ref(holder)
Get a reference to the object stored in the global holder.
Definition: astobj2.h:918
static struct console_pvt globals
static const char name[]
Definition: format_mp3.c:68
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition: main/config.c:3208
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition: main/config.c:3545
#define LOG_NOTICE
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:182
static struct named_acl * named_acl_find_realtime(const char *name)
Definition: named_acl.c:240
#define ACL_FAMILY
Definition: named_acl.c:50
struct ast_ha * ha
Definition: named_acl.c:109
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941

References ACL_FAMILY, ao2_cleanup, ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_log, ast_realtime_is_mapping_defined(), globals, named_acl::ha, LOG_ERROR, LOG_NOTICE, LOG_WARNING, name, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by ast_append_acl().

◆ ast_ouraddrfor()

int ast_ouraddrfor ( const struct ast_sockaddr them,
struct ast_sockaddr us 
)

Get our local IP address when contacting a remote host.

This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.

Parameters
themThe IP address to which we wish to attempt to connect
[out]usThe source IP address used to connect to them
Return values
-1Failure
0Success

Definition at line 1021 of file acl.c.

1022{
1023 /*
1024 * We must create the errno string before creating the address
1025 * string because it could wipe out errno on the error return
1026 * paths.
1027 */
1028 const char *sock_err;
1029 int port;
1030 int s;
1031
1032 /* Preserve our original address port */
1033 port = ast_sockaddr_port(us);
1034
1035 s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET, SOCK_DGRAM, 0);
1036 if (s < 0) {
1037 sock_err = ast_strdupa(strerror(errno));
1038 ast_log(LOG_ERROR, "Cannot create socket to %s: %s\n",
1039 ast_sockaddr_stringify_addr(them), sock_err);
1040 return -1;
1041 }
1042
1043 if (ast_connect(s, them)) {
1044 sock_err = ast_strdupa(strerror(errno));
1045 ast_log(LOG_WARNING, "Cannot connect to %s: %s\n",
1046 ast_sockaddr_stringify_addr(them), sock_err);
1047 close(s);
1048 return -1;
1049 }
1050 if (ast_getsockname(s, us)) {
1051 sock_err = ast_strdupa(strerror(errno));
1052 ast_log(LOG_WARNING, "Cannot get socket name for connection to %s: %s\n",
1053 ast_sockaddr_stringify_addr(them), sock_err);
1054 close(s);
1055 return -1;
1056 }
1057 close(s);
1058
1059 ast_sockaddr_set_port(us, port);
1060
1061 ast_debug(3, "For destination '%s', our source address is '%s'.\n",
1064
1065 return 0;
1066}
int errno
int ast_getsockname(int sockfd, struct ast_sockaddr *addr)
Wrapper around getsockname(2) that uses struct ast_sockaddr.
Definition: netsock2.c:600
int ast_connect(int sockfd, const struct ast_sockaddr *addr)
Wrapper around connect(2) that uses struct ast_sockaddr.
Definition: netsock2.c:595

References ast_connect(), ast_debug, ast_getsockname(), ast_log, ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), ast_strdupa, errno, LOG_ERROR, and LOG_WARNING.

Referenced by ast_find_ourip(), ast_rtp_remote_address_set(), and unicast_rtp_request().

◆ ast_str2cos()

int ast_str2cos ( const char *  value,
unsigned int *  cos 
)

Convert a string to the appropriate COS value.

Parameters
valueThe COS string to convert
[out]cosThe integer representation of that COS value
Return values
-1Failure
0Success

Definition at line 969 of file acl.c.

970{
971 int fval;
972
973 if (sscanf(value, "%30d", &fval) == 1) {
974 if (fval < 8) {
975 *cos = fval;
976 return 0;
977 }
978 }
979
980 return -1;
981}
unsigned int cos
Definition: chan_iax2.c:356
int value
Definition: syslog.c:37

References cos, and value.

Referenced by reload_config(), and set_config().

◆ ast_str2tos()

int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Convert a string to the appropriate TOS value.

Parameters
valueThe TOS string to convert
[out]tosThe integer representation of that TOS value
Return values
-1Failure
0Success

Definition at line 983 of file acl.c.

984{
985 int fval;
986 unsigned int x;
987
988 if (sscanf(value, "%30i", &fval) == 1) {
989 *tos = fval & 0xFF;
990 return 0;
991 }
992
993 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
994 if (!strcasecmp(value, dscp_pool1[x].name)) {
995 *tos = dscp_pool1[x].space << 2;
996 return 0;
997 }
998 }
999
1000 return -1;
1001}
static const struct dscp_codepoint dscp_pool1[]
Definition: acl.c:945
unsigned int tos
Definition: chan_iax2.c:355
unsigned int space
Definition: acl.c:940
#define ARRAY_LEN(a)
Definition: utils.h:666

References ARRAY_LEN, dscp_pool1, name, dscp_codepoint::space, tos, and value.

Referenced by iax_template_parse(), reload_config(), set_config(), tos_handler(), and transport_tos_handler().

◆ ast_tos2str()

const char * ast_tos2str ( unsigned int  tos)

Convert a TOS value into its string representation.

Parameters
tosThe TOS value to look up
Returns
The string equivalent of the TOS value

Definition at line 1003 of file acl.c.

1004{
1005 unsigned int x;
1006
1007 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
1008 if (dscp_pool1[x].space == (tos >> 2)) {
1009 return dscp_pool1[x].name;
1010 }
1011 }
1012
1013 return "unknown";
1014}
char * name
Definition: acl.c:939

References ARRAY_LEN, dscp_pool1, dscp_codepoint::name, dscp_codepoint::space, and tos.