Asterisk - The Open Source Telephony Project GIT-master-5963e62
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
Macros | Functions | Variables
verification_config.c File Reference
#include "asterisk.h"
#include "asterisk/cli.h"
#include "asterisk/logger.h"
#include "stir_shaken.h"
Include dependency graph for verification_config.c:

Go to the source code of this file.

Macros

#define _TRACE_PREFIX_   "vc",__LINE__, ""
 
#define CONFIG_TYPE   "verification"
 
#define DEFAULT_ca_file   NULL
 
#define DEFAULT_ca_path   NULL
 
#define DEFAULT_crl_file   NULL
 
#define DEFAULT_crl_path   NULL
 
#define DEFAULT_curl_timeout   2
 
#define DEFAULT_global_disable   0
 
#define DEFAULT_ignore_sip_date_header   ignore_sip_date_header_NO
 
#define DEFAULT_load_system_certs   load_system_certs_NO
 
#define DEFAULT_max_cache_entry_age   3600
 
#define DEFAULT_max_cache_size   1000
 
#define DEFAULT_max_date_header_age   15
 
#define DEFAULT_max_iat_age   15
 
#define DEFAULT_relax_x5u_path_restrictions   relax_x5u_path_restrictions_NO
 
#define DEFAULT_relax_x5u_port_scheme_restrictions   relax_x5u_port_scheme_restrictions_NO
 
#define DEFAULT_stir_shaken_failure_action   stir_shaken_failure_action_CONTINUE
 
#define DEFAULT_untrusted_cert_file   NULL
 
#define DEFAULT_untrusted_cert_path   NULL
 
#define DEFAULT_use_rfc9410_responses   use_rfc9410_responses_NO
 
#define STIR_SHAKEN_DIR_NAME   "stir_shaken"
 

Functions

static char * cli_verification_show (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 
 generate_vcfg_common_sorcery_handlers (verification_cfg)
 
void vcfg_cleanup (struct verification_cfg_common *vcfg_common)
 
static void * verification_alloc (const char *name)
 
static int verification_apply (const struct ast_sorcery *sorcery, void *obj)
 
static void verification_destructor (void *obj)
 
int vs_check_common_config (const char *id, struct verification_cfg_common *vcfg_common)
 
int vs_config_load (void)
 
int vs_config_reload (void)
 
int vs_config_unload (void)
 
int vs_copy_cfg_common (const char *id, struct verification_cfg_common *cfg_dst, struct verification_cfg_common *cfg_src)
 
struct verification_cfgvs_get_cfg (void)
 
int vs_is_config_loaded (void)
 

Variables

static char DEFAULT_cert_cache_dir [PATH_MAX]
 
static struct verification_cfgempty_cfg = NULL
 
static char * special_addresses []
 
static struct ast_cli_entry verification_cli []
 

Macro Definition Documentation

◆ _TRACE_PREFIX_

#define _TRACE_PREFIX_   "vc",__LINE__, ""

Definition at line 19 of file verification_config.c.

◆ CONFIG_TYPE

#define CONFIG_TYPE   "verification"

Definition at line 27 of file verification_config.c.

◆ DEFAULT_ca_file

#define DEFAULT_ca_file   NULL

Definition at line 31 of file verification_config.c.

◆ DEFAULT_ca_path

#define DEFAULT_ca_path   NULL

Definition at line 32 of file verification_config.c.

◆ DEFAULT_crl_file

#define DEFAULT_crl_file   NULL

Definition at line 33 of file verification_config.c.

◆ DEFAULT_crl_path

#define DEFAULT_crl_path   NULL

Definition at line 34 of file verification_config.c.

◆ DEFAULT_curl_timeout

#define DEFAULT_curl_timeout   2

Definition at line 39 of file verification_config.c.

◆ DEFAULT_global_disable

#define DEFAULT_global_disable   0

Definition at line 29 of file verification_config.c.

◆ DEFAULT_ignore_sip_date_header

#define DEFAULT_ignore_sip_date_header   ignore_sip_date_header_NO

Definition at line 49 of file verification_config.c.

◆ DEFAULT_load_system_certs

#define DEFAULT_load_system_certs   load_system_certs_NO

Definition at line 48 of file verification_config.c.

◆ DEFAULT_max_cache_entry_age

#define DEFAULT_max_cache_entry_age   3600

Definition at line 42 of file verification_config.c.

◆ DEFAULT_max_cache_size

#define DEFAULT_max_cache_size   1000

Definition at line 43 of file verification_config.c.

◆ DEFAULT_max_date_header_age

#define DEFAULT_max_date_header_age   15

Definition at line 41 of file verification_config.c.

◆ DEFAULT_max_iat_age

#define DEFAULT_max_iat_age   15

Definition at line 40 of file verification_config.c.

◆ DEFAULT_relax_x5u_path_restrictions

#define DEFAULT_relax_x5u_path_restrictions   relax_x5u_path_restrictions_NO

Definition at line 47 of file verification_config.c.

◆ DEFAULT_relax_x5u_port_scheme_restrictions

#define DEFAULT_relax_x5u_port_scheme_restrictions   relax_x5u_port_scheme_restrictions_NO

Definition at line 46 of file verification_config.c.

◆ DEFAULT_stir_shaken_failure_action

#define DEFAULT_stir_shaken_failure_action   stir_shaken_failure_action_CONTINUE

Definition at line 44 of file verification_config.c.

◆ DEFAULT_untrusted_cert_file

#define DEFAULT_untrusted_cert_file   NULL

Definition at line 35 of file verification_config.c.

◆ DEFAULT_untrusted_cert_path

#define DEFAULT_untrusted_cert_path   NULL

Definition at line 36 of file verification_config.c.

◆ DEFAULT_use_rfc9410_responses

#define DEFAULT_use_rfc9410_responses   use_rfc9410_responses_NO

Definition at line 45 of file verification_config.c.

◆ STIR_SHAKEN_DIR_NAME

#define STIR_SHAKEN_DIR_NAME   "stir_shaken"

Definition at line 53 of file verification_config.c.

Function Documentation

◆ cli_verification_show()

static char * cli_verification_show ( struct ast_cli_entry e,
int  cmd,
struct ast_cli_args a 
)
static

Definition at line 378 of file verification_config.c.

379{
380 struct verification_cfg *cfg;
381 struct config_object_cli_data data = {
382 .title = "Default Verification",
383 .object_type = config_object_type_verification,
384 };
385
386 switch(cmd) {
387 case CLI_INIT:
388 e->command = "stir_shaken show verification";
389 e->usage =
390 "Usage: stir_shaken show verification\n"
391 " Show the stir/shaken verification settings\n";
392 return NULL;
393 case CLI_GENERATE:
394 return NULL;
395 }
396
397 if (a->argc != 3) {
398 return CLI_SHOWUSAGE;
399 }
400
401 if (!vs_is_config_loaded()) {
402 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
403 return CLI_FAILURE;
404 }
405
406 cfg = vs_get_cfg();
407 config_object_cli_show(cfg, a, &data, 0);
408
409 ao2_cleanup(cfg);
410
411 return CLI_SUCCESS;
412}
ast_log
#define ast_log
Definition: astobj2.c:42
ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
CLI_SHOWUSAGE
#define CLI_SHOWUSAGE
Definition: cli.h:45
CLI_SUCCESS
#define CLI_SUCCESS
Definition: cli.h:44
CLI_INIT
@ CLI_INIT
Definition: cli.h:152
CLI_GENERATE
@ CLI_GENERATE
Definition: cli.h:153
CLI_FAILURE
#define CLI_FAILURE
Definition: cli.h:46
config_object_cli_show
int config_object_cli_show(void *obj, void *arg, void *data, int flags)
Output configuration settings to the Asterisk CLI.
Definition: common_config.c:173
config_object_type_verification
@ config_object_type_verification
Definition: common_config.h:562
LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:278
NULL
#define NULL
Definition: resample.c:96
ast_cli_entry::command
char * command
Definition: cli.h:186
ast_cli_entry::usage
const char * usage
Definition: cli.h:177
config_object_cli_data
Definition: common_config.h:567
config_object_cli_data::title
const char * title
Definition: common_config.h:568
verification_cfg
Definition: common_config.h:399
a
static struct test_val a
Definition: test_linkedlists.c:46
vs_is_config_loaded
int vs_is_config_loaded(void)
Definition: verification_config.c:66
vs_get_cfg
struct verification_cfg * vs_get_cfg(void)
Definition: verification_config.c:55

References a, ao2_cleanup, ast_log, CLI_FAILURE, CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, config_object_cli_show(), config_object_type_verification, LOG_WARNING, NULL, config_object_cli_data::title, ast_cli_entry::usage, vs_get_cfg(), and vs_is_config_loaded().

◆ generate_vcfg_common_sorcery_handlers()

generate_vcfg_common_sorcery_handlers ( verification_cfg  )

◆ vcfg_cleanup()

void vcfg_cleanup ( struct verification_cfg_common vcfg_common)

Definition at line 77 of file verification_config.c.

78{
79 if (!vcfg_common) {
80 return;
81 }
82 ast_string_field_free_memory(vcfg_common);
83 if (vcfg_common->tcs) {
84 crypto_free_cert_store(vcfg_common->tcs);
85 }
86 ast_free_acl_list(vcfg_common->acl);
87}
ast_free_acl_list
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl)
Free a list of ACLs.
Definition: acl.c:233
crypto_free_cert_store
#define crypto_free_cert_store(store)
Free an X509 store.
Definition: crypto_utils.h:207
ast_string_field_free_memory
#define ast_string_field_free_memory(x)
free all memory - to be called before destroying the object
Definition: stringfields.h:374
verification_cfg_common::tcs
struct crypto_cert_store * tcs
Definition: common_config.h:372
verification_cfg_common::acl
struct ast_acl_list * acl
Definition: common_config.h:371

References verification_cfg_common::acl, ast_free_acl_list(), ast_string_field_free_memory, crypto_free_cert_store, verification_cfg_common::tcs, and verification_cfg::vcfg_common.

Referenced by profile_destructor(), and verification_destructor().

◆ verification_alloc()

static void * verification_alloc ( const char *  name)
static

Definition at line 96 of file verification_config.c.

97{
98 struct verification_cfg *cfg;
99
100 cfg = ast_sorcery_generic_alloc(sizeof(*cfg), verification_destructor);
101 if (!cfg) {
102 return NULL;
103 }
104
105 if (ast_string_field_init(cfg, 1024)) {
106 ao2_ref(cfg, -1);
107 return NULL;
108 }
109
110 /*
111 * The memory for vcfg_common actually comes from cfg
112 * due to the weirdness of the STRFLDSET macro used with
113 * sorcery. We just use a token amount of memory in
114 * this call so the initialize doesn't fail.
115 */
116 if (ast_string_field_init(&cfg->vcfg_common, 8)) {
117 ao2_ref(cfg, -1);
118 return NULL;
119 }
120
121 return cfg;
122}
ao2_ref
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
ast_sorcery_generic_alloc
void * ast_sorcery_generic_alloc(size_t size, ao2_destructor_fn destructor)
Allocate a generic sorcery capable object.
Definition: sorcery.c:1728
ast_string_field_init
#define ast_string_field_init(x, size)
Initialize a field pool and fields.
Definition: stringfields.h:359
verification_cfg::vcfg_common
struct verification_cfg_common vcfg_common
Definition: common_config.h:408
verification_destructor
static void verification_destructor(void *obj)
Definition: verification_config.c:89

References ao2_ref, ast_sorcery_generic_alloc(), ast_string_field_init, NULL, verification_cfg::vcfg_common, and verification_destructor().

Referenced by vs_config_load(), and vs_config_reload().

◆ verification_apply()

static int verification_apply ( const struct ast_sorcery sorcery,
void *  obj 
)
static

Definition at line 340 of file verification_config.c.

341{
342 struct verification_cfg *cfg = obj;
343 const char *id = ast_sorcery_object_get_id(cfg);
344
345 if (vs_check_common_config("verification", &cfg->vcfg_common) !=0) {
346 return -1;
347 }
348
349 if (!cfg->vcfg_common.acl) {
350 int error = 0;
351 int ignore;
352 int i;
353
354 ast_append_acl("permit", "0.0.0.0/0", &cfg->vcfg_common.acl, &error, &ignore);
355 if (error) {
356 ast_free_acl_list(cfg->vcfg_common.acl);
357 cfg->vcfg_common.acl = NULL;
358 ast_log(LOG_ERROR, "%s: Unable to create default acl rule for '%s: %s'\n",
359 id, "permit", "0.0.0.0/0");
360 return -1;
361 }
362
363 for (i = 0; i < ARRAY_LEN(special_addresses); i++) {
364 ast_append_acl("deny", special_addresses[i], &cfg->vcfg_common.acl, &error, &ignore);
365 if (error) {
366 ast_free_acl_list(cfg->vcfg_common.acl);
367 cfg->vcfg_common.acl = NULL;
368 ast_log(LOG_ERROR, "%s: Unable to create default acl rule for '%s: %s'\n",
369 id, "deny", special_addresses[i]);
370 return -1;
371 }
372 }
373 }
374
375 return 0;
376}
ast_append_acl
void ast_append_acl(const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag)
Add a rule to an ACL struct.
Definition: acl.c:429
LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:289
sip_to_pjsip.ignore
def ignore(key=None, val=None, section=None, pjsip=None, nmapped=None, type='endpoint')
Definition: sip_to_pjsip.py:48
ast_sorcery_object_get_id
const char * ast_sorcery_object_get_id(const void *object)
Get the unique identifier of a sorcery object.
Definition: sorcery.c:2317
error
int error(const char *format,...)
Definition: utils/frame.c:999
ARRAY_LEN
#define ARRAY_LEN(a)
Definition: utils.h:672
vs_check_common_config
int vs_check_common_config(const char *id, struct verification_cfg_common *vcfg_common)
Definition: verification_config.c:167
special_addresses
static char * special_addresses[]
Definition: verification_config.c:309

References verification_cfg_common::acl, ARRAY_LEN, ast_append_acl(), ast_free_acl_list(), ast_log, ast_sorcery_object_get_id(), error(), sip_to_pjsip::ignore(), LOG_ERROR, NULL, special_addresses, verification_cfg::vcfg_common, and vs_check_common_config().

Referenced by vs_config_load().

◆ verification_destructor()

static void verification_destructor ( void *  obj)
static

Definition at line 89 of file verification_config.c.

90{
91 struct verification_cfg *cfg = obj;
92 ast_string_field_free_memory(cfg);
93 vcfg_cleanup(&cfg->vcfg_common);
94}
vcfg_cleanup
void vcfg_cleanup(struct verification_cfg_common *vcfg_common)
Definition: verification_config.c:77

References ast_string_field_free_memory, vcfg_cleanup(), and verification_cfg::vcfg_common.

Referenced by verification_alloc().

◆ vs_check_common_config()

int vs_check_common_config ( const char *  id,
struct verification_cfg_common vcfg_common 
)

Definition at line 167 of file verification_config.c.

169{
170 SCOPE_ENTER(3, "%s: Checking common config\n", id);
171
172 if (!ast_strlen_zero(vcfg_common->ca_file)
173 && !ast_file_is_readable(vcfg_common->ca_file)) {
174 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
175 "%s: ca_file '%s' not found, or is unreadable\n",
176 id, vcfg_common->ca_file);
177 }
178
179 if (!ast_strlen_zero(vcfg_common->ca_path)
180 && !ast_file_is_readable(vcfg_common->ca_path)) {
181 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
182 "%s: ca_path '%s' not found, or is unreadable\n",
183 id, vcfg_common->ca_path);
184 }
185
186 if (!ast_strlen_zero(vcfg_common->crl_file)
187 && !ast_file_is_readable(vcfg_common->crl_file)) {
188 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
189 "%s: crl_file '%s' not found, or is unreadable\n",
190 id, vcfg_common->crl_file);
191 }
192
193 if (!ast_strlen_zero(vcfg_common->crl_path)
194 && !ast_file_is_readable(vcfg_common->crl_path)) {
195 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
196 "%s: crl_path '%s' not found, or is unreadable\n",
197 id, vcfg_common->crl_path);
198 }
199
200 if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
201 && !ast_file_is_readable(vcfg_common->untrusted_cert_file)) {
202 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
203 "%s: untrusted_cert_file '%s' not found, or is unreadable\n",
204 id, vcfg_common->untrusted_cert_file);
205 }
206
207 if (!ast_strlen_zero(vcfg_common->untrusted_cert_path)
208 && !ast_file_is_readable(vcfg_common->untrusted_cert_path)) {
209 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
210 "%s: untrusted_cert_path '%s' not found, or is unreadable\n",
211 id, vcfg_common->untrusted_cert_path);
212 }
213
214 if (!ast_strlen_zero(vcfg_common->ca_file)
215 || !ast_strlen_zero(vcfg_common->ca_path)) {
216 int rc = 0;
217
218 if (!vcfg_common->tcs) {
219 vcfg_common->tcs = crypto_create_cert_store();
220 if (!vcfg_common->tcs) {
221 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
222 "%s: Unable to create CA cert store\n", id);
223 }
224 }
225 rc = crypto_load_cert_store(vcfg_common->tcs,
226 vcfg_common->ca_file, vcfg_common->ca_path);
227 if (rc != 0) {
228 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
229 "%s: Unable to load CA cert store from '%s' or '%s'\n",
230 id, vcfg_common->ca_file, vcfg_common->ca_path);
231 }
232 }
233
234 if (!ast_strlen_zero(vcfg_common->crl_file)
235 || !ast_strlen_zero(vcfg_common->crl_path)) {
236 int rc = 0;
237
238 if (!vcfg_common->tcs) {
239 vcfg_common->tcs = crypto_create_cert_store();
240 if (!vcfg_common->tcs) {
241 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
242 "%s: Unable to create CA cert store\n", id);
243 }
244 }
245 rc = crypto_load_crl_store(vcfg_common->tcs,
246 vcfg_common->crl_file, vcfg_common->crl_path);
247 if (rc != 0) {
248 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
249 "%s: Unable to load CA CRL store from '%s' or '%s'\n",
250 id, vcfg_common->crl_file, vcfg_common->crl_path);
251 }
252 }
253
254 if (!ast_strlen_zero(vcfg_common->untrusted_cert_file)
255 || !ast_strlen_zero(vcfg_common->untrusted_cert_path)) {
256 int rc = 0;
257
258 if (!vcfg_common->tcs) {
259 vcfg_common->tcs = crypto_create_cert_store();
260 if (!vcfg_common->tcs) {
261 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
262 "%s: Unable to create CA cert store\n", id);
263 }
264 }
265 rc = crypto_load_untrusted_cert_store(vcfg_common->tcs,
266 vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
267 if (rc != 0) {
268 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
269 "%s: Unable to load CA CRL store from '%s' or '%s'\n",
270 id, vcfg_common->untrusted_cert_file, vcfg_common->untrusted_cert_path);
271 }
272 }
273
274 if (vcfg_common->tcs) {
275 if (ENUM_BOOL(vcfg_common->load_system_certs, load_system_certs)) {
276 X509_STORE_set_default_paths(vcfg_common->tcs->certs);
277 }
278
279 if (!ast_strlen_zero(vcfg_common->crl_file)
280 || !ast_strlen_zero(vcfg_common->crl_path)) {
281 X509_STORE_set_flags(vcfg_common->tcs->certs, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_EXTENDED_CRL_SUPPORT);
282 }
283 }
284
285 if (!ast_strlen_zero(vcfg_common->cert_cache_dir)) {
286 FILE *fp;
287 char *testfile;
288
289 if (ast_asprintf(&testfile, "%s/testfile", vcfg_common->cert_cache_dir) <= 0) {
290 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
291 "%s: Unable to allocate memory for testfile\n", id);
292 }
293
294 fp = fopen(testfile, "w+");
295 if (!fp) {
296 ast_free(testfile);
297 SCOPE_EXIT_LOG_RTN_VALUE(-1, LOG_ERROR,
298 "%s: cert_cache_dir '%s' was not writable\n",
299 id, vcfg_common->cert_cache_dir);
300 }
301 fclose(fp);
302 remove(testfile);
303 ast_free(testfile);
304 }
305
306 SCOPE_EXIT_RTN_VALUE(0, "%s: Done\n", id);
307}
ast_free
#define ast_free(a)
Definition: astmm.h:180
ast_asprintf
#define ast_asprintf(ret, fmt,...)
A wrapper for asprintf()
Definition: astmm.h:267
ENUM_BOOL
#define ENUM_BOOL(__enum1, __field)
Definition: common_config.h:220
crypto_load_crl_store
int crypto_load_crl_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with certificate revocation lists.
Definition: crypto_utils.c:711
crypto_load_untrusted_cert_store
int crypto_load_untrusted_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with untrusted certificates.
Definition: crypto_utils.c:668
crypto_create_cert_store
struct crypto_cert_store * crypto_create_cert_store(void)
Create an empty X509 store.
Definition: crypto_utils.c:479
crypto_load_cert_store
int crypto_load_cert_store(struct crypto_cert_store *store, const char *file, const char *path)
Load an X509 Store with either certificates or CRLs.
Definition: crypto_utils.c:652
SCOPE_EXIT_RTN_VALUE
#define SCOPE_EXIT_RTN_VALUE(__return_value,...)
Definition: include/asterisk/logger.h:1034
SCOPE_EXIT_LOG_RTN_VALUE
#define SCOPE_EXIT_LOG_RTN_VALUE(__value, __log_level,...)
Definition: include/asterisk/logger.h:1057
SCOPE_ENTER
#define SCOPE_ENTER(level,...)
Definition: include/asterisk/logger.h:1006
remove
#define remove
Definition: main/stdtime/private.h:218
ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
crypto_cert_store::certs
X509_STORE * certs
Definition: crypto_utils.h:192
verification_cfg_common::cert_cache_dir
const ast_string_field cert_cache_dir
Definition: common_config.h:356
verification_cfg_common::ca_path
const ast_string_field ca_path
Definition: common_config.h:356
verification_cfg_common::crl_file
const ast_string_field crl_file
Definition: common_config.h:356
verification_cfg_common::crl_path
const ast_string_field crl_path
Definition: common_config.h:356
verification_cfg_common::load_system_certs
enum load_system_certs_enum load_system_certs
Definition: common_config.h:369
verification_cfg_common::ca_file
const ast_string_field ca_file
Definition: common_config.h:356
verification_cfg_common::untrusted_cert_file
const ast_string_field untrusted_cert_file
Definition: common_config.h:356
verification_cfg_common::untrusted_cert_path
const ast_string_field untrusted_cert_path
Definition: common_config.h:356
ast_file_is_readable
int ast_file_is_readable(const char *filename)
Test that a file exists and is readable by the effective user.
Definition: utils.c:3107

References ast_asprintf, ast_file_is_readable(), ast_free, ast_strlen_zero(), verification_cfg_common::ca_file, verification_cfg_common::ca_path, verification_cfg_common::cert_cache_dir, crypto_cert_store::certs, verification_cfg_common::crl_file, verification_cfg_common::crl_path, crypto_create_cert_store(), crypto_load_cert_store(), crypto_load_crl_store(), crypto_load_untrusted_cert_store(), ENUM_BOOL, verification_cfg_common::load_system_certs, LOG_ERROR, remove, SCOPE_ENTER, SCOPE_EXIT_LOG_RTN_VALUE, SCOPE_EXIT_RTN_VALUE, verification_cfg_common::tcs, verification_cfg_common::untrusted_cert_file, verification_cfg_common::untrusted_cert_path, and verification_cfg::vcfg_common.

Referenced by profile_apply(), and verification_apply().

◆ vs_config_load()

int vs_config_load ( void  )

Definition at line 446 of file verification_config.c.

447{
448 struct ast_sorcery *sorcery = get_sorcery();
449
450 snprintf(DEFAULT_cert_cache_dir, sizeof(DEFAULT_cert_cache_dir), "%s/keys/%s/cache",
451 ast_config_AST_DATA_DIR, STIR_SHAKEN_DIR_NAME);
452
453 ast_sorcery_apply_default(sorcery, CONFIG_TYPE, "config",
454 "stir_shaken.conf,criteria=type=" CONFIG_TYPE ",single_object=yes,explicit_name=" CONFIG_TYPE);
455
456 if (ast_sorcery_object_register(sorcery, CONFIG_TYPE, verification_alloc,
457 NULL, verification_apply)) {
458 ast_log(LOG_ERROR, "stir/shaken - failed to register '%s' sorcery object\n", CONFIG_TYPE);
459 return -1;
460 }
461
462 ast_sorcery_object_field_register_nodoc(sorcery, CONFIG_TYPE, "type", "",
463 OPT_NOOP_T, 0, 0);
464
465 ast_sorcery_object_field_register(sorcery, CONFIG_TYPE, "global_disable",
466 DEFAULT_global_disable ? "yes" : "no",
467 OPT_YESNO_T, 1, FLDSET(struct verification_cfg, global_disable));
468
469 register_common_verification_fields(sorcery, verification_cfg, CONFIG_TYPE,);
470
471 ast_sorcery_load_object(sorcery, CONFIG_TYPE);
472
473 if (!vs_is_config_loaded()) {
474 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
475 }
476 if (!empty_cfg) {
477 empty_cfg = verification_alloc(CONFIG_TYPE);
478 if (!empty_cfg) {
479 return -1;
480 }
481 empty_cfg->global_disable = 1;
482 }
483
484 ast_cli_register_multiple(verification_cli,
485 ARRAY_LEN(verification_cli));
486
487 return 0;
488}
ast_cli_register_multiple
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
get_sorcery
struct ast_sorcery * get_sorcery(void)
Retrieve the stir/shaken sorcery context.
Definition: common_config.c:34
register_common_verification_fields
#define register_common_verification_fields(sorcery, object, CONFIG_TYPE, nodoc)
Definition: common_config.h:516
FLDSET
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
Definition: config_options.h:816
OPT_NOOP_T
@ OPT_NOOP_T
Type for a default handler that should do nothing.
Definition: config_options.h:399
OPT_YESNO_T
@ OPT_YESNO_T
Type for default option handler for bools (ast_true/ast_false)
Definition: config_options.h:481
ast_config_AST_DATA_DIR
const char * ast_config_AST_DATA_DIR
Definition: options.c:159
sorcery
static struct ast_sorcery * sorcery
Definition: res/ari/config.c:38
ast_sorcery_object_field_register_nodoc
#define ast_sorcery_object_field_register_nodoc(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object without documentation.
Definition: sorcery.h:987
ast_sorcery_object_register
#define ast_sorcery_object_register(sorcery, type, alloc, transform, apply)
Register an object type.
Definition: sorcery.h:837
ast_sorcery_load_object
void ast_sorcery_load_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to load persistent objects.
Definition: sorcery.c:1393
ast_sorcery_object_field_register
#define ast_sorcery_object_field_register(sorcery, type, name, default_val, opt_type, flags,...)
Register a field within an object.
Definition: sorcery.h:955
ast_sorcery_apply_default
#define ast_sorcery_apply_default(sorcery, type, name, data)
Definition: sorcery.h:476
ast_sorcery
Full structure for sorcery.
Definition: sorcery.c:230
verification_cfg::global_disable
int global_disable
Definition: common_config.h:409
verification_apply
static int verification_apply(const struct ast_sorcery *sorcery, void *obj)
Definition: verification_config.c:340
verification_cli
static struct ast_cli_entry verification_cli[]
Definition: verification_config.c:414
STIR_SHAKEN_DIR_NAME
#define STIR_SHAKEN_DIR_NAME
Definition: verification_config.c:53
verification_alloc
static void * verification_alloc(const char *name)
Definition: verification_config.c:96
DEFAULT_cert_cache_dir
static char DEFAULT_cert_cache_dir[PATH_MAX]
Definition: verification_config.c:37
DEFAULT_global_disable
#define DEFAULT_global_disable
Definition: verification_config.c:29
empty_cfg
static struct verification_cfg * empty_cfg
Definition: verification_config.c:51
CONFIG_TYPE
#define CONFIG_TYPE
Definition: verification_config.c:27

References ARRAY_LEN, ast_cli_register_multiple, ast_config_AST_DATA_DIR, ast_log, ast_sorcery_apply_default, ast_sorcery_load_object(), ast_sorcery_object_field_register, ast_sorcery_object_field_register_nodoc, ast_sorcery_object_register, CONFIG_TYPE, DEFAULT_cert_cache_dir, DEFAULT_global_disable, empty_cfg, FLDSET, get_sorcery(), verification_cfg::global_disable, LOG_ERROR, LOG_WARNING, NULL, OPT_NOOP_T, OPT_YESNO_T, register_common_verification_fields, sorcery, STIR_SHAKEN_DIR_NAME, verification_alloc(), verification_apply(), verification_cli, and vs_is_config_loaded().

Referenced by vs_load().

◆ vs_config_reload()

int vs_config_reload ( void  )

Definition at line 418 of file verification_config.c.

419{
420 struct ast_sorcery *sorcery = get_sorcery();
421 ast_sorcery_force_reload_object(sorcery, CONFIG_TYPE);
422
423 if (!vs_is_config_loaded()) {
424 ast_log(LOG_WARNING,"Stir/Shaken verification service disabled. Either there were errors in the 'verification' object in stir_shaken.conf or it was missing altogether.\n");
425 }
426 if (!empty_cfg) {
427 empty_cfg = verification_alloc(CONFIG_TYPE);
428 if (!empty_cfg) {
429 return -1;
430 }
431 empty_cfg->global_disable = 1;
432 }
433
434 return 0;
435}
ast_sorcery_force_reload_object
void ast_sorcery_force_reload_object(const struct ast_sorcery *sorcery, const char *type)
Inform any wizards of a specific object type to reload persistent objects even if no changes determin...
Definition: sorcery.c:1457

References ast_log, ast_sorcery_force_reload_object(), CONFIG_TYPE, empty_cfg, get_sorcery(), verification_cfg::global_disable, LOG_WARNING, sorcery, verification_alloc(), and vs_is_config_loaded().

Referenced by vs_reload().

◆ vs_config_unload()

int vs_config_unload ( void  )

Definition at line 437 of file verification_config.c.

438{
439 ast_cli_unregister_multiple(verification_cli,
440 ARRAY_LEN(verification_cli));
441 ao2_cleanup(empty_cfg);
442
443 return 0;
444}
ast_cli_unregister_multiple
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30

References ao2_cleanup, ARRAY_LEN, ast_cli_unregister_multiple(), empty_cfg, and verification_cli.

Referenced by vs_unload().

◆ vs_copy_cfg_common()

int vs_copy_cfg_common ( const char *  id,
struct verification_cfg_common cfg_dst,
struct verification_cfg_common cfg_src 
)

Definition at line 124 of file verification_config.c.

126{
127 int rc = 0;
128
129 if (!cfg_dst || !cfg_src) {
130 return -1;
131 }
132
133 if (!cfg_dst->tcs && cfg_src->tcs) {
134 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_file);
135 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, ca_path);
136 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_file);
137 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, crl_path);
138 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_file);
139 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, untrusted_cert_path);
140 ao2_bump(cfg_src->tcs);
141 cfg_dst->tcs = cfg_src->tcs;
142 }
143
144 cfg_sf_copy_wrapper(id, cfg_dst, cfg_src, cert_cache_dir);
145
146 cfg_uint_copy(cfg_dst, cfg_src, curl_timeout);
147 cfg_uint_copy(cfg_dst, cfg_src, max_iat_age);
148 cfg_uint_copy(cfg_dst, cfg_src, max_date_header_age);
149 cfg_uint_copy(cfg_dst, cfg_src, max_cache_entry_age);
150 cfg_uint_copy(cfg_dst, cfg_src, max_cache_size);
151
152 cfg_enum_copy(cfg_dst, cfg_src, stir_shaken_failure_action);
153 cfg_enum_copy(cfg_dst, cfg_src, use_rfc9410_responses);
154 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_port_scheme_restrictions);
155 cfg_enum_copy(cfg_dst, cfg_src, relax_x5u_path_restrictions);
156 cfg_enum_copy(cfg_dst, cfg_src, load_system_certs);
157 cfg_enum_copy(cfg_dst, cfg_src, ignore_sip_date_header);
158
159 if (cfg_src->acl) {
160 ast_free_acl_list(cfg_dst->acl);
161 cfg_dst->acl = ast_duplicate_acl_list(cfg_src->acl);
162 }
163
164 return rc;
165}
ast_duplicate_acl_list
struct ast_acl_list * ast_duplicate_acl_list(struct ast_acl_list *original)
Duplicates the contests of a list of lists of host access rules.
Definition: acl.c:315
ao2_bump
#define ao2_bump(obj)
Bump refcount on an AO2 object by one, returning the object.
Definition: astobj2.h:480
cfg_uint_copy
#define cfg_uint_copy(__cfg_dst, __cfg_src, __field)
cfg_uint_copy
Definition: common_config.h:264
cfg_sf_copy_wrapper
#define cfg_sf_copy_wrapper(id, __cfg_dst, __cfg_src, __field)
cfg_copy_wrapper
Definition: common_config.h:248
cfg_enum_copy
#define cfg_enum_copy(__cfg_dst, __cfg_src, __field)
Definition: common_config.h:285

References verification_cfg_common::acl, ao2_bump, ast_duplicate_acl_list(), ast_free_acl_list(), cfg_enum_copy, cfg_sf_copy_wrapper, cfg_uint_copy, and verification_cfg_common::tcs.

Referenced by create_effective_profile().

◆ vs_get_cfg()

struct verification_cfg * vs_get_cfg ( void  )

Definition at line 55 of file verification_config.c.

56{
57 struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
58 CONFIG_TYPE, CONFIG_TYPE);
59 if (cfg) {
60 return cfg;
61 }
62
63 return empty_cfg ? ao2_bump(empty_cfg) : NULL;
64}
ast_sorcery_retrieve_by_id
void * ast_sorcery_retrieve_by_id(const struct ast_sorcery *sorcery, const char *type, const char *id)
Retrieve an object using its unique identifier.
Definition: sorcery.c:1853

References ao2_bump, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, empty_cfg, get_sorcery(), and NULL.

Referenced by add_cert_expiration_to_astdb(), ast_stir_shaken_vs_ctx_create(), cli_verification_show(), cli_verify_cert(), and create_effective_profile().

◆ vs_is_config_loaded()

int vs_is_config_loaded ( void  )

Definition at line 66 of file verification_config.c.

67{
68 struct verification_cfg *cfg = ast_sorcery_retrieve_by_id(get_sorcery(),
69 CONFIG_TYPE, CONFIG_TYPE);
70 ao2_cleanup(cfg);
71
72 return !!cfg;
73}

References ao2_cleanup, ast_sorcery_retrieve_by_id(), CONFIG_TYPE, and get_sorcery().

Referenced by cli_verification_show(), vs_config_load(), and vs_config_reload().

Variable Documentation

◆ DEFAULT_cert_cache_dir

char DEFAULT_cert_cache_dir[PATH_MAX]
static

Definition at line 37 of file verification_config.c.

Referenced by vs_config_load().

◆ empty_cfg

struct verification_cfg* empty_cfg = NULL
static

Definition at line 51 of file verification_config.c.

Referenced by vs_config_load(), vs_config_reload(), vs_config_unload(), and vs_get_cfg().

◆ special_addresses

char* special_addresses[]
static

Definition at line 309 of file verification_config.c.

Referenced by verification_apply().

◆ verification_cli

struct ast_cli_entry verification_cli[]
static
Initial value:
= {
{ .handler = cli_verification_show , .summary = "Show stir/shaken verification configuration" ,},
}
cli_verification_show
static char * cli_verification_show(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
Definition: verification_config.c:378

Definition at line 414 of file verification_config.c.

Referenced by vs_config_load(), and vs_config_unload().

Generated on Wed Jul 9 2025 20:04:48 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4