Asterisk - The Open Source Telephony Project GIT-master-7805f28
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros Modules Pages
Data Structures | Macros | Functions | Variables
named_acl.c File Reference

Named Access Control Lists. More...

#include "asterisk.h"
#include "asterisk/config.h"
#include "asterisk/config_options.h"
#include "asterisk/utils.h"
#include "asterisk/module.h"
#include "asterisk/cli.h"
#include "asterisk/acl.h"
#include "asterisk/astobj2.h"
#include "asterisk/paths.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"
Include dependency graph for named_acl.c:

Go to the source code of this file.

Data Structures

struct  named_acl
 
struct  named_acl_config
 

Macros

#define ACL_FAMILY   "acls"
 
#define AST_MODULE   "acl"
 
#define NACL_CONFIG   "acl.conf"
 

Functions

static void __reg_module (void)
 
static void __unreg_module (void)
 
static int acl_order_comparator (struct ast_category *p, struct ast_category *q)
 
static AO2_GLOBAL_OBJ_STATIC (globals)
 
struct ast_moduleAST_MODULE_SELF_SYM (void)
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL. More...
 
static void cli_display_named_acl (int fd, const char *name)
 
static void cli_display_named_acl_list (int fd)
 
 CONFIG_INFO_CORE ("named_acl", cfg_info, globals, named_acl_config_alloc,.files=ACO_FILES(&named_acl_conf),)
 
static void destroy_named_acl (void *obj)
 Destroy a named ACL object. More...
 
static char * handle_show_named_acl_cmd (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 ACL command show <name> More...
 
static int load_module (void)
 
static void * named_acl_alloc (const char *cat)
 Create a named ACL structure. More...
 
static void * named_acl_config_alloc (void)
 allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code More...
 
static void named_acl_config_destructor (void *obj)
 destructor for named_acl_config More...
 
static void * named_acl_find (struct ao2_container *container, const char *cat)
 Find a named ACL in a container by its name. More...
 
static struct named_aclnamed_acl_find_realtime (const char *name)
 
static int publish_acl_change (const char *name)
 
static int reload_module (void)
 
 STASIS_MESSAGE_TYPE_DEFN (ast_named_acl_change_type)
 Message type for named ACL changes. More...
 
static int unload_module (void)
 

Variables

static struct ast_module_info __mod_info = { .name = "acl" , .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
 
static const struct ast_module_infoast_module_info = &__mod_info
 
static struct ast_cli_entry cli_named_acl []
 
struct aco_file named_acl_conf
 
static struct aco_type named_acl_type
 
struct aco_typenamed_acl_types [] = ACO_TYPES(&named_acl_type)
 

Detailed Description

Named Access Control Lists.

Author
Jonathan Rose jrose.nosp@m.@dig.nosp@m.ium.c.nosp@m.om
Note
Based on a feature proposed by Olle E. Johansson oej@e.nosp@m.dvin.nosp@m.a.net

Definition in file named_acl.c.

Macro Definition Documentation

◆ ACL_FAMILY

#define ACL_FAMILY   "acls"

Definition at line 50 of file named_acl.c.

◆ AST_MODULE

#define AST_MODULE   "acl"

Definition at line 33 of file named_acl.c.

◆ NACL_CONFIG

#define NACL_CONFIG   "acl.conf"

Definition at line 49 of file named_acl.c.

Function Documentation

◆ __reg_module()

static void __reg_module ( void  )
static

Definition at line 599 of file named_acl.c.

◆ __unreg_module()

static void __unreg_module ( void  )
static

Definition at line 599 of file named_acl.c.

◆ acl_order_comparator()

static int acl_order_comparator ( struct ast_category p,
struct ast_category q 
)
static

Definition at line 210 of file named_acl.c.

211{
212 int p_value = 0, q_value = 0;
213 struct ast_variable *p_var = ast_category_first(p);
214 struct ast_variable *q_var = ast_category_first(q);
215
216 while (p_var) {
217 if (!strcasecmp(p_var->name, "rule_order")) {
218 p_value = atoi(p_var->value);
219 break;
220 }
221 p_var = p_var->next;
222 }
223
224 while (q_var) {
225 if (!strcasecmp(q_var->name, "rule_order")) {
226 q_value = atoi(q_var->value);
227 break;
228 }
229 q_var = q_var->next;
230 }
231
232 if (p_value < q_value) {
233 return -1;
234 } else if (q_value < p_value) {
235 return 1;
236 }
237
238 return 0;
239}
ast_category_first
struct ast_variable * ast_category_first(struct ast_category *cat)
given a pointer to a category, return the root variable.
Definition: main/config.c:1358
ast_variable
Structure for variables, used for configurations and for channel variables.
Definition: include/asterisk/config.h:83
ast_variable::value
const char * value
Definition: include/asterisk/config.h:87
ast_variable::name
const char * name
Definition: include/asterisk/config.h:85
ast_variable::next
struct ast_variable * next
Definition: include/asterisk/config.h:90

References ast_category_first(), ast_variable::name, ast_variable::next, and ast_variable::value.

Referenced by named_acl_find_realtime().

◆ AO2_GLOBAL_OBJ_STATIC()

static AO2_GLOBAL_OBJ_STATIC ( globals  )
static

◆ AST_MODULE_SELF_SYM()

struct ast_module * AST_MODULE_SELF_SYM ( void  )

Definition at line 599 of file named_acl.c.

◆ ast_named_acl_find()

struct ast_ha * ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Returns
A copy of the named ACL as an ast_ha
Return values
NULLif no ACL could be found.

Definition at line 302 of file named_acl.c.

303{
304 struct ast_ha *ha = NULL;
305
306 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
307 RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
308
309 if (is_realtime) {
310 *is_realtime = 0;
311 }
312
313 if (is_undefined) {
314 *is_undefined = 0;
315 }
316
317 /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
318 if ((!cfg) || (!(cfg->named_acl_list))) {
319 ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
320 return NULL;
321 }
322
323 named_acl = named_acl_find(cfg->named_acl_list, name);
324
325 /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
326 if (!named_acl) {
327 RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
328
329 /* Attempt to create from realtime */
330 if ((realtime_acl = named_acl_find_realtime(name))) {
331 if (is_realtime) {
332 *is_realtime = 1;
333 }
334 ha = ast_duplicate_ha_list(realtime_acl->ha);
335 return ha;
336 }
337
338 /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
339 if (ast_realtime_is_mapping_defined(ACL_FAMILY) && !ast_check_realtime(ACL_FAMILY)) {
340 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
341 "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
342 "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
343 } else {
344 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
345 }
346
347 if (is_undefined) {
348 *is_undefined = 1;
349 }
350
351 return NULL;
352 }
353
354 ha = ast_duplicate_ha_list(named_acl->ha);
355
356 if (!ha) {
357 ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
358 }
359
360 return ha;
361}
ast_duplicate_ha_list
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
ast_log
#define ast_log
Definition: astobj2.c:42
ao2_cleanup
#define ao2_cleanup(obj)
Definition: astobj2.h:1934
ao2_global_obj_ref
#define ao2_global_obj_ref(holder)
Get a reference to the object stored in the global holder.
Definition: astobj2.h:918
globals
static struct console_pvt globals
name
static const char name[]
Definition: format_mp3.c:68
ast_realtime_is_mapping_defined
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition: main/config.c:3413
ast_check_realtime
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition: main/config.c:3750
LOG_ERROR
#define LOG_ERROR
Definition: include/asterisk/logger.h:289
LOG_NOTICE
#define LOG_NOTICE
Definition: include/asterisk/logger.h:267
LOG_WARNING
#define LOG_WARNING
Definition: include/asterisk/logger.h:278
named_acl_find
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:191
named_acl_find_realtime
static struct named_acl * named_acl_find_realtime(const char *name)
Definition: named_acl.c:249
ACL_FAMILY
#define ACL_FAMILY
Definition: named_acl.c:50
NULL
#define NULL
Definition: resample.c:96
ast_ha
internal representation of ACL entries In principle user applications would have no need for this,...
Definition: acl.h:51
named_acl_config
Definition: named_acl.c:82
named_acl
Definition: named_acl.c:117
named_acl::ha
struct ast_ha * ha
Definition: named_acl.c:118
RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941

References ACL_FAMILY, ao2_cleanup, ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_log, ast_realtime_is_mapping_defined(), globals, named_acl::ha, LOG_ERROR, LOG_NOTICE, LOG_WARNING, name, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by ast_append_acl().

◆ cli_display_named_acl()

static void cli_display_named_acl ( int  fd,
const char *  name 
)
static

Definition at line 421 of file named_acl.c.

422{
423 int is_realtime = 0;
424
425 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
426 RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
427
428 /* If the configuration or the configuration's named_acl_list is unavailable, abort. */
429 if ((!cfg) || (!cfg->named_acl_list)) {
430 ast_log(LOG_ERROR, "Attempted to show named ACL '%s', but the acl configuration isn't available.\n", name);
431 return;
432 }
433
434 named_acl = named_acl_find(cfg->named_acl_list, name);
435
436 /* If the named_acl couldn't be found with the search, also abort. */
437 if (!named_acl) {
438 if (!(named_acl = named_acl_find_realtime(name))) {
439 ast_cli(fd, "\nCould not find ACL named '%s'\n", name);
440 return;
441 }
442
443 is_realtime = 1;
444 }
445
446 ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");
447 ast_ha_output(fd, named_acl->ha, NULL);
448}
ast_ha_output
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1103
ast_cli
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6

References ao2_cleanup, ao2_global_obj_ref, ast_cli(), ast_ha_output(), ast_log, globals, named_acl::ha, LOG_ERROR, name, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

◆ cli_display_named_acl_list()

static void cli_display_named_acl_list ( int  fd)
static

Definition at line 456 of file named_acl.c.

457{
458 struct ao2_iterator i;
459 void *o;
460 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
461
462 ast_cli(fd, "\nacl\n---\n");
463
464 if (!cfg || !cfg->named_acl_list) {
465 ast_cli(fd, "ACL configuration isn't available.\n");
466 return;
467 }
468 i = ao2_iterator_init(cfg->named_acl_list, 0);
469
470 while ((o = ao2_iterator_next(&i))) {
471 struct named_acl *named_acl = o;
472 ast_cli(fd, "%s\n", named_acl->name);
473 ao2_ref(o, -1);
474 }
475
476 ao2_iterator_destroy(&i);
477}
ao2_iterator_next
#define ao2_iterator_next(iter)
Definition: astobj2.h:1911
ao2_iterator_init
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
Definition: astobj2_container.c:485
ao2_ref
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
ao2_iterator_destroy
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
Definition: astobj2_container.c:534
ao2_iterator
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1821
named_acl::name
char name[ACL_NAME_LENGTH]
Definition: named_acl.c:119

References ao2_cleanup, ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli(), globals, named_acl::name, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

◆ CONFIG_INFO_CORE()

CONFIG_INFO_CORE ( "named_acl"  ,
cfg_info  ,
globals  ,
named_acl_config_alloc  ,
files = ACO_FILES(&named_acl_conf) 
)

◆ destroy_named_acl()

static void destroy_named_acl ( void *  obj)
static

Destroy a named ACL object.

Definition at line 157 of file named_acl.c.

158{
159 struct named_acl *named_acl = obj;
160 ast_free_ha(named_acl->ha);
161}
ast_free_ha
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222

References ast_free_ha(), and named_acl::ha.

Referenced by named_acl_alloc().

◆ handle_show_named_acl_cmd()

static char * handle_show_named_acl_cmd ( struct ast_cli_entry e,
int  cmd,
struct ast_cli_args a 
)
static

ACL command show <name>

Definition at line 480 of file named_acl.c.

481{
482 struct named_acl_config *cfg;
483 int length;
484 struct ao2_iterator i;
485 struct named_acl *named_acl;
486
487 switch (cmd) {
488 case CLI_INIT:
489 e->command = "acl show";
490 e->usage =
491 "Usage: acl show [name]\n"
492 " Shows a list of named ACLs or lists all entries in a given named ACL.\n";
493 return NULL;
494 case CLI_GENERATE:
495 if (a->pos != 2) {
496 return NULL;
497 }
498
499 cfg = ao2_global_obj_ref(globals);
500 if (!cfg) {
501 return NULL;
502 }
503 length = strlen(a->word);
504 i = ao2_iterator_init(cfg->named_acl_list, 0);
505 while ((named_acl = ao2_iterator_next(&i))) {
506 if (!strncasecmp(a->word, named_acl->name, length)) {
507 if (ast_cli_completion_add(ast_strdup(named_acl->name))) {
508 ao2_ref(named_acl, -1);
509 break;
510 }
511 }
512 ao2_ref(named_acl, -1);
513 }
514 ao2_iterator_destroy(&i);
515 ao2_ref(cfg, -1);
516
517 return NULL;
518 }
519
520 if (a->argc == 2) {
521 cli_display_named_acl_list(a->fd);
522 return CLI_SUCCESS;
523 }
524
525 if (a->argc == 3) {
526 cli_display_named_acl(a->fd, a->argv[2]);
527 return CLI_SUCCESS;
528 }
529
530
531 return CLI_SHOWUSAGE;
532}
ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:241
CLI_SHOWUSAGE
#define CLI_SHOWUSAGE
Definition: cli.h:45
CLI_SUCCESS
#define CLI_SUCCESS
Definition: cli.h:44
ast_cli_completion_add
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition: main/cli.c:2768
CLI_INIT
@ CLI_INIT
Definition: cli.h:152
CLI_GENERATE
@ CLI_GENERATE
Definition: cli.h:153
cli_display_named_acl_list
static void cli_display_named_acl_list(int fd)
Definition: named_acl.c:456
cli_display_named_acl
static void cli_display_named_acl(int fd, const char *name)
Definition: named_acl.c:421
ast_cli_entry::command
char * command
Definition: cli.h:186
ast_cli_entry::usage
const char * usage
Definition: cli.h:177
named_acl_config::named_acl_list
struct ao2_container * named_acl_list
Definition: named_acl.c:83
a
static struct test_val a
Definition: test_linkedlists.c:46

References a, ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_strdup, cli_display_named_acl(), cli_display_named_acl_list(), CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, globals, named_acl::name, named_acl_config::named_acl_list, NULL, and ast_cli_entry::usage.

◆ load_module()

static int load_module ( void  )
static

Definition at line 573 of file named_acl.c.

574{
575 if (aco_info_init(&cfg_info)) {
576 return AST_MODULE_LOAD_FAILURE;
577 }
578
579 STASIS_MESSAGE_TYPE_INIT(ast_named_acl_change_type);
580
581 /* Register the per level options. */
582 aco_option_register(&cfg_info, "permit", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha));
583 aco_option_register(&cfg_info, "deny", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 0, FLDSET(struct named_acl, ha));
584
585 aco_process_config(&cfg_info, 0);
586
587 ast_cli_register_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
588
589 return AST_MODULE_LOAD_SUCCESS;
590}
ast_named_acl_change_type
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
ast_cli_register_multiple
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
ACO_EXACT
@ ACO_EXACT
Definition: config_options.h:64
aco_info_init
int aco_info_init(struct aco_info *info)
Initialize an aco_info structure.
Definition: config_options.c:877
FLDSET
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
Definition: config_options.h:816
aco_option_register
#define aco_option_register(info, name, matchtype, types, default_val, opt_type, flags,...)
Register a config option.
Definition: config_options.h:623
OPT_ACL_T
@ OPT_ACL_T
Type for default option handler for ACLs.
Definition: config_options.h:276
aco_process_config
enum aco_process_status aco_process_config(struct aco_info *info, int reload)
Process a config info via the options registered with an aco_info.
Definition: config_options.c:652
AST_MODULE_LOAD_FAILURE
@ AST_MODULE_LOAD_FAILURE
Module could not be loaded properly.
Definition: module.h:102
AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition: module.h:70
named_acl_types
struct aco_type * named_acl_types[]
Definition: named_acl.c:105
cli_named_acl
static struct ast_cli_entry cli_named_acl[]
Definition: named_acl.c:534
STASIS_MESSAGE_TYPE_INIT
#define STASIS_MESSAGE_TYPE_INIT(name)
Boiler-plate messaging macro for initializing message types.
Definition: stasis.h:1493
ARRAY_LEN
#define ARRAY_LEN(a)
Definition: utils.h:666

References ACO_EXACT, aco_info_init(), aco_option_register, aco_process_config(), ARRAY_LEN, ast_cli_register_multiple, AST_MODULE_LOAD_FAILURE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), cli_named_acl, FLDSET, named_acl_types, NULL, OPT_ACL_T, and STASIS_MESSAGE_TYPE_INIT.

◆ named_acl_alloc()

static void * named_acl_alloc ( const char *  cat)
static

Create a named ACL structure.

Parameters
catname given to the ACL
Return values
NULLfailure
non-NULLsuccessfully allocated named ACL

Definition at line 170 of file named_acl.c.

171{
172 struct named_acl *named_acl;
173
174 named_acl = ao2_alloc(sizeof(*named_acl), destroy_named_acl);
175 if (!named_acl) {
176 return NULL;
177 }
178
179 ast_copy_string(named_acl->name, cat, sizeof(named_acl->name));
180
181 return named_acl;
182}
ao2_alloc
#define ao2_alloc(data_size, destructor_fn)
Definition: astobj2.h:409
destroy_named_acl
static void destroy_named_acl(void *obj)
Destroy a named ACL object.
Definition: named_acl.c:157
ast_copy_string
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425

References ao2_alloc, ast_copy_string(), destroy_named_acl(), named_acl::name, and NULL.

Referenced by named_acl_find_realtime().

◆ named_acl_config_alloc()

static void * named_acl_config_alloc ( void  )
static

allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code

Note
These functions are used for placing/retrieving named ACLs in their ao2_container.

Definition at line 135 of file named_acl.c.

136{
137 struct named_acl_config *cfg;
138
139 if (!(cfg = ao2_alloc(sizeof(*cfg), named_acl_config_destructor))) {
140 return NULL;
141 }
142
143 cfg->named_acl_list = ao2_container_alloc_hash(AO2_ALLOC_OPT_LOCK_MUTEX, 0, 37,
144 named_acl_hash_fn, NULL, named_acl_cmp_fn);
145 if (!cfg->named_acl_list) {
146 goto error;
147 }
148
149 return cfg;
150
151error:
152 ao2_ref(cfg, -1);
153 return NULL;
154}
AO2_ALLOC_OPT_LOCK_MUTEX
@ AO2_ALLOC_OPT_LOCK_MUTEX
Definition: astobj2.h:363
ao2_container_alloc_hash
#define ao2_container_alloc_hash(ao2_options, container_options, n_buckets, hash_fn, sort_fn, cmp_fn)
Allocate and initialize a hash container with the desired number of buckets.
Definition: astobj2.h:1303
named_acl_config_destructor
static void named_acl_config_destructor(void *obj)
destructor for named_acl_config
Definition: named_acl.c:126
error
int error(const char *format,...)
Definition: utils/frame.c:999

References ao2_alloc, AO2_ALLOC_OPT_LOCK_MUTEX, ao2_container_alloc_hash, ao2_ref, error(), named_acl_config_destructor(), named_acl_config::named_acl_list, and NULL.

◆ named_acl_config_destructor()

static void named_acl_config_destructor ( void *  obj)
static

destructor for named_acl_config

Definition at line 126 of file named_acl.c.

127{
128 struct named_acl_config *cfg = obj;
129 ao2_cleanup(cfg->named_acl_list);
130}

References ao2_cleanup, and named_acl_config::named_acl_list.

Referenced by named_acl_config_alloc().

◆ named_acl_find()

static void * named_acl_find ( struct ao2_container container,
const char *  cat 
)
static

Find a named ACL in a container by its name.

Parameters
containerao2container holding the named ACLs
catname of the ACL wanted to be found
Return values
pointerto the named ACL if available. Null if not found.

Definition at line 191 of file named_acl.c.

192{
193 struct named_acl tmp;
194 ast_copy_string(tmp.name, cat, sizeof(tmp.name));
195 return ao2_find(container, &tmp, OBJ_POINTER);
196}
OBJ_POINTER
#define OBJ_POINTER
Definition: astobj2.h:1150
ao2_find
#define ao2_find(container, arg, flags)
Definition: astobj2.h:1736
container
struct ao2_container * container
Definition: res_fax.c:531

References ao2_find, ast_copy_string(), container, named_acl::name, and OBJ_POINTER.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

◆ named_acl_find_realtime()

static struct named_acl * named_acl_find_realtime ( const char *  name)
static

Definition at line 249 of file named_acl.c.

250{
251 struct ast_config *cfg;
252 char *item = NULL;
253 const char *systemname = NULL;
254 struct ast_ha *built_ha = NULL;
255 struct named_acl *acl;
256
257 /* If we have a systemname set in the global options, we only want to retrieve entries with a matching systemname field. */
258 systemname = ast_config_AST_SYSTEM_NAME;
259
260 if (ast_strlen_zero(systemname)) {
261 cfg = ast_load_realtime_multientry(ACL_FAMILY, "name", name, SENTINEL);
262 } else {
263 cfg = ast_load_realtime_multientry(ACL_FAMILY, "name", name, "systemname", systemname, SENTINEL);
264 }
265
266 if (!cfg) {
267 return NULL;
268 }
269
270 /* At this point, the configuration must be sorted by the order field. */
271 ast_config_sort_categories(cfg, 0, acl_order_comparator);
272
273 while ((item = ast_category_browse(cfg, item))) {
274 int append_ha_error = 0;
275 const char *order = ast_variable_retrieve(cfg, item, "rule_order");
276 const char *sense = ast_variable_retrieve(cfg, item, "sense");
277 const char *rule = ast_variable_retrieve(cfg, item, "rule");
278
279 built_ha = ast_append_ha(sense, rule, built_ha, &append_ha_error);
280 if (append_ha_error) {
281 /* We need to completely reject an ACL that contains any bad rules. */
282 ast_log(LOG_ERROR, "Rejecting realtime ACL due to bad ACL definition '%s': %s - %s - %s\n", name, order, sense, rule);
283 ast_free_ha(built_ha);
284 return NULL;
285 }
286 }
287
288 ast_config_destroy(cfg);
289
290 acl = named_acl_alloc(name);
291 if (!acl) {
292 ast_log(LOG_ERROR, "allocation error\n");
293 ast_free_ha(built_ha);
294 return NULL;
295 }
296
297 acl->ha = built_ha;
298
299 return acl;
300}
ast_append_ha
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition: acl.c:712
order
integer order
Definition: analys.c:66
SENTINEL
#define SENTINEL
Definition: compiler.h:87
ast_category_browse
char * ast_category_browse(struct ast_config *config, const char *prev_name)
Browse categories.
Definition: extconf.c:3326
ast_config_sort_categories
void ast_config_sort_categories(struct ast_config *config, int descending, int(*comparator)(struct ast_category *p, struct ast_category *q))
Sorts categories in a config in the order of a numerical value contained within them.
Definition: main/config.c:1372
ast_load_realtime_multientry
struct ast_config * ast_load_realtime_multientry(const char *family,...) attribute_sentinel
Retrieve realtime configuration.
Definition: main/config.c:3842
ast_config_destroy
void ast_config_destroy(struct ast_config *cfg)
Destroys a config.
Definition: extconf.c:1289
ast_variable_retrieve
const char * ast_variable_retrieve(struct ast_config *config, const char *category, const char *variable)
Definition: main/config.c:869
named_acl_alloc
static void * named_acl_alloc(const char *cat)
Create a named ACL structure.
Definition: named_acl.c:170
acl_order_comparator
static int acl_order_comparator(struct ast_category *p, struct ast_category *q)
Definition: named_acl.c:210
ast_config_AST_SYSTEM_NAME
const char * ast_config_AST_SYSTEM_NAME
Definition: options.c:171
ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition: strings.h:65
acl
Definition: test_acl.c:111
ast_config
Definition: main/config.c:250
item
static struct aco_type item
Definition: test_config.c:1463

References ACL_FAMILY, acl_order_comparator(), ast_append_ha(), ast_category_browse(), ast_config_AST_SYSTEM_NAME, ast_config_destroy(), ast_config_sort_categories(), ast_free_ha(), ast_load_realtime_multientry(), ast_log, ast_strlen_zero(), ast_variable_retrieve(), item, LOG_ERROR, name, named_acl_alloc(), NULL, order, and SENTINEL.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

◆ publish_acl_change()

static int publish_acl_change ( const char *  name)
static

Definition at line 380 of file named_acl.c.

381{
382 RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
383 RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
384 RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
385
386 if (!json_object || !ast_named_acl_change_type()) {
387 goto publish_failure;
388 }
389
390 if (ast_json_object_set(json_object, "name", ast_json_string_create(name))) {
391 goto publish_failure;
392 }
393
394 if (!(json_payload = ast_json_payload_create(json_object))) {
395 goto publish_failure;
396 }
397
398 msg = stasis_message_create(ast_named_acl_change_type(), json_payload);
399
400 if (!msg) {
401 goto publish_failure;
402 }
403
404 stasis_publish(ast_security_topic(), msg);
405
406 return 0;
407
408publish_failure:
409 ast_log(LOG_ERROR, "Failed to issue ACL change message for %s.\n",
410 ast_strlen_zero(name) ? "all named ACLs" : name);
411 return -1;
412}
ast_json_string_create
struct ast_json * ast_json_string_create(const char *value)
Construct a JSON string from value.
Definition: json.c:278
ast_json_unref
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition: json.c:73
ast_json_object_create
struct ast_json * ast_json_object_create(void)
Create a new JSON object.
Definition: json.c:399
ast_json_payload_create
struct ast_json_payload * ast_json_payload_create(struct ast_json *json)
Create an ao2 object to pass json blobs as data payloads for stasis.
Definition: json.c:756
ast_json_object_set
int ast_json_object_set(struct ast_json *object, const char *key, struct ast_json *value)
Set a field in a JSON object.
Definition: json.c:414
ast_security_topic
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
Definition: main/security_events.c:425
stasis_message_create
struct stasis_message * stasis_message_create(struct stasis_message_type *type, void *data)
Create a new message.
Definition: stasis_message.c:174
stasis_publish
void stasis_publish(struct stasis_topic *topic, struct stasis_message *message)
Publish a message to a topic's subscribers.
Definition: stasis.c:1538
ast_json_payload
Definition: json.h:1082
ast_json
Abstract JSON element (object, array, string, int, ...).
stasis_message
Definition: stasis_message.c:121

References ao2_cleanup, ast_json_object_create(), ast_json_object_set(), ast_json_payload_create(), ast_json_string_create(), ast_json_unref(), ast_log, ast_named_acl_change_type(), ast_security_topic(), ast_strlen_zero(), LOG_ERROR, name, NULL, RAII_VAR, stasis_message_create(), and stasis_publish().

Referenced by reload_module().

◆ reload_module()

static int reload_module ( void  )
static

Definition at line 538 of file named_acl.c.

539{
540 enum aco_process_status status;
541
542 status = aco_process_config(&cfg_info, 1);
543
544 if (status == ACO_PROCESS_ERROR) {
545 ast_log(LOG_WARNING, "Could not reload ACL config\n");
546 return 0;
547 }
548
549 if (status == ACO_PROCESS_UNCHANGED) {
550 /* We don't actually log anything if the config was unchanged,
551 * but we don't need to send a config change event either.
552 */
553 return 0;
554 }
555
556 /* We need to push an ACL change event with no ACL name so that all subscribers update with all ACLs */
557 publish_acl_change("");
558
559 return 0;
560}
status
jack_status_t status
Definition: app_jack.c:149
aco_process_status
aco_process_status
Return values for the aco_process functions.
Definition: config_options.h:524
ACO_PROCESS_UNCHANGED
@ ACO_PROCESS_UNCHANGED
The config had not been edited and no changes applied.
Definition: config_options.h:526
ACO_PROCESS_ERROR
@ ACO_PROCESS_ERROR
Their was an error and no changes were applied.
Definition: config_options.h:527
publish_acl_change
static int publish_acl_change(const char *name)
Definition: named_acl.c:380

References aco_process_config(), ACO_PROCESS_ERROR, ACO_PROCESS_UNCHANGED, ast_log, LOG_WARNING, publish_acl_change(), and status.

◆ STASIS_MESSAGE_TYPE_DEFN()

STASIS_MESSAGE_TYPE_DEFN ( ast_named_acl_change_type  )

Message type for named ACL changes.

◆ unload_module()

static int unload_module ( void  )
static

Definition at line 562 of file named_acl.c.

563{
564 ast_cli_unregister_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
565
566 STASIS_MESSAGE_TYPE_CLEANUP(ast_named_acl_change_type);
567 aco_info_destroy(&cfg_info);
568 ao2_global_obj_release(globals);
569
570 return 0;
571}
ao2_global_obj_release
#define ao2_global_obj_release(holder)
Release the ao2 object held in the global holder.
Definition: astobj2.h:859
ast_cli_unregister_multiple
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30
aco_info_destroy
void aco_info_destroy(struct aco_info *info)
Destroy an initialized aco_info struct.
Definition: config_options.c:910
STASIS_MESSAGE_TYPE_CLEANUP
#define STASIS_MESSAGE_TYPE_CLEANUP(name)
Boiler-plate messaging macro for cleaning up message types.
Definition: stasis.h:1515

References aco_info_destroy(), ao2_global_obj_release, ARRAY_LEN, ast_cli_unregister_multiple(), ast_named_acl_change_type(), cli_named_acl, globals, and STASIS_MESSAGE_TYPE_CLEANUP.

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = "acl" , .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
static

Definition at line 599 of file named_acl.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info
static

Definition at line 599 of file named_acl.c.

◆ cli_named_acl

struct ast_cli_entry cli_named_acl[]
static
Initial value:
= {
{ .handler = handle_show_named_acl_cmd , .summary = "Show a named ACL or list all named ACLs" ,},
}
handle_show_named_acl_cmd
static char * handle_show_named_acl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
ACL command show <name>
Definition: named_acl.c:480

Definition at line 534 of file named_acl.c.

Referenced by load_module(), and unload_module().

◆ named_acl_conf

struct aco_file named_acl_conf
Initial value:
= {
.filename = "acl.conf",
.types = ACO_TYPES(&named_acl_type),
}
ACO_TYPES
#define ACO_TYPES(...)
A helper macro to ensure that aco_info types always have a sentinel.
Definition: config_options.h:181
named_acl_type
static struct aco_type named_acl_type
Definition: named_acl.c:94

Definition at line 107 of file named_acl.c.

◆ named_acl_type

struct aco_type named_acl_type
static

Definition at line 94 of file named_acl.c.

◆ named_acl_types

struct aco_type* named_acl_types[] = ACO_TYPES(&named_acl_type)

Definition at line 105 of file named_acl.c.

Referenced by load_module().

Generated on Wed May 14 2025 20:04:45 for Asterisk - The Open Source Telephony Project by doxygen 1.9.4