Asterisk - The Open Source Telephony Project GIT-master-b023714
Loading...
Searching...
No Matches
Data Structures | Macros | Functions | Variables
named_acl.c File Reference

Named Access Control Lists. More...

#include "asterisk.h"
#include "asterisk/config.h"
#include "asterisk/config_options.h"
#include "asterisk/utils.h"
#include "asterisk/module.h"
#include "asterisk/cli.h"
#include "asterisk/acl.h"
#include "asterisk/astobj2.h"
#include "asterisk/paths.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"
Include dependency graph for named_acl.c:

Go to the source code of this file.

Data Structures

struct  named_acl
 
struct  named_acl_config
 

Macros

#define ACL_FAMILY   "acls"
 
#define AST_MODULE   "acl"
 
#define NACL_CONFIG   "acl.conf"
 

Functions

static void __reg_module (void)
 
static void __unreg_module (void)
 
static int acl_order_comparator (struct ast_category *p, struct ast_category *q)
 
static AO2_GLOBAL_OBJ_STATIC (globals)
 
struct ast_moduleAST_MODULE_SELF_SYM (void)
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL.
 
static void cli_display_named_acl (int fd, const char *name)
 
static void cli_display_named_acl_list (int fd)
 
 CONFIG_INFO_CORE ("named_acl", cfg_info, globals, named_acl_config_alloc,.files=ACO_FILES(&named_acl_conf),)
 
static void destroy_named_acl (void *obj)
 Destroy a named ACL object.
 
static char * handle_show_named_acl_cmd (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 ACL command show <name>
 
static int load_module (void)
 
static void * named_acl_alloc (const char *cat)
 Create a named ACL structure.
 
static void * named_acl_config_alloc (void)
 allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code
 
static void named_acl_config_destructor (void *obj)
 destructor for named_acl_config
 
static void * named_acl_find (struct ao2_container *container, const char *cat)
 Find a named ACL in a container by its name.
 
static struct named_aclnamed_acl_find_realtime (const char *name)
 
static int publish_acl_change (const char *name)
 
static int reload_module (void)
 
 STASIS_MESSAGE_TYPE_DEFN (ast_named_acl_change_type)
 Message type for named ACL changes.
 
static int unload_module (void)
 

Variables

static struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = ASTERISK_GPL_KEY , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
 
static const struct ast_module_infoast_module_info = &__mod_info
 
static struct ast_cli_entry cli_named_acl []
 
struct aco_file named_acl_conf
 
static struct aco_type named_acl_type
 
struct aco_typenamed_acl_types [] = ACO_TYPES(&named_acl_type)
 

Detailed Description

Named Access Control Lists.

Author
Jonathan Rose jrose.nosp@m.@dig.nosp@m.ium.c.nosp@m.om
Note
Based on a feature proposed by Olle E. Johansson oej@e.nosp@m.dvin.nosp@m.a.net

Definition in file named_acl.c.

Macro Definition Documentation

◆ ACL_FAMILY

#define ACL_FAMILY   "acls"

Definition at line 50 of file named_acl.c.

◆ AST_MODULE

#define AST_MODULE   "acl"

Definition at line 33 of file named_acl.c.

◆ NACL_CONFIG

#define NACL_CONFIG   "acl.conf"

Definition at line 49 of file named_acl.c.

Function Documentation

◆ __reg_module()

static void __reg_module ( void  )
static

Definition at line 599 of file named_acl.c.

◆ __unreg_module()

static void __unreg_module ( void  )
static

Definition at line 599 of file named_acl.c.

◆ acl_order_comparator()

static int acl_order_comparator ( struct ast_category p,
struct ast_category q 
)
static

Definition at line 210 of file named_acl.c.

211{
212 int p_value = 0, q_value = 0;
213 struct ast_variable *p_var = ast_category_first(p);
214 struct ast_variable *q_var = ast_category_first(q);
215
216 while (p_var) {
217 if (!strcasecmp(p_var->name, "rule_order")) {
218 p_value = atoi(p_var->value);
219 break;
220 }
221 p_var = p_var->next;
222 }
223
224 while (q_var) {
225 if (!strcasecmp(q_var->name, "rule_order")) {
226 q_value = atoi(q_var->value);
227 break;
228 }
229 q_var = q_var->next;
230 }
231
232 if (p_value < q_value) {
233 return -1;
234 } else if (q_value < p_value) {
235 return 1;
236 }
237
238 return 0;
239}
ast_category_first
struct ast_variable * ast_category_first(struct ast_category *cat)
given a pointer to a category, return the root variable.
Definition main/config.c:1359
ast_variable
Structure for variables, used for configurations and for channel variables.
Definition include/asterisk/config.h:83
ast_variable::value
const char * value
Definition include/asterisk/config.h:87
ast_variable::name
const char * name
Definition include/asterisk/config.h:85
ast_variable::next
struct ast_variable * next
Definition include/asterisk/config.h:90

References ast_category_first(), ast_variable::name, ast_variable::next, and ast_variable::value.

Referenced by named_acl_find_realtime().

◆ AO2_GLOBAL_OBJ_STATIC()

static AO2_GLOBAL_OBJ_STATIC ( globals  )
static

◆ AST_MODULE_SELF_SYM()

struct ast_module * AST_MODULE_SELF_SYM ( void  )

Definition at line 599 of file named_acl.c.

◆ ast_named_acl_find()

struct ast_ha * ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Returns
A copy of the named ACL as an ast_ha
Return values
NULLif no ACL could be found.

Definition at line 302 of file named_acl.c.

303{
304 struct ast_ha *ha = NULL;
305
306 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
307 RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
308
309 if (is_realtime) {
310 *is_realtime = 0;
311 }
312
313 if (is_undefined) {
314 *is_undefined = 0;
315 }
316
317 /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
318 if ((!cfg) || (!(cfg->named_acl_list))) {
319 ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
320 return NULL;
321 }
322
323 named_acl = named_acl_find(cfg->named_acl_list, name);
324
325 /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
326 if (!named_acl) {
327 RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
328
329 /* Attempt to create from realtime */
330 if ((realtime_acl = named_acl_find_realtime(name))) {
331 if (is_realtime) {
332 *is_realtime = 1;
333 }
334 ha = ast_duplicate_ha_list(realtime_acl->ha);
335 return ha;
336 }
337
338 /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
339 if (ast_realtime_is_mapping_defined(ACL_FAMILY) && !ast_check_realtime(ACL_FAMILY)) {
340 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
341 "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
342 "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
343 } else {
344 ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
345 }
346
347 if (is_undefined) {
348 *is_undefined = 1;
349 }
350
351 return NULL;
352 }
353
354 ha = ast_duplicate_ha_list(named_acl->ha);
355
356 if (!ha) {
357 ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
358 }
359
360 return ha;
361}
ast_duplicate_ha_list
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition acl.c:276
ast_log
#define ast_log
Definition astobj2.c:42
ao2_cleanup
#define ao2_cleanup(obj)
Definition astobj2.h:1934
ao2_global_obj_ref
#define ao2_global_obj_ref(holder)
Get a reference to the object stored in the global holder.
Definition astobj2.h:918
globals
static struct console_pvt globals
name
static const char name[]
Definition format_mp3.c:68
ast_realtime_is_mapping_defined
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition main/config.c:3448
ast_check_realtime
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition main/config.c:3797
LOG_ERROR
#define LOG_ERROR
Definition include/asterisk/logger.h:291
LOG_NOTICE
#define LOG_NOTICE
Definition include/asterisk/logger.h:269
LOG_WARNING
#define LOG_WARNING
Definition include/asterisk/logger.h:280
named_acl_find
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition named_acl.c:191
named_acl_find_realtime
static struct named_acl * named_acl_find_realtime(const char *name)
Definition named_acl.c:249
ACL_FAMILY
#define ACL_FAMILY
Definition named_acl.c:50
NULL
#define NULL
Definition resample.c:96
ast_ha
internal representation of ACL entries In principle user applications would have no need for this,...
Definition acl.h:51
named_acl_config
Definition named_acl.c:82
named_acl
Definition named_acl.c:117
named_acl::ha
struct ast_ha * ha
Definition named_acl.c:118
RAII_VAR
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition utils.h:978

References ACL_FAMILY, ao2_cleanup, ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_log, ast_realtime_is_mapping_defined(), globals, named_acl::ha, LOG_ERROR, LOG_NOTICE, LOG_WARNING, name, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by ast_append_acl().

◆ cli_display_named_acl()

static void cli_display_named_acl ( int  fd,
const char *  name 
)
static

Definition at line 421 of file named_acl.c.

422{
423 int is_realtime = 0;
424
425 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
426 RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
427
428 /* If the configuration or the configuration's named_acl_list is unavailable, abort. */
429 if ((!cfg) || (!cfg->named_acl_list)) {
430 ast_log(LOG_ERROR, "Attempted to show named ACL '%s', but the acl configuration isn't available.\n", name);
431 return;
432 }
433
434 named_acl = named_acl_find(cfg->named_acl_list, name);
435
436 /* If the named_acl couldn't be found with the search, also abort. */
437 if (!named_acl) {
438 if (!(named_acl = named_acl_find_realtime(name))) {
439 ast_cli(fd, "\nCould not find ACL named '%s'\n", name);
440 return;
441 }
442
443 is_realtime = 1;
444 }
445
446 ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");
447 ast_ha_output(fd, named_acl->ha, NULL);
448}
ast_ha_output
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition acl.c:1103
ast_cli
void ast_cli(int fd, const char *fmt,...)
Definition clicompat.c:6

References ao2_cleanup, ao2_global_obj_ref, ast_cli(), ast_ha_output(), ast_log, globals, named_acl::ha, LOG_ERROR, name, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

◆ cli_display_named_acl_list()

static void cli_display_named_acl_list ( int  fd)
static

Definition at line 456 of file named_acl.c.

457{
458 struct ao2_iterator i;
459 void *o;
460 RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
461
462 ast_cli(fd, "\nacl\n---\n");
463
464 if (!cfg || !cfg->named_acl_list) {
465 ast_cli(fd, "ACL configuration isn't available.\n");
466 return;
467 }
468 i = ao2_iterator_init(cfg->named_acl_list, 0);
469
470 while ((o = ao2_iterator_next(&i))) {
471 struct named_acl *named_acl = o;
472 ast_cli(fd, "%s\n", named_acl->name);
473 ao2_ref(o, -1);
474 }
475
476 ao2_iterator_destroy(&i);
477}
ao2_iterator_next
#define ao2_iterator_next(iter)
Definition astobj2.h:1911
ao2_iterator_init
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
Definition astobj2_container.c:485
ao2_ref
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition astobj2.h:459
ao2_iterator_destroy
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
Definition astobj2_container.c:534
ao2_iterator
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition astobj2.h:1821
named_acl::name
char name[ACL_NAME_LENGTH]
Definition named_acl.c:119

References ao2_cleanup, ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli(), globals, named_acl::name, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

◆ CONFIG_INFO_CORE()

CONFIG_INFO_CORE ( "named_acl"  ,
cfg_info  ,
globals  ,
named_acl_config_alloc  ,
files = ACO_FILES(&named_acl_conf) 
)

◆ destroy_named_acl()

static void destroy_named_acl ( void *  obj)
static

Destroy a named ACL object.

Definition at line 157 of file named_acl.c.

158{
159 struct named_acl *named_acl = obj;
160 ast_free_ha(named_acl->ha);
161}
ast_free_ha
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition acl.c:222

References ast_free_ha(), and named_acl::ha.

Referenced by named_acl_alloc().

◆ handle_show_named_acl_cmd()

static char * handle_show_named_acl_cmd ( struct ast_cli_entry e,
int  cmd,
struct ast_cli_args a 
)
static

ACL command show <name>

Definition at line 480 of file named_acl.c.

481{
482 struct named_acl_config *cfg;
483 int length;
484 struct ao2_iterator i;
485 struct named_acl *named_acl;
486
487 switch (cmd) {
488 case CLI_INIT:
489 e->command = "acl show";
490 e->usage =
491 "Usage: acl show [name]\n"
492 " Shows a list of named ACLs or lists all entries in a given named ACL.\n";
493 return NULL;
494 case CLI_GENERATE:
495 if (a->pos != 2) {
496 return NULL;
497 }
498
499 cfg = ao2_global_obj_ref(globals);
500 if (!cfg) {
501 return NULL;
502 }
503 length = strlen(a->word);
504 i = ao2_iterator_init(cfg->named_acl_list, 0);
505 while ((named_acl = ao2_iterator_next(&i))) {
506 if (!strncasecmp(a->word, named_acl->name, length)) {
507 if (ast_cli_completion_add(ast_strdup(named_acl->name))) {
508 ao2_ref(named_acl, -1);
509 break;
510 }
511 }
512 ao2_ref(named_acl, -1);
513 }
514 ao2_iterator_destroy(&i);
515 ao2_ref(cfg, -1);
516
517 return NULL;
518 }
519
520 if (a->argc == 2) {
521 cli_display_named_acl_list(a->fd);
522 return CLI_SUCCESS;
523 }
524
525 if (a->argc == 3) {
526 cli_display_named_acl(a->fd, a->argv[2]);
527 return CLI_SUCCESS;
528 }
529
530
531 return CLI_SHOWUSAGE;
532}
ast_strdup
#define ast_strdup(str)
A wrapper for strdup()
Definition astmm.h:241
CLI_SHOWUSAGE
#define CLI_SHOWUSAGE
Definition cli.h:45
CLI_SUCCESS
#define CLI_SUCCESS
Definition cli.h:44
ast_cli_completion_add
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition main/cli.c:2737
CLI_INIT
@ CLI_INIT
Definition cli.h:152
CLI_GENERATE
@ CLI_GENERATE
Definition cli.h:153
cli_display_named_acl_list
static void cli_display_named_acl_list(int fd)
Definition named_acl.c:456
cli_display_named_acl
static void cli_display_named_acl(int fd, const char *name)
Definition named_acl.c:421
ast_cli_entry::command
char * command
Definition cli.h:186
ast_cli_entry::usage
const char * usage
Definition cli.h:177
named_acl_config::named_acl_list
struct ao2_container * named_acl_list
Definition named_acl.c:83
a
static struct test_val a
Definition test_linkedlists.c:46

References a, ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_completion_add(), ast_strdup, cli_display_named_acl(), cli_display_named_acl_list(), CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, globals, named_acl::name, named_acl_config::named_acl_list, NULL, and ast_cli_entry::usage.

◆ load_module()

static int load_module ( void  )
static

Definition at line 573 of file named_acl.c.

574{
575 if (aco_info_init(&cfg_info)) {
576 return AST_MODULE_LOAD_FAILURE;
577 }
578
579 STASIS_MESSAGE_TYPE_INIT(ast_named_acl_change_type);
580
581 /* Register the per level options. */
582 aco_option_register(&cfg_info, "permit", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha));
583 aco_option_register(&cfg_info, "deny", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 0, FLDSET(struct named_acl, ha));
584
585 aco_process_config(&cfg_info, 0);
586
587 ast_cli_register_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
588
589 return AST_MODULE_LOAD_SUCCESS;
590}
ast_named_acl_change_type
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs
ast_cli_register_multiple
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition cli.h:265
ACO_EXACT
@ ACO_EXACT
Definition config_options.h:64
aco_info_init
int aco_info_init(struct aco_info *info)
Initialize an aco_info structure.
Definition config_options.c:877
FLDSET
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
Definition config_options.h:816
aco_option_register
#define aco_option_register(info, name, matchtype, types, default_val, opt_type, flags,...)
Register a config option.
Definition config_options.h:623
OPT_ACL_T
@ OPT_ACL_T
Type for default option handler for ACLs.
Definition config_options.h:276
aco_process_config
enum aco_process_status aco_process_config(struct aco_info *info, int reload)
Process a config info via the options registered with an aco_info.
Definition config_options.c:652
AST_MODULE_LOAD_FAILURE
@ AST_MODULE_LOAD_FAILURE
Module could not be loaded properly.
Definition module.h:102
AST_MODULE_LOAD_SUCCESS
@ AST_MODULE_LOAD_SUCCESS
Definition module.h:70
named_acl_types
struct aco_type * named_acl_types[]
Definition named_acl.c:105
cli_named_acl
static struct ast_cli_entry cli_named_acl[]
Definition named_acl.c:534
STASIS_MESSAGE_TYPE_INIT
#define STASIS_MESSAGE_TYPE_INIT(name)
Boiler-plate messaging macro for initializing message types.
Definition stasis.h:1493
ARRAY_LEN
#define ARRAY_LEN(a)
Definition utils.h:703

References ACO_EXACT, aco_info_init(), aco_option_register, aco_process_config(), ARRAY_LEN, ast_cli_register_multiple, AST_MODULE_LOAD_FAILURE, AST_MODULE_LOAD_SUCCESS, ast_named_acl_change_type(), cli_named_acl, FLDSET, named_acl_types, NULL, OPT_ACL_T, and STASIS_MESSAGE_TYPE_INIT.

◆ named_acl_alloc()

static void * named_acl_alloc ( const char *  cat)
static

Create a named ACL structure.

Parameters
catname given to the ACL
Return values
NULLfailure
non-NULLsuccessfully allocated named ACL

Definition at line 170 of file named_acl.c.

171{
172 struct named_acl *named_acl;
173
174 named_acl = ao2_alloc(sizeof(*named_acl), destroy_named_acl);
175 if (!named_acl) {
176 return NULL;
177 }
178
179 ast_copy_string(named_acl->name, cat, sizeof(named_acl->name));
180
181 return named_acl;
182}
ao2_alloc
#define ao2_alloc(data_size, destructor_fn)
Definition astobj2.h:409
destroy_named_acl
static void destroy_named_acl(void *obj)
Destroy a named ACL object.
Definition named_acl.c:157
ast_copy_string
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition strings.h:425

References ao2_alloc, ast_copy_string(), destroy_named_acl(), named_acl::name, and NULL.

Referenced by named_acl_find_realtime().

◆ named_acl_config_alloc()

static void * named_acl_config_alloc ( void  )
static

allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code

Note
These functions are used for placing/retrieving named ACLs in their ao2_container.

Definition at line 135 of file named_acl.c.

136{
137 struct named_acl_config *cfg;
138
139 if (!(cfg = ao2_alloc(sizeof(*cfg), named_acl_config_destructor))) {
140 return NULL;
141 }
142
143 cfg->named_acl_list = ao2_container_alloc_hash(AO2_ALLOC_OPT_LOCK_MUTEX, 0, 37,
144 named_acl_hash_fn, NULL, named_acl_cmp_fn);
145 if (!cfg->named_acl_list) {
146 goto error;
147 }
148
149 return cfg;
150
151error:
152 ao2_ref(cfg, -1);
153 return NULL;
154}
AO2_ALLOC_OPT_LOCK_MUTEX
@ AO2_ALLOC_OPT_LOCK_MUTEX
Definition astobj2.h:363
ao2_container_alloc_hash
#define ao2_container_alloc_hash(ao2_options, container_options, n_buckets, hash_fn, sort_fn, cmp_fn)
Allocate and initialize a hash container with the desired number of buckets.
Definition astobj2.h:1303
named_acl_config_destructor
static void named_acl_config_destructor(void *obj)
destructor for named_acl_config
Definition named_acl.c:126
error
int error(const char *format,...)
Definition utils/frame.c:999

References ao2_alloc, AO2_ALLOC_OPT_LOCK_MUTEX, ao2_container_alloc_hash, ao2_ref, error(), named_acl_config_destructor(), named_acl_config::named_acl_list, and NULL.

◆ named_acl_config_destructor()

static void named_acl_config_destructor ( void *  obj)
static

destructor for named_acl_config

Definition at line 126 of file named_acl.c.

127{
128 struct named_acl_config *cfg = obj;
129 ao2_cleanup(cfg->named_acl_list);
130}

References ao2_cleanup, and named_acl_config::named_acl_list.

Referenced by named_acl_config_alloc().

◆ named_acl_find()

static void * named_acl_find ( struct ao2_container container,
const char *  cat 
)
static

Find a named ACL in a container by its name.

Parameters
containerao2container holding the named ACLs
catname of the ACL wanted to be found
Return values
pointerto the named ACL if available. Null if not found.

Definition at line 191 of file named_acl.c.

192{
193 struct named_acl tmp;
194 ast_copy_string(tmp.name, cat, sizeof(tmp.name));
195 return ao2_find(container, &tmp, OBJ_POINTER);
196}
OBJ_POINTER
#define OBJ_POINTER
Definition astobj2.h:1150
ao2_find
#define ao2_find(container, arg, flags)
Definition astobj2.h:1736
container
struct ao2_container * container
Definition res_fax.c:603

References ao2_find, ast_copy_string(), container, named_acl::name, and OBJ_POINTER.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

◆ named_acl_find_realtime()

static struct named_acl * named_acl_find_realtime ( const char *  name)
static

Definition at line 249 of file named_acl.c.

250{
251 struct ast_config *cfg;
252 char *item = NULL;
253 const char *systemname = NULL;
254 struct ast_ha *built_ha = NULL;
255 struct named_acl *acl;
256
257 /* If we have a systemname set in the global options, we only want to retrieve entries with a matching systemname field. */
258 systemname = ast_config_AST_SYSTEM_NAME;
259
260 if (ast_strlen_zero(systemname)) {
261 cfg = ast_load_realtime_multientry(ACL_FAMILY, "name", name, SENTINEL);
262 } else {
263 cfg = ast_load_realtime_multientry(ACL_FAMILY, "name", name, "systemname", systemname, SENTINEL);
264 }
265
266 if (!cfg) {
267 return NULL;
268 }
269
270 /* At this point, the configuration must be sorted by the order field. */
271 ast_config_sort_categories(cfg, 0, acl_order_comparator);
272
273 while ((item = ast_category_browse(cfg, item))) {
274 int append_ha_error = 0;
275 const char *order = ast_variable_retrieve(cfg, item, "rule_order");
276 const char *sense = ast_variable_retrieve(cfg, item, "sense");
277 const char *rule = ast_variable_retrieve(cfg, item, "rule");
278
279 built_ha = ast_append_ha(sense, rule, built_ha, &append_ha_error);
280 if (append_ha_error) {
281 /* We need to completely reject an ACL that contains any bad rules. */
282 ast_log(LOG_ERROR, "Rejecting realtime ACL due to bad ACL definition '%s': %s - %s - %s\n", name, order, sense, rule);
283 ast_free_ha(built_ha);
284 return NULL;
285 }
286 }
287
288 ast_config_destroy(cfg);
289
290 acl = named_acl_alloc(name);
291 if (!acl) {
292 ast_log(LOG_ERROR, "allocation error\n");
293 ast_free_ha(built_ha);
294 return NULL;
295 }
296
297 acl->ha = built_ha;
298
299 return acl;
300}
ast_append_ha
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition acl.c:712
order
integer order
Definition analys.c:66
SENTINEL
#define SENTINEL
Definition compiler.h:87
ast_category_browse
char * ast_category_browse(struct ast_config *config, const char *prev_name)
Browse categories.
Definition extconf.c:3324
ast_config_sort_categories
void ast_config_sort_categories(struct ast_config *config, int descending, int(*comparator)(struct ast_category *p, struct ast_category *q))
Sorts categories in a config in the order of a numerical value contained within them.
Definition main/config.c:1373
ast_load_realtime_multientry
struct ast_config * ast_load_realtime_multientry(const char *family,...) attribute_sentinel
Retrieve realtime configuration.
Definition main/config.c:3889
ast_config_destroy
void ast_config_destroy(struct ast_config *cfg)
Destroys a config.
Definition extconf.c:1287
ast_variable_retrieve
const char * ast_variable_retrieve(struct ast_config *config, const char *category, const char *variable)
Definition main/config.c:870
named_acl_alloc
static void * named_acl_alloc(const char *cat)
Create a named ACL structure.
Definition named_acl.c:170
acl_order_comparator
static int acl_order_comparator(struct ast_category *p, struct ast_category *q)
Definition named_acl.c:210
ast_config_AST_SYSTEM_NAME
const char * ast_config_AST_SYSTEM_NAME
Definition options.c:171
ast_strlen_zero
static force_inline int attribute_pure ast_strlen_zero(const char *s)
Definition strings.h:65
ast_config
Definition main/config.c:251
item
static struct aco_type item
Definition test_config.c:1463

References ACL_FAMILY, acl_order_comparator(), ast_append_ha(), ast_category_browse(), ast_config_AST_SYSTEM_NAME, ast_config_destroy(), ast_config_sort_categories(), ast_free_ha(), ast_load_realtime_multientry(), ast_log, ast_strlen_zero(), ast_variable_retrieve(), item, LOG_ERROR, name, named_acl_alloc(), NULL, order, and SENTINEL.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

◆ publish_acl_change()

static int publish_acl_change ( const char *  name)
static

Definition at line 380 of file named_acl.c.

381{
382 RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
383 RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
384 RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
385
386 if (!json_object || !ast_named_acl_change_type()) {
387 goto publish_failure;
388 }
389
390 if (ast_json_object_set(json_object, "name", ast_json_string_create(name))) {
391 goto publish_failure;
392 }
393
394 if (!(json_payload = ast_json_payload_create(json_object))) {
395 goto publish_failure;
396 }
397
398 msg = stasis_message_create(ast_named_acl_change_type(), json_payload);
399
400 if (!msg) {
401 goto publish_failure;
402 }
403
404 stasis_publish(ast_security_topic(), msg);
405
406 return 0;
407
408publish_failure:
409 ast_log(LOG_ERROR, "Failed to issue ACL change message for %s.\n",
410 ast_strlen_zero(name) ? "all named ACLs" : name);
411 return -1;
412}
ast_json_string_create
struct ast_json * ast_json_string_create(const char *value)
Construct a JSON string from value.
Definition json.c:278
ast_json_unref
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition json.c:73
ast_json_object_create
struct ast_json * ast_json_object_create(void)
Create a new JSON object.
Definition json.c:399
ast_json_payload_create
struct ast_json_payload * ast_json_payload_create(struct ast_json *json)
Create an ao2 object to pass json blobs as data payloads for stasis.
Definition json.c:756
ast_json_object_set
int ast_json_object_set(struct ast_json *object, const char *key, struct ast_json *value)
Set a field in a JSON object.
Definition json.c:414
ast_security_topic
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
Definition main/security_events.c:425
stasis_message_create
struct stasis_message * stasis_message_create(struct stasis_message_type *type, void *data)
Create a new message.
Definition stasis_message.c:174
stasis_publish
void stasis_publish(struct stasis_topic *topic, struct stasis_message *message)
Publish a message to a topic's subscribers.
Definition stasis.c:1578
ast_json_payload
Definition json.h:1082
ast_json
Abstract JSON element (object, array, string, int, ...).
stasis_message
Definition stasis_message.c:121

References ao2_cleanup, ast_json_object_create(), ast_json_object_set(), ast_json_payload_create(), ast_json_string_create(), ast_json_unref(), ast_log, ast_named_acl_change_type(), ast_security_topic(), ast_strlen_zero(), LOG_ERROR, name, NULL, RAII_VAR, stasis_message_create(), and stasis_publish().

Referenced by reload_module().

◆ reload_module()

static int reload_module ( void  )
static

Definition at line 538 of file named_acl.c.

539{
540 enum aco_process_status status;
541
542 status = aco_process_config(&cfg_info, 1);
543
544 if (status == ACO_PROCESS_ERROR) {
545 ast_log(LOG_WARNING, "Could not reload ACL config\n");
546 return 0;
547 }
548
549 if (status == ACO_PROCESS_UNCHANGED) {
550 /* We don't actually log anything if the config was unchanged,
551 * but we don't need to send a config change event either.
552 */
553 return 0;
554 }
555
556 /* We need to push an ACL change event with no ACL name so that all subscribers update with all ACLs */
557 publish_acl_change("");
558
559 return 0;
560}
status
jack_status_t status
Definition app_jack.c:149
aco_process_status
aco_process_status
Return values for the aco_process functions.
Definition config_options.h:524
ACO_PROCESS_UNCHANGED
@ ACO_PROCESS_UNCHANGED
The config had not been edited and no changes applied.
Definition config_options.h:526
ACO_PROCESS_ERROR
@ ACO_PROCESS_ERROR
Their was an error and no changes were applied.
Definition config_options.h:527
publish_acl_change
static int publish_acl_change(const char *name)
Definition named_acl.c:380

References aco_process_config(), ACO_PROCESS_ERROR, ACO_PROCESS_UNCHANGED, ast_log, LOG_WARNING, publish_acl_change(), and status.

◆ STASIS_MESSAGE_TYPE_DEFN()

STASIS_MESSAGE_TYPE_DEFN ( ast_named_acl_change_type  )

Message type for named ACL changes.

◆ unload_module()

static int unload_module ( void  )
static

Definition at line 562 of file named_acl.c.

563{
564 ast_cli_unregister_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
565
566 STASIS_MESSAGE_TYPE_CLEANUP(ast_named_acl_change_type);
567 aco_info_destroy(&cfg_info);
568 ao2_global_obj_release(globals);
569
570 return 0;
571}
ast_cli_unregister_multiple
void ast_cli_unregister_multiple(void)
Definition ael_main.c:408
ao2_global_obj_release
#define ao2_global_obj_release(holder)
Release the ao2 object held in the global holder.
Definition astobj2.h:859
aco_info_destroy
void aco_info_destroy(struct aco_info *info)
Destroy an initialized aco_info struct.
Definition config_options.c:910
STASIS_MESSAGE_TYPE_CLEANUP
#define STASIS_MESSAGE_TYPE_CLEANUP(name)
Boiler-plate messaging macro for cleaning up message types.
Definition stasis.h:1515

References aco_info_destroy(), ao2_global_obj_release, ARRAY_LEN, ast_cli_unregister_multiple(), ast_named_acl_change_type(), cli_named_acl, globals, and STASIS_MESSAGE_TYPE_CLEANUP.

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = AST_MODULE, .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = ASTERISK_GPL_KEY , .buildopt_sum = AST_BUILDOPT_SUM, .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
static

Definition at line 599 of file named_acl.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info
static

Definition at line 599 of file named_acl.c.

◆ cli_named_acl

struct ast_cli_entry cli_named_acl[]
static
Initial value:
= {
{ .handler = handle_show_named_acl_cmd , .summary = "Show a named ACL or list all named ACLs" ,},
}
handle_show_named_acl_cmd
static char * handle_show_named_acl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
ACL command show <name>
Definition named_acl.c:480

Definition at line 534 of file named_acl.c.

534 {
535 AST_CLI_DEFINE(handle_show_named_acl_cmd, "Show a named ACL or list all named ACLs"),
536};
AST_CLI_DEFINE
#define AST_CLI_DEFINE(fn, txt,...)
Definition cli.h:197

Referenced by load_module(), and unload_module().

◆ named_acl_conf

struct aco_file named_acl_conf
Initial value:
= {
.filename = "acl.conf",
.types = ACO_TYPES(&named_acl_type),
}
ACO_TYPES
#define ACO_TYPES(...)
A helper macro to ensure that aco_info types always have a sentinel.
Definition config_options.h:181
named_acl_type
static struct aco_type named_acl_type
Definition named_acl.c:94

Definition at line 107 of file named_acl.c.

107 {
108 .filename = "acl.conf",
109 .types = ACO_TYPES(&named_acl_type),
110};

◆ named_acl_type

struct aco_type named_acl_type
static

Definition at line 94 of file named_acl.c.

94 {
95 .type = ACO_ITEM, /*!< named_acls are items stored in containers, not individual global objects */
96 .name = "named_acl",
97 .category_match = ACO_BLACKLIST_EXACT,
98 .category = "general", /*!< Match everything but "general" */
99 .item_alloc = named_acl_alloc, /*!< A callback to allocate a new named_acl based on category */
100 .item_find = named_acl_find, /*!< A callback to find a named_acl in some container of named_acls */
101 .item_offset = offsetof(struct named_acl_config, named_acl_list), /*!< Could leave this out since 0 */
102};
ACO_ITEM
@ ACO_ITEM
Definition config_options.h:42
ACO_BLACKLIST_EXACT
@ ACO_BLACKLIST_EXACT
Definition config_options.h:53

◆ named_acl_types

struct aco_type* named_acl_types[] = ACO_TYPES(&named_acl_type)

Definition at line 105 of file named_acl.c.

Referenced by load_module().

Generated on Wed Oct 15 2025 20:04:31 for Asterisk - The Open Source Telephony Project by doxygen 1.9.8