[asterisk-bugs] [JIRA] (ASTERISK-24874) Asterisk 11/13 Named ACLs don't work as expected

Michael Keuter (JIRA) noreply at issues.asterisk.org
Mon Apr 6 03:09:33 CDT 2015 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-24874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=225787#comment-225787 ] 

Michael Keuter commented on ASTERISK-24874:
-------------------------------------------

Hi Corey, thanks for trying.

I never used 'preload=chan_sip.so'. Here is my modules.conf:

{noformat}
[modules]
autoload=yes
;
; Any modules that need to be loaded before the Asterisk core has been
; initialized (just after the logger has been initialized) can be loaded
; using 'preload'. This will frequently be needed if you wish to map all
; module configuration files into Realtime storage, since the Realtime
; driver will need to be loaded before the modules using those configuration
; files are initialized.
;
; An example of loading ODBC support would be:
;preload => res_odbc.so
;preload => res_config_odbc.so
;
; Uncomment the following if you wish to use the Speech Recognition API
;preload => res_speech.so
;
; If you want, load the GTK console right away.  
;
noload => pbx_gtkconsole.so
;load => pbx_gtkconsole.so
;
load => res_musiconhold.so
;
; Load either OSS or ALSA, not both
; By default, load OSS only (automatically) and do not load ALSA
;
noload => chan_alsa.so
noload => chan_oss.so
;
noload => app_voicemail_imap.so
;
noload => pbx_ael.so
noload => pbx_dundi.so
noload => chan_dahdi.so
noload => chan_iax2.so
noload => chan_mgcp.so
noload => chan_misdn.so
noload => chan_phone.so
noload => chan_skinny.so
noload => chan_unistim.so
noload => codec_dahdi.so

noload => app_minivm.so
noload => func_realtime.so
noload => pbx_lua.so
noload => pbx_realtime.so
noload => res_calendar_caldav.so
noload => res_calendar_exchange.so
noload => res_calendar_ews.so
noload => res_config_curl.so
noload => res_config_mysql.so
noload => res_fax_digium.so
noload => res_phoneprov.so
noload => res_realtime.so
{noformat}

> Asterisk 11/13 Named ACLs don't work as expected
> ------------------------------------------------
>
>                 Key: ASTERISK-24874
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-24874
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>    Affects Versions: 11.16.0, 13.2.0
>         Environment: AstLinux 1.2.2, Linux 3.2
>            Reporter: Michael Keuter
>            Assignee: Rusty Newton
>
> When I use this ACL configuration:
> acl.conf:
> {noformat}
> [lan_acl]
> deny=0.0.0.0/0.0.0.0
> permit=192.168.0.0/255.255.255.0
> [vpn_acl]
> deny=0.0.0.0/0.0.0.0
> permit=192.168.0.0/255.255.255.0
> permit=10.8.0.0/255.255.255.0
> {noformat}
> sip.conf:
> {noformat}
> [phones](!)
> ;deny=0.0.0.0/0.0.0.0
> ;permit=192.168.0.0/255.255.255.0
> acl=lan_acl
> {noformat}
> I get these error messages:
> {noformat}
> Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: acl.c:541 in ast_append_acl: Named ACL 'lan_acl' is already included in the ast_acl container.
> Mar 13 13:46:51 localhost local0.err asterisk[1722]: ERROR[1761]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 761 : lan_acl
> {noformat}
> It gets worse when I try to include one named ACL into another as mentioned in the examples, in this case acl.conf is not loaded at all:
> {noformat}
> [vpn_acl]
> acl=lan_acl
> permit=10.8.0.0/255.255.255.0
> {noformat}
> I get these errors:
> {noformat}
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:589 in aco_process_var: Could not find option suitable for category 'vpn_acl' named 'acl' at line 87 of
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: config_options.c:402 in process_category: In acl.conf: Processing options for vpn_acl failed
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: named_acl.c:328 in ast_named_acl_find: Attempted to find named ACL 'vpn_acl', but the ACL configuration isn't available.
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: acl.c:541 in ast_append_acl: Named ACL 'vpn_acl' is already included in the ast_acl container.
> Mar 13 13:49:06 localhost local0.err asterisk[29624]: ERROR[29624]: chan_sip.c:30923 in build_peer: Bad ACL entry in configuration line 15 : vpn_acl
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list