[Asterisk-code-review] acl: implement a centralized ACL output mechanism for HAs and ACLs. (asterisk[13])

Joshua Colp asteriskteam at digium.com
Tue Mar 31 10:45:05 CDT 2020 

Joshua Colp has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/13951 )

Change subject: acl: implement a centralized ACL output mechanism for HAs and ACLs.
......................................................................

acl: implement a centralized ACL output mechanism for HAs and ACLs.

named_acl.c (which is really a named_ha) now uses ast_ha_output.

I've also updated main/manager.c to output the actual ACL on "manager
show user <username>" if one is set.  If this works then we can add
similar to other modules as required.

Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f
---
M include/asterisk/acl.h
M main/acl.c
M main/manager.c
M main/named_acl.c
4 files changed, 65 insertions(+), 8 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve; Approved for Submit
  Kevin Harwell: Looks good to me, but someone else must approve
  George Joseph: Looks good to me, approved



diff --git a/include/asterisk/acl.h b/include/asterisk/acl.h
index fe49a5b..2e42fe1 100644
--- a/include/asterisk/acl.h
+++ b/include/asterisk/acl.h
@@ -448,6 +448,38 @@
  */
 struct stasis_message_type *ast_named_acl_change_type(void);
 
+/*!
+ * \brief output an HA to the provided fd
+ *
+ * \details
+ * This function can be used centrally to output HAs as used in ACLs from other
+ * modules.  It follows the format as originally used for named ACLs in
+ * named_acl.c.
+ *
+ * \param fd The file-descriptor to which to output the HA.
+ * \param ha The HA to output.
+ * \param prefix If you need a specific prefix output on each line, give it here, may be NULL.
+ *
+ * \since 13.33.0, 16.10.0, 17.4.0
+ */
+void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix);
+
+/*!
+ * \brief output an ACL to the provided fd
+ *
+ * \details
+ * This function can be used centrally to output HAs as used in ACLs from other
+ * modules.  It follows the format as originally used for named ACLs in
+ * named_acl.c.
+ *
+ * \param fd The file-descriptor to which to output the ACL.
+ * \param acl The ACL to output.
+ * \param prefix If you need a specific prefix output on each line, give it here, may be NULL.
+ *
+ * \since 13.33.0, 16.10.0, 17.4.0
+ */
+void ast_acl_output(int fd, struct ast_acl_list *acl, const char *prefix);
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif
diff --git a/main/acl.c b/main/acl.c
index 9179753..3d32976 100644
--- a/main/acl.c
+++ b/main/acl.c
@@ -50,6 +50,7 @@
 #include "asterisk/utils.h"
 #include "asterisk/lock.h"
 #include "asterisk/srv.h"
+#include "asterisk/cli.h"
 
 #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
 static int get_local_address(struct ast_sockaddr *ourip)
@@ -1084,3 +1085,31 @@
 	ast_sockaddr_set_port(ourip, port);
 	return res;
 }
+
+void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
+{
+	char addr[AST_SOCKADDR_BUFLEN];
+	char *mask;
+	int index = 0;
+	for (; ha; ha = ha->next, ++index) {
+		strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
+		mask = ast_sockaddr_stringify_addr(&ha->netmask);
+		ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
+	}
+}
+
+void ast_acl_output(int fd, struct ast_acl_list *acl_list, const char *prefix)
+{
+	struct ast_acl *acl;
+
+	AST_LIST_LOCK(acl_list);
+	AST_LIST_TRAVERSE(acl_list, acl, list) {
+		ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",
+				prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,
+				acl->is_realtime ? " (realtime)" : "");
+
+		ast_ha_output(fd, acl->acl, prefix);
+	}
+	AST_LIST_UNLOCK(acl_list);
+
+}
diff --git a/main/manager.c b/main/manager.c
index 44e25b8..c79d4f1 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -2551,6 +2551,9 @@
 		for (v = user->chanvars ; v ; v = v->next) {
 			ast_cli(a->fd, "                 %s = %s\n", v->name, v->value);
 		}
+	if (!ast_acl_list_is_empty(user->acl)) {
+		ast_acl_output(a->fd, user->acl, NULL);
+	}
 
 	AST_RWLIST_UNLOCK(&users);
 
diff --git a/main/named_acl.c b/main/named_acl.c
index e61bcba..54ad1a9 100644
--- a/main/named_acl.c
+++ b/main/named_acl.c
@@ -438,8 +438,6 @@
  */
 static void cli_display_named_acl(int fd, const char *name)
 {
-	struct ast_ha *ha;
-	int ha_index = 0;
 	int is_realtime = 0;
 
 	RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
@@ -464,12 +462,7 @@
 	}
 
 	ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");
-	for (ha = named_acl->ha; ha; ha = ha->next) {
-		char *addr = ast_strdupa(ast_sockaddr_stringify_addr(&ha->addr));
-		char *mask = ast_sockaddr_stringify_addr(&ha->netmask);
-		ast_cli(fd, "%3d: %s - %s/%s\n", ha_index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
-		ha_index++;
-	}
+	ast_ha_output(fd, named_acl->ha, NULL);
 }
 
 /*!

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13951
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f
Gerrit-Change-Number: 13951
Gerrit-PatchSet: 6
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200331/42fbfcd2/attachment.html>

More information about the asterisk-code-review mailing list