<p>Joshua Colp <strong>submitted</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/13951">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, but someone else must approve; Approved for Submit
Kevin Harwell: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">acl: implement a centralized ACL output mechanism for HAs and ACLs.<br><br>named_acl.c (which is really a named_ha) now uses ast_ha_output.<br><br>I've also updated main/manager.c to output the actual ACL on "manager<br>show user <username>" if one is set. If this works then we can add<br>similar to other modules as required.<br><br>Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f<br>---<br>M include/asterisk/acl.h<br>M main/acl.c<br>M main/manager.c<br>M main/named_acl.c<br>4 files changed, 65 insertions(+), 8 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/asterisk/acl.h b/include/asterisk/acl.h</span><br><span>index fe49a5b..2e42fe1 100644</span><br><span>--- a/include/asterisk/acl.h</span><br><span>+++ b/include/asterisk/acl.h</span><br><span>@@ -448,6 +448,38 @@</span><br><span> */</span><br><span> struct stasis_message_type *ast_named_acl_change_type(void);</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief output an HA to the provided fd</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \details</span><br><span style="color: hsl(120, 100%, 40%);">+ * This function can be used centrally to output HAs as used in ACLs from other</span><br><span style="color: hsl(120, 100%, 40%);">+ * modules. It follows the format as originally used for named ACLs in</span><br><span style="color: hsl(120, 100%, 40%);">+ * named_acl.c.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param fd The file-descriptor to which to output the HA.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param ha The HA to output.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param prefix If you need a specific prefix output on each line, give it here, may be NULL.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 13.33.0, 16.10.0, 17.4.0</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/*!</span><br><span style="color: hsl(120, 100%, 40%);">+ * \brief output an ACL to the provided fd</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \details</span><br><span style="color: hsl(120, 100%, 40%);">+ * This function can be used centrally to output HAs as used in ACLs from other</span><br><span style="color: hsl(120, 100%, 40%);">+ * modules. It follows the format as originally used for named ACLs in</span><br><span style="color: hsl(120, 100%, 40%);">+ * named_acl.c.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param fd The file-descriptor to which to output the ACL.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param acl The ACL to output.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param prefix If you need a specific prefix output on each line, give it here, may be NULL.</span><br><span style="color: hsl(120, 100%, 40%);">+ *</span><br><span style="color: hsl(120, 100%, 40%);">+ * \since 13.33.0, 16.10.0, 17.4.0</span><br><span style="color: hsl(120, 100%, 40%);">+ */</span><br><span style="color: hsl(120, 100%, 40%);">+void ast_acl_output(int fd, struct ast_acl_list *acl, const char *prefix);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> #if defined(__cplusplus) || defined(c_plusplus)</span><br><span> }</span><br><span> #endif</span><br><span>diff --git a/main/acl.c b/main/acl.c</span><br><span>index 9179753..3d32976 100644</span><br><span>--- a/main/acl.c</span><br><span>+++ b/main/acl.c</span><br><span>@@ -50,6 +50,7 @@</span><br><span> #include "asterisk/utils.h"</span><br><span> #include "asterisk/lock.h"</span><br><span> #include "asterisk/srv.h"</span><br><span style="color: hsl(120, 100%, 40%);">+#include "asterisk/cli.h"</span><br><span> </span><br><span> #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))</span><br><span> static int get_local_address(struct ast_sockaddr *ourip)</span><br><span>@@ -1084,3 +1085,31 @@</span><br><span> ast_sockaddr_set_port(ourip, port);</span><br><span> return res;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ char addr[AST_SOCKADDR_BUFLEN];</span><br><span style="color: hsl(120, 100%, 40%);">+ char *mask;</span><br><span style="color: hsl(120, 100%, 40%);">+ int index = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ for (; ha; ha = ha->next, ++index) {</span><br><span style="color: hsl(120, 100%, 40%);">+ strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));</span><br><span style="color: hsl(120, 100%, 40%);">+ mask = ast_sockaddr_stringify_addr(&ha->netmask);</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+void ast_acl_output(int fd, struct ast_acl_list *acl_list, const char *prefix)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ struct ast_acl *acl;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_LIST_LOCK(acl_list);</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_LIST_TRAVERSE(acl_list, acl, list) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,</span><br><span style="color: hsl(120, 100%, 40%);">+ acl->is_realtime ? " (realtime)" : "");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_ha_output(fd, acl->acl, prefix);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ AST_LIST_UNLOCK(acl_list);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/main/manager.c b/main/manager.c</span><br><span>index 44e25b8..c79d4f1 100644</span><br><span>--- a/main/manager.c</span><br><span>+++ b/main/manager.c</span><br><span>@@ -2551,6 +2551,9 @@</span><br><span> for (v = user->chanvars ; v ; v = v->next) {</span><br><span> ast_cli(a->fd, " %s = %s\n", v->name, v->value);</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!ast_acl_list_is_empty(user->acl)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_acl_output(a->fd, user->acl, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> </span><br><span> AST_RWLIST_UNLOCK(&users);</span><br><span> </span><br><span>diff --git a/main/named_acl.c b/main/named_acl.c</span><br><span>index e61bcba..54ad1a9 100644</span><br><span>--- a/main/named_acl.c</span><br><span>+++ b/main/named_acl.c</span><br><span>@@ -438,8 +438,6 @@</span><br><span> */</span><br><span> static void cli_display_named_acl(int fd, const char *name)</span><br><span> {</span><br><span style="color: hsl(0, 100%, 40%);">- struct ast_ha *ha;</span><br><span style="color: hsl(0, 100%, 40%);">- int ha_index = 0;</span><br><span> int is_realtime = 0;</span><br><span> </span><br><span> RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);</span><br><span>@@ -464,12 +462,7 @@</span><br><span> }</span><br><span> </span><br><span> ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");</span><br><span style="color: hsl(0, 100%, 40%);">- for (ha = named_acl->ha; ha; ha = ha->next) {</span><br><span style="color: hsl(0, 100%, 40%);">- char *addr = ast_strdupa(ast_sockaddr_stringify_addr(&ha->addr));</span><br><span style="color: hsl(0, 100%, 40%);">- char *mask = ast_sockaddr_stringify_addr(&ha->netmask);</span><br><span style="color: hsl(0, 100%, 40%);">- ast_cli(fd, "%3d: %s - %s/%s\n", ha_index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);</span><br><span style="color: hsl(0, 100%, 40%);">- ha_index++;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(120, 100%, 40%);">+ ast_ha_output(fd, named_acl->ha, NULL);</span><br><span> }</span><br><span> </span><br><span> /*!</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/13951">change 13951</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/13951"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f </div>
<div style="display:none"> Gerrit-Change-Number: 13951 </div>
<div style="display:none"> Gerrit-PatchSet: 6 </div>
<div style="display:none"> Gerrit-Owner: Jaco Kroon <jaco@uls.co.za> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@sangoma.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Sean Bright <sean.bright@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>