[asterisk-commits] oej: branch oej/deluxepine-1.4 r274578 - in /team/oej/deluxepine-1.4: ./ chan...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jul 7 13:01:36 CDT 2010


Author: oej
Date: Wed Jul  7 13:01:31 2010
New Revision: 274578

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=274578
Log:
Various log file and documentation changes, plus some bug fixes... :-)

Modified:
    team/oej/deluxepine-1.4/README.nacl
    team/oej/deluxepine-1.4/channels/chan_sip.c
    team/oej/deluxepine-1.4/configs/sip.conf.sample
    team/oej/deluxepine-1.4/include/asterisk/nacl.h
    team/oej/deluxepine-1.4/main/acl.c
    team/oej/deluxepine-1.4/main/nacl.c

Modified: team/oej/deluxepine-1.4/README.nacl
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/README.nacl?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/README.nacl (original)
+++ team/oej/deluxepine-1.4/README.nacl Wed Jul  7 13:01:31 2010
@@ -23,3 +23,43 @@
 if needed. This can have be done for matching of devices or implementing
 dynamic blacklists.
 
+Core implemenation
+------------------
+Check configs/nacl.conf.sample for details
+
+; Example
+[officelan]	; This is the name of this ACL
+deny=all
+permit=192.168.0.0/24   ; CIDR notation
+permit=192.168.1.125/255.255.255.255    ; Subnetmask
+
+
+SIP implementation
+------------------
+In the SIP channel, you can configure a named ACL for each device. Using configuration
+templates make it simple. There are multiple benefits:
+
+- The NACL is only stored once. Permit/deny configurations in sip.conf is stored once
+  per device
+- The NACL can be manipulated during runtime with manager and CLI commands
+
+Syntax for the [general] section as well as per device:
+
+nacl=<name>
+
+The name is a NACL that is defined in nacl.conf or created dynamically.
+
+example:
+
+[officephones](!)
+type=friend
+nacl=officelan
+contactnacl=officelan
+
+[lisa12:12:23:23:af](officephones)
+secret=superhemligt
+
+
+TODO List
+---------
+- Add automatic expiry for blacklists, set time in nacl.conf

Modified: team/oej/deluxepine-1.4/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/channels/chan_sip.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/channels/chan_sip.c (original)
+++ team/oej/deluxepine-1.4/channels/chan_sip.c Wed Jul  7 13:01:31 2010
@@ -17799,6 +17799,9 @@
 			}
 		} else if (!strcasecmp(v->name, "nacl")) {
 			user->nacl = ast_nacl_attach(v->value);
+			if (!user->nacl) {
+				ast_log(LOG_WARNING, "Lineno: %d: NACL %s not found for user %s\n", v->lineno, v->value, name);
+			}
 		} else if (!strcasecmp(v->name, "permit") ||
 				   !strcasecmp(v->name, "deny")) {
 			user->ha = ast_append_ha(v->name, v->value, user->ha);
@@ -18099,6 +18102,9 @@
 				}
 			} else if (!strcasecmp(v->name, "nacl")) {
 				peer->nacl = ast_nacl_attach(v->value);
+				if (!user->nacl) {
+					ast_log(LOG_WARNING, "Lineno: %d: NACL %s not found for peer %s\n", v->lineno, v->value, name);
+				}
 			} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
 				if (!ast_strlen_zero(v->value)) {
 					peer->ha = ast_append_ha(v->name, v->value, peer->ha);
@@ -18447,7 +18453,7 @@
   		} else if (!strcasecmp(v->name, "nacl")) {
 			global_nacl = ast_nacl_attach(v->value);
 			if (!global_nacl) {
-				ast_log(LOG_WARNING, "'%s' is not a valid NACL name - line %d.\n", v->value, v->lineno);
+				ast_log(LOG_WARNING, "Line %d: '%s' is not a valid NACL name.\n", v->value, v->lineno);
 			}
   		} else if (!strcasecmp(v->name, "allowguest")) {
 			global_allowguest = ast_true(v->value) ? 1 : 0;

Modified: team/oej/deluxepine-1.4/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/configs/sip.conf.sample?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/configs/sip.conf.sample (original)
+++ team/oej/deluxepine-1.4/configs/sip.conf.sample Wed Jul  7 13:01:31 2010
@@ -517,6 +517,7 @@
 ; callingpres                 callingpres
 ; permit                      permit
 ; deny                        deny
+; nacl                        nacl
 ; secret                      secret
 ; md5secret                   md5secret
 ; dtmfmode                    dtmfmode
@@ -632,6 +633,7 @@
 ;allow=g729                     ; Pass-thru only unless g729 license obtained
 ;callingpres=allowed_passed_screen        ; Set caller ID presentation
                                 ; See doc/callingpres.txt for more information
+;nacl=goldpeers                 ; Set a Named ACL for this peer. Works for users too.
 
 
 ;[xlite1]

Modified: team/oej/deluxepine-1.4/include/asterisk/nacl.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/include/asterisk/nacl.h?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/include/asterisk/nacl.h (original)
+++ team/oej/deluxepine-1.4/include/asterisk/nacl.h Wed Jul  7 13:01:31 2010
@@ -44,6 +44,7 @@
 /*! \brief Find a named ACL 
 	if deleted is true, we will find deleted items too
 	if owner is NULL, we'll find all otherwise owner is used for selection too
+	\return NULL if NACL is not found
 */
 struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner);
 
@@ -58,6 +59,7 @@
 /*! \brief Attach to a named ACL. You need to detach later 
 	This is to avoid Named ACLs to disappear from runtime. Even if they are deleted from the
 	configuration, they will still be around thanks to ASTOBJs
+	\return NULL if NACL is not found
  */
 struct ast_nacl *ast_nacl_attach(const char *name);
 
@@ -67,7 +69,7 @@
 void ast_nacl_detach(struct ast_nacl *nacl);
 
 /*! \brief Add new IP address to ruleset */
-int ast_nacl_add_ip(struct ast_nacl *nacl, struct sockaddr_in *ip, int permit)
+int ast_nacl_add_ip(struct ast_nacl *nacl, struct sockaddr_in *ip, int permit);
 
 /*! \brief Initialize NACL subsystem */
 int ast_nacl_load(void);

Modified: team/oej/deluxepine-1.4/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/main/acl.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/main/acl.c (original)
+++ team/oej/deluxepine-1.4/main/acl.c Wed Jul  7 13:01:31 2010
@@ -265,7 +265,7 @@
 {
 	struct ast_ha *new_ha;
 
-	if ((new_ha = ast_calloc(sizeof(*new_ha)))) {
+	if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
 		/* Copy from original to new object */
 		ast_copy_ha(original, new_ha);
 	}
@@ -310,7 +310,7 @@
 		prev = path;
 		path = path->next;
 	}
-	if ((ha = ast_calloc(sizeof(*ha)))) {
+	if ((ha = ast_calloc(1, sizeof(*ha)))) {
 		ast_copy_string(tmp, stuff, sizeof(tmp));
 		nm = strchr(tmp, '/');
 		if (!nm) {

Modified: team/oej/deluxepine-1.4/main/nacl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/main/nacl.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/main/nacl.c (original)
+++ team/oej/deluxepine-1.4/main/nacl.c Wed Jul  7 13:01:31 2010
@@ -199,6 +199,7 @@
 	if deleted is true, we will find deleted items too
 	if owner is NULL, we'll find all otherwise owner is used for selection too
 	We raise the refcount on the result, which the calling function need to deref.
+	\return NULL if the NACL is not found
 */
 struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner)
 {
@@ -241,7 +242,7 @@
 	return ast_nacl_find_all(name, 0, NULL);
 }
 
-/*! \brief MarkClear all named ACLs owned by us 
+/*! \brief Mark all named ACLs owned by us 
 	Mark the others as deletion ready.
 */
 int ast_nacl_mark_all_owned(const char *owner)
@@ -444,9 +445,9 @@
 		return FALSE;
 	}
 	ao2_ref(nacl,1);
-	ast_copy_string(ipbuf, ast_inet_ntoa(ip->sin_addr.s_addr), 128);
+	ast_copy_string(ipbuf, ast_inet_ntoa(ip->sin_addr), 128);
 	/* In trunk, we need to create a function that uses IP directly */
-	nacl->ha = ast_append_ha(permit ? "permit" : "deny", ipbuf, nacl->ha);
+	nacl->acl = ast_append_ha(permit ? "permit" : "deny", ipbuf, nacl->acl);
 	nacl->rules++;
 	ao2_ref(nacl,-1);
 	return TRUE;




More information about the asterisk-commits mailing list