[asterisk-commits] mmichelson: branch mmichelson/acl-v6 r276205 - in /team/mmichelson/acl-v6: ch...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jul 13 16:36:59 CDT 2010
Author: mmichelson
Date: Tue Jul 13 16:36:45 2010
New Revision: 276205
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=276205
Log:
Update callers of ast_apply_ha to pass appropriate data type.
Still haven't attempted a compile yet. Next commit will have
compilation errors cleaned up.
Modified:
team/mmichelson/acl-v6/channels/chan_iax2.c
team/mmichelson/acl-v6/channels/chan_sip.c
team/mmichelson/acl-v6/channels/chan_skinny.c
team/mmichelson/acl-v6/main/manager.c
Modified: team/mmichelson/acl-v6/channels/chan_iax2.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/channels/chan_iax2.c?view=diff&rev=276205&r1=276204&r2=276205
==============================================================================
--- team/mmichelson/acl-v6/channels/chan_iax2.c (original)
+++ team/mmichelson/acl-v6/channels/chan_iax2.c Tue Jul 13 16:36:45 2010
@@ -7373,6 +7373,7 @@
int gotcapability = 0;
struct ast_variable *v = NULL, *tmpvar = NULL;
struct ao2_iterator i;
+ struct ast_sockaddr addr;
if (!iaxs[callno])
return res;
@@ -7430,10 +7431,11 @@
}
/* Search the userlist for a compatible entry, and fill in the rest */
i = ao2_iterator_init(users, 0);
+ ast_sockaddr_from_sin(&addr, sin);
while ((user = ao2_iterator_next(&i))) {
if ((ast_strlen_zero(iaxs[callno]->username) || /* No username specified */
!strcmp(iaxs[callno]->username, user->name)) /* Or this username specified */
- && ast_apply_ha(user->ha, sin) /* Access is permitted from this IP */
+ && ast_apply_ha(user->ha, &addr) /* Access is permitted from this IP */
&& (ast_strlen_zero(iaxs[callno]->context) || /* No context specified */
apply_context(user->contexts, iaxs[callno]->context))) { /* Context is permitted */
if (!ast_strlen_zero(iaxs[callno]->username)) {
@@ -7775,6 +7777,7 @@
int x;
int expire = 0;
int res = -1;
+ struct ast_sockaddr addr;
ast_clear_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED);
/* iaxs[callno]->peer[0] = '\0'; not necc. any more-- stringfield is pre-inited to null string */
@@ -7829,7 +7832,8 @@
goto return_unref;
}
- if (!ast_apply_ha(p->ha, sin)) {
+ ast_sockaddr_from_sin(&addr, sin);
+ if (!ast_apply_ha(p->ha, addr)) {
if (authdebug)
ast_log(LOG_NOTICE, "Host %s denied access to register peer '%s'\n", ast_inet_ntoa(sin->sin_addr), p->name);
goto return_unref;
Modified: team/mmichelson/acl-v6/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/channels/chan_sip.c?view=diff&rev=276205&r1=276204&r2=276205
==============================================================================
--- team/mmichelson/acl-v6/channels/chan_sip.c (original)
+++ team/mmichelson/acl-v6/channels/chan_sip.c Tue Jul 13 16:36:45 2010
@@ -3061,7 +3061,7 @@
static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us, struct sip_pvt *p)
{
struct ast_sockaddr theirs;
- struct sockaddr_in theirs_sin, externip_sin, us_sin;
+ struct sockaddr_in externip_sin;
/* Set want_remap to non-zero if we want to remap 'us' to an externally
* reachable IP address and port. This is done if:
@@ -3089,16 +3089,13 @@
"remove \"localnet\" and/or \"externip\" settings.\n");
}
} else {
- ast_sockaddr_to_sin(&theirs, &theirs_sin);
- ast_sockaddr_to_sin(us, &us_sin);
-
want_remap = localaddr &&
!(ast_sockaddr_isnull(&externip) && stunaddr.sin_addr.s_addr) &&
- ast_apply_ha(localaddr, &theirs_sin) == AST_SENSE_ALLOW ;
+ ast_apply_ha(localaddr, &theirs) == AST_SENSE_ALLOW ;
}
if (want_remap &&
- (!sip_cfg.matchexterniplocally || !ast_apply_ha(localaddr, &us_sin)) ) {
+ (!sip_cfg.matchexterniplocally || !ast_apply_ha(localaddr, &us)) ) {
/* if we used externhost or stun, see if it is time to refresh the info */
if (externexpire && time(NULL) >= externexpire) {
if (stunaddr.sin_addr.s_addr) {
@@ -12452,7 +12449,6 @@
int transport_type;
const char *useragent;
struct ast_sockaddr oldsin, testsa;
- struct sockaddr_in testsin;
ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact));
@@ -12570,16 +12566,13 @@
}
/* Check that they're allowed to register at this IP */
- if (!ast_sockaddr_is_ipv6(&peer->addr)) {
- ast_sockaddr_to_sin(&peer->addr, &testsin);
- if (ast_apply_ha(sip_cfg.contact_ha, &testsin) != AST_SENSE_ALLOW ||
- ast_apply_ha(peer->contactha, &testsin) != AST_SENSE_ALLOW) {
- ast_log(LOG_WARNING, "Domain '%s' disallowed by contact ACL (violating IP %s)\n", domain,
- ast_sockaddr_stringify_addr(&testsa));
- ast_string_field_set(peer, fullcontact, "");
- ast_string_field_set(pvt, our_contact, "");
- return PARSE_REGISTER_DENIED;
- }
+ if (ast_apply_ha(sip_cfg.contact_ha, &peer->addr) != AST_SENSE_ALLOW ||
+ ast_apply_ha(peer->contactha, &peer->addr) != AST_SENSE_ALLOW) {
+ ast_log(LOG_WARNING, "Domain '%s' disallowed by contact ACL (violating IP %s)\n", domain,
+ ast_sockaddr_stringify_addr(&testsa));
+ ast_string_field_set(peer, fullcontact, "");
+ ast_string_field_set(pvt, our_contact, "");
+ return PARSE_REGISTER_DENIED;
}
/* if the Contact header information copied into peer->addr matches the
@@ -13208,18 +13201,14 @@
}
peer = find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0);
- if (!ast_sockaddr_is_ipv6(addr)) {
- struct sockaddr_in sin_tmp;
-
- ast_sockaddr_to_sin(addr, &sin_tmp);
- if (!(peer && ast_apply_ha(peer->ha, &sin_tmp))) {
- /* Peer fails ACL check */
- if (peer) {
- unref_peer(peer, "register_verify: unref_peer: from find_peer operation");
- peer = NULL;
- res = AUTH_ACL_FAILED;
- } else
- res = AUTH_NOT_FOUND;
+ if (!(peer && ast_apply_ha(peer->ha, addr))) {
+ /* Peer fails ACL check */
+ if (peer) {
+ unref_peer(peer, "register_verify: unref_peer: from find_peer operation");
+ peer = NULL;
+ res = AUTH_ACL_FAILED;
+ } else {
+ res = AUTH_NOT_FOUND;
}
}
@@ -14302,15 +14291,11 @@
}
return AUTH_DONT_KNOW;
}
- if (!ast_sockaddr_is_ipv6(addr)) {
- struct sockaddr_in sin_tmp;
-
- ast_sockaddr_to_sin(addr, &sin_tmp);
- if (!ast_apply_ha(peer->ha, &sin_tmp)) {
- ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
- unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
- return AUTH_ACL_FAILED;
- }
+
+ if (!ast_apply_ha(peer->ha, addr)) {
+ ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
+ unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
+ return AUTH_ACL_FAILED;
}
if (debug)
ast_verbose("Found peer '%s' for '%s' from %s\n",
@@ -26844,14 +26829,7 @@
ast_rtp_instance_get_remote_address(p->rtp, &them);
ast_rtp_instance_get_local_address(p->rtp, &us);
- /* Currently ast_apply_ha doesn't support IPv6 */
- if (ast_sockaddr_is_ipv6(&them)) {
- return res;
- }
-
- ast_sockaddr_to_sin(&them, &them_sin);
-
- if ((res = ast_apply_ha(p->directmediaha, &them_sin)) == AST_SENSE_DENY) {
+ if ((res = ast_apply_ha(p->directmediaha, &them)) == AST_SENSE_DENY) {
ast_debug(3, "Reinvite %s to %s denied by directmedia ACL on %s\n",
op, ast_sockaddr_stringify(&them), ast_sockaddr_stringify(&us));
}
Modified: team/mmichelson/acl-v6/channels/chan_skinny.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/channels/chan_skinny.c?view=diff&rev=276205&r1=276204&r2=276205
==============================================================================
--- team/mmichelson/acl-v6/channels/chan_skinny.c (original)
+++ team/mmichelson/acl-v6/channels/chan_skinny.c Tue Jul 13 16:36:45 2010
@@ -1877,8 +1877,10 @@
AST_LIST_LOCK(&devices);
AST_LIST_TRAVERSE(&devices, d, list){
+ struct ast_sockaddr addr;
+ ast_sockaddr_from_sin(&addr, &s->sin);
if (!strcasecmp(req->data.reg.name, d->id)
- && ast_apply_ha(d->ha, &(s->sin))) {
+ && ast_apply_ha(d->ha, &addr)) {
s->device = d;
d->type = letohl(req->data.reg.type);
if (ast_strlen_zero(d->version_id)) {
Modified: team/mmichelson/acl-v6/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/main/manager.c?view=diff&rev=276205&r1=276204&r2=276205
==============================================================================
--- team/mmichelson/acl-v6/main/manager.c (original)
+++ team/mmichelson/acl-v6/main/manager.c Tue Jul 13 16:36:45 2010
@@ -2226,6 +2226,7 @@
struct ast_manager_user *user = NULL;
regex_t *regex_filter;
struct ao2_iterator filter_iter;
+ struct ast_sockaddr addr;
if (ast_strlen_zero(username)) { /* missing username */
return -1;
@@ -2233,11 +2234,13 @@
/* locate user in locked state */
AST_RWLIST_WRLOCK(&users);
+
+ ast_sockaddr_from_sin(&addr, &s->session->sin);
if (!(user = get_manager_by_name_locked(username))) {
report_invalid_user(s, username);
ast_log(LOG_NOTICE, "%s tried to authenticate with nonexistent user '%s'\n", ast_inet_ntoa(s->session->sin.sin_addr), username);
- } else if (user->ha && !ast_apply_ha(user->ha, &(s->session->sin))) {
+ } else if (user->ha && !ast_apply_ha(user->ha, &addr)) {
report_failed_acl(s, username);
ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_inet_ntoa(s->session->sin.sin_addr), username);
} else if (!strcasecmp(astman_get_header(m, "AuthType"), "MD5")) {
@@ -5624,6 +5627,7 @@
int u_writeperm;
int u_writetimeout;
int u_displayconnects;
+ struct ast_sockaddr addr;
if (method != AST_HTTP_GET && method != AST_HTTP_HEAD && method != AST_HTTP_POST) {
ast_http_error(ser, 501, "Not Implemented", "Attempt to use unimplemented / unsupported method");
@@ -5667,8 +5671,9 @@
goto out_401;
}
+ ast_sockaddr_from_sin(&addr, remote_address);
/* --- We have User for this auth, now check ACL */
- if (user->ha && !ast_apply_ha(user->ha, remote_address)) {
+ if (user->ha && !ast_apply_ha(user->ha, &addr)) {
AST_RWLIST_UNLOCK(&users);
ast_log(LOG_NOTICE, "%s failed to pass IP ACL as '%s'\n", ast_inet_ntoa(remote_address->sin_addr), d.username);
ast_http_error(ser, 403, "Permission denied", "Permission denied\n");
More information about the asterisk-commits
mailing list