[asterisk-commits] mmichelson: branch mmichelson/acl-v6 r276461 - in /team/mmichelson/acl-v6: ma...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jul 14 15:21:20 CDT 2010


Author: mmichelson
Date: Wed Jul 14 15:21:08 2010
New Revision: 276461

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=276461
Log:
Fix bugs in acl and the acl test.

The acl code was broken in several cases, and the new test
cases were coded with some incorrect expectations due to the
fact I forgot that there is an implicit "permit" if no host
access rules are matched.


Modified:
    team/mmichelson/acl-v6/main/acl.c
    team/mmichelson/acl-v6/tests/test_acl.c

Modified: team/mmichelson/acl-v6/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/main/acl.c?view=diff&rev=276461&r1=276460&r2=276461
==============================================================================
--- team/mmichelson/acl-v6/main/acl.c (original)
+++ team/mmichelson/acl-v6/main/acl.c Wed Jul 14 15:21:08 2010
@@ -289,7 +289,7 @@
  */
 static void make_v4_mapped(struct ast_sockaddr *input, struct ast_sockaddr *output)
 {
-	struct sockaddr_in6 sin6;
+	struct sockaddr_in6 sin6 = {0, };
 	static const uint32_t prefix = 0x0000FFFF;
 
 	sin6.sin6_family = AF_INET6;
@@ -318,11 +318,16 @@
  */ 
 static void map_mask(struct ast_sockaddr *input, struct ast_sockaddr *output)
 {
-	struct sockaddr_in6 sin6;
+	struct sockaddr_in6 sin6 = {0,};
 
 	sin6.sin6_family = AF_INET6;
-	memset(&sin6.sin6_addr, 0xFF, 12);
-	V6_WORD(&sin6, 3) = htonl(ast_sockaddr_ipv4(input));
+	if (ast_sockaddr_is_any(input)) {
+		memset(&sin6.sin6_addr, 0x00, 16);
+	} else {
+		memset(&sin6.sin6_addr, 0x00, 8);
+		V6_WORD(&sin6, 2) = (uint32_t)htonl(0x0000FFFF);
+		V6_WORD(&sin6, 3) = (uint32_t)htonl(ast_sockaddr_ipv4(input));
+	}
 
 	memcpy(&output->ss, &sin6, sizeof(sin6));
 	output->len = sizeof(sin6);
@@ -341,22 +346,18 @@
 {
 	struct sockaddr_in6 *addr6;
 	struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
-	struct sockaddr_in6 result6;
+	struct sockaddr_in6 result6 = {0,};
 	int i;
 
 	if (ast_sockaddr_is_ipv4(addr)) {
 		make_v4_mapped(addr, addr);
 	}
 
-	ast_log(LOG_NOTICE, "Going to apply mask %s to address %s\n",
-			ast_sockaddr_stringify_addr(netmask),
-			ast_sockaddr_stringify_addr(addr));
-
 	addr6 = (struct sockaddr_in6 *) &addr->ss;
 
 	result6.sin6_family = AF_INET6;
 	for (i = 0; i < 4; ++i) {
-		V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
+		V6_WORD(&result6, i) = (uint32_t)(V6_WORD(addr6, i) & V6_WORD(mask6, i));
 	}
 	memcpy(&result->ss, &result6, sizeof(result6));
 	result->len = sizeof(result6);
@@ -379,50 +380,48 @@
 static int parse_cidr_mask(struct ast_sockaddr *addr, int is_v4, const char *mask_str)
 {
 	int mask;
-	struct sockaddr_in6 sin6;
+	struct sockaddr_in6 sin6 = {0,};
 	int i;
 
 	if (sscanf(mask_str, "%30d", &mask) != 1) {
 		return -1;
 	}
+
+	sin6.sin6_family = AF_INET6;
 
 	if (is_v4) {
 		if (mask < 0 || mask > 32) {
 			return -1;
+		}
+		memset(&sin6.sin6_addr, 0x00, 8);
+		V6_WORD(&sin6, 2) = htonl(mask == 0 ? 0x00000000 : 0x0000FFFF);
+		if (mask == 0) {
+			/* Special case to deal with unpredictable behavior
+			 * when attempting to shift more than 31 bits
+			 */
+			V6_WORD(&sin6, 3) = (uint32_t)htonl(0x00000000);
 		} else {
-			mask += 96;
-		}
-	} else if (mask < 0 || mask > 128) {
-		return -1;
-	}
-
-	sin6.sin6_family = AF_INET6;
-	for (i = 0; i < 4; ++i) {
-		if (mask >= 32) {
-			ast_log(LOG_NOTICE, "mask is larger than 32, so I set word %d to %x (%x in network order)\n",
-					i, 0xFFFFFFFF, htonl(0xFFFFFFFF));
-			V6_WORD(&sin6, i) = htonl(0xFFFFFFFF);
-			mask -= 32;
-		} else if (mask > 0) {
-			ast_log(LOG_NOTICE, "mask is %d, so I set word %d to %x (%x in network order)\n",
-					mask, i, 0xFFFFFFFF << (32 - mask), htonl(0xFFFFFFFF << (32 - mask)));
-			V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (32 - mask));
-			/* Set mask to 0 so the remaining parts of the address
-			 * Get filled in properly with zeros
-			 */
-			mask = 0;
-		} else {
-			/* Mask is 0. Special case to deal with unpredictable
-			 * behavior when trying to shift more than 31 bits
-			 */
-			ast_log(LOG_NOTICE, "mask is 0, so I set word %d to %x (%x in network order)\n",
-					i, 0, htonl(0));
-			V6_WORD(&sin6, i) = htonl(0x00000000);
-		}
-	}
+			V6_WORD(&sin6, 3) = htonl(0xFFFFFFFF << (32 - mask));
+		}
+	} else {
+		if (mask < 0 || mask > 128) {
+			return -1;
+		}
+		for (i = 0; i < 4; ++i) {
+			if (mask > 0) {
+				V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
+				mask -= mask < 32 ? mask : 32;
+			} else {
+				/* Mask is 0. Special case to deal with unpredictable
+				 * behavior when trying to shift more than 31 bits
+				 */
+				V6_WORD(&sin6, i) = (uint32_t)htonl(0x00000000);
+			}
+		}
+	}
+
 	memcpy(&addr->ss, &sin6, sizeof(sin6));
 	addr->len = sizeof(sin6);
-	ast_log(LOG_NOTICE, "Got mask %s for CIDR mask %s\n", ast_sockaddr_stringify_addr(addr), mask_str);
 	return 0;
 }
 
@@ -463,6 +462,8 @@
 	addr_is_v4 = ast_sockaddr_is_ipv4(&addr_sock);
 	if (addr_is_v4) {
 		make_v4_mapped(&addr_sock, &ha->addr);
+	} else {
+		ast_sockaddr_copy(&ha->addr, &addr_sock);
 	}
 
 	if (!mask) {
@@ -496,6 +497,7 @@
 	}
 
 	apply_netmask(&ha->addr, &ha->netmask, &ha->addr);
+
 	ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
 
 	ha->next = NULL;

Modified: team/mmichelson/acl-v6/tests/test_acl.c
URL: http://svnview.digium.com/svn/asterisk/team/mmichelson/acl-v6/tests/test_acl.c?view=diff&rev=276461&r1=276460&r2=276461
==============================================================================
--- team/mmichelson/acl-v6/tests/test_acl.c (original)
+++ team/mmichelson/acl-v6/tests/test_acl.c Wed Jul 14 15:21:08 2010
@@ -157,10 +157,10 @@
 		{ "10.0.0.1", AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
 		{ "10.0.10.10", AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY },
 		{ "172.16.0.1", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY },
-		{ "fe80::1234", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY },
-		{ "fe80:1234::1234", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_DENY, },
-		{ "fe80::ffff:1213:dead:beef", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY },
-		{ "fe80::ffff:0:ffff:ABCD", AST_SENSE_DENY, AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
+		{ "fe80::1234", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
+		{ "fe80:1234::1234", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_DENY, AST_SENSE_DENY, },
+		{ "fe80::ffff:1213:dead:beef", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_DENY },
+		{ "fe80::ffff:0:ffff:ABCD", AST_SENSE_DENY, AST_SENSE_ALLOW, AST_SENSE_ALLOW, AST_SENSE_ALLOW },
 	};
 
 	struct ast_ha *permit_hav4 = NULL;




More information about the asterisk-commits mailing list