[asterisk-commits] jrose: branch jrose/nacl_branch r368516 - in /team/jrose/nacl_branch: channel...
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jun 5 09:29:25 CDT 2012
Author: jrose
Date: Tue Jun 5 09:29:19 2012
New Revision: 368516
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=368516
Log:
Updating branch with Terry's config changes, making name changes for nacl to become named_acl or acl where appropriate (named_acl for internal code stuff, acl for acl.conf, acl show <named acl>, and acl reload.
Added:
team/jrose/nacl_branch/main/named_acl.c
- copied, changed from r368515, team/jrose/nacl_branch/main/nacl.c
Removed:
team/jrose/nacl_branch/main/nacl.c
Modified:
team/jrose/nacl_branch/channels/chan_unistim.c
team/jrose/nacl_branch/include/asterisk/acl.h
team/jrose/nacl_branch/main/asterisk.c
team/jrose/nacl_branch/main/manager.c
Modified: team/jrose/nacl_branch/channels/chan_unistim.c
URL: http://svnview.digium.com/svn/asterisk/team/jrose/nacl_branch/channels/chan_unistim.c?view=diff&rev=368516&r1=368515&r2=368516
==============================================================================
--- team/jrose/nacl_branch/channels/chan_unistim.c (original)
+++ team/jrose/nacl_branch/channels/chan_unistim.c Tue Jun 5 09:29:19 2012
@@ -6306,8 +6306,8 @@
ast_copy_string(d->extension_number, v->value, sizeof(d->extension_number));
} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
d->ha = ast_append_ha(v->name, v->value, d->ha, NULL);
- } else if (!strcasecmp(v->name, "nacl")) {
- d->ha = ast_append_nacl(d->ha, v->value);
+ } else if (!strcasecmp(v->name, "acl")) {
+ d->ha = ast_append_named_acl(d->ha, v->value);
} else if (!strcasecmp(v->name, "context")) {
ast_copy_string(d->context, v->value, sizeof(d->context));
} else if (!strcasecmp(v->name, "maintext0")) {
Modified: team/jrose/nacl_branch/include/asterisk/acl.h
URL: http://svnview.digium.com/svn/asterisk/team/jrose/nacl_branch/include/asterisk/acl.h?view=diff&rev=368516&r1=368515&r2=368516
==============================================================================
--- team/jrose/nacl_branch/include/asterisk/acl.h (original)
+++ team/jrose/nacl_branch/include/asterisk/acl.h Tue Jun 5 09:29:19 2012
@@ -268,7 +268,7 @@
const char *ast_tos2str(unsigned int tos);
/*!
- * \brief Pluggable function to append an nacl to an existing host access list
+ * \brief Append an named_acl to an existing host access list
*
* \details
* This function needs to be installed by some other loaded module. If it is available,
@@ -280,15 +280,9 @@
* \param ha The host access list being appended
* \param name Name of the nacl sought to append with
*/
-struct ast_ha *ast_append_nacl(struct ast_ha *ha, const char *name);
-
-int init_nacl(void);
-
-/*!
- * \brief Unset nacl function callbacks
- */
-void ast_uninstall_nacl_functions(void);
-
+struct ast_ha *ast_append_named_acl(struct ast_ha *ha, const char *name);
+
+int init_named_acl(void);
#if defined(__cplusplus) || defined(c_plusplus)
}
Modified: team/jrose/nacl_branch/main/asterisk.c
URL: http://svnview.digium.com/svn/asterisk/team/jrose/nacl_branch/main/asterisk.c?view=diff&rev=368516&r1=368515&r2=368516
==============================================================================
--- team/jrose/nacl_branch/main/asterisk.c (original)
+++ team/jrose/nacl_branch/main/asterisk.c Tue Jun 5 09:29:19 2012
@@ -4010,7 +4010,7 @@
ast_http_init(); /* Start the HTTP server, if needed */
- if (init_nacl()) {
+ if (init_named_acl()) {
printf("%s", term_quit());
exit(1);
}
Modified: team/jrose/nacl_branch/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/team/jrose/nacl_branch/main/manager.c?view=diff&rev=368516&r1=368515&r2=368516
==============================================================================
--- team/jrose/nacl_branch/main/manager.c (original)
+++ team/jrose/nacl_branch/main/manager.c Tue Jun 5 09:29:19 2012
@@ -7188,8 +7188,8 @@
} else if (!strcasecmp(var->name, "deny") ||
!strcasecmp(var->name, "permit")) {
user->ha = ast_append_ha(var->name, var->value, user->ha, NULL);
- } else if (!strcasecmp(var->name, "nacl")) {
- user->ha = ast_append_nacl(user->ha, var->value);
+ } else if (!strcasecmp(var->name, "acl")) {
+ user->ha = ast_append_named_acl(user->ha, var->value);
} else if (!strcasecmp(var->name, "read") ) {
user->readperm = get_perm(var->value);
} else if (!strcasecmp(var->name, "write") ) {
Copied: team/jrose/nacl_branch/main/named_acl.c (from r368515, team/jrose/nacl_branch/main/nacl.c)
URL: http://svnview.digium.com/svn/asterisk/team/jrose/nacl_branch/main/named_acl.c?view=diff&rev=368516&p1=team/jrose/nacl_branch/main/nacl.c&r1=368515&p2=team/jrose/nacl_branch/main/named_acl.c&r2=368516
==============================================================================
--- team/jrose/nacl_branch/main/nacl.c (original)
+++ team/jrose/nacl_branch/main/named_acl.c Tue Jun 5 09:29:19 2012
@@ -15,227 +15,231 @@
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include "asterisk/config.h"
+#include "asterisk/config_options.h"
#include "asterisk/utils.h"
#include "asterisk/module.h"
#include "asterisk/cli.h"
#include "asterisk/acl.h"
#include "asterisk/astobj2.h"
-#define NACL_CONFIG "nacl.conf"
+#define NACL_CONFIG "acl.conf"
#define NAME_LENGTH 80
-static struct ao2_container *nacl_list;
-
-struct nacl {
+/*! \note Ok, so you have a container of named_acls and no general options. Instead of just
+ * declaring the named_acl_list, we instead declare a struct that holds this container. This
+ * is to handle the general case where a config really maps to some global options and
+ * one or more containers of configurable objects
+ */
+struct named_acl_config {
+ struct ao2_container *named_acl_list;
+};
+
+/*! \note We also need to declare an ao2_global_obj which basically hides an ao2 object
+ * so that we can only access the internal object by grabbing a reference to it. The back
+ * end config code uses this to atomically swap out a new config object for the old one.
+ */
+
+static AO2_GLOBAL_OBJ_STATIC(globals);
+
+static void *named_acl_config_alloc(void);
+static void *named_acl_alloc(const char *cat);
+static void *named_acl_find(struct ao2_container *container, const char *cat);
+
+/*! \note Now we need to define a config type. This will basically link up a category name
+ * (and optionally a "type" field e.g. type=peer in chan_iax2) to an underlying object. In
+ * this case, we are linking any category that is *not* "general" to a named acl
+ */
+static struct aco_type named_acl_type = {
+ .type = ACO_ITEM, /*!< named_acls are items stored in containers, not individual global objects */
+ .category_match = ACO_BLACKLIST,
+ .category = "^general$", /*!< With the above blacklist, match everything but "general" */
+ .item_alloc = named_acl_alloc, /*!< Just a callback to allocate a new named_acl based on category */
+ .item_find = named_acl_find, /*!< A callback to find an named_acl in some container of named_acls */
+ .item_offset = offsetof(struct named_acl_config, named_acl_list), /*!< Could leave this out since 0 */
+};
+
+/*! \note This is annoying. We need to be able to pass multiple types to aco_option_register as
+ * an array and also be able to create the named_acl_type via intializer lists. So we make create
+ * a single object array here to pass to aco_option_register. This is a case of multiple file
+ * support making things slightly worse for the general case, unfortunately.
+ */
+struct aco_type *named_acl_types[] = ACO_TYPES(&named_acl_type);
+
+/*! \note A representation of acl.conf and tye types associated with it. You only have one
+ * file and one type.
+ */
+struct aco_file named_acl_conf = {
+ .filename = "acl.conf",
+ .types = ACO_TYPES(&named_acl_type),
+};
+
+/*! \note Create a config info struct that describes the config processing for this module.
+ * Pass name of the object, the AO2_GLOBAL_OBJ_STATIC, and an allocater function for your
+ * named_acl_config struct. Also add the array of aco_files to process: in this case just acl.conf
+ */
+CONFIG_INFO_STANDARD(cfg_info, globals, named_acl_config_alloc,
+ .files = ACO_FILES(&named_acl_conf),
+);
+
+struct named_acl {
struct ast_ha *ha;
char name[NAME_LENGTH]; /* Same max length as a configuration category */
};
-static void destroy_nacl(void *obj)
-{
- struct nacl *nacl = obj;
- ast_free_ha(nacl->ha);
-}
-
-static void add_nacl_from_config(char *name, struct ast_variable *input)
-{
- struct nacl tmp;
- struct nacl *nacl;
- struct ast_variable *var = input;
+static int named_acl_hash_fn(const void *obj, const int flags)
+{
+ const struct named_acl *entry = obj;
+ return ast_str_hash(entry->name);
+}
+
+static int named_acl_cmp_fn(void *obj, void *arg, const int flags)
+{
+ struct named_acl *entry1 = obj;
+ struct named_acl *entry2 = arg;
+
+ return (!strcmp(entry1->name, entry2->name)) ? (CMP_MATCH | CMP_STOP) : 0;
+}
+
+/*! \brief destructor for named_acl_config */
+static void named_acl_config_destructor(void *obj)
+{
+ struct named_acl_config *cfg = obj;
+ ao2_cleanup(cfg->named_acl_list);
+}
+
+/*! \brief allocator callback for named_acl_config. Notice it returns void * since it is used by
+ * the backend config code
+ */
+static void *named_acl_config_alloc(void)
+{
+ struct named_acl_config *cfg;
+
+ if (!(cfg = ao2_alloc(sizeof(*cfg), named_acl_config_destructor))) {
+ return NULL;
+ }
+ if (!(cfg->named_acl_list = ao2_container_alloc(37, named_acl_hash_fn, named_acl_cmp_fn))) {
+ ao2_ref(cfg, -1);
+ return NULL;
+ }
+ return cfg;
+}
+
+static void destroy_named_acl(void *obj)
+{
+ struct named_acl *named_acl = obj;
+ ast_free_ha(named_acl->ha);
+}
+
+void *named_acl_alloc(const char *cat)
+{
+ struct named_acl *named_acl;
+
+ if (!(named_acl = ao2_alloc(sizeof(*named_acl), destroy_named_acl))) {
+ return NULL;
+ }
+ ast_copy_string(named_acl->name, cat, sizeof(named_acl->name));
+ return named_acl;
+}
+
+void *named_acl_find(struct ao2_container *container, const char *cat)
+{
+ struct named_acl tmp;
+ ast_copy_string(tmp.name, cat, sizeof(tmp.name));
+ return ao2_find(container, &tmp, OBJ_POINTER);
+}
+
+struct ast_ha *ast_append_named_acl(struct ast_ha *ha, const char *name)
+{
+ struct named_acl tmp;
+ struct named_acl *named_acl;
+ /*! \note This is to grab a reference to a snapshot of the configuration data */
+ RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
ast_copy_string(tmp.name, name, sizeof(tmp.name));
- nacl = ao2_find(nacl_list, &tmp, OBJ_POINTER);
-
- if (nacl) {
- ast_log(LOG_ERROR, "Multiple definitions present for nacl: %s\n", name);
- ao2_ref(nacl, -1);
+ /*! \note We now look up the named_acl in the config snapshot's list of named_acls. If a reload is
+ * done, it will not affect this operation. */
+ named_acl = ao2_find(cfg->named_acl_list, &tmp, OBJ_POINTER);
+
+ if (!named_acl) {
+ ast_log(LOG_ERROR, "named_acl '%s' does not exist. Could not apply named_acl.\n", name);
+ return ha;
+ }
+
+ /* Apply Staples! */
+ ha = ast_duplicate_and_append_ha(ha, named_acl->ha);
+
+ ao2_ref(named_acl, -1);
+
+ return ha;
+}
+
+static void reload_named_acl(int fd)
+{
+ ast_cli(fd, "Reloading named_acl configuration...\n");
+ if (aco_process_config(&cfg_info, 1)) {
+ ast_cli(fd, "Any modules using statically defined ACLs which were using existing named_acls will need to be reloaded for changes to take effect.\n");
+ }
+}
+
+static void cli_display_named_acl(int fd, const char *name)
+{
+ struct named_acl tmp;
+ struct named_acl *named_acl;
+ struct ast_ha *ha;
+ /*! \note This is to grab a reference to a snapshot of the configuration data */
+ RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
+
+ ast_copy_string(tmp.name, name, sizeof(tmp.name));
+
+ named_acl = ao2_find(cfg->named_acl_list, &tmp, OBJ_POINTER);
+
+ if (!named_acl) {
+ /* named_acl not found message */
+ ast_cli(fd, "\nCould not find acl named '%s'\n", name);
return;
}
- nacl = ao2_alloc(sizeof(*nacl), destroy_nacl);
-
- if (!nacl) {
- ast_log(LOG_ERROR, "Failed to allocate ao2 object for nacl.\n");
- return;
- }
-
- nacl->ha = NULL;
- ast_copy_string(nacl->name, name, sizeof(nacl->name));
-
- while(var) {
- if (!strcasecmp(var->name, "permit") || !strcasecmp(var->name, "deny")) {
- int ha_error = 0;
- nacl->ha = ast_append_ha(var->name, var->value, nacl->ha, &ha_error);
- if (ha_error) {
- ast_log(LOG_ERROR, "Bad ACL entry in nacl configuration line %d : %s\n", var->lineno, var->value);
- }
- }
- var = var->next;
- }
- ao2_link(nacl_list, nacl);
- ao2_ref(nacl, -1);
-
-
-}
-
-static int nacl_hash_fn(const void *obj, const int flags)
-{
- const struct nacl *entry = obj;
- return ast_str_hash(entry->name);
-}
-
-static int nacl_cmp_fn(void *obj, void *arg, const int flags)
-{
- struct nacl *entry1 = obj;
- struct nacl *entry2 = arg;
-
- return (!strcmp(entry1->name, entry2->name)) ? (CMP_MATCH | CMP_STOP) : 0;
-}
-
-static void nacl_list_scrub(void)
+ ast_cli(fd, "\n%s\n--------------------------------------------------\n", name);
+ for (ha = named_acl->ha; ha; ha = ha->next) {
+ char *output = ast_sockaddr_stringify(&ha->addr);
+ ast_cli(fd, "%s - %s\n", ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", output);
+ }
+
+ ao2_ref(named_acl, -1);
+}
+
+static void cli_display_named_acl_list(int fd)
{
struct ao2_iterator i;
void *o;
-
- i = ao2_iterator_init(nacl_list, 0);
+ /*! \note This is to grab a reference to a snapshot of the configuration data */
+ RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
+
+ i = ao2_iterator_init(cfg->named_acl_list, 0);
+
+ ast_cli(fd, "\nnamed_acl\n----\n");
while ((o = ao2_iterator_next(&i))) {
- ao2_unlink(nacl_list, o);
+ struct named_acl *named_acl = o;
+
+ ast_cli(fd, "%s\n", named_acl->name);
+
ao2_ref(o, -1);
}
ao2_iterator_destroy(&i);
}
-static int load_nacl_config(int reload)
-{
- static char *cat = NULL;
- struct ast_config *cfg = NULL;
- struct ast_variable *var = NULL;
- struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 };
-
- if ((cfg = ast_config_load(NACL_CONFIG, config_flags)) == CONFIG_STATUS_FILEUNCHANGED) {
- return -1;
- }
-
- if (cfg == CONFIG_STATUS_FILEMISSING || cfg == CONFIG_STATUS_FILEINVALID) {
- ast_log(LOG_WARNING, "No such configuration file %s\n", NACL_CONFIG);
- return 0;
- }
-
- /* We need to lock the list since we'll be wiping it and repopulating it. */
- ao2_lock(nacl_list);
-
- /* If reloading, clean the list. Otherwise, we need to create the list. */
- if (reload) {
- /* scrub the nacl entries */
- nacl_list_scrub();
- } else {
- nacl_list = ao2_container_alloc(37, nacl_hash_fn, nacl_cmp_fn);
- }
-
-
- cat = ast_category_browse(cfg, NULL);
- while (cat) {
- if (strcasecmp(cat, "general")) {
- var = ast_variable_browse(cfg, cat);
- add_nacl_from_config(cat, var);
- }
- cat = ast_category_browse(cfg, cat);
- }
-
- /* It's safe to unlock the list now. */
- ao2_unlock(nacl_list);
-
- ast_config_destroy(cfg);
- return 1;
-}
-
-struct ast_ha *ast_append_nacl(struct ast_ha *ha, const char *name)
-{
- struct nacl tmp;
- struct nacl *nacl;
-
- ast_copy_string(tmp.name, name, sizeof(tmp.name));
-
- nacl = ao2_find(nacl_list, &tmp, OBJ_POINTER);
-
- if (!nacl) {
- ast_log(LOG_ERROR, "nacl '%s' does not exist. Could not apply nacl.\n", name);
- return ha;
- }
-
- /* Apply Staples! */
- ha = ast_duplicate_and_append_ha(ha, nacl->ha);
-
- ao2_ref(nacl, -1);
-
- return ha;
-}
-
-static void reload_nacl(int fd)
-{
- ast_cli(fd, "Reloading nacl configuration...\n");
- if (load_nacl_config(1) == 1) {
- ast_cli(fd, "Any modules using statically defined ACLs which were using existing nacls will need to be reloaded for changes to take effect.\n");
- }
-}
-
-static void cli_display_nacl(int fd, const char *name)
-{
- struct nacl tmp;
- struct nacl *nacl;
- struct ast_ha *ha;
-
- ast_copy_string(tmp.name, name, sizeof(tmp.name));
-
- nacl = ao2_find(nacl_list, &tmp, OBJ_POINTER);
-
- if (!nacl) {
- /* nacl not found message */
- ast_cli(fd, "\nCould not find acl named '%s'\n", name);
- return;
- }
-
- ast_cli(fd, "\n%s\n--------------------------------------------------\n", name);
- for (ha = nacl->ha; ha; ha = ha->next) {
- char *output = ast_sockaddr_stringify(&ha->addr);
- ast_cli(fd, "%s - %s\n", ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", output);
- }
-
- ao2_ref(nacl, -1);
-}
-
-static void cli_display_nacl_list(int fd)
-{
- struct ao2_iterator i;
- void *o;
-
- i = ao2_iterator_init(nacl_list, 0);
-
- ast_cli(fd, "\nnacl\n----\n");
-
- while ((o = ao2_iterator_next(&i))) {
- struct nacl *nacl = o;
-
- ast_cli(fd, "%s\n", nacl->name);
-
- ao2_ref(o, -1);
- }
-
- ao2_iterator_destroy(&i);
-}
-
-static char *handle_nacl_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
+static char *handle_acl_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
{
switch (cmd) {
case CLI_INIT:
- e->command = "nacl reload";
+ e->command = "acl reload";
e->usage =
- "Usage: nacl reload\n"
- " Reloads the nacl configuration.\n";
+ "Usage: acl reload\n"
+ " Reloads the named_acl configuration.\n";
case CLI_GENERATE:
return NULL;
}
@@ -244,17 +248,17 @@
return CLI_SHOWUSAGE;
}
- reload_nacl(a->fd);
+ reload_named_acl(a->fd);
return CLI_SUCCESS;
}
-static char *handle_show_nacl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
+static char *handle_show_named_acl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
{
switch (cmd) {
case CLI_INIT:
- e->command = "nacl show";
+ e->command = "acl show";
e->usage =
- "Usage: nacl show <name>\n"
+ "Usage: acl show <name>\n"
" Shows a list of named ACLs or lists all entries in a given named ACL.\n";
return NULL;
case CLI_GENERATE:
@@ -262,12 +266,12 @@
}
if (a->argc == 2) {
- cli_display_nacl_list(a->fd);
+ cli_display_named_acl_list(a->fd);
return CLI_SUCCESS;
}
if (a->argc == 3) {
- cli_display_nacl(a->fd, a->argv[2]);
+ cli_display_named_acl(a->fd, a->argv[2]);
return CLI_SUCCESS;
}
@@ -275,14 +279,25 @@
return CLI_SHOWUSAGE;
}
-static struct ast_cli_entry cli_nacl[] = {
- AST_CLI_DEFINE(handle_nacl_reload, "Reload nacl configurations"),
- AST_CLI_DEFINE(handle_show_nacl_cmd, "Show a named ACL or list all named ACLs"),
-};
-
-int init_nacl()
-{
- load_nacl_config(0);
- ast_cli_register_multiple(cli_nacl, ARRAY_LEN(cli_nacl));
+static struct ast_cli_entry cli_named_acl[] = {
+ AST_CLI_DEFINE(handle_acl_reload, "Reload acl configurations"),
+ AST_CLI_DEFINE(handle_show_named_acl_cmd, "Show a named ACL or list all named ACLs"),
+};
+
+int init_named_acl()
+{
+ if (aco_info_init(&cfg_info)) {
+ return -1;
+ }
+
+ /*! \note Register the options. Not sure what the defaults should be. Change the NULLS for yourself */
+ aco_option_register(&cfg_info, "permit", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha), "permit");
+ aco_option_register(&cfg_info, "deny", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha), "deny");
+
+ if (aco_process_config(&cfg_info, 0)) {
+ return -1;
+ }
+
+ ast_cli_register_multiple(cli_named_acl, ARRAY_LEN(cli_named_acl));
return 0;
}
More information about the asterisk-commits
mailing list