[asterisk-commits] mmichelson: trunk r397193 - in /trunk: include/asterisk/ res/ res/res_pjsip/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Aug 20 16:02:00 CDT 2013 

Author: mmichelson
Date: Tue Aug 20 16:01:59 2013
New Revision: 397193

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=397193
Log:
Localize and rename ACL configuration.

This is more-or-less a reversion of previous ACL behavior so that
it is more self-contained. ACL sections are now only parsed if res_pjsip_acl.so
is loaded. Moreover, the configuration section is now "type=acl" instead of
"type=security".

The original reason for having ACLs configured in a "type=security" section
was to lump ACLs and other security-related items into the same section. The
problem is that ACLs really should be in their own sections and there are
no other security-related options implemented anyways.


Removed:
    trunk/res/res_pjsip/config_security.c
Modified:
    trunk/include/asterisk/res_pjsip.h
    trunk/res/res_pjsip/pjsip_configuration.c
    trunk/res/res_pjsip_acl.c

Modified: trunk/include/asterisk/res_pjsip.h
URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/res_pjsip.h?view=diff&rev=397193&r1=397192&r2=397193
==============================================================================
--- trunk/include/asterisk/res_pjsip.h (original)
+++ trunk/include/asterisk/res_pjsip.h Tue Aug 20 16:01:59 2013
@@ -665,17 +665,6 @@
     struct ast_sip_endpoint *(*identify_endpoint)(pjsip_rx_data *rdata);
 };
 
-#define SIP_SORCERY_SECURITY_TYPE "security"
-
-/*!
- * \brief SIP security details and configuration.
- */
-struct ast_sip_security {
-	SORCERY_OBJECT(details);
-	struct ast_acl_list *acl;
-	struct ast_acl_list *contact_acl;
-};
-
 /*!
  * \brief Register a SIP service in Asterisk.
  *
@@ -971,16 +960,6 @@
  * \retval 0 success
  */
 int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery);
-
-/*!
- * \brief Initialize security support on a sorcery instance
- *
- * \param sorcery The sorcery instance
- *
- * \retval -1 failure
- * \retval 0 success
- */
-int ast_sip_initialize_sorcery_security(struct ast_sorcery *sorcery);
 
 /*!
  * \brief Callback called when an outbound request with authentication credentials is to be sent in dialog

Modified: trunk/res/res_pjsip/pjsip_configuration.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip/pjsip_configuration.c?view=diff&rev=397193&r1=397192&r2=397193
==============================================================================
--- trunk/res/res_pjsip/pjsip_configuration.c (original)
+++ trunk/res/res_pjsip/pjsip_configuration.c Tue Aug 20 16:01:59 2013
@@ -740,13 +740,6 @@
 		return -1;
 	}
 
-	if (ast_sip_initialize_sorcery_security(sip_sorcery)) {
-		ast_log(LOG_ERROR, "Failed to register SIP security support\n");
-		ast_sorcery_unref(sip_sorcery);
-		sip_sorcery = NULL;
-		return -1;
-	}
-
 	if (ast_sip_initialize_sorcery_global(sip_sorcery)) {
 		ast_log(LOG_ERROR, "Failed to register SIP Global support\n");
 		ast_sorcery_unref(sip_sorcery);

Modified: trunk/res/res_pjsip_acl.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip_acl.c?view=diff&rev=397193&r1=397192&r2=397193
==============================================================================
--- trunk/res/res_pjsip_acl.c (original)
+++ trunk/res/res_pjsip_acl.c Tue Aug 20 16:01:59 2013
@@ -153,13 +153,24 @@
 	return forbidden;
 }
 
+#define SIP_SORCERY_ACL_TYPE "acl"
+
+/*!
+ * \brief SIP ACL details and configuration.
+ */
+struct ast_sip_acl {
+	SORCERY_OBJECT(details);
+	struct ast_acl_list *acl;
+	struct ast_acl_list *contact_acl;
+};
+
 static int check_acls(void *obj, void *arg, int flags)
 {
-	struct ast_sip_security *security = obj;
+	struct ast_sip_acl *sip_acl = obj;
 	pjsip_rx_data *rdata = arg;
 
-	if (apply_acl(rdata, security->acl) ||
-	    apply_contact_acl(rdata, security->contact_acl)) {
+	if (apply_acl(rdata, sip_acl->acl) ||
+	    apply_contact_acl(rdata, sip_acl->contact_acl)) {
 		return CMP_MATCH | CMP_STOP;
 	}
 	return 0;
@@ -168,9 +179,9 @@
 static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata)
 {
 	RAII_VAR(struct ao2_container *, acls, ast_sorcery_retrieve_by_fields(
-			 ast_sip_get_sorcery(), SIP_SORCERY_SECURITY_TYPE,
+			 ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
 			 AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL), ao2_cleanup);
-	RAII_VAR(struct ast_sip_security *, matched_acl, NULL, ao2_cleanup);
+	RAII_VAR(struct ast_sip_acl *, matched_acl, NULL, ao2_cleanup);
 
 	if (!acls) {
 		ast_log(LOG_ERROR, "Unable to retrieve ACL sorcery data\n");
@@ -185,6 +196,20 @@
 	}
 
 	return PJ_FALSE;
+}
+
+static int acl_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
+{
+	struct ast_sip_acl *sip_acl = obj;
+	int error = 0;
+	int ignore;
+	if (!strncmp(var->name, "contact", 7)) {
+		ast_append_acl(var->name + 7, var->value, &sip_acl->contact_acl, &error, &ignore);
+	} else {
+		ast_append_acl(var->name, var->value, &sip_acl->acl, &error, &ignore);
+	}
+
+	return error;
 }
 
 static pjsip_module acl_module = {
@@ -194,8 +219,42 @@
 	.on_rx_request = acl_on_rx_msg,
 };
 
+static void acl_destroy(void *obj)
+{
+	struct ast_sip_acl *sip_acl = obj;
+	sip_acl->acl = ast_free_acl_list(sip_acl->acl);
+	sip_acl->contact_acl = ast_free_acl_list(sip_acl->contact_acl);
+}
+
+static void *acl_alloc(const char *name)
+{
+	struct ast_sip_acl *sip_acl =
+		ast_sorcery_generic_alloc(sizeof(*sip_acl), acl_destroy);
+
+	return sip_acl;
+}
+
 static int load_module(void)
 {
+	ast_sorcery_apply_default(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
+				  "config", "pjsip.conf,criteria=type=acl");
+
+	if (ast_sorcery_object_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
+					acl_alloc, NULL, NULL)) {
+
+		ast_log(LOG_ERROR, "Failed to register SIP %s object with sorcery\n",
+			SIP_SORCERY_ACL_TYPE);
+		return AST_MODULE_LOAD_DECLINE;
+	}
+
+	ast_sorcery_object_field_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "type", "", OPT_NOOP_T, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "permit", "", acl_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "deny", "", acl_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "acl", "", acl_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0);
+	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactacl", "", acl_handler, NULL, 0, 0);
+
 	ast_sip_register_service(&acl_module);
 	return AST_MODULE_LOAD_SUCCESS;
 }

More information about the asterisk-commits mailing list