[asterisk-dev] [Code Review] named_acls: Named ACLs - a system for creating and applying ACLs with named profiles which can be shared

Mark Michelson reviewboard at asterisk.org
Fri Jul 6 11:31:30 CDT 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/1978/#review6622
-----------------------------------------------------------


You've fixed the problems that I found. The only notes I have below are small implementation suggestions and questions.

I'm not giving this a Ship it! because this is still a work in progress, but what you have right now looks good.


/trunk/include/asterisk/acl.h
<https://reviewboard.asterisk.org/r/1978/#comment12579>

    It's certainly not required for you to change this, but this looks a touch awkward to me, given that I know what the AST_LIST_HEAD() macro expands to.
    
    This could be written as
    
    AST_LIST_HEAD(ast_acl_list, ast_acl);
    
    instead.
    
    This would mean that if you have an ast_acl_list *foo, then you could write list operations like:
    
    ast_acl *current;
    AST_LIST_TRAVERSE(foo, current, list){
    }
    
    instead of
    
    ast_acl *current;
    AST_LIST_TRAVERSE(&foo->list, current, list) {
    }



/trunk/include/asterisk/acl.h
<https://reviewboard.asterisk.org/r/1978/#comment12580>

    These two functions aren't used anywhere yet. Are these eventually intended to replace the current behavior of manager and chan_sip of performing an entire reload when named ACLs change?



/trunk/main/config.c
<https://reviewboard.asterisk.org/r/1978/#comment12581>

    Separate this into two lines and add curly braces.


- Mark


On July 5, 2012, 4:31 p.m., jrose wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/1978/
> -----------------------------------------------------------
> 
> (Updated July 5, 2012, 4:31 p.m.)
> 
> 
> Review request for Asterisk Developers, Mark Michelson, Terry Wilson, and Olle E Johansson.
> 
> 
> Summary
> -------
> 
> This feature is based on oej's deluxepine (or something like that) branch with a similarly named feature.  ACLs are defined in acl.conf and can be used by pretty much anything that has ACL options permit/deny (acl='aclname').  acl= works similarly to permit= and deny= in that it simply appends to the working ACL, so they can be combined with other uses of permit/deny/acl.
> 
> Also in use in this patch are twilson's new config options.
> 
> Since named acls are duplicated when used in another configuration, configurations that use named acls need to be updated if acl.conf is reloaded. This is accomplished with a new event type and the consumption of that event is demonstrated currently only in manager.conf
> If this seems like a proper approach to this problem, that will be replicated across other consumers of named acls.
> 
> NOTE: This code is very much WIP and not intended for merging.
> 
> 
> Diffs
> -----
> 
>   /trunk/CHANGES 369406 
>   /trunk/channels/chan_sip.c 369406 
>   /trunk/main/acl.c 369406 
>   /trunk/include/asterisk/event_defs.h 369406 
>   /trunk/include/asterisk/config.h 369406 
>   /trunk/include/asterisk/channel.h 369406 
>   /trunk/channels/sip/include/sip.h 369406 
>   /trunk/configs/acl.conf.sample PRE-CREATION 
>   /trunk/configs/extconfig.conf.sample 369406 
>   /trunk/configs/manager.conf.sample 369406 
>   /trunk/include/asterisk/acl.h 369406 
>   /trunk/main/asterisk.c 369406 
>   /trunk/main/config.c 369406 
>   /trunk/main/loader.c 369406 
>   /trunk/main/manager.c 369406 
>   /trunk/main/named_acl.c PRE-CREATION 
> 
> Diff: https://reviewboard.asterisk.org/r/1978/diff
> 
> 
> Testing
> -------
> 
> Various tests for configuring and using named acls were performed, and a task for writing comprehensive testsuite tests is in the queue.  Additionally, various means of reloading the configuration have been performed, and so far they pan out aside from a bug with an unchanged acl.conf which is a generic problem against config options accidentally introduced a little while back.
> 
> 
> Thanks,
> 
> jrose
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120706/6c707ed9/attachment.htm>

More information about the asterisk-dev mailing list