[asterisk-dev] Named ACLs
Olle E. Johansson
oej at edvina.net
Wed Jun 13 09:46:39 CDT 2012
Friends,
One slide I've had as part of EVERY asterisk training one that says that Copyright is important. Regardless of the license, you still have to respect copyright.
You can not just guess where the copyright is, you will have to check. If Jrose or Kpfleming had actually checked my code, you would fine that the copyright for nacl.c is not what you guessed.
http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-trunk/main/nacl.c?view=markup
In response to the review:
I think you've totally missed why John Todd and I came up with the ideas around Named ACLs. They have to be MANAGEABLE. That's why you will find a lot of work with trying to find out a way to manage NACLs in AMI and the CLI in my code. I would suggest that you take a look at this part too.
The attached README states this clearly:
http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-trunk/README.nacl?revision=242040
And please don't say that it's hard to find - a google search on "Asterisk NACL" finds my blog entry and the deluxepine branch...
Greetings from Barcelona!
/O
Named ACLs - why?
-----------------
This branch includes an implementation of named ACLs. ACL is an acronym for
"Access Control Lists" and is something that we have implemented in Asterisk
for IP-based filtering of SIP messages, manager access and in various channel
drivers.
The current ACLs are implemented either module-wide or per device. With a named
ACL we have one ACL in memory that can be referred to from other modules.
These modules doesn't copy the ACL, just point to it. When it changes, it's
automatically applied to all objects that use it.
The implementation has a PBX-wide list of ACLs that can be used from all
modules that implement NACLs. Each NACL can be changed from the AMI, manager
interface, and the CLI. Modules can also automatically change a Named ACL
if needed. This can have be done for matching of devices or implementing
dynamic blacklists.
Also read:
http://www.voip-forum.com/asterisk/2010-01/manageable-access-control-lists-asterisk-nacls/
More information about the asterisk-dev
mailing list