[svn-commits] oej: branch oej/deluxepine-1.4 r237134 - in /team/oej/deluxepine-1.4: channel...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Fri Jan 1 10:27:07 CST 2010
Author: oej
Date: Fri Jan 1 10:27:04 2010
New Revision: 237134
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=237134
Log:
Applying NACL in chan_sip, fixing missing stuff while considering the implementation
Modified:
team/oej/deluxepine-1.4/channels/chan_sip.c
team/oej/deluxepine-1.4/include/asterisk/nacl.h
team/oej/deluxepine-1.4/main/nacl.c
Modified: team/oej/deluxepine-1.4/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/channels/chan_sip.c?view=diff&rev=237134&r1=237133&r2=237134
==============================================================================
--- team/oej/deluxepine-1.4/channels/chan_sip.c (original)
+++ team/oej/deluxepine-1.4/channels/chan_sip.c Fri Jan 1 10:27:04 2010
@@ -127,6 +127,7 @@
#include "asterisk/rtp.h"
#include "asterisk/udptl.h"
#include "asterisk/acl.h"
+#include "asterisk/nacl.h"
#include "asterisk/manager.h"
#include "asterisk/callerid.h"
#include "asterisk/cli.h"
@@ -1115,6 +1116,7 @@
int call_limit; /*!< Limit of concurrent calls */
enum transfermodes allowtransfer; /*! SIP Refer restriction scheme */
struct ast_ha *ha; /*!< ACL setting */
+ struct ast_nacl *nacl; /*!< NACL setting */
struct ast_variable *chanvars; /*!< Variables to set for channel created by user */
int maxcallbitrate; /*!< Maximum Bitrate for a video call */
int autoframing;
@@ -1177,6 +1179,7 @@
struct sockaddr_in defaddr; /*!< Default IP address, used until registration */
struct ast_ha *ha; /*!< Access control list */
+ struct ast_nacl *nacl; /*!< NACL setting */
struct ast_ha *contactha; /*!< Restrict what IPs are allowed in the Contact header (for registration) */
struct ast_variable *chanvars; /*!< Variables to set for channel created by user */
struct sip_pvt *mwipvt; /*!< Subscription for MWI */
@@ -2612,6 +2615,7 @@
register_peer_exten(peer, FALSE);
ast_free_ha(peer->ha);
+ ast_nacl_detach(peer->nacl);
if (ast_test_flag(&peer->flags[1], SIP_PAGE2_SELFDESTRUCT))
apeerobjs--;
else if (ast_test_flag(&peer->flags[0], SIP_REALTIME))
@@ -2818,6 +2822,7 @@
if (option_debug > 2)
ast_log(LOG_DEBUG, "Destroying user object from memory: %s\n", user->name);
ast_free_ha(user->ha);
+ ast_nacl_detach(user->nacl);
if (user->chanvars) {
ast_variables_destroy(user->chanvars);
user->chanvars = NULL;
@@ -9356,7 +9361,7 @@
ast_string_field_set(p, exten, name);
build_contact(p);
peer = find_peer(name, NULL, 1, 0);
- if (!(peer && ast_apply_ha(peer->ha, sin))) {
+ if (!(peer && ast_apply_ha(peer->ha, sin) && (peer->nacl ? ast_apply_ha(peer->nacl->acl, sin) : TRUE))) {
/* Peer fails ACL check */
if (peer) {
ASTOBJ_UNREF(peer, sip_destroy_peer);
@@ -10271,6 +10276,12 @@
*/
peer = find_peer(NULL, &p->recv, 1, 0);
+ if (!(peer && ast_apply_ha(peer->ha, sin) && (peer->nacl ? ast_apply_ha(peer->nacl->acl, sin) : TRUE))) {
+ /* Peer fails ACL checks */
+ ASTOBJ_UNREF(peer, sip_destroy_peer);
+ return AUTH_ACL_FAILED;
+ }
+
if (peer) {
/* Set Frame packetization */
if (p->rtp) {
@@ -10744,7 +10755,7 @@
iterator->addr.sin_addr.s_addr ? ast_inet_ntoa(iterator->addr.sin_addr) : "(Unspecified)",
ast_test_flag(&iterator->flags[1], SIP_PAGE2_DYNAMIC) ? " D " : " ", /* Dynamic or not? */
ast_test_flag(&iterator->flags[0], SIP_NAT_ROUTE) ? " N " : " ", /* NAT=yes? */
- iterator->ha ? " A " : " ", /* permit/deny */
+ iterator->ha ? (iterator->nacl ? " AN" : " A ") : iterator->nacl ? " N" : " ",
ntohs(iterator->addr.sin_port), status,
realtimepeers ? (ast_test_flag(&iterator->flags[0], SIP_REALTIME) ? "Cached RT":"") : "");
@@ -10753,7 +10764,7 @@
iterator->addr.sin_addr.s_addr ? ast_inet_ntoa(iterator->addr.sin_addr) : "(Unspecified)",
ast_test_flag(&iterator->flags[1], SIP_PAGE2_DYNAMIC) ? " D " : " ", /* Dynamic or not? */
ast_test_flag(&iterator->flags[0], SIP_NAT_ROUTE) ? " N " : " ", /* NAT=yes? */
- iterator->ha ? " A " : " ", /* permit/deny */
+ iterator->ha ? (iterator->nacl ? " AN" : " A ") : iterator->nacl ? " N" : " ",
ntohs(iterator->addr.sin_port), status,
realtimepeers ? (ast_test_flag(&iterator->flags[0], SIP_REALTIME) ? "Cached RT":"") : "");
@@ -10770,6 +10781,7 @@
"Natsupport: %s\r\n"
"VideoSupport: %s\r\n"
"ACL: %s\r\n"
+ "NACL: %s\r\n"
"Status: %s\r\n"
"RealtimeDevice: %s\r\n\r\n",
idtext,
@@ -10780,6 +10792,7 @@
ast_test_flag(&iterator->flags[0], SIP_NAT_ROUTE) ? "yes" : "no", /* NAT=yes? */
ast_test_flag(&iterator->flags[1], SIP_PAGE2_VIDEOSUPPORT) ? "yes" : "no", /* VIDEOSUPPORT=yes? */
iterator->ha ? "yes" : "no", /* permit/deny */
+ iterator->nacl ? iterator->nacl->name : "-none-",
status,
realtimepeers ? (ast_test_flag(&iterator->flags[0], SIP_REALTIME) ? "yes":"no") : "no");
}
@@ -11189,6 +11202,7 @@
ast_cli(fd, " Insecure : %s\n", insecure2str(ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT), ast_test_flag(&peer->flags[0], SIP_INSECURE_INVITE)));
ast_cli(fd, " Nat : %s\n", nat2str(ast_test_flag(&peer->flags[0], SIP_NAT)));
ast_cli(fd, " ACL : %s\n", (peer->ha?"Yes":"No"));
+ ast_cli(fd, " NACL : %s\n", (peer->nacl == NULL?"<none>" : peer->nacl->name));
ast_cli(fd, " T38 pt UDPTL : %s\n", ast_test_flag(&peer->flags[1], SIP_PAGE2_T38SUPPORT_UDPTL)?"Yes":"No");
#ifdef WHEN_WE_HAVE_T38_FOR_OTHER_TRANSPORTS
ast_cli(fd, " T38 pt RTP : %s\n", ast_test_flag(&peer->flags[1], SIP_PAGE2_T38SUPPORT_RTP)?"Yes":"No");
@@ -11278,6 +11292,7 @@
astman_append(s, "SIP-AuthInsecure: %s\r\n", insecure2str(ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT), ast_test_flag(&peer->flags[0], SIP_INSECURE_INVITE)));
astman_append(s, "SIP-NatSupport: %s\r\n", nat2str(ast_test_flag(&peer->flags[0], SIP_NAT)));
astman_append(s, "ACL: %s\r\n", (peer->ha?"Y":"N"));
+ astman_append(s, "NACL: %s\r\n", (peer->nacl == NULL?"" : peer->nacl->name));
astman_append(s, "SIP-CanReinvite: %s\r\n", (ast_test_flag(&peer->flags[0], SIP_CAN_REINVITE)?"Y":"N"));
astman_append(s, "SIP-PromiscRedir: %s\r\n", (ast_test_flag(&peer->flags[0], SIP_PROMISCREDIR)?"Y":"N"));
astman_append(s, "SIP-UserPhone: %s\r\n", (ast_test_flag(&peer->flags[0], SIP_USEREQPHONE)?"Y":"N"));
@@ -11364,6 +11379,7 @@
print_group(fd, user->pickupgroup, 0);
ast_cli(fd, " Callerid : %s\n", ast_callerid_merge(cbuf, sizeof(cbuf), user->cid_name, user->cid_num, "<unspecified>"));
ast_cli(fd, " ACL : %s\n", (user->ha?"Yes":"No"));
+ ast_cli(fd, " NACL : %s\n", (user->nacl ? user->nacl->name : ""));
ast_cli(fd, " Codec Order : (");
print_codec_to_cli(fd, &user->prefs);
ast_cli(fd, ")\n");
@@ -17716,6 +17732,7 @@
ASTOBJ_INIT(user);
ast_copy_string(user->name, name, sizeof(user->name));
oldha = user->ha;
+ ast_nacl_detach(user->nacl);
user->ha = NULL;
ast_copy_flags(&user->flags[0], &global_flags[0], SIP_FLAGS_TO_COPY);
ast_copy_flags(&user->flags[1], &global_flags[1], SIP_PAGE2_FLAGS_TO_COPY);
@@ -17747,6 +17764,8 @@
user->chanvars = tmpvar;
}
}
+ } else if (!strcasecmp(v->name, "nacl")) {
+ user->nacl = ast_nacl_attach(v->value);
} else if (!strcasecmp(v->name, "permit") ||
!strcasecmp(v->name, "deny")) {
user->ha = ast_append_ha(v->name, v->value, user->ha);
@@ -17943,6 +17962,7 @@
/* If we have realm authentication information, remove them (reload) */
clear_realm_authentication(peer->auth);
peer->auth = NULL;
+ ast_nacl_detach(peer->nacl);
for (; v || ((v = alt) && !(alt=NULL)); v = v->next) {
if (!devstate_only) {
@@ -18044,6 +18064,8 @@
ASTOBJ_UNREF(peer, sip_destroy_peer);
return NULL;
}
+ } else if (!strcasecmp(v->name, "nacl")) {
+ peer->nacl = ast_nacl_attach(v->value);
} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
peer->ha = ast_append_ha(v->name, v->value, peer->ha);
} else if (!strcasecmp(v->name, "contactpermit") || !strcasecmp(v->name, "contactdeny")) {
Modified: team/oej/deluxepine-1.4/include/asterisk/nacl.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/include/asterisk/nacl.h?view=diff&rev=237134&r1=237133&r2=237134
==============================================================================
--- team/oej/deluxepine-1.4/include/asterisk/nacl.h (original)
+++ team/oej/deluxepine-1.4/include/asterisk/nacl.h Fri Jan 1 10:27:04 2010
@@ -27,20 +27,29 @@
*/
/*! \brief Structure for named ACL */
-struct named_acl;
+/*! \brief Structure for named ACL */
+struct ast_nacl {
+ char name[MAXHOSTNAMELEN]; /*!< Name of this ACL */
+ struct ast_ha *acl; /*!< The actual ACL */
+ int rules; /*!< Number of ACL rules */
+ int delete; /*!< Mark this object for deletion */
+ int manipulated; /*!< Manipulated by CLI or manager */
+ char owner[20]; /*!< Owner (module) */
+ char desc[80]; /*!< Description */
+};
/*! \brief Add named ACL to list (done from configuration file or module) */
-struct named_acl *ast_nacl_add(const char *name, const char *owner);
+struct ast_nacl *ast_nacl_add(const char *name, const char *owner);
/*! \brief Find a named ACL
if deleted is true, we will find deleted items too
if owner is NULL, we'll find all otherwise owner is used for selection too
*/
-struct named_acl *ast_nacl_find_all(const char *name, const int deleted, const char *owner);
+struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner);
/*! \brief Find a named ACL (that is not marked with the delete flag)
*/
-struct named_acl *ast_nacl_find(const char *name);
+struct ast_nacl *ast_nacl_find(const char *name);
/*! \brief Mark all the owned NACLs
*/
@@ -50,12 +59,12 @@
This is to avoid Named ACLs to disappear from runtime. Even if they are deleted from the
configuration, they will still be around thanks to ASTOBJs
*/
-struct named_acl *ast_nacl_attach(const char *name);
+struct ast_nacl *ast_nacl_attach(const char *name);
/*! \brief Detach from a named ACL.
If it's marked for deletion and refcount is zero, then it's deleted
*/
-void ast_nacl_detach(struct named_acl *nacl);
+void ast_nacl_detach(struct ast_nacl *nacl);
/*! \brief Initialize NACL subsystem */
int ast_nacl_load(void);
Modified: team/oej/deluxepine-1.4/main/nacl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/main/nacl.c?view=diff&rev=237134&r1=237133&r2=237134
==============================================================================
--- team/oej/deluxepine-1.4/main/nacl.c (original)
+++ team/oej/deluxepine-1.4/main/nacl.c Fri Jan 1 10:27:04 2010
@@ -55,16 +55,6 @@
#define NACL_LOAD 1
#define NACL_RELOAD 2
-/*! \brief Structure for named ACL */
-struct named_acl {
- char name[MAXHOSTNAMELEN]; /*!< Name of this ACL */
- struct ast_ha *acl; /*!< The actual ACL */
- int rules; /*!< Number of ACL rules */
- int delete; /*!< Mark this object for deletion */
- int manipulated; /*!< Manipulated by CLI or manager */
- char owner[20]; /*!< Owner (module) */
- char desc[80]; /*!< Description */
-};
enum nacl_ops {
NACL_ADD,
@@ -140,7 +130,7 @@
*/
static void nacl_destroy(void *obj)
{
- struct named_acl *nacl = obj;
+ struct ast_nacl *nacl = obj;
if (option_debug > 2)
ast_log(LOG_DEBUG, "--- Destruction of NACL %s is NOW. Please have a safe distance.\n", nacl->name);
if (nacl->acl)
@@ -152,16 +142,16 @@
Internal ACLs, created by Asterisk modules, should use a name that
begins with "ast_". These are prevented from configuration in nacl.conf
*/
-struct named_acl *ast_nacl_add(const char *name, const char *owner)
-{
- struct named_acl *nacl;
+struct ast_nacl *ast_nacl_add(const char *name, const char *owner)
+{
+ struct ast_nacl *nacl;
if (ast_strlen_zero(name)) {
ast_log(LOG_WARNING, "Zero length name.\n");
return NULL;
}
- nacl = ao2_alloc(sizeof(struct named_acl), nacl_destroy);
+ nacl = ao2_alloc(sizeof(struct ast_nacl), nacl_destroy);
ast_copy_string(nacl->name, name, sizeof(nacl->name));
ast_copy_string(nacl->owner, owner, sizeof(nacl->owner));
@@ -189,7 +179,7 @@
/*! \brief ao2 function to create unique hash of object */
static int nacl_hash_fn(const void *obj, const int flags)
{
- const struct named_acl *nacl = obj;
+ const struct ast_nacl *nacl = obj;
int ret = 0, i;
for (i = 0; i < strlen(nacl->name) && nacl->name[i]; i++)
@@ -200,7 +190,7 @@
/*! \brief ao2 function to compare objects */
static int nacl_cmp_fn(void *obj1, void *obj2, int flags)
{
- struct named_acl *nacl1 = obj1, *nacl2 = obj2;
+ struct ast_nacl *nacl1 = obj1, *nacl2 = obj2;
return strcmp(nacl1->name, nacl2->name) ? 0 : CMP_MATCH | CMP_STOP;
}
@@ -210,11 +200,11 @@
if owner is NULL, we'll find all otherwise owner is used for selection too
We raise the refcount on the result, which the calling function need to deref.
*/
-struct named_acl *ast_nacl_find_all(const char *name, const int deleted, const char *owner)
-{
- struct named_acl *found = NULL;
+struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner)
+{
+ struct ast_nacl *found = NULL;
struct ao2_iterator i;
- struct named_acl *nacl = NULL;
+ struct ast_nacl *nacl = NULL;
i = ao2_iterator_init(nacl_list, 0);
@@ -246,7 +236,7 @@
/*! \brief Find a named ACL
*/
-struct named_acl *ast_nacl_find(const char *name)
+struct ast_nacl *ast_nacl_find(const char *name)
{
return ast_nacl_find_all(name, 0, NULL);
}
@@ -258,7 +248,7 @@
{
int pruned = 0;
struct ao2_iterator i;
- struct named_acl *nacl = NULL;
+ struct ast_nacl *nacl = NULL;
i = ao2_iterator_init(nacl_list, 0);
@@ -282,9 +272,13 @@
\note Deleted NACLs won't be found any more with this function, to avoid adding to the use
of these ACLs
*/
-struct named_acl *ast_nacl_attach(const char *name)
-{
- struct named_acl *nacl = ast_nacl_find(name);
+struct ast_nacl *ast_nacl_attach(const char *name)
+{
+ struct ast_nacl *nacl;
+ if (!name) {
+ return NULL;
+ }
+ nacl = ast_nacl_find(name);
if (!nacl) {
return NULL;
}
@@ -294,7 +288,7 @@
/*! \brief Detach from a named ACL.
If it's marked for deletion and refcount is zero, then it's deleted
*/
-void ast_nacl_detach(struct named_acl *nacl)
+void ast_nacl_detach(struct ast_nacl *nacl)
{
if (!nacl) {
return; /* What's up, doc? */
@@ -307,7 +301,7 @@
{
int pruned = 0;
struct ao2_iterator i;
- struct named_acl *nacl = NULL;
+ struct ast_nacl *nacl = NULL;
i = ao2_iterator_init(nacl_list, 0);
@@ -420,7 +414,7 @@
#define FORMAT2 "%-40.40s %-20.20s %-5.5s %-5.5s %7s\n"
struct ao2_iterator i;
- struct named_acl *nacl;
+ struct ast_nacl *nacl;
i = ao2_iterator_init(nacl_list, 0);
@@ -444,7 +438,7 @@
/*! \brief Update NACL (or create it if it doesn't exist) */
static int nacl_update(int fd, const char *command, const char *name, int rule, char *operation, const char *target, const char *owner)
{
- struct named_acl *nacl;
+ struct ast_nacl *nacl;
struct ast_ha *newha = NULL;
int insert = !strcasecmp(command, "add");
@@ -581,7 +575,7 @@
const char *id = astman_get_header(m,"ActionID");
enum nacl_ops n_op;
enum rule_ops r_op = HA_UNKNOWN;
- struct named_acl *nacl;
+ struct ast_nacl *nacl;
struct ast_ha *newha = NULL;
char idText[256] = "";
@@ -664,7 +658,7 @@
struct ast_config *cfg;
struct ast_variable *v;
char *cat = NULL;
- struct named_acl *nacl = NULL;
+ struct ast_nacl *nacl = NULL;
int marked = 0;
More information about the svn-commits
mailing list