[svn-commits] oej: branch oej/deluxepine-1.4 r274578 - in /team/oej/deluxepine-1.4: ./ chan...
SVN commits to the Digium repositories
svn-commits at lists.digium.com
Wed Jul 7 13:01:36 CDT 2010
Author: oej
Date: Wed Jul 7 13:01:31 2010
New Revision: 274578
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=274578
Log:
Various log file and documentation changes, plus some bug fixes... :-)
Modified:
team/oej/deluxepine-1.4/README.nacl
team/oej/deluxepine-1.4/channels/chan_sip.c
team/oej/deluxepine-1.4/configs/sip.conf.sample
team/oej/deluxepine-1.4/include/asterisk/nacl.h
team/oej/deluxepine-1.4/main/acl.c
team/oej/deluxepine-1.4/main/nacl.c
Modified: team/oej/deluxepine-1.4/README.nacl
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/README.nacl?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/README.nacl (original)
+++ team/oej/deluxepine-1.4/README.nacl Wed Jul 7 13:01:31 2010
@@ -23,3 +23,43 @@
if needed. This can have be done for matching of devices or implementing
dynamic blacklists.
+Core implemenation
+------------------
+Check configs/nacl.conf.sample for details
+
+; Example
+[officelan] ; This is the name of this ACL
+deny=all
+permit=192.168.0.0/24 ; CIDR notation
+permit=192.168.1.125/255.255.255.255 ; Subnetmask
+
+
+SIP implementation
+------------------
+In the SIP channel, you can configure a named ACL for each device. Using configuration
+templates make it simple. There are multiple benefits:
+
+- The NACL is only stored once. Permit/deny configurations in sip.conf is stored once
+ per device
+- The NACL can be manipulated during runtime with manager and CLI commands
+
+Syntax for the [general] section as well as per device:
+
+nacl=<name>
+
+The name is a NACL that is defined in nacl.conf or created dynamically.
+
+example:
+
+[officephones](!)
+type=friend
+nacl=officelan
+contactnacl=officelan
+
+[lisa12:12:23:23:af](officephones)
+secret=superhemligt
+
+
+TODO List
+---------
+- Add automatic expiry for blacklists, set time in nacl.conf
Modified: team/oej/deluxepine-1.4/channels/chan_sip.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/channels/chan_sip.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/channels/chan_sip.c (original)
+++ team/oej/deluxepine-1.4/channels/chan_sip.c Wed Jul 7 13:01:31 2010
@@ -17799,6 +17799,9 @@
}
} else if (!strcasecmp(v->name, "nacl")) {
user->nacl = ast_nacl_attach(v->value);
+ if (!user->nacl) {
+ ast_log(LOG_WARNING, "Lineno: %d: NACL %s not found for user %s\n", v->lineno, v->value, name);
+ }
} else if (!strcasecmp(v->name, "permit") ||
!strcasecmp(v->name, "deny")) {
user->ha = ast_append_ha(v->name, v->value, user->ha);
@@ -18099,6 +18102,9 @@
}
} else if (!strcasecmp(v->name, "nacl")) {
peer->nacl = ast_nacl_attach(v->value);
+ if (!user->nacl) {
+ ast_log(LOG_WARNING, "Lineno: %d: NACL %s not found for peer %s\n", v->lineno, v->value, name);
+ }
} else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) {
if (!ast_strlen_zero(v->value)) {
peer->ha = ast_append_ha(v->name, v->value, peer->ha);
@@ -18447,7 +18453,7 @@
} else if (!strcasecmp(v->name, "nacl")) {
global_nacl = ast_nacl_attach(v->value);
if (!global_nacl) {
- ast_log(LOG_WARNING, "'%s' is not a valid NACL name - line %d.\n", v->value, v->lineno);
+ ast_log(LOG_WARNING, "Line %d: '%s' is not a valid NACL name.\n", v->value, v->lineno);
}
} else if (!strcasecmp(v->name, "allowguest")) {
global_allowguest = ast_true(v->value) ? 1 : 0;
Modified: team/oej/deluxepine-1.4/configs/sip.conf.sample
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/configs/sip.conf.sample?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/configs/sip.conf.sample (original)
+++ team/oej/deluxepine-1.4/configs/sip.conf.sample Wed Jul 7 13:01:31 2010
@@ -517,6 +517,7 @@
; callingpres callingpres
; permit permit
; deny deny
+; nacl nacl
; secret secret
; md5secret md5secret
; dtmfmode dtmfmode
@@ -632,6 +633,7 @@
;allow=g729 ; Pass-thru only unless g729 license obtained
;callingpres=allowed_passed_screen ; Set caller ID presentation
; See doc/callingpres.txt for more information
+;nacl=goldpeers ; Set a Named ACL for this peer. Works for users too.
;[xlite1]
Modified: team/oej/deluxepine-1.4/include/asterisk/nacl.h
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/include/asterisk/nacl.h?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/include/asterisk/nacl.h (original)
+++ team/oej/deluxepine-1.4/include/asterisk/nacl.h Wed Jul 7 13:01:31 2010
@@ -44,6 +44,7 @@
/*! \brief Find a named ACL
if deleted is true, we will find deleted items too
if owner is NULL, we'll find all otherwise owner is used for selection too
+ \return NULL if NACL is not found
*/
struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner);
@@ -58,6 +59,7 @@
/*! \brief Attach to a named ACL. You need to detach later
This is to avoid Named ACLs to disappear from runtime. Even if they are deleted from the
configuration, they will still be around thanks to ASTOBJs
+ \return NULL if NACL is not found
*/
struct ast_nacl *ast_nacl_attach(const char *name);
@@ -67,7 +69,7 @@
void ast_nacl_detach(struct ast_nacl *nacl);
/*! \brief Add new IP address to ruleset */
-int ast_nacl_add_ip(struct ast_nacl *nacl, struct sockaddr_in *ip, int permit)
+int ast_nacl_add_ip(struct ast_nacl *nacl, struct sockaddr_in *ip, int permit);
/*! \brief Initialize NACL subsystem */
int ast_nacl_load(void);
Modified: team/oej/deluxepine-1.4/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/main/acl.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/main/acl.c (original)
+++ team/oej/deluxepine-1.4/main/acl.c Wed Jul 7 13:01:31 2010
@@ -265,7 +265,7 @@
{
struct ast_ha *new_ha;
- if ((new_ha = ast_calloc(sizeof(*new_ha)))) {
+ if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
/* Copy from original to new object */
ast_copy_ha(original, new_ha);
}
@@ -310,7 +310,7 @@
prev = path;
path = path->next;
}
- if ((ha = ast_calloc(sizeof(*ha)))) {
+ if ((ha = ast_calloc(1, sizeof(*ha)))) {
ast_copy_string(tmp, stuff, sizeof(tmp));
nm = strchr(tmp, '/');
if (!nm) {
Modified: team/oej/deluxepine-1.4/main/nacl.c
URL: http://svnview.digium.com/svn/asterisk/team/oej/deluxepine-1.4/main/nacl.c?view=diff&rev=274578&r1=274577&r2=274578
==============================================================================
--- team/oej/deluxepine-1.4/main/nacl.c (original)
+++ team/oej/deluxepine-1.4/main/nacl.c Wed Jul 7 13:01:31 2010
@@ -199,6 +199,7 @@
if deleted is true, we will find deleted items too
if owner is NULL, we'll find all otherwise owner is used for selection too
We raise the refcount on the result, which the calling function need to deref.
+ \return NULL if the NACL is not found
*/
struct ast_nacl *ast_nacl_find_all(const char *name, const int deleted, const char *owner)
{
@@ -241,7 +242,7 @@
return ast_nacl_find_all(name, 0, NULL);
}
-/*! \brief MarkClear all named ACLs owned by us
+/*! \brief Mark all named ACLs owned by us
Mark the others as deletion ready.
*/
int ast_nacl_mark_all_owned(const char *owner)
@@ -444,9 +445,9 @@
return FALSE;
}
ao2_ref(nacl,1);
- ast_copy_string(ipbuf, ast_inet_ntoa(ip->sin_addr.s_addr), 128);
+ ast_copy_string(ipbuf, ast_inet_ntoa(ip->sin_addr), 128);
/* In trunk, we need to create a function that uses IP directly */
- nacl->ha = ast_append_ha(permit ? "permit" : "deny", ipbuf, nacl->ha);
+ nacl->acl = ast_append_ha(permit ? "permit" : "deny", ipbuf, nacl->acl);
nacl->rules++;
ao2_ref(nacl,-1);
return TRUE;
More information about the svn-commits
mailing list