#include "asterisk.h"
#include "asterisk/network.h"
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/channel.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"
Go to the source code of this file.
Data Structures | |
struct | dscp_codepoint |
Functions | |
ast_ha * | ast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error) |
Append ACL entry to host access list. | |
int | ast_apply_ha (struct ast_ha *ha, struct sockaddr_in *sin) |
Check IP address with host access list. | |
static void | ast_copy_ha (struct ast_ha *from, struct ast_ha *to) |
static struct ast_ha * | ast_duplicate_ha (struct ast_ha *original) |
ast_ha * | ast_duplicate_ha_list (struct ast_ha *original) |
Copy host access list. | |
int | ast_find_ourip (struct in_addr *ourip, struct sockaddr_in bindaddr) |
void | ast_free_ha (struct ast_ha *ha) |
Free host access list. | |
int | ast_get_ip (struct sockaddr_in *sin, const char *value) |
int | ast_get_ip_or_srv (struct sockaddr_in *sin, const char *value, const char *service) |
int | ast_ouraddrfor (struct in_addr *them, struct in_addr *us) |
int | ast_str2cos (const char *value, unsigned int *cos) |
int | ast_str2tos (const char *value, unsigned int *tos) |
const char * | ast_tos2str (unsigned int tos) |
static int | get_local_address (struct in_addr *ourip) |
static void | score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score) |
Variables | |
static struct dscp_codepoint | dscp_pool1 [] |
Definition in file acl.c.
struct ast_ha* ast_append_ha | ( | const char * | sense, | |
const char * | stuff, | |||
struct ast_ha * | path, | |||
int * | error | |||
) |
Append ACL entry to host access list.
Definition at line 265 of file acl.c.
References ast_debug, ast_free, ast_inet_ntoa(), ast_log(), ast_malloc, AST_SENSE_ALLOW, AST_SENSE_DENY, ast_strdupa, inet_aton(), LOG_WARNING, ast_ha::netaddr, and ast_ha::next.
Referenced by build_device(), build_gateway(), build_peer(), and build_user().
00266 { 00267 struct ast_ha *ha; 00268 char *nm; 00269 struct ast_ha *prev = NULL; 00270 struct ast_ha *ret; 00271 int x; 00272 char *tmp = ast_strdupa(stuff); 00273 00274 ret = path; 00275 while (path) { 00276 prev = path; 00277 path = path->next; 00278 } 00279 00280 ha = ast_malloc(sizeof(*ha)); 00281 if (!ha) 00282 return ret; 00283 00284 nm = strchr(tmp, '/'); 00285 if (!nm) { 00286 /* assume /32. Yes, htonl does not do anything for this particular mask 00287 but we better use it to show we remember about byte order */ 00288 ha->netmask.s_addr = htonl(0xFFFFFFFF); 00289 } else { 00290 *nm = '\0'; 00291 nm++; 00292 00293 if (!strchr(nm, '.')) { 00294 if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) 00295 ha->netmask.s_addr = htonl(0xFFFFFFFF << (32 - x)); 00296 else { 00297 ast_log(LOG_WARNING, "Invalid CIDR in %s\n", stuff); 00298 ast_free(ha); 00299 if (error) 00300 *error = 1; 00301 return ret; 00302 } 00303 } else if (!inet_aton(nm, &ha->netmask)) { 00304 ast_log(LOG_WARNING, "Invalid mask in %s\n", stuff); 00305 ast_free(ha); 00306 if (error) 00307 *error = 1; 00308 return ret; 00309 } 00310 } 00311 00312 if (!inet_aton(tmp, &ha->netaddr)) { 00313 ast_log(LOG_WARNING, "Invalid IP address in %s\n", stuff); 00314 ast_free(ha); 00315 if (error) 00316 *error = 1; 00317 return ret; 00318 } 00319 00320 ha->netaddr.s_addr &= ha->netmask.s_addr; 00321 00322 ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW; 00323 00324 ha->next = NULL; 00325 if (prev) { 00326 prev->next = ha; 00327 } else { 00328 ret = ha; 00329 } 00330 00331 ast_debug(1, "%s/%s sense %d appended to acl for peer\n", ast_strdupa(ast_inet_ntoa(ha->netaddr)), ast_strdupa(ast_inet_ntoa(ha->netmask)), ha->sense); 00332 00333 return ret; 00334 }
int ast_apply_ha | ( | struct ast_ha * | ha, | |
struct sockaddr_in * | sin | |||
) |
Check IP address with host access list.
Definition at line 336 of file acl.c.
References ast_copy_string(), ast_debug, ast_inet_ntoa(), AST_SENSE_ALLOW, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, and ast_ha::sense.
Referenced by ast_sip_ouraddrfor(), authenticate(), check_access(), check_user_ok(), parse_register_contact(), register_verify(), and skinny_register().
00337 { 00338 /* Start optimistic */ 00339 int res = AST_SENSE_ALLOW; 00340 while (ha) { 00341 #if 0 /* debugging code */ 00342 char iabuf[INET_ADDRSTRLEN]; 00343 char iabuf2[INET_ADDRSTRLEN]; 00344 /* DEBUG */ 00345 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); 00346 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); 00347 ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2); 00348 #endif 00349 /* For each rule, if this address and the netmask = the net address 00350 apply the current rule */ 00351 if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr) 00352 res = ha->sense; 00353 ha = ha->next; 00354 } 00355 return res; 00356 }
Definition at line 223 of file acl.c.
References ast_ha::netaddr, ast_ha::netmask, and ast_ha::sense.
Referenced by ast_duplicate_ha().
00224 { 00225 memcpy(&to->netaddr, &from->netaddr, sizeof(from->netaddr)); 00226 memcpy(&to->netmask, &from->netmask, sizeof(from->netmask)); 00227 to->sense = from->sense; 00228 }
Definition at line 231 of file acl.c.
References ast_copy_ha(), and ast_malloc.
Referenced by ast_duplicate_ha_list().
00232 { 00233 struct ast_ha *new_ha; 00234 00235 if ((new_ha = ast_malloc(sizeof(*new_ha)))) { 00236 /* Copy from original to new object */ 00237 ast_copy_ha(original, new_ha); 00238 } 00239 00240 return new_ha; 00241 }
Copy host access list.
Definition at line 245 of file acl.c.
References ast_duplicate_ha(), and ast_ha::next.
00246 { 00247 struct ast_ha *start = original; 00248 struct ast_ha *ret = NULL; 00249 struct ast_ha *link, *prev = NULL; 00250 00251 while (start) { 00252 link = ast_duplicate_ha(start); /* Create copy of this object */ 00253 if (prev) 00254 prev->next = link; /* Link previous to this object */ 00255 00256 if (!ret) 00257 ret = link; /* Save starting point */ 00258 00259 start = start->next; /* Go to next object */ 00260 prev = link; /* Save pointer to this object */ 00261 } 00262 return ret; /* Return start of list */ 00263 }
int ast_find_ourip | ( | struct in_addr * | ourip, | |
struct sockaddr_in | bindaddr | |||
) |
Definition at line 495 of file acl.c.
References ahp, ast_debug, ast_gethostbyname(), ast_log(), ast_ouraddrfor(), get_local_address(), hp, inet_aton(), LOG_WARNING, MAXHOSTNAMELEN, and ourhost.
Referenced by __oh323_rtp_create(), gtalk_create_candidates(), jingle_create_candidates(), and load_module().
00496 { 00497 char ourhost[MAXHOSTNAMELEN] = ""; 00498 struct ast_hostent ahp; 00499 struct hostent *hp; 00500 struct in_addr saddr; 00501 00502 /* just use the bind address if it is nonzero */ 00503 if (ntohl(bindaddr.sin_addr.s_addr)) { 00504 memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip)); 00505 ast_debug(3, "Attached to given IP address\n"); 00506 return 0; 00507 } 00508 /* try to use our hostname */ 00509 if (gethostname(ourhost, sizeof(ourhost) - 1)) { 00510 ast_log(LOG_WARNING, "Unable to get hostname\n"); 00511 } else { 00512 hp = ast_gethostbyname(ourhost, &ahp); 00513 if (hp) { 00514 memcpy(ourip, hp->h_addr, sizeof(*ourip)); 00515 ast_debug(3, "Found one IP address based on local hostname %s.\n", ourhost); 00516 return 0; 00517 } 00518 } 00519 ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n"); 00520 /* A.ROOT-SERVERS.NET. */ 00521 if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip)) 00522 return 0; 00523 return get_local_address(ourip); 00524 }
void ast_free_ha | ( | struct ast_ha * | ha | ) |
Free host access list.
Definition at line 212 of file acl.c.
References ast_free, and ast_ha::next.
Referenced by build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), sip_destroy_user(), unload_module(), and user_destructor().
00213 { 00214 struct ast_ha *hal; 00215 while (ha) { 00216 hal = ha; 00217 ha = ha->next; 00218 ast_free(hal); 00219 } 00220 }
int ast_get_ip | ( | struct sockaddr_in * | sin, | |
const char * | value | |||
) |
Definition at line 459 of file acl.c.
References ast_get_ip_or_srv().
Referenced by build_device(), build_gateway(), build_peer(), build_user(), and peer_set_srcaddr().
00460 { 00461 return ast_get_ip_or_srv(sin, value, NULL); 00462 }
int ast_get_ip_or_srv | ( | struct sockaddr_in * | sin, | |
const char * | value, | |||
const char * | service | |||
) |
Definition at line 358 of file acl.c.
References ahp, ast_get_srv(), ast_gethostbyname(), ast_log(), hp, and LOG_WARNING.
Referenced by ast_get_ip(), build_peer(), create_addr(), and proxy_update().
00359 { 00360 struct hostent *hp; 00361 struct ast_hostent ahp; 00362 char srv[256]; 00363 char host[256]; 00364 int tportno = ntohs(sin->sin_port); 00365 if (service) { 00366 snprintf(srv, sizeof(srv), "%s.%s", service, value); 00367 if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) { 00368 sin->sin_port = htons(tportno); 00369 value = host; 00370 } 00371 } 00372 hp = ast_gethostbyname(value, &ahp); 00373 if (hp) { 00374 memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr)); 00375 } else { 00376 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value); 00377 return -1; 00378 } 00379 return 0; 00380 }
int ast_ouraddrfor | ( | struct in_addr * | them, | |
struct in_addr * | us | |||
) |
Definition at line 464 of file acl.c.
References ast_debug, ast_log(), LOG_ERROR, LOG_WARNING, and s.
Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_device(), build_gateway(), and find_subchannel_and_lock().
00465 { 00466 int s; 00467 struct sockaddr_in sin; 00468 socklen_t slen; 00469 00470 s = socket(PF_INET, SOCK_DGRAM, 0); 00471 if (s < 0) { 00472 ast_log(LOG_ERROR, "Cannot create socket\n"); 00473 return -1; 00474 } 00475 sin.sin_family = AF_INET; 00476 sin.sin_port = 5060; 00477 sin.sin_addr = *them; 00478 if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) { 00479 ast_log(LOG_WARNING, "Cannot connect\n"); 00480 close(s); 00481 return -1; 00482 } 00483 slen = sizeof(sin); 00484 if (getsockname(s, (struct sockaddr *)&sin, &slen)) { 00485 ast_log(LOG_WARNING, "Cannot get socket name\n"); 00486 close(s); 00487 return -1; 00488 } 00489 close(s); 00490 ast_debug(3, "Found IP address for this socket\n"); 00491 *us = sin.sin_addr; 00492 return 0; 00493 }
int ast_str2cos | ( | const char * | value, | |
unsigned int * | cos | |||
) |
Definition at line 413 of file acl.c.
Referenced by reload_config(), and set_config().
00414 { 00415 int fval; 00416 00417 if (sscanf(value, "%d", &fval) == 1) { 00418 if (fval < 8) { 00419 *cos = fval; 00420 return 0; 00421 } 00422 } 00423 00424 return -1; 00425 }
int ast_str2tos | ( | const char * | value, | |
unsigned int * | tos | |||
) |
Definition at line 427 of file acl.c.
References ARRAY_LEN, dscp_pool1, name, and dscp_codepoint::space.
Referenced by iax_template_parse(), reload_config(), and set_config().
00428 { 00429 int fval; 00430 unsigned int x; 00431 00432 if (sscanf(value, "%i", &fval) == 1) { 00433 *tos = fval & 0xFF; 00434 return 0; 00435 } 00436 00437 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00438 if (!strcasecmp(value, dscp_pool1[x].name)) { 00439 *tos = dscp_pool1[x].space << 2; 00440 return 0; 00441 } 00442 } 00443 00444 return -1; 00445 }
const char* ast_tos2str | ( | unsigned int | tos | ) |
Definition at line 447 of file acl.c.
References ARRAY_LEN, dscp_pool1, dscp_codepoint::name, and dscp_codepoint::space.
Referenced by sip_show_settings().
00448 { 00449 unsigned int x; 00450 00451 for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) { 00452 if (dscp_pool1[x].space == (tos >> 2)) 00453 return dscp_pool1[x].name; 00454 } 00455 00456 return "unknown"; 00457 }
static int get_local_address | ( | struct in_addr * | ourip | ) | [static] |
Definition at line 113 of file acl.c.
References buf, free, malloc, s, and score_address().
Referenced by ast_find_ourip().
00114 { 00115 int s, res = -1; 00116 #ifdef SOLARIS 00117 struct lifreq *ifr = NULL; 00118 struct lifnum ifn; 00119 struct lifconf ifc; 00120 struct sockaddr_in *sa; 00121 char *buf = NULL; 00122 int bufsz, x; 00123 #endif /* SOLARIS */ 00124 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00125 struct ifaddrs *ifap, *ifaphead; 00126 int rtnerr; 00127 const struct sockaddr_in *sin; 00128 #endif /* BSD_OR_LINUX */ 00129 struct in_addr best_addr; 00130 int best_score = -100; 00131 memset(&best_addr, 0, sizeof(best_addr)); 00132 00133 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00134 rtnerr = getifaddrs(&ifaphead); 00135 if (rtnerr) { 00136 perror(NULL); 00137 return -1; 00138 } 00139 #endif /* BSD_OR_LINUX */ 00140 00141 s = socket(AF_INET, SOCK_STREAM, 0); 00142 00143 if (s > 0) { 00144 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00145 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) { 00146 00147 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) { 00148 sin = (const struct sockaddr_in *) ifap->ifa_addr; 00149 score_address(sin, &best_addr, &best_score); 00150 res = 0; 00151 00152 if (best_score == 0) 00153 break; 00154 } 00155 } 00156 #endif /* BSD_OR_LINUX */ 00157 00158 /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */ 00159 #ifdef SOLARIS 00160 /* Get a count of interfaces on the machine */ 00161 ifn.lifn_family = AF_INET; 00162 ifn.lifn_flags = 0; 00163 ifn.lifn_count = 0; 00164 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) { 00165 close(s); 00166 return -1; 00167 } 00168 00169 bufsz = ifn.lifn_count * sizeof(struct lifreq); 00170 if (!(buf = malloc(bufsz))) { 00171 close(s); 00172 return -1; 00173 } 00174 memset(buf, 0, bufsz); 00175 00176 /* Get a list of interfaces on the machine */ 00177 ifc.lifc_len = bufsz; 00178 ifc.lifc_buf = buf; 00179 ifc.lifc_family = AF_INET; 00180 ifc.lifc_flags = 0; 00181 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) { 00182 close(s); 00183 free(buf); 00184 return -1; 00185 } 00186 00187 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) { 00188 sa = (struct sockaddr_in *)&(ifr->lifr_addr); 00189 score_address(sa, &best_addr, &best_score); 00190 res = 0; 00191 00192 if (best_score == 0) 00193 break; 00194 } 00195 00196 free(buf); 00197 #endif /* SOLARIS */ 00198 00199 close(s); 00200 } 00201 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00202 freeifaddrs(ifaphead); 00203 #endif /* BSD_OR_LINUX */ 00204 00205 if (res == 0 && ourip) 00206 memcpy(ourip, &best_addr, sizeof(*ourip)); 00207 return res; 00208 }
static void score_address | ( | const struct sockaddr_in * | sin, | |
struct in_addr * | best_addr, | |||
int * | best_score | |||
) | [static] |
Definition at line 56 of file acl.c.
References ast_inet_ntoa().
Referenced by get_local_address().
00057 { 00058 const char *address; 00059 int score; 00060 00061 address = ast_inet_ntoa(sin->sin_addr); 00062 00063 /* RFC 1700 alias for the local network */ 00064 if (address[0] == '0') 00065 score = -25; 00066 /* RFC 1700 localnet */ 00067 else if (strncmp(address, "127", 3) == 0) 00068 score = -20; 00069 /* RFC 1918 non-public address space */ 00070 else if (strncmp(address, "10.", 3) == 0) 00071 score = -5; 00072 /* RFC 1918 non-public address space */ 00073 else if (strncmp(address, "172", 3) == 0) { 00074 /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */ 00075 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') 00076 score = -5; 00077 /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */ 00078 else if (address[4] == '2' && address[6] == '.') 00079 score = -5; 00080 /* 172.30.0.0 - 172.31.255.255 */ 00081 else if (address[4] == '3' && address[5] <= '1') 00082 score = -5; 00083 /* All other 172 addresses are public */ 00084 else 00085 score = 0; 00086 /* RFC 2544 Benchmark test range */ 00087 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') 00088 score = -10; 00089 /* RFC 1918 non-public address space */ 00090 else if (strncmp(address, "192.168", 7) == 0) 00091 score = -5; 00092 /* RFC 3330 Zeroconf network */ 00093 else if (strncmp(address, "169.254", 7) == 0) 00094 /*!\note Better score than a test network, but not quite as good as RFC 1918 00095 * address space. The reason is that some Linux distributions automatically 00096 * configure a Zeroconf address before trying DHCP, so we want to prefer a 00097 * DHCP lease to a Zeroconf address. 00098 */ 00099 score = -10; 00100 /* RFC 3330 Test network */ 00101 else if (strncmp(address, "192.0.2.", 8) == 0) 00102 score = -15; 00103 /* Every other address should be publically routable */ 00104 else 00105 score = 0; 00106 00107 if (score > *best_score) { 00108 *best_score = score; 00109 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr)); 00110 } 00111 }
struct dscp_codepoint dscp_pool1[] [static] |