Mon Mar 19 11:30:31 2012

Asterisk developer's documentation


acl.c File Reference

Various sorts of access control. More...

#include "asterisk.h"
#include "asterisk/network.h"
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/channel.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"

Go to the source code of this file.

Data Structures

struct  dscp_codepoint

Defines

#define V6_WORD(sin6, index)   ((uint32_t *)&((sin6)->sin6_addr))[(index)]
 Isolate a 32-bit section of an IPv6 address.

Functions

static int apply_netmask (const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result)
 Apply a netmask to an address and store the result in a separate structure.
ast_haast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule to a list of HAs.
int ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address.
void ast_copy_ha (const struct ast_ha *from, struct ast_ha *to)
 Copy the contents of one HA to another.
static struct ast_haast_duplicate_ha (struct ast_ha *original)
ast_haast_duplicate_ha_list (struct ast_ha *original)
 Duplicate the contents of a list of host access rules.
int ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
 Find our IP address.
void ast_free_ha (struct ast_ha *ha)
 Free a list of HAs.
int ast_get_ip (struct ast_sockaddr *addr, const char *hostname)
 Get the IP address given a hostname.
int ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service)
 Get the IP address given a hostname and optional service.
int ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us)
 Get our local IP address when contacting a remote host.
int ast_str2cos (const char *value, unsigned int *cos)
 Convert a string to the appropriate COS value.
int ast_str2tos (const char *value, unsigned int *tos)
 Convert a string to the appropriate TOS value.
const char * ast_tos2str (unsigned int tos)
 Convert a TOS value into its string representation.
static int get_local_address (struct ast_sockaddr *ourip)
static int parse_cidr_mask (struct ast_sockaddr *addr, int is_v4, const char *mask_str)
 Parse a netmask in CIDR notation.
static int resolve_first (struct ast_sockaddr *addr, const char *name, int flag, int family)
static void score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score)

Variables

static struct dscp_codepoint dscp_pool1 []


Detailed Description

Various sorts of access control.

Author:
Mark Spencer <markster@digium.com>

Definition in file acl.c.


Define Documentation

#define V6_WORD ( sin6,
index   )     ((uint32_t *)&((sin6)->sin6_addr))[(index)]

Isolate a 32-bit section of an IPv6 address.

An IPv6 address can be divided into 4 32-bit chunks. This gives easy access to one of these chunks.

Parameters:
sin6 A pointer to a struct sockaddr_in6
index Which 32-bit chunk to operate on. Must be in the range 0-3.

Definition at line 284 of file acl.c.

Referenced by apply_netmask(), and parse_cidr_mask().


Function Documentation

static int apply_netmask ( const struct ast_sockaddr addr,
const struct ast_sockaddr netmask,
struct ast_sockaddr result 
) [static]

Apply a netmask to an address and store the result in a separate structure.

When dealing with IPv6 addresses, one cannot apply a netmask with a simple logical and operation. Furthermore, the incoming address may be an IPv4 address and need to be mapped properly before attempting to apply a rule.

Parameters:
addr The IP address to apply the mask to.
netmask The netmask configured in the host access rule.
result The resultant address after applying the netmask to the given address
Return values:
0 Successfully applied netmask -1 Failed to apply netmask

Definition at line 300 of file acl.c.

References ast_ha::addr, ast_sockaddr_from_sin, ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv6(), ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.

Referenced by ast_append_ha(), and ast_apply_ha().

00302 {
00303    int res = 0;
00304 
00305    if (ast_sockaddr_is_ipv4(addr)) {
00306       struct sockaddr_in result4 = { 0, };
00307       struct sockaddr_in *addr4 = (struct sockaddr_in *) &addr->ss;
00308       struct sockaddr_in *mask4 = (struct sockaddr_in *) &netmask->ss;
00309       result4.sin_family = AF_INET;
00310       result4.sin_addr.s_addr = addr4->sin_addr.s_addr & mask4->sin_addr.s_addr;
00311       ast_sockaddr_from_sin(result, &result4);
00312    } else if (ast_sockaddr_is_ipv6(addr)) {
00313       struct sockaddr_in6 result6 = { 0, };
00314       struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &addr->ss;
00315       struct sockaddr_in6 *mask6 = (struct sockaddr_in6 *) &netmask->ss;
00316       int i;
00317       result6.sin6_family = AF_INET6;
00318       for (i = 0; i < 4; ++i) {
00319          V6_WORD(&result6, i) = V6_WORD(addr6, i) & V6_WORD(mask6, i);
00320       }
00321       memcpy(&result->ss, &result6, sizeof(result6));
00322       result->len = sizeof(result6);
00323    } else {
00324       /* Unsupported address scheme */
00325       res = -1;
00326    }
00327 
00328    return res;
00329 }

struct ast_ha* ast_append_ha ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
)

Add a new rule to a list of HAs.

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters:
sense Either "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuff The IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32).
path The head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out] error The integer error points to will be set non-zero if an error occurs
Returns:
The head of the HA list

Definition at line 395 of file acl.c.

References ast_ha::addr, apply_netmask(), ast_calloc, ast_debug, ast_free_ha(), ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_parse(), ast_sockaddr_stringify(), ast_strdupa, LOG_NOTICE, LOG_WARNING, ast_ha::next, parse_cidr_mask(), PARSE_PORT_FORBID, ast_ha::sense, and strsep().

Referenced by add_calltoken_ignore(), build_callno_limits(), build_device(), build_peer(), build_user(), and config_parse_variables().

00396 {
00397    struct ast_ha *ha;
00398    struct ast_ha *prev = NULL;
00399    struct ast_ha *ret;
00400    char *tmp = ast_strdupa(stuff);
00401    char *address = NULL, *mask = NULL;
00402    int addr_is_v4;
00403 
00404    ret = path;
00405    while (path) {
00406       prev = path;
00407       path = path->next;
00408    }
00409 
00410    if (!(ha = ast_calloc(1, sizeof(*ha)))) {
00411       if (error) {
00412          *error = 1;
00413       }
00414       return ret;
00415    }
00416 
00417    address = strsep(&tmp, "/");
00418    if (!address) {
00419       address = tmp;
00420    } else {
00421       mask = tmp;
00422    }
00423 
00424    if (!ast_sockaddr_parse(&ha->addr, address, PARSE_PORT_FORBID)) {
00425       ast_log(LOG_WARNING, "Invalid IP address: %s\n", address);
00426       ast_free_ha(ha);
00427       if (error) {
00428          *error = 1;
00429       }
00430       return ret;
00431    }
00432 
00433    /* If someone specifies an IPv4-mapped IPv6 address,
00434     * we just convert this to an IPv4 ACL
00435     */
00436    if (ast_sockaddr_ipv4_mapped(&ha->addr, &ha->addr)) {
00437       ast_log(LOG_NOTICE, "IPv4-mapped ACL network address specified. "
00438             "Converting to an IPv4 ACL network address.\n");
00439    }
00440 
00441    addr_is_v4 = ast_sockaddr_is_ipv4(&ha->addr);
00442 
00443    if (!mask) {
00444       parse_cidr_mask(&ha->netmask, addr_is_v4, addr_is_v4 ? "32" : "128");
00445    } else if (strchr(mask, ':') || strchr(mask, '.')) {
00446       int mask_is_v4;
00447       /* Mask is of x.x.x.x or x:x:x:x:x:x:x:x variety */
00448       if (!ast_sockaddr_parse(&ha->netmask, mask, PARSE_PORT_FORBID)) {
00449          ast_log(LOG_WARNING, "Invalid netmask: %s\n", mask);
00450          ast_free_ha(ha);
00451          if (error) {
00452             *error = 1;
00453          }
00454          return ret;
00455       }
00456       /* If someone specifies an IPv4-mapped IPv6 netmask,
00457        * we just convert this to an IPv4 ACL
00458        */
00459       if (ast_sockaddr_ipv4_mapped(&ha->netmask, &ha->netmask)) {
00460          ast_log(LOG_NOTICE, "IPv4-mapped ACL netmask specified. "
00461                "Converting to an IPv4 ACL netmask.\n");
00462       }
00463       mask_is_v4 = ast_sockaddr_is_ipv4(&ha->netmask);
00464       if (addr_is_v4 ^ mask_is_v4) {
00465          ast_log(LOG_WARNING, "Address and mask are not using same address scheme.\n");
00466          ast_free_ha(ha);
00467          if (error) {
00468             *error = 1;
00469          }
00470          return ret;
00471       }
00472    } else if (parse_cidr_mask(&ha->netmask, addr_is_v4, mask)) {
00473       ast_log(LOG_WARNING, "Invalid CIDR netmask: %s\n", mask);
00474       ast_free_ha(ha);
00475       if (error) {
00476          *error = 1;
00477       }
00478       return ret;
00479    }
00480 
00481    if (apply_netmask(&ha->addr, &ha->netmask, &ha->addr)) {
00482       /* This shouldn't happen because ast_sockaddr_parse would
00483        * have failed much earlier on an unsupported address scheme
00484        */
00485       char *failmask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00486       char *failaddr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00487       ast_log(LOG_WARNING, "Unable to apply netmask %s to address %s\n", failmask, failaddr);
00488       ast_free_ha(ha);
00489       if (error) {
00490          *error = 1;
00491       }
00492       return ret;
00493    }
00494 
00495    ha->sense = strncasecmp(sense, "p", 1) ? AST_SENSE_DENY : AST_SENSE_ALLOW;
00496 
00497    ha->next = NULL;
00498    if (prev) {
00499       prev->next = ha;
00500    } else {
00501       ret = ha;
00502    }
00503 
00504    {
00505       const char *addr = ast_strdupa(ast_sockaddr_stringify(&ha->addr));
00506       const char *mask = ast_strdupa(ast_sockaddr_stringify(&ha->netmask));
00507 
00508       ast_debug(1, "%s/%s sense %d appended to acl for peer\n", addr, mask, ha->sense);
00509    }
00510 
00511    return ret;
00512 }

int ast_apply_ha ( const struct ast_ha ha,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address.

The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.

Parameters:
ha The head of the list of host access rules to follow
addr An ast_sockaddr whose address is considered when matching rules
Return values:
AST_SENSE_ALLOW The IP address passes our ACL
AST_SENSE_DENY The IP address fails our ACL

Definition at line 514 of file acl.c.

References ast_ha::addr, apply_netmask(), ast_copy_string(), ast_debug, ast_inet_ntoa(), AST_SENSE_ALLOW, ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_ha::netmask, ast_ha::next, and ast_ha::sense.

Referenced by apply_directmedia_ha(), ast_sip_ouraddrfor(), authenticate(), check_access(), check_peer_ok(), parse_register_contact(), register_verify(), and skinny_register().

00515 {
00516    /* Start optimistic */
00517    int res = AST_SENSE_ALLOW;
00518    const struct ast_ha *current_ha;
00519 
00520    for (current_ha = ha; current_ha; current_ha = current_ha->next) {
00521       struct ast_sockaddr result;
00522       struct ast_sockaddr mapped_addr;
00523       const struct ast_sockaddr *addr_to_use;
00524 #if 0 /* debugging code */
00525       char iabuf[INET_ADDRSTRLEN];
00526       char iabuf2[INET_ADDRSTRLEN];
00527       /* DEBUG */
00528       ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00529       ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00530       ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
00531 #endif
00532       if (ast_sockaddr_is_ipv4(&ha->addr)) {
00533          if (ast_sockaddr_is_ipv6(addr)) {
00534             if (ast_sockaddr_is_ipv4_mapped(addr)) {
00535                /* IPv4 ACLs apply to IPv4-mapped addresses */
00536                ast_sockaddr_ipv4_mapped(addr, &mapped_addr);
00537                addr_to_use = &mapped_addr;
00538             } else {
00539                /* An IPv4 ACL does not apply to an IPv6 address */
00540                continue;
00541             }
00542          } else {
00543             /* Address is IPv4 and ACL is IPv4. No biggie */
00544             addr_to_use = addr;
00545          }
00546       } else {
00547          if (ast_sockaddr_is_ipv6(addr) && !ast_sockaddr_is_ipv4_mapped(addr)) {
00548             addr_to_use = addr;
00549          } else {
00550             /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
00551             continue;
00552          }
00553       }
00554 
00555       /* For each rule, if this address and the netmask = the net address
00556          apply the current rule */
00557       if (apply_netmask(addr_to_use, &current_ha->netmask, &result)) {
00558          /* Unlikely to happen since we know the address to be IPv4 or IPv6 */
00559          continue;
00560       }
00561       if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)) {
00562          res = current_ha->sense;
00563       }
00564    }
00565    return res;
00566 }

void ast_copy_ha ( const struct ast_ha from,
struct ast_ha to 
)

Copy the contents of one HA to another.

This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function

Parameters:
from Source HA to copy
to Destination HA to copy to
Return values:
void 

Definition at line 230 of file acl.c.

References ast_ha::addr, ast_sockaddr_copy(), ast_ha::netmask, and ast_ha::sense.

Referenced by add_calltoken_ignore(), ast_duplicate_ha(), and build_callno_limits().

00231 {
00232    ast_sockaddr_copy(&to->addr, &from->addr);
00233    ast_sockaddr_copy(&to->netmask, &from->netmask);
00234    to->sense = from->sense;
00235 }

static struct ast_ha* ast_duplicate_ha ( struct ast_ha original  )  [static]

Definition at line 238 of file acl.c.

References ast_calloc, and ast_copy_ha().

Referenced by ast_duplicate_ha_list().

00239 {
00240    struct ast_ha *new_ha;
00241 
00242    if ((new_ha = ast_calloc(1, sizeof(*new_ha)))) {
00243       /* Copy from original to new object */
00244       ast_copy_ha(original, new_ha);
00245    }
00246 
00247    return new_ha;
00248 }

struct ast_ha* ast_duplicate_ha_list ( struct ast_ha original  ) 

Duplicate the contents of a list of host access rules.

A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.

Note:
This function is not actually used anywhere.
Parameters:
original The ast_ha to copy
Return values:
The head of the list of duplicated ast_has

Definition at line 252 of file acl.c.

References ast_duplicate_ha(), and ast_ha::next.

Referenced by create_addr_from_peer().

00253 {
00254    struct ast_ha *start = original;
00255    struct ast_ha *ret = NULL;
00256    struct ast_ha *current, *prev = NULL;
00257 
00258    while (start) {
00259       current = ast_duplicate_ha(start);  /* Create copy of this object */
00260       if (prev) {
00261          prev->next = current;           /* Link previous to this object */
00262       }
00263 
00264       if (!ret) {
00265          ret = current;                  /* Save starting point */
00266       }
00267 
00268       start = start->next;                /* Go to next object */
00269       prev = current;                     /* Save pointer to this object */
00270    }
00271    return ret;                             /* Return start of list */
00272 }

int ast_find_ourip ( struct ast_sockaddr ourip,
const struct ast_sockaddr bindaddr,
int  family 
)

Find our IP address.

This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:

Parameters:
[out] ourip Our IP address is written here when it is found
bindaddr A hint used for finding our IP. See the steps above for more details
family Only addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families.
Return values:
0 Success
-1 Failure

Definition at line 736 of file acl.c.

References ast_debug, ast_log(), ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, ast_sockaddr_set_port, bindaddr, get_local_address(), LOG_WARNING, MAXHOSTNAMELEN, ourhost, PARSE_PORT_FORBID, and resolve_first().

Referenced by __oh323_rtp_create(), gtalk_get_local_ip(), jingle_create_candidates(), and load_module().

00737 {
00738    char ourhost[MAXHOSTNAMELEN] = "";
00739    struct ast_sockaddr root;
00740    int res, port = ast_sockaddr_port(ourip);
00741 
00742    /* just use the bind address if it is nonzero */
00743    if (!ast_sockaddr_is_any(bindaddr)) {
00744       ast_sockaddr_copy(ourip, bindaddr);
00745       ast_debug(3, "Attached to given IP address\n");
00746       return 0;
00747    }
00748    /* try to use our hostname */
00749    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00750       ast_log(LOG_WARNING, "Unable to get hostname\n");
00751    } else {
00752       if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
00753          /* reset port since resolve_first wipes this out */
00754          ast_sockaddr_set_port(ourip, port);
00755          return 0;
00756       }
00757    }
00758    ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
00759    /* A.ROOT-SERVERS.NET. */
00760    if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
00761        !ast_ouraddrfor(&root, ourip)) {
00762       /* reset port since resolve_first wipes this out */
00763       ast_sockaddr_set_port(ourip, port);
00764       return 0;
00765    }
00766    res = get_local_address(ourip);
00767    ast_sockaddr_set_port(ourip, port);
00768    return res;
00769 }

void ast_free_ha ( struct ast_ha ha  ) 

Free a list of HAs.

Given the head of a list of HAs, it and all appended HAs are freed

Parameters:
ha The head of the list of HAs to free
Return values:
void 

Definition at line 219 of file acl.c.

References ast_free, and ast_ha::next.

Referenced by __sip_destroy(), add_calltoken_ignore(), ast_append_ha(), build_callno_limits(), build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), unload_module(), and user_destructor().

00220 {
00221    struct ast_ha *hal;
00222    while (ha) {
00223       hal = ha;
00224       ha = ha->next;
00225       ast_free(hal);
00226    }
00227 }

int ast_get_ip ( struct ast_sockaddr addr,
const char *  hostname 
)

Get the IP address given a hostname.

Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.

Parameters:
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostname The hostname to look up
Return values:
0 Success
-1 Failure

Definition at line 692 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_peer(), build_user(), config_parse_variables(), peer_set_srcaddr(), setup_stunaddr(), and stun_monitor_request().

00693 {
00694    return ast_get_ip_or_srv(addr, hostname, NULL);
00695 }

int ast_get_ip_or_srv ( struct ast_sockaddr addr,
const char *  hostname,
const char *  service 
)

Get the IP address given a hostname and optional service.

If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.

Parameters:
addr The IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostname The hostname to look up
service A specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
Return values:
0 Success
-1 Failure

Definition at line 589 of file acl.c.

References ast_get_srv(), ast_sockaddr_set_port, PARSE_PORT_FORBID, resolve_first(), and ast_sockaddr::ss.

Referenced by ast_get_ip(), create_addr(), dnsmgr_refresh(), internal_dnsmgr_lookup(), and proxy_update().

00590 {
00591    char srv[256];
00592    char host[256];
00593    int srv_ret = 0;
00594    int tportno;
00595 
00596    if (service) {
00597       snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
00598       if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
00599          hostname = host;
00600       }
00601    }
00602 
00603    if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
00604       return -1;
00605    }
00606 
00607    if (srv_ret > 0) {
00608       ast_sockaddr_set_port(addr, tportno);
00609    }
00610 
00611    return 0;
00612 }

int ast_ouraddrfor ( const struct ast_sockaddr them,
struct ast_sockaddr us 
)

Get our local IP address when contacting a remote host.

This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.

Parameters:
them The IP address to which we wish to attempt to connect
[out] us The source IP address used to connect to them
Return values:
-1 Failure
0 Success

Definition at line 697 of file acl.c.

References ast_connect(), ast_debug, ast_getsockname(), ast_log(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), ast_strdupa, LOG_ERROR, and LOG_WARNING.

Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), find_subchannel_and_lock(), gtalk_get_local_ip(), and sip_acf_channel_read().

00698 {
00699    int port;
00700    int s;
00701 
00702    port = ast_sockaddr_port(us);
00703 
00704    if ((s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET,
00705          SOCK_DGRAM, 0)) < 0) {
00706       ast_log(LOG_ERROR, "Cannot create socket\n");
00707       return -1;
00708    }
00709 
00710    if (ast_connect(s, them)) {
00711       ast_log(LOG_WARNING, "Cannot connect\n");
00712       close(s);
00713       return -1;
00714    }
00715    if (ast_getsockname(s, us)) {
00716 
00717       ast_log(LOG_WARNING, "Cannot get socket name\n");
00718       close(s);
00719       return -1;
00720    }
00721    close(s);
00722 
00723    {
00724       const char *them_addr = ast_strdupa(ast_sockaddr_stringify_addr(them));
00725       const char *us_addr = ast_strdupa(ast_sockaddr_stringify_addr(us));
00726 
00727       ast_debug(3, "For destination '%s', our source address is '%s'.\n",
00728             them_addr, us_addr);
00729    }
00730 
00731    ast_sockaddr_set_port(us, port);
00732 
00733    return 0;
00734 }

int ast_str2cos ( const char *  value,
unsigned int *  cos 
)

Convert a string to the appropriate COS value.

Parameters:
value The COS string to convert
[out] cos The integer representation of that COS value
Return values:
-1 Failure
0 Success

Definition at line 645 of file acl.c.

Referenced by config_parse_variables(), reload_config(), and set_config().

00646 {
00647    int fval;
00648 
00649    if (sscanf(value, "%30d", &fval) == 1) {
00650       if (fval < 8) {
00651           *cos = fval;
00652           return 0;
00653       }
00654    }
00655 
00656    return -1;
00657 }

int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Convert a string to the appropriate TOS value.

Parameters:
value The TOS string to convert
[out] tos The integer representation of that TOS value
Return values:
-1 Failure
0 Success

Definition at line 659 of file acl.c.

References ARRAY_LEN, dscp_pool1, name, and dscp_codepoint::space.

Referenced by config_parse_variables(), iax_template_parse(), reload_config(), and set_config().

00660 {
00661    int fval;
00662    unsigned int x;
00663 
00664    if (sscanf(value, "%30i", &fval) == 1) {
00665       *tos = fval & 0xFF;
00666       return 0;
00667    }
00668 
00669    for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00670       if (!strcasecmp(value, dscp_pool1[x].name)) {
00671          *tos = dscp_pool1[x].space << 2;
00672          return 0;
00673       }
00674    }
00675 
00676    return -1;
00677 }

const char* ast_tos2str ( unsigned int  tos  ) 

Convert a TOS value into its string representation.

Parameters:
tos The TOS value to look up
Returns:
The string equivalent of the TOS value

Definition at line 679 of file acl.c.

References ARRAY_LEN, dscp_pool1, dscp_codepoint::name, and dscp_codepoint::space.

Referenced by sip_show_settings().

00680 {
00681    unsigned int x;
00682 
00683    for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
00684       if (dscp_pool1[x].space == (tos >> 2)) {
00685          return dscp_pool1[x].name;
00686       }
00687    }
00688 
00689    return "unknown";
00690 }

static int get_local_address ( struct ast_sockaddr ourip  )  [static]

Definition at line 115 of file acl.c.

References free, malloc, and score_address().

Referenced by ast_find_ourip().

00116 {
00117    int s, res = -1;
00118 #ifdef SOLARIS
00119    struct lifreq *ifr = NULL;
00120    struct lifnum ifn;
00121    struct lifconf ifc;
00122    struct sockaddr_in *sa;
00123    char *buf = NULL;
00124    int bufsz, x;
00125 #endif /* SOLARIS */
00126 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00127    struct ifaddrs *ifap, *ifaphead;
00128    int rtnerr;
00129    const struct sockaddr_in *sin;
00130 #endif /* BSD_OR_LINUX */
00131    struct in_addr best_addr;
00132    int best_score = -100;
00133    memset(&best_addr, 0, sizeof(best_addr));
00134 
00135 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00136    rtnerr = getifaddrs(&ifaphead);
00137    if (rtnerr) {
00138       perror(NULL);
00139       return -1;
00140    }
00141 #endif /* BSD_OR_LINUX */
00142 
00143    s = socket(AF_INET, SOCK_STREAM, 0);
00144 
00145    if (s > 0) {
00146 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00147       for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) {
00148 
00149          if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) {
00150             sin = (const struct sockaddr_in *) ifap->ifa_addr;
00151             score_address(sin, &best_addr, &best_score);
00152             res = 0;
00153 
00154             if (best_score == 0) {
00155                break;
00156             }
00157          }
00158       }
00159 #endif /* BSD_OR_LINUX */
00160 
00161       /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */
00162 #ifdef SOLARIS
00163       /* Get a count of interfaces on the machine */
00164       ifn.lifn_family = AF_INET;
00165       ifn.lifn_flags = 0;
00166       ifn.lifn_count = 0;
00167       if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) {
00168          close(s);
00169          return -1;
00170       }
00171 
00172       bufsz = ifn.lifn_count * sizeof(struct lifreq);
00173       if (!(buf = malloc(bufsz))) {
00174          close(s);
00175          return -1;
00176       }
00177       memset(buf, 0, bufsz);
00178 
00179       /* Get a list of interfaces on the machine */
00180       ifc.lifc_len = bufsz;
00181       ifc.lifc_buf = buf;
00182       ifc.lifc_family = AF_INET;
00183       ifc.lifc_flags = 0;
00184       if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) {
00185          close(s);
00186          free(buf);
00187          return -1;
00188       }
00189 
00190       for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) {
00191          sa = (struct sockaddr_in *)&(ifr->lifr_addr);
00192          score_address(sa, &best_addr, &best_score);
00193          res = 0;
00194 
00195          if (best_score == 0) {
00196             break;
00197          }
00198       }
00199 
00200       free(buf);
00201 #endif /* SOLARIS */
00202 
00203       close(s);
00204    }
00205 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__)
00206    freeifaddrs(ifaphead);
00207 #endif /* BSD_OR_LINUX */
00208 
00209    if (res == 0 && ourip) {
00210       ast_sockaddr_setnull(ourip);
00211       ourip->ss.ss_family = AF_INET;
00212       ((struct sockaddr_in *)&ourip->ss)->sin_addr = best_addr;
00213    }
00214    return res;
00215 }

static int parse_cidr_mask ( struct ast_sockaddr addr,
int  is_v4,
const char *  mask_str 
) [static]

Parse a netmask in CIDR notation.

For a mask of an IPv4 address, this should be a number between 0 and 32. For a mask of an IPv6 address, this should be a number between 0 and 128. This function creates an IPv6 ast_sockaddr from the given netmask. For masks of IPv4 addresses, this is accomplished by adding 96 to the original netmask.

Parameters:
[out] addr The ast_sockaddr produced from the CIDR netmask
is_v4 Tells if the address we are masking is IPv4.
mask_str The CIDR mask to convert
Return values:
-1 Failure
0 Success

Definition at line 347 of file acl.c.

References ast_sockaddr_from_sin, ast_sockaddr::len, ast_sockaddr::ss, and V6_WORD.

Referenced by ast_append_ha().

00348 {
00349    int mask;
00350 
00351    if (sscanf(mask_str, "%30d", &mask) != 1) {
00352       return -1;
00353    }
00354 
00355    if (is_v4) {
00356       struct sockaddr_in sin;
00357       if (mask < 0 || mask > 32) {
00358          return -1;
00359       }
00360       memset(&sin, 0, sizeof(sin));
00361       sin.sin_family = AF_INET;
00362       /* If mask is 0, then we already have the
00363        * appropriate all 0s address in sin from
00364        * the above memset.
00365        */
00366       if (mask != 0) {
00367          sin.sin_addr.s_addr = htonl(0xFFFFFFFF << (32 - mask));
00368       }
00369       ast_sockaddr_from_sin(addr, &sin);
00370    } else {
00371       struct sockaddr_in6 sin6;
00372       int i;
00373       if (mask < 0 || mask > 128) {
00374          return -1;
00375       }
00376       memset(&sin6, 0, sizeof(sin6));
00377       sin6.sin6_family = AF_INET6;
00378       for (i = 0; i < 4; ++i) {
00379          /* Once mask reaches 0, we don't have
00380           * to explicitly set anything anymore
00381           * since sin6 was zeroed out already
00382           */
00383          if (mask > 0) {
00384             V6_WORD(&sin6, i) = htonl(0xFFFFFFFF << (mask < 32 ? (32 - mask) : 0));
00385             mask -= mask < 32 ? mask : 32;
00386          }
00387       }
00388       memcpy(&addr->ss, &sin6, sizeof(sin6));
00389       addr->len = sizeof(sin6);
00390    }
00391 
00392    return 0;
00393 }

static int resolve_first ( struct ast_sockaddr addr,
const char *  name,
int  flag,
int  family 
) [static]

Definition at line 568 of file acl.c.

References ast_debug, ast_free, ast_log(), ast_sockaddr_copy(), ast_sockaddr_resolve(), and LOG_WARNING.

Referenced by ast_find_ourip(), and ast_get_ip_or_srv().

00570 {
00571    struct ast_sockaddr *addrs;
00572    int addrs_cnt;
00573 
00574    addrs_cnt = ast_sockaddr_resolve(&addrs, name, flag, family);
00575    if (addrs_cnt > 0) {
00576       if (addrs_cnt > 1) {
00577          ast_debug(1, "Multiple addresses. Using the first only\n");
00578       }
00579       ast_sockaddr_copy(addr, &addrs[0]);
00580       ast_free(addrs);
00581    } else {
00582       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", name);
00583       return -1;
00584    }
00585 
00586    return 0;
00587 }

static void score_address ( const struct sockaddr_in *  sin,
struct in_addr *  best_addr,
int *  best_score 
) [static]

Definition at line 56 of file acl.c.

References ast_inet_ntoa().

Referenced by get_local_address().

00057 {
00058    const char *address;
00059    int score;
00060 
00061    address = ast_inet_ntoa(sin->sin_addr);
00062 
00063    /* RFC 1700 alias for the local network */
00064    if (address[0] == '0') {
00065       score = -25;
00066    /* RFC 1700 localnet */
00067    } else if (strncmp(address, "127", 3) == 0) {
00068       score = -20;
00069    /* RFC 1918 non-public address space */
00070    } else if (strncmp(address, "10.", 3) == 0) {
00071       score = -5;
00072    /* RFC 1918 non-public address space */
00073    } else if (strncmp(address, "172", 3) == 0) {
00074       /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */
00075       if (address[4] == '1' && address[5] >= '6' && address[6] == '.') {
00076          score = -5;
00077       /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */
00078       } else if (address[4] == '2' && address[6] == '.') {
00079          score = -5;
00080       /* 172.30.0.0 - 172.31.255.255, but not 172.3.0.0 - 172.3.255.255 */
00081       } else if (address[4] == '3' && (address[5] == '0' || address[5] == '1')) {
00082          score = -5;
00083       /* All other 172 addresses are public */
00084       } else {
00085          score = 0;
00086       }
00087    /* RFC 2544 Benchmark test range (198.18.0.0 - 198.19.255.255, but not 198.180.0.0 - 198.199.255.255) */
00088    } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') {
00089       score = -10;
00090    /* RFC 1918 non-public address space */
00091    } else if (strncmp(address, "192.168", 7) == 0) {
00092       score = -5;
00093    /* RFC 3330 Zeroconf network */
00094    } else if (strncmp(address, "169.254", 7) == 0) {
00095       /*!\note Better score than a test network, but not quite as good as RFC 1918
00096        * address space.  The reason is that some Linux distributions automatically
00097        * configure a Zeroconf address before trying DHCP, so we want to prefer a
00098        * DHCP lease to a Zeroconf address.
00099        */
00100       score = -10;
00101    /* RFC 3330 Test network */
00102    } else if (strncmp(address, "192.0.2.", 8) == 0) {
00103       score = -15;
00104    /* Every other address should be publically routable */
00105    } else {
00106       score = 0;
00107    }
00108 
00109    if (score > *best_score) {
00110       *best_score = score;
00111       memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr));
00112    }
00113 }


Variable Documentation

struct dscp_codepoint dscp_pool1[] [static]

Definition at line 621 of file acl.c.

Referenced by ast_str2tos(), and ast_tos2str().


Generated on Mon Mar 19 11:30:31 2012 for Asterisk - The Open Source Telephony Project by  doxygen 1.4.7