Fri Apr 24 16:26:04 2009

Asterisk developer's documentation


acl.h File Reference

Access Control of various sorts. More...

#include <netinet/in.h>
#include "asterisk/io.h"

Go to the source code of this file.

Defines

#define AST_SENSE_ALLOW   1
#define AST_SENSE_DENY   0

Functions

ast_haast_append_ha (char *sense, char *stuff, struct ast_ha *path)
int ast_apply_ha (struct ast_ha *ha, struct sockaddr_in *sin)
ast_haast_duplicate_ha_list (struct ast_ha *original)
int ast_find_ourip (struct in_addr *ourip, struct sockaddr_in bindaddr)
void ast_free_ha (struct ast_ha *ha)
int ast_get_ip (struct sockaddr_in *sin, const char *value)
int ast_get_ip_or_srv (struct sockaddr_in *sin, const char *value, const char *service)
int ast_lookup_iface (char *iface, struct in_addr *address)
int ast_ouraddrfor (struct in_addr *them, struct in_addr *us)
int ast_str2tos (const char *value, unsigned int *tos)
const char * ast_tos2str (unsigned int tos)


Detailed Description

Access Control of various sorts.

Definition in file acl.h.


Define Documentation

#define AST_SENSE_ALLOW   1

Definition at line 35 of file acl.h.

Referenced by ast_append_ha(), ast_apply_ha(), and parse_register_contact().

#define AST_SENSE_DENY   0

Definition at line 34 of file acl.h.

Referenced by ast_append_ha().


Function Documentation

struct ast_ha* ast_append_ha ( char *  sense,
char *  stuff,
struct ast_ha path 
)

Definition at line 306 of file acl.c.

References ast_copy_string(), ast_log(), ast_malloc, AST_SENSE_ALLOW, AST_SENSE_DENY, free, LOG_DEBUG, LOG_WARNING, ast_ha::netaddr, ast_ha::next, and option_debug.

Referenced by authenticate(), build_device(), build_gateway(), build_peer(), and build_user().

00307 {
00308    struct ast_ha *ha;
00309    char *nm = "255.255.255.255";
00310    char tmp[256];
00311    struct ast_ha *prev = NULL;
00312    struct ast_ha *ret;
00313    int x, z;
00314    unsigned int y;
00315 
00316    ret = path;
00317    while (path) {
00318       prev = path;
00319       path = path->next;
00320    }
00321    if ((ha = ast_malloc(sizeof(*ha)))) {
00322       ast_copy_string(tmp, stuff, sizeof(tmp));
00323       nm = strchr(tmp, '/');
00324       if (!nm) {
00325          nm = "255.255.255.255";
00326       } else {
00327          *nm = '\0';
00328          nm++;
00329       }
00330       if (!strchr(nm, '.')) {
00331          if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) {
00332             y = 0;
00333             for (z = 0; z < x; z++) {
00334                y >>= 1;
00335                y |= 0x80000000;
00336             }
00337             ha->netmask.s_addr = htonl(y);
00338          }
00339       } else if (!inet_aton(nm, &ha->netmask)) {
00340          ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
00341          free(ha);
00342          return ret;
00343       }
00344       if (!inet_aton(tmp, &ha->netaddr)) {
00345          ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
00346          free(ha);
00347          return ret;
00348       }
00349       ha->netaddr.s_addr &= ha->netmask.s_addr;
00350       if (!strncasecmp(sense, "p", 1)) {
00351          ha->sense = AST_SENSE_ALLOW;
00352       } else {
00353          ha->sense = AST_SENSE_DENY;
00354       }
00355       ha->next = NULL;
00356       if (prev) {
00357          prev->next = ha;
00358       } else {
00359          ret = ha;
00360       }
00361    }
00362    if (option_debug)
00363       ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
00364    return ret;
00365 }

int ast_apply_ha ( struct ast_ha ha,
struct sockaddr_in *  sin 
)

Definition at line 367 of file acl.c.

References ast_copy_string(), ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, LOG_DEBUG, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, option_debug, and ast_ha::sense.

Referenced by ast_sip_ouraddrfor(), authenticate(), check_access(), check_user_full(), parse_register_contact(), register_verify(), and skinny_register().

00368 {
00369    /* Start optimistic */
00370    int res = AST_SENSE_ALLOW;
00371    while (ha) {
00372       char iabuf[INET_ADDRSTRLEN];
00373       char iabuf2[INET_ADDRSTRLEN];
00374       /* DEBUG */
00375       ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00376       ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00377       if (option_debug)
00378          ast_log(LOG_DEBUG, "##### Testing %s with %s\n", iabuf, iabuf2);
00379       /* For each rule, if this address and the netmask = the net address
00380          apply the current rule */
00381       if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr)
00382          res = ha->sense;
00383       ha = ha->next;
00384    }
00385    return res;
00386 }

struct ast_ha* ast_duplicate_ha_list ( struct ast_ha original  ) 

Definition at line 286 of file acl.c.

References ast_duplicate_ha(), and ast_ha::next.

00287 {
00288    struct ast_ha *start = original;
00289    struct ast_ha *ret = NULL;
00290    struct ast_ha *link, *prev = NULL;
00291 
00292    while (start) {
00293       link = ast_duplicate_ha(start);  /* Create copy of this object */
00294       if (prev)
00295          prev->next = link;      /* Link previous to this object */
00296 
00297       if (!ret)
00298          ret = link;    /* Save starting point */
00299 
00300       start = start->next;    /* Go to next object */
00301       prev = link;         /* Save pointer to this object */
00302    }
00303    return ret;             /* Return start of list */
00304 }

int ast_find_ourip ( struct in_addr *  ourip,
struct sockaddr_in  bindaddr 
)

Definition at line 563 of file acl.c.

References ahp, ast_gethostbyname(), ast_log(), ast_ouraddrfor(), get_local_address(), hp, LOG_WARNING, and ourhost.

Referenced by __oh323_rtp_create(), gtalk_create_candidates(), and load_module().

00564 {
00565    char ourhost[MAXHOSTNAMELEN] = "";
00566    struct ast_hostent ahp;
00567    struct hostent *hp;
00568    struct in_addr saddr;
00569 
00570    /* just use the bind address if it is nonzero */
00571    if (ntohl(bindaddr.sin_addr.s_addr)) {
00572       memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip));
00573       return 0;
00574    }
00575    /* try to use our hostname */
00576    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00577       ast_log(LOG_WARNING, "Unable to get hostname\n");
00578    } else {
00579       hp = ast_gethostbyname(ourhost, &ahp);
00580       if (hp) {
00581          memcpy(ourip, hp->h_addr, sizeof(*ourip));
00582          return 0;
00583       }
00584    }
00585    /* A.ROOT-SERVERS.NET. */
00586    if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip))
00587       return 0;
00588    return get_local_address(ourip);
00589 }

void ast_free_ha ( struct ast_ha ha  ) 

Definition at line 253 of file acl.c.

References free, and ast_ha::next.

Referenced by authenticate(), build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), sip_destroy_user(), unload_module(), and user_destructor().

00254 {
00255    struct ast_ha *hal;
00256    while (ha) {
00257       hal = ha;
00258       ha = ha->next;
00259       free(hal);
00260    }
00261 }

int ast_get_ip ( struct sockaddr_in *  sin,
const char *  value 
)

Definition at line 505 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_device(), build_gateway(), build_peer(), build_user(), and peer_set_srcaddr().

00506 {
00507    return ast_get_ip_or_srv(sin, value, NULL);
00508 }

int ast_get_ip_or_srv ( struct sockaddr_in *  sin,
const char *  value,
const char *  service 
)

Definition at line 388 of file acl.c.

References ahp, ast_get_srv(), ast_gethostbyname(), ast_log(), hp, and LOG_WARNING.

Referenced by ast_get_ip(), and build_peer().

00389 {
00390    struct hostent *hp;
00391    struct ast_hostent ahp;
00392    char srv[256];
00393    char host[256];
00394    int tportno = ntohs(sin->sin_port);
00395    if (inet_aton(value, &sin->sin_addr))
00396       return 0;
00397    if (service) {
00398       snprintf(srv, sizeof(srv), "%s.%s", service, value);
00399       if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) {
00400          sin->sin_port = htons(tportno);
00401          value = host;
00402       }
00403    }
00404    hp = ast_gethostbyname(value, &ahp);
00405    if (hp) {
00406       memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr));
00407    } else {
00408       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value);
00409       return -1;
00410    }
00411    return 0;
00412 }

int ast_lookup_iface ( char *  iface,
struct in_addr *  address 
)

Definition at line 511 of file acl.c.

References ast_copy_string(), ast_log(), errno, and LOG_WARNING.

00512 {
00513    int mysock, res = 0;
00514    struct my_ifreq ifreq;
00515 
00516    memset(&ifreq, 0, sizeof(ifreq));
00517    ast_copy_string(ifreq.ifrn_name, iface, sizeof(ifreq.ifrn_name));
00518 
00519    mysock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
00520    res = ioctl(mysock, SIOCGIFADDR, &ifreq);
00521 
00522    close(mysock);
00523    if (res < 0) {
00524       ast_log(LOG_WARNING, "Unable to get IP of %s: %s\n", iface, strerror(errno));
00525       memcpy((char *)address, (char *)&__ourip, sizeof(__ourip));
00526       return -1;
00527    } else {
00528       memcpy((char *)address, (char *)&ifreq.ifru_addr.sin_addr, sizeof(ifreq.ifru_addr.sin_addr));
00529       return 0;
00530    }
00531 }

int ast_ouraddrfor ( struct in_addr *  them,
struct in_addr *  us 
)

Definition at line 533 of file acl.c.

References ast_log(), LOG_WARNING, and s.

Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_device(), build_gateway(), and find_subchannel_and_lock().

00534 {
00535    int s;
00536    struct sockaddr_in sin;
00537    socklen_t slen;
00538 
00539    s = socket(PF_INET, SOCK_DGRAM, 0);
00540    if (s < 0) {
00541       ast_log(LOG_WARNING, "Cannot create socket\n");
00542       return -1;
00543    }
00544    sin.sin_family = AF_INET;
00545    sin.sin_port = 5060;
00546    sin.sin_addr = *them;
00547    if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) {
00548       ast_log(LOG_WARNING, "Cannot connect\n");
00549       close(s);
00550       return -1;
00551    }
00552    slen = sizeof(sin);
00553    if (getsockname(s, (struct sockaddr *)&sin, &slen)) {
00554       ast_log(LOG_WARNING, "Cannot get socket name\n");
00555       close(s);
00556       return -1;
00557    }
00558    close(s);
00559    *us = sin.sin_addr;
00560    return 0;
00561 }

int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Definition at line 445 of file acl.c.

References ast_log(), dscp_pool1, IPTOS_MINCOST, LOG_WARNING, name, and dscp_codepoint::space.

Referenced by iax_template_parse(), and set_config().

00446 {
00447    int fval;
00448    unsigned int x;
00449 
00450    if (sscanf(value, "%i", &fval) == 1) {
00451       *tos = fval & 0xFF;
00452       return 0;
00453    }
00454 
00455    for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
00456       if (!strcasecmp(value, dscp_pool1[x].name)) {
00457          *tos = dscp_pool1[x].space << 2;
00458          return 0;
00459       }
00460    }
00461 
00462    if (!strcasecmp(value, "lowdelay"))
00463       *tos = IPTOS_LOWDELAY;
00464    else if (!strcasecmp(value, "throughput"))
00465       *tos = IPTOS_THROUGHPUT;
00466    else if (!strcasecmp(value, "reliability"))
00467       *tos = IPTOS_RELIABILITY;
00468    else if (!strcasecmp(value, "mincost"))
00469       *tos = IPTOS_MINCOST;
00470    else if (!strcasecmp(value, "none"))
00471       *tos = 0;
00472    else
00473       return -1;
00474 
00475    ast_log(LOG_WARNING, "TOS value %s is deprecated. Please see doc/ip-tos.txt for more information.\n", value);
00476 
00477    return 0;
00478 }

const char* ast_tos2str ( unsigned int  tos  ) 

Definition at line 480 of file acl.c.

References dscp_pool1, IPTOS_MINCOST, name, and dscp_codepoint::space.

Referenced by sip_show_settings().

00481 {
00482    unsigned int x;
00483 
00484    switch (tos) {
00485    case 0:
00486       return "none";
00487    case IPTOS_LOWDELAY:
00488       return "lowdelay";
00489    case IPTOS_THROUGHPUT:
00490       return "throughput";
00491    case IPTOS_RELIABILITY:
00492       return "reliability";
00493    case IPTOS_MINCOST:
00494       return "mincost";
00495    default:
00496       for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
00497          if (dscp_pool1[x].space == (tos >> 2))
00498             return dscp_pool1[x].name;
00499       }
00500    }
00501 
00502    return "unknown";
00503 }


Generated on Fri Apr 24 16:26:04 2009 for Asterisk - the Open Source PBX by  doxygen 1.4.7