#include "asterisk.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <signal.h>
#include <errno.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netdb.h>
#include <net/if.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/ioctl.h>
#include <ifaddrs.h>
#include "asterisk/acl.h"
#include "asterisk/logger.h"
#include "asterisk/channel.h"
#include "asterisk/options.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"
Go to the source code of this file.
Data Structures | |
struct | ast_ha |
struct | dscp_codepoint |
struct | my_ifreq |
Defines | |
#define | IPTOS_LOWCOST 0x02 |
#define | IPTOS_MINCOST IPTOS_LOWCOST |
Functions | |
ast_ha * | ast_append_ha (char *sense, char *stuff, struct ast_ha *path) |
int | ast_apply_ha (struct ast_ha *ha, struct sockaddr_in *sin) |
static void | ast_copy_ha (struct ast_ha *from, struct ast_ha *to) |
static struct ast_ha * | ast_duplicate_ha (struct ast_ha *original) |
ast_ha * | ast_duplicate_ha_list (struct ast_ha *original) |
int | ast_find_ourip (struct in_addr *ourip, struct sockaddr_in bindaddr) |
void | ast_free_ha (struct ast_ha *ha) |
int | ast_get_ip (struct sockaddr_in *sin, const char *value) |
int | ast_get_ip_or_srv (struct sockaddr_in *sin, const char *value, const char *service) |
int | ast_lookup_iface (char *iface, struct in_addr *address) |
int | ast_ouraddrfor (struct in_addr *them, struct in_addr *us) |
int | ast_str2tos (const char *value, unsigned int *tos) |
const char * | ast_tos2str (unsigned int tos) |
static int | get_local_address (struct in_addr *ourip) |
static void | score_address (const struct sockaddr_in *sin, struct in_addr *best_addr, int *best_score) |
Variables | |
static struct in_addr | __ourip = { .s_addr = 0x00000000, } |
static struct dscp_codepoint | dscp_pool1 [] |
Definition in file acl.c.
#define IPTOS_MINCOST IPTOS_LOWCOST |
Definition at line 64 of file acl.c.
Referenced by ast_str2tos(), ast_tos2str(), reload_config(), and set_config().
Definition at line 306 of file acl.c.
References ast_copy_string(), ast_log(), ast_malloc, AST_SENSE_ALLOW, AST_SENSE_DENY, free, LOG_DEBUG, LOG_WARNING, ast_ha::netaddr, ast_ha::next, and option_debug.
Referenced by authenticate(), build_device(), build_gateway(), build_peer(), and build_user().
00307 { 00308 struct ast_ha *ha; 00309 char *nm = "255.255.255.255"; 00310 char tmp[256]; 00311 struct ast_ha *prev = NULL; 00312 struct ast_ha *ret; 00313 int x, z; 00314 unsigned int y; 00315 00316 ret = path; 00317 while (path) { 00318 prev = path; 00319 path = path->next; 00320 } 00321 if ((ha = ast_malloc(sizeof(*ha)))) { 00322 ast_copy_string(tmp, stuff, sizeof(tmp)); 00323 nm = strchr(tmp, '/'); 00324 if (!nm) { 00325 nm = "255.255.255.255"; 00326 } else { 00327 *nm = '\0'; 00328 nm++; 00329 } 00330 if (!strchr(nm, '.')) { 00331 if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) { 00332 y = 0; 00333 for (z = 0; z < x; z++) { 00334 y >>= 1; 00335 y |= 0x80000000; 00336 } 00337 ha->netmask.s_addr = htonl(y); 00338 } 00339 } else if (!inet_aton(nm, &ha->netmask)) { 00340 ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm); 00341 free(ha); 00342 return ret; 00343 } 00344 if (!inet_aton(tmp, &ha->netaddr)) { 00345 ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp); 00346 free(ha); 00347 return ret; 00348 } 00349 ha->netaddr.s_addr &= ha->netmask.s_addr; 00350 if (!strncasecmp(sense, "p", 1)) { 00351 ha->sense = AST_SENSE_ALLOW; 00352 } else { 00353 ha->sense = AST_SENSE_DENY; 00354 } 00355 ha->next = NULL; 00356 if (prev) { 00357 prev->next = ha; 00358 } else { 00359 ret = ha; 00360 } 00361 } 00362 if (option_debug) 00363 ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm); 00364 return ret; 00365 }
int ast_apply_ha | ( | struct ast_ha * | ha, | |
struct sockaddr_in * | sin | |||
) |
Definition at line 367 of file acl.c.
References ast_copy_string(), ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, LOG_DEBUG, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, option_debug, and ast_ha::sense.
Referenced by ast_sip_ouraddrfor(), authenticate(), check_access(), check_user_full(), parse_register_contact(), register_verify(), and skinny_register().
00368 { 00369 /* Start optimistic */ 00370 int res = AST_SENSE_ALLOW; 00371 while (ha) { 00372 char iabuf[INET_ADDRSTRLEN]; 00373 char iabuf2[INET_ADDRSTRLEN]; 00374 /* DEBUG */ 00375 ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf)); 00376 ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2)); 00377 if (option_debug) 00378 ast_log(LOG_DEBUG, "##### Testing %s with %s\n", iabuf, iabuf2); 00379 /* For each rule, if this address and the netmask = the net address 00380 apply the current rule */ 00381 if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr) 00382 res = ha->sense; 00383 ha = ha->next; 00384 } 00385 return res; 00386 }
Definition at line 264 of file acl.c.
References ast_ha::netaddr, ast_ha::netmask, and ast_ha::sense.
Referenced by ast_duplicate_ha().
00265 { 00266 memcpy(&to->netaddr, &from->netaddr, sizeof(from->netaddr)); 00267 memcpy(&to->netmask, &from->netmask, sizeof(from->netmask)); 00268 to->sense = from->sense; 00269 }
Definition at line 272 of file acl.c.
References ast_copy_ha(), and ast_malloc.
Referenced by ast_duplicate_ha_list().
00273 { 00274 struct ast_ha *new_ha; 00275 00276 if ((new_ha = ast_malloc(sizeof(*new_ha)))) { 00277 /* Copy from original to new object */ 00278 ast_copy_ha(original, new_ha); 00279 } 00280 00281 return new_ha; 00282 }
Definition at line 286 of file acl.c.
References ast_duplicate_ha(), and ast_ha::next.
00287 { 00288 struct ast_ha *start = original; 00289 struct ast_ha *ret = NULL; 00290 struct ast_ha *link, *prev = NULL; 00291 00292 while (start) { 00293 link = ast_duplicate_ha(start); /* Create copy of this object */ 00294 if (prev) 00295 prev->next = link; /* Link previous to this object */ 00296 00297 if (!ret) 00298 ret = link; /* Save starting point */ 00299 00300 start = start->next; /* Go to next object */ 00301 prev = link; /* Save pointer to this object */ 00302 } 00303 return ret; /* Return start of list */ 00304 }
int ast_find_ourip | ( | struct in_addr * | ourip, | |
struct sockaddr_in | bindaddr | |||
) |
Definition at line 563 of file acl.c.
References ahp, ast_gethostbyname(), ast_log(), ast_ouraddrfor(), get_local_address(), hp, LOG_WARNING, and ourhost.
Referenced by __oh323_rtp_create(), gtalk_create_candidates(), and load_module().
00564 { 00565 char ourhost[MAXHOSTNAMELEN] = ""; 00566 struct ast_hostent ahp; 00567 struct hostent *hp; 00568 struct in_addr saddr; 00569 00570 /* just use the bind address if it is nonzero */ 00571 if (ntohl(bindaddr.sin_addr.s_addr)) { 00572 memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip)); 00573 return 0; 00574 } 00575 /* try to use our hostname */ 00576 if (gethostname(ourhost, sizeof(ourhost) - 1)) { 00577 ast_log(LOG_WARNING, "Unable to get hostname\n"); 00578 } else { 00579 hp = ast_gethostbyname(ourhost, &ahp); 00580 if (hp) { 00581 memcpy(ourip, hp->h_addr, sizeof(*ourip)); 00582 return 0; 00583 } 00584 } 00585 /* A.ROOT-SERVERS.NET. */ 00586 if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip)) 00587 return 0; 00588 return get_local_address(ourip); 00589 }
void ast_free_ha | ( | struct ast_ha * | ha | ) |
Definition at line 253 of file acl.c.
References free, and ast_ha::next.
Referenced by authenticate(), build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), sip_destroy_user(), unload_module(), and user_destructor().
00254 { 00255 struct ast_ha *hal; 00256 while (ha) { 00257 hal = ha; 00258 ha = ha->next; 00259 free(hal); 00260 } 00261 }
int ast_get_ip | ( | struct sockaddr_in * | sin, | |
const char * | value | |||
) |
Definition at line 505 of file acl.c.
References ast_get_ip_or_srv().
Referenced by build_device(), build_gateway(), build_peer(), build_user(), and peer_set_srcaddr().
00506 { 00507 return ast_get_ip_or_srv(sin, value, NULL); 00508 }
int ast_get_ip_or_srv | ( | struct sockaddr_in * | sin, | |
const char * | value, | |||
const char * | service | |||
) |
Definition at line 388 of file acl.c.
References ahp, ast_get_srv(), ast_gethostbyname(), ast_log(), hp, and LOG_WARNING.
Referenced by ast_get_ip(), and build_peer().
00389 { 00390 struct hostent *hp; 00391 struct ast_hostent ahp; 00392 char srv[256]; 00393 char host[256]; 00394 int tportno = ntohs(sin->sin_port); 00395 if (inet_aton(value, &sin->sin_addr)) 00396 return 0; 00397 if (service) { 00398 snprintf(srv, sizeof(srv), "%s.%s", service, value); 00399 if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) { 00400 sin->sin_port = htons(tportno); 00401 value = host; 00402 } 00403 } 00404 hp = ast_gethostbyname(value, &ahp); 00405 if (hp) { 00406 memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr)); 00407 } else { 00408 ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value); 00409 return -1; 00410 } 00411 return 0; 00412 }
int ast_lookup_iface | ( | char * | iface, | |
struct in_addr * | address | |||
) |
Definition at line 511 of file acl.c.
References ast_copy_string(), ast_log(), errno, and LOG_WARNING.
00512 { 00513 int mysock, res = 0; 00514 struct my_ifreq ifreq; 00515 00516 memset(&ifreq, 0, sizeof(ifreq)); 00517 ast_copy_string(ifreq.ifrn_name, iface, sizeof(ifreq.ifrn_name)); 00518 00519 mysock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); 00520 res = ioctl(mysock, SIOCGIFADDR, &ifreq); 00521 00522 close(mysock); 00523 if (res < 0) { 00524 ast_log(LOG_WARNING, "Unable to get IP of %s: %s\n", iface, strerror(errno)); 00525 memcpy((char *)address, (char *)&__ourip, sizeof(__ourip)); 00526 return -1; 00527 } else { 00528 memcpy((char *)address, (char *)&ifreq.ifru_addr.sin_addr, sizeof(ifreq.ifru_addr.sin_addr)); 00529 return 0; 00530 } 00531 }
int ast_ouraddrfor | ( | struct in_addr * | them, | |
struct in_addr * | us | |||
) |
Definition at line 533 of file acl.c.
References ast_log(), LOG_WARNING, and s.
Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_device(), build_gateway(), and find_subchannel_and_lock().
00534 { 00535 int s; 00536 struct sockaddr_in sin; 00537 socklen_t slen; 00538 00539 s = socket(PF_INET, SOCK_DGRAM, 0); 00540 if (s < 0) { 00541 ast_log(LOG_WARNING, "Cannot create socket\n"); 00542 return -1; 00543 } 00544 sin.sin_family = AF_INET; 00545 sin.sin_port = 5060; 00546 sin.sin_addr = *them; 00547 if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) { 00548 ast_log(LOG_WARNING, "Cannot connect\n"); 00549 close(s); 00550 return -1; 00551 } 00552 slen = sizeof(sin); 00553 if (getsockname(s, (struct sockaddr *)&sin, &slen)) { 00554 ast_log(LOG_WARNING, "Cannot get socket name\n"); 00555 close(s); 00556 return -1; 00557 } 00558 close(s); 00559 *us = sin.sin_addr; 00560 return 0; 00561 }
int ast_str2tos | ( | const char * | value, | |
unsigned int * | tos | |||
) |
Definition at line 445 of file acl.c.
References ast_log(), dscp_pool1, IPTOS_MINCOST, LOG_WARNING, name, and dscp_codepoint::space.
Referenced by iax_template_parse(), and set_config().
00446 { 00447 int fval; 00448 unsigned int x; 00449 00450 if (sscanf(value, "%i", &fval) == 1) { 00451 *tos = fval & 0xFF; 00452 return 0; 00453 } 00454 00455 for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) { 00456 if (!strcasecmp(value, dscp_pool1[x].name)) { 00457 *tos = dscp_pool1[x].space << 2; 00458 return 0; 00459 } 00460 } 00461 00462 if (!strcasecmp(value, "lowdelay")) 00463 *tos = IPTOS_LOWDELAY; 00464 else if (!strcasecmp(value, "throughput")) 00465 *tos = IPTOS_THROUGHPUT; 00466 else if (!strcasecmp(value, "reliability")) 00467 *tos = IPTOS_RELIABILITY; 00468 else if (!strcasecmp(value, "mincost")) 00469 *tos = IPTOS_MINCOST; 00470 else if (!strcasecmp(value, "none")) 00471 *tos = 0; 00472 else 00473 return -1; 00474 00475 ast_log(LOG_WARNING, "TOS value %s is deprecated. Please see doc/ip-tos.txt for more information.\n", value); 00476 00477 return 0; 00478 }
const char* ast_tos2str | ( | unsigned int | tos | ) |
Definition at line 480 of file acl.c.
References dscp_pool1, IPTOS_MINCOST, name, and dscp_codepoint::space.
Referenced by sip_show_settings().
00481 { 00482 unsigned int x; 00483 00484 switch (tos) { 00485 case 0: 00486 return "none"; 00487 case IPTOS_LOWDELAY: 00488 return "lowdelay"; 00489 case IPTOS_THROUGHPUT: 00490 return "throughput"; 00491 case IPTOS_RELIABILITY: 00492 return "reliability"; 00493 case IPTOS_MINCOST: 00494 return "mincost"; 00495 default: 00496 for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) { 00497 if (dscp_pool1[x].space == (tos >> 2)) 00498 return dscp_pool1[x].name; 00499 } 00500 } 00501 00502 return "unknown"; 00503 }
static int get_local_address | ( | struct in_addr * | ourip | ) | [static] |
Definition at line 154 of file acl.c.
References free, malloc, s, and score_address().
Referenced by ast_find_ourip().
00155 { 00156 int s, res = -1; 00157 #ifdef SOLARIS 00158 struct lifreq *ifr = NULL; 00159 struct lifnum ifn; 00160 struct lifconf ifc; 00161 struct sockaddr_in *sa; 00162 char *buf = NULL; 00163 int bufsz, x; 00164 #endif /* SOLARIS */ 00165 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00166 struct ifaddrs *ifap, *ifaphead; 00167 int rtnerr; 00168 const struct sockaddr_in *sin; 00169 #endif /* BSD_OR_LINUX */ 00170 struct in_addr best_addr; 00171 int best_score = -100; 00172 memset(&best_addr, 0, sizeof(best_addr)); 00173 00174 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00175 rtnerr = getifaddrs(&ifaphead); 00176 if (rtnerr) { 00177 perror(NULL); 00178 return -1; 00179 } 00180 #endif /* BSD_OR_LINUX */ 00181 00182 s = socket(AF_INET, SOCK_STREAM, 0); 00183 00184 if (s > 0) { 00185 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00186 for (ifap = ifaphead; ifap; ifap = ifap->ifa_next) { 00187 00188 if (ifap->ifa_addr && ifap->ifa_addr->sa_family == AF_INET) { 00189 sin = (const struct sockaddr_in *) ifap->ifa_addr; 00190 score_address(sin, &best_addr, &best_score); 00191 res = 0; 00192 00193 if (best_score == 0) 00194 break; 00195 } 00196 } 00197 #endif /* BSD_OR_LINUX */ 00198 00199 /* There is no reason whatsoever that this shouldn't work on Linux or BSD also. */ 00200 #ifdef SOLARIS 00201 /* Get a count of interfaces on the machine */ 00202 ifn.lifn_family = AF_INET; 00203 ifn.lifn_flags = 0; 00204 ifn.lifn_count = 0; 00205 if (ioctl(s, SIOCGLIFNUM, &ifn) < 0) { 00206 close(s); 00207 return -1; 00208 } 00209 00210 bufsz = ifn.lifn_count * sizeof(struct lifreq); 00211 if (!(buf = malloc(bufsz))) { 00212 close(s); 00213 return -1; 00214 } 00215 memset(buf, 0, bufsz); 00216 00217 /* Get a list of interfaces on the machine */ 00218 ifc.lifc_len = bufsz; 00219 ifc.lifc_buf = buf; 00220 ifc.lifc_family = AF_INET; 00221 ifc.lifc_flags = 0; 00222 if (ioctl(s, SIOCGLIFCONF, &ifc) < 0) { 00223 close(s); 00224 free(buf); 00225 return -1; 00226 } 00227 00228 for (ifr = ifc.lifc_req, x = 0; x < ifn.lifn_count; ifr++, x++) { 00229 sa = (struct sockaddr_in *)&(ifr->lifr_addr); 00230 score_address(sa, &best_addr, &best_score); 00231 res = 0; 00232 00233 if (best_score == 0) 00234 break; 00235 } 00236 00237 free(buf); 00238 #endif /* SOLARIS */ 00239 00240 close(s); 00241 } 00242 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__linux__) || defined(__Darwin__) 00243 freeifaddrs(ifaphead); 00244 #endif /* BSD_OR_LINUX */ 00245 00246 if (res == 0 && ourip) 00247 memcpy(ourip, &best_addr, sizeof(*ourip)); 00248 return res; 00249 }
static void score_address | ( | const struct sockaddr_in * | sin, | |
struct in_addr * | best_addr, | |||
int * | best_score | |||
) | [static] |
Definition at line 97 of file acl.c.
References ast_inet_ntoa().
Referenced by get_local_address().
00098 { 00099 const char *address; 00100 int score; 00101 00102 address = ast_inet_ntoa(sin->sin_addr); 00103 00104 /* RFC 1700 alias for the local network */ 00105 if (address[0] == '0') 00106 score = -25; 00107 /* RFC 1700 localnet */ 00108 else if (strncmp(address, "127", 3) == 0) 00109 score = -20; 00110 /* RFC 1918 non-public address space */ 00111 else if (strncmp(address, "10.", 3) == 0) 00112 score = -5; 00113 /* RFC 1918 non-public address space */ 00114 else if (strncmp(address, "172", 3) == 0) { 00115 /* 172.16.0.0 - 172.19.255.255, but not 172.160.0.0 - 172.169.255.255 */ 00116 if (address[4] == '1' && address[5] >= '6' && address[6] == '.') 00117 score = -5; 00118 /* 172.20.0.0 - 172.29.255.255, but not 172.200.0.0 - 172.255.255.255 nor 172.2.0.0 - 172.2.255.255 */ 00119 else if (address[4] == '2' && address[6] == '.') 00120 score = -5; 00121 /* 172.30.0.0 - 172.31.255.255 */ 00122 else if (address[4] == '3' && address[5] <= '1') 00123 score = -5; 00124 /* All other 172 addresses are public */ 00125 else 00126 score = 0; 00127 /* RFC 2544 Benchmark test range */ 00128 } else if (strncmp(address, "198.1", 5) == 0 && address[5] >= '8' && address[6] == '.') 00129 score = -10; 00130 /* RFC 1918 non-public address space */ 00131 else if (strncmp(address, "192.168", 7) == 0) 00132 score = -5; 00133 /* RFC 3330 Zeroconf network */ 00134 else if (strncmp(address, "169.254", 7) == 0) 00135 /*!\note Better score than a test network, but not quite as good as RFC 1918 00136 * address space. The reason is that some Linux distributions automatically 00137 * configure a Zeroconf address before trying DHCP, so we want to prefer a 00138 * DHCP lease to a Zeroconf address. 00139 */ 00140 score = -10; 00141 /* RFC 3330 Test network */ 00142 else if (strncmp(address, "192.0.2.", 8) == 0) 00143 score = -15; 00144 /* Every other address should be publically routable */ 00145 else 00146 score = 0; 00147 00148 if (score > *best_score) { 00149 *best_score = score; 00150 memcpy(best_addr, &sin->sin_addr, sizeof(*best_addr)); 00151 } 00152 }
struct in_addr __ourip = { .s_addr = 0x00000000, } [static] |
Definition at line 84 of file acl.c.
Referenced by build_device(), build_gateway(), find_subchannel_and_lock(), gtalk_create_candidates(), load_module(), reload_config(), sip_alloc(), sip_notify(), sip_poke_peer(), sip_request_call(), sip_send_mwi_to_peer(), skinny_register(), transmit_register(), and transmit_response_using_temp().
struct dscp_codepoint dscp_pool1[] [static] |