Sat Mar 24 23:26:07 2007

Asterisk developer's documentation


acl.h File Reference

Access Control of various sorts. More...

#include <netinet/in.h>
#include "asterisk/io.h"

Include dependency graph for acl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define AST_SENSE_ALLOW   1
#define AST_SENSE_DENY   0

Functions

ast_haast_append_ha (char *sense, char *stuff, struct ast_ha *path)
int ast_apply_ha (struct ast_ha *ha, struct sockaddr_in *sin)
ast_haast_duplicate_ha_list (struct ast_ha *original)
int ast_find_ourip (struct in_addr *ourip, struct sockaddr_in bindaddr)
void ast_free_ha (struct ast_ha *ha)
int ast_get_ip (struct sockaddr_in *sin, const char *value)
int ast_get_ip_or_srv (struct sockaddr_in *sin, const char *value, const char *service)
int ast_lookup_iface (char *iface, struct in_addr *address)
int ast_ouraddrfor (struct in_addr *them, struct in_addr *us)
int ast_str2tos (const char *value, int *tos)


Detailed Description

Access Control of various sorts.

Definition in file acl.h.


Define Documentation

#define AST_SENSE_ALLOW   1
 

Definition at line 35 of file acl.h.

Referenced by ast_append_ha(), and ast_apply_ha().

#define AST_SENSE_DENY   0
 

Definition at line 34 of file acl.h.

Referenced by ast_append_ha().


Function Documentation

struct ast_ha* ast_append_ha char *  sense,
char *  stuff,
struct ast_ha path
 

Definition at line 144 of file acl.c.

References ast_log(), AST_SENSE_ALLOW, AST_SENSE_DENY, free, LOG_WARNING, malloc, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, and ast_ha::sense.

Referenced by authenticate(), build_device(), build_gateway(), build_peer(), build_user(), and reload_config().

00145 {
00146    struct ast_ha *ha = malloc(sizeof(struct ast_ha));
00147    char *nm = "255.255.255.255";
00148    char tmp[256];
00149    struct ast_ha *prev = NULL;
00150    struct ast_ha *ret;
00151    int x, z;
00152    unsigned int y;
00153    ret = path;
00154    while (path) {
00155       prev = path;
00156       path = path->next;
00157    }
00158    if (ha) {
00159       ast_copy_string(tmp, stuff, sizeof(tmp));
00160       nm = strchr(tmp, '/');
00161       if (!nm) {
00162          nm = "255.255.255.255";
00163       } else {
00164          *nm = '\0';
00165          nm++;
00166       }
00167       if (!strchr(nm, '.')) {
00168          if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) {
00169             y = 0;
00170             for (z=0;z<x;z++) {
00171                y >>= 1;
00172                y |= 0x80000000;
00173             }
00174             ha->netmask.s_addr = htonl(y);
00175          }
00176       } else if (!inet_aton(nm, &ha->netmask)) {
00177          ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
00178          free(ha);
00179          return path;
00180       }
00181       if (!inet_aton(tmp, &ha->netaddr)) {
00182          ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
00183          free(ha);
00184          return path;
00185       }
00186       ha->netaddr.s_addr &= ha->netmask.s_addr;
00187       if (!strncasecmp(sense, "p", 1)) {
00188          ha->sense = AST_SENSE_ALLOW;
00189       } else {
00190          ha->sense = AST_SENSE_DENY;
00191       }
00192       ha->next = NULL;
00193       if (prev) {
00194          prev->next = ha;
00195       } else {
00196          ret = ha;
00197       }
00198    }
00199    ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
00200    return ret;
00201 }

int ast_apply_ha struct ast_ha ha,
struct sockaddr_in *  sin
 

Definition at line 203 of file acl.c.

References ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, LOG_DEBUG, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, and ast_ha::sense.

Referenced by ast_sip_ouraddrfor(), authenticate(), check_access(), check_user_full(), register_verify(), and skinny_register().

00204 {
00205    /* Start optimistic */
00206    int res = AST_SENSE_ALLOW;
00207    while (ha) {
00208       char iabuf[INET_ADDRSTRLEN];
00209       char iabuf2[INET_ADDRSTRLEN];
00210       /* DEBUG */
00211       ast_log(LOG_DEBUG,
00212          "##### Testing %s with %s\n",
00213          ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr),
00214          ast_inet_ntoa(iabuf2, sizeof(iabuf2), ha->netaddr));
00215       /* For each rule, if this address and the netmask = the net address
00216          apply the current rule */
00217       if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr)
00218          res = ha->sense;
00219       ha = ha->next;
00220    }
00221    return res;
00222 }

struct ast_ha* ast_duplicate_ha_list struct ast_ha original  ) 
 

Definition at line 124 of file acl.c.

References ast_duplicate_ha(), and ast_ha::next.

00125 {
00126    struct ast_ha *start=original;
00127    struct ast_ha *ret = NULL;
00128    struct ast_ha *link,*prev=NULL;
00129 
00130    while (start) {
00131       link = ast_duplicate_ha(start);  /* Create copy of this object */
00132       if (prev)
00133          prev->next = link;      /* Link previous to this object */
00134 
00135       if (!ret) 
00136          ret = link;    /* Save starting point */
00137 
00138       start = start->next;    /* Go to next object */
00139       prev = link;         /* Save pointer to this object */
00140    }
00141    return ret;             /* Return start of list */
00142 }

int ast_find_ourip struct in_addr *  ourip,
struct sockaddr_in  bindaddr
 

Definition at line 328 of file acl.c.

References ahp, ast_gethostbyname(), ast_log(), ast_ouraddrfor(), hp, LOG_WARNING, and ourhost.

Referenced by reload_config().

00329 {
00330    char ourhost[MAXHOSTNAMELEN] = "";
00331    struct ast_hostent ahp;
00332    struct hostent *hp;
00333    struct in_addr saddr;
00334 
00335    /* just use the bind address if it is nonzero */
00336    if (ntohl(bindaddr.sin_addr.s_addr)) {
00337       memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip));
00338       return 0;
00339    }
00340    /* try to use our hostname */
00341    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00342       ast_log(LOG_WARNING, "Unable to get hostname\n");
00343    } else {
00344       hp = ast_gethostbyname(ourhost, &ahp);
00345       if (hp) {
00346          memcpy(ourip, hp->h_addr, sizeof(*ourip));
00347          return 0;
00348       }
00349    }
00350    /* A.ROOT-SERVERS.NET. */
00351    if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip))
00352       return 0;
00353    return -1;
00354 }

void ast_free_ha struct ast_ha ha  ) 
 

Definition at line 94 of file acl.c.

References free, and ast_ha::next.

Referenced by authenticate(), build_peer(), build_user(), destroy_gateway(), destroy_peer(), destroy_user(), sip_destroy_peer(), sip_destroy_user(), and unload_module().

00095 {
00096    struct ast_ha *hal;
00097    while(ha) {
00098       hal = ha;
00099       ha = ha->next;
00100       free(hal);
00101    }
00102 }

int ast_get_ip struct sockaddr_in *  sin,
const char *  value
 

Definition at line 270 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_device(), build_gateway(), build_peer(), build_user(), and peer_set_srcaddr().

00271 {
00272    return ast_get_ip_or_srv(sin, value, NULL);
00273 }

int ast_get_ip_or_srv struct sockaddr_in *  sin,
const char *  value,
const char *  service
 

Definition at line 224 of file acl.c.

References ahp, ast_get_srv(), ast_gethostbyname(), ast_log(), host, hp, and LOG_WARNING.

Referenced by ast_get_ip(), build_peer(), and reload_config().

00225 {
00226    struct hostent *hp;
00227    struct ast_hostent ahp;
00228    char srv[256];
00229    char host[256];
00230    int tportno = ntohs(sin->sin_port);
00231    if (inet_aton(value, &sin->sin_addr))
00232       return 0;
00233    if (service) {
00234       snprintf(srv, sizeof(srv), "%s.%s", service, value);
00235       if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) {
00236          sin->sin_port = htons(tportno);
00237          value = host;
00238       }
00239    }
00240    hp = ast_gethostbyname(value, &ahp);
00241    if (hp) {
00242       memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr));
00243    } else {
00244       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value);
00245       return -1;
00246    }
00247    return 0;
00248 }

int ast_lookup_iface char *  iface,
struct in_addr *  address
 

Definition at line 276 of file acl.c.

References __ourip, ast_log(), and LOG_WARNING.

00277 {
00278    int mysock, res = 0;
00279    struct my_ifreq ifreq;
00280 
00281    memset(&ifreq, 0, sizeof(ifreq));
00282    ast_copy_string(ifreq.ifrn_name, iface, sizeof(ifreq.ifrn_name));
00283 
00284    mysock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
00285    res = ioctl(mysock, SIOCGIFADDR, &ifreq);
00286 
00287    close(mysock);
00288    if (res < 0) {
00289       ast_log(LOG_WARNING, "Unable to get IP of %s: %s\n", iface, strerror(errno));
00290       memcpy((char *)address, (char *)&__ourip, sizeof(__ourip));
00291       return -1;
00292    } else {
00293       memcpy((char *)address, (char *)&ifreq.ifru_addr.sin_addr, sizeof(ifreq.ifru_addr.sin_addr));
00294       return 0;
00295    }
00296 }

int ast_ouraddrfor struct in_addr *  them,
struct in_addr *  us
 

Definition at line 298 of file acl.c.

References ast_log(), LOG_WARNING, and s.

Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), and find_subchannel_and_lock().

00299 {
00300    int s;
00301    struct sockaddr_in sin;
00302    socklen_t slen;
00303 
00304    s = socket(PF_INET, SOCK_DGRAM, 0);
00305    if (s < 0) {
00306       ast_log(LOG_WARNING, "Cannot create socket\n");
00307       return -1;
00308    }
00309    sin.sin_family = AF_INET;
00310    sin.sin_port = 5060;
00311    sin.sin_addr = *them;
00312    if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) {
00313       ast_log(LOG_WARNING, "Cannot connect\n");
00314       close(s);
00315       return -1;
00316    }
00317    slen = sizeof(sin);
00318    if (getsockname(s, (struct sockaddr *)&sin, &slen)) {
00319       ast_log(LOG_WARNING, "Cannot get socket name\n");
00320       close(s);
00321       return -1;
00322    }
00323    close(s);
00324    *us = sin.sin_addr;
00325    return 0;
00326 }

int ast_str2tos const char *  value,
int *  tos
 

Definition at line 250 of file acl.c.

References IPTOS_MINCOST.

Referenced by reload_config(), and set_config().

00251 {
00252    int fval;
00253    if (sscanf(value, "%i", &fval) == 1)
00254       *tos = fval & 0xff;
00255    else if (!strcasecmp(value, "lowdelay"))
00256       *tos = IPTOS_LOWDELAY;
00257    else if (!strcasecmp(value, "throughput"))
00258       *tos = IPTOS_THROUGHPUT;
00259    else if (!strcasecmp(value, "reliability"))
00260       *tos = IPTOS_RELIABILITY;
00261    else if (!strcasecmp(value, "mincost"))
00262       *tos = IPTOS_MINCOST;
00263    else if (!strcasecmp(value, "none"))
00264       *tos = 0;
00265    else
00266       return -1;
00267    return 0;
00268 }


Generated on Sat Mar 24 23:26:07 2007 for Asterisk - the Open Source PBX by  doxygen 1.4.6