Fri Sep 25 19:28:16 2009

Asterisk developer's documentation


acl.h File Reference

Access Control of various sorts. More...

#include <netinet/in.h>
#include "asterisk/io.h"

Include dependency graph for acl.h:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define AST_SENSE_ALLOW   1
#define AST_SENSE_DENY   0

Functions

struct ast_haast_append_ha (char *sense, char *stuff, struct ast_ha *path)
int ast_apply_ha (struct ast_ha *ha, struct sockaddr_in *sin)
struct ast_haast_duplicate_ha_list (struct ast_ha *original)
int ast_find_ourip (struct in_addr *ourip, struct sockaddr_in bindaddr)
void ast_free_ha (struct ast_ha *ha)
int ast_get_ip (struct sockaddr_in *sin, const char *value)
int ast_get_ip_or_srv (struct sockaddr_in *sin, const char *value, const char *service)
int ast_lookup_iface (char *iface, struct in_addr *address)
int ast_ouraddrfor (struct in_addr *them, struct in_addr *us)
int ast_str2tos (const char *value, unsigned int *tos)
const char * ast_tos2str (unsigned int tos)


Detailed Description

Access Control of various sorts.

Definition in file acl.h.


Define Documentation

#define AST_SENSE_ALLOW   1

Definition at line 35 of file acl.h.

Referenced by ast_append_ha(), and ast_apply_ha().

#define AST_SENSE_DENY   0

Definition at line 34 of file acl.h.

Referenced by ast_append_ha().


Function Documentation

struct ast_ha* ast_append_ha ( char *  sense,
char *  stuff,
struct ast_ha path 
) [read]

Definition at line 143 of file acl.c.

References ast_log(), ast_malloc, AST_SENSE_ALLOW, AST_SENSE_DENY, free, LOG_DEBUG, LOG_WARNING, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, option_debug, and ast_ha::sense.

Referenced by authenticate(), build_device(), build_gateway(), build_peer(), build_user(), and reload_config().

00144 {
00145    struct ast_ha *ha;
00146    char *nm = "255.255.255.255";
00147    char tmp[256];
00148    struct ast_ha *prev = NULL;
00149    struct ast_ha *ret;
00150    int x, z;
00151    unsigned int y;
00152 
00153    ret = path;
00154    while (path) {
00155       prev = path;
00156       path = path->next;
00157    }
00158    if ((ha = ast_malloc(sizeof(*ha)))) {
00159       ast_copy_string(tmp, stuff, sizeof(tmp));
00160       nm = strchr(tmp, '/');
00161       if (!nm) {
00162          nm = "255.255.255.255";
00163       } else {
00164          *nm = '\0';
00165          nm++;
00166       }
00167       if (!strchr(nm, '.')) {
00168          if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) {
00169             y = 0;
00170             for (z = 0; z < x; z++) {
00171                y >>= 1;
00172                y |= 0x80000000;
00173             }
00174             ha->netmask.s_addr = htonl(y);
00175          }
00176       } else if (!inet_aton(nm, &ha->netmask)) {
00177          ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
00178          free(ha);
00179          return ret;
00180       }
00181       if (!inet_aton(tmp, &ha->netaddr)) {
00182          ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
00183          free(ha);
00184          return ret;
00185       }
00186       ha->netaddr.s_addr &= ha->netmask.s_addr;
00187       if (!strncasecmp(sense, "p", 1)) {
00188          ha->sense = AST_SENSE_ALLOW;
00189       } else {
00190          ha->sense = AST_SENSE_DENY;
00191       }
00192       ha->next = NULL;
00193       if (prev) {
00194          prev->next = ha;
00195       } else {
00196          ret = ha;
00197       }
00198    }
00199    if (option_debug)
00200       ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
00201    return ret;
00202 }

int ast_apply_ha ( struct ast_ha ha,
struct sockaddr_in *  sin 
)

Definition at line 204 of file acl.c.

References ast_inet_ntoa(), ast_log(), AST_SENSE_ALLOW, LOG_DEBUG, ast_ha::netaddr, ast_ha::netmask, ast_ha::next, option_debug, and ast_ha::sense.

Referenced by ast_sip_ouraddrfor(), authenticate(), check_access(), check_user_full(), register_verify(), and skinny_register().

00205 {
00206    /* Start optimistic */
00207    int res = AST_SENSE_ALLOW;
00208    while (ha) {
00209       char iabuf[INET_ADDRSTRLEN];
00210       char iabuf2[INET_ADDRSTRLEN];
00211       /* DEBUG */
00212       ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
00213       ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
00214       if (option_debug)
00215          ast_log(LOG_DEBUG, "##### Testing %s with %s\n", iabuf, iabuf2);
00216       /* For each rule, if this address and the netmask = the net address
00217          apply the current rule */
00218       if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr)
00219          res = ha->sense;
00220       ha = ha->next;
00221    }
00222    return res;
00223 }

struct ast_ha* ast_duplicate_ha_list ( struct ast_ha original  )  [read]

Definition at line 123 of file acl.c.

References ast_duplicate_ha(), and ast_ha::next.

00124 {
00125    struct ast_ha *start = original;
00126    struct ast_ha *ret = NULL;
00127    struct ast_ha *link, *prev = NULL;
00128 
00129    while (start) {
00130       link = ast_duplicate_ha(start);  /* Create copy of this object */
00131       if (prev)
00132          prev->next = link;      /* Link previous to this object */
00133 
00134       if (!ret)
00135          ret = link;    /* Save starting point */
00136 
00137       start = start->next;    /* Go to next object */
00138       prev = link;         /* Save pointer to this object */
00139    }
00140    return ret;             /* Return start of list */
00141 }

int ast_find_ourip ( struct in_addr *  ourip,
struct sockaddr_in  bindaddr 
)

Definition at line 400 of file acl.c.

References ast_gethostbyname(), ast_log(), ast_ouraddrfor(), hp, LOG_WARNING, and ourhost.

Referenced by __oh323_rtp_create(), gtalk_create_candidates(), load_module(), and reload_config().

00401 {
00402    char ourhost[MAXHOSTNAMELEN] = "";
00403    struct ast_hostent ahp;
00404    struct hostent *hp;
00405    struct in_addr saddr;
00406 
00407    /* just use the bind address if it is nonzero */
00408    if (ntohl(bindaddr.sin_addr.s_addr)) {
00409       memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip));
00410       return 0;
00411    }
00412    /* try to use our hostname */
00413    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00414       ast_log(LOG_WARNING, "Unable to get hostname\n");
00415    } else {
00416       hp = ast_gethostbyname(ourhost, &ahp);
00417       if (hp) {
00418          memcpy(ourip, hp->h_addr, sizeof(*ourip));
00419          return 0;
00420       }
00421    }
00422    /* A.ROOT-SERVERS.NET. */
00423    if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip))
00424       return 0;
00425    return -1;
00426 }

void ast_free_ha ( struct ast_ha ha  ) 

Definition at line 90 of file acl.c.

References free, and ast_ha::next.

Referenced by authenticate(), build_peer(), build_user(), destroy_gateway(), oh323_destroy_peer(), oh323_destroy_user(), peer_destructor(), reload_config(), sip_destroy_peer(), sip_destroy_user(), unload_module(), and user_destructor().

00091 {
00092    struct ast_ha *hal;
00093    while (ha) {
00094       hal = ha;
00095       ha = ha->next;
00096       free(hal);
00097    }
00098 }

int ast_get_ip ( struct sockaddr_in *  sin,
const char *  value 
)

Definition at line 342 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_device(), build_gateway(), build_peer(), build_user(), and peer_set_srcaddr().

00343 {
00344    return ast_get_ip_or_srv(sin, value, NULL);
00345 }

int ast_get_ip_or_srv ( struct sockaddr_in *  sin,
const char *  value,
const char *  service 
)

Definition at line 225 of file acl.c.

References ast_get_srv(), ast_gethostbyname(), ast_log(), hp, and LOG_WARNING.

Referenced by ast_get_ip(), build_peer(), and reload_config().

00226 {
00227    struct hostent *hp;
00228    struct ast_hostent ahp;
00229    char srv[256];
00230    char host[256];
00231    int tportno = ntohs(sin->sin_port);
00232    if (inet_aton(value, &sin->sin_addr))
00233       return 0;
00234    if (service) {
00235       snprintf(srv, sizeof(srv), "%s.%s", service, value);
00236       if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) {
00237          sin->sin_port = htons(tportno);
00238          value = host;
00239       }
00240    }
00241    hp = ast_gethostbyname(value, &ahp);
00242    if (hp) {
00243       memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr));
00244    } else {
00245       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value);
00246       return -1;
00247    }
00248    return 0;
00249 }

int ast_lookup_iface ( char *  iface,
struct in_addr *  address 
)

Definition at line 348 of file acl.c.

References ast_log(), errno, my_ifreq::ifrn_name, my_ifreq::ifru_addr, and LOG_WARNING.

00349 {
00350    int mysock, res = 0;
00351    struct my_ifreq ifreq;
00352 
00353    memset(&ifreq, 0, sizeof(ifreq));
00354    ast_copy_string(ifreq.ifrn_name, iface, sizeof(ifreq.ifrn_name));
00355 
00356    mysock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
00357    res = ioctl(mysock, SIOCGIFADDR, &ifreq);
00358 
00359    close(mysock);
00360    if (res < 0) {
00361       ast_log(LOG_WARNING, "Unable to get IP of %s: %s\n", iface, strerror(errno));
00362       memcpy((char *)address, (char *)&__ourip, sizeof(__ourip));
00363       return -1;
00364    } else {
00365       memcpy((char *)address, (char *)&ifreq.ifru_addr.sin_addr, sizeof(ifreq.ifru_addr.sin_addr));
00366       return 0;
00367    }
00368 }

int ast_ouraddrfor ( struct in_addr *  them,
struct in_addr *  us 
)

Definition at line 370 of file acl.c.

References ast_log(), LOG_WARNING, and s.

Referenced by ast_find_ourip(), ast_sip_ouraddrfor(), build_device(), build_gateway(), and find_subchannel_and_lock().

00371 {
00372    int s;
00373    struct sockaddr_in sin;
00374    socklen_t slen;
00375 
00376    s = socket(PF_INET, SOCK_DGRAM, 0);
00377    if (s < 0) {
00378       ast_log(LOG_WARNING, "Cannot create socket\n");
00379       return -1;
00380    }
00381    sin.sin_family = AF_INET;
00382    sin.sin_port = 5060;
00383    sin.sin_addr = *them;
00384    if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) {
00385       ast_log(LOG_WARNING, "Cannot connect\n");
00386       close(s);
00387       return -1;
00388    }
00389    slen = sizeof(sin);
00390    if (getsockname(s, (struct sockaddr *)&sin, &slen)) {
00391       ast_log(LOG_WARNING, "Cannot get socket name\n");
00392       close(s);
00393       return -1;
00394    }
00395    close(s);
00396    *us = sin.sin_addr;
00397    return 0;
00398 }

int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Definition at line 282 of file acl.c.

References ast_log(), IPTOS_MINCOST, LOG_WARNING, name, and dscp_codepoint::space.

Referenced by iax_template_parse(), reload_config(), and set_config().

00283 {
00284    int fval;
00285    unsigned int x;
00286 
00287    if (sscanf(value, "%i", &fval) == 1) {
00288       *tos = fval & 0xFF;
00289       return 0;
00290    }
00291 
00292    for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
00293       if (!strcasecmp(value, dscp_pool1[x].name)) {
00294          *tos = dscp_pool1[x].space << 2;
00295          return 0;
00296       }
00297    }
00298 
00299    if (!strcasecmp(value, "lowdelay"))
00300       *tos = IPTOS_LOWDELAY;
00301    else if (!strcasecmp(value, "throughput"))
00302       *tos = IPTOS_THROUGHPUT;
00303    else if (!strcasecmp(value, "reliability"))
00304       *tos = IPTOS_RELIABILITY;
00305    else if (!strcasecmp(value, "mincost"))
00306       *tos = IPTOS_MINCOST;
00307    else if (!strcasecmp(value, "none"))
00308       *tos = 0;
00309    else
00310       return -1;
00311 
00312    ast_log(LOG_WARNING, "TOS value %s is deprecated. Please see doc/ip-tos.txt for more information.\n", value);
00313 
00314    return 0;
00315 }

const char* ast_tos2str ( unsigned int  tos  ) 

Definition at line 317 of file acl.c.

References IPTOS_MINCOST, name, and space.

Referenced by reload_config(), and sip_show_settings().

00318 {
00319    unsigned int x;
00320 
00321    switch (tos) {
00322    case 0:
00323       return "none";
00324    case IPTOS_LOWDELAY:
00325       return "lowdelay";
00326    case IPTOS_THROUGHPUT:
00327       return "throughput";
00328    case IPTOS_RELIABILITY:
00329       return "reliability";
00330    case IPTOS_MINCOST:
00331       return "mincost";
00332    default:
00333       for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
00334          if (dscp_pool1[x].space == (tos >> 2))
00335             return dscp_pool1[x].name;
00336       }
00337    }
00338 
00339    return "unknown";
00340 }


Generated on Fri Sep 25 19:28:16 2009 for Asterisk - the Open Source PBX by  doxygen 1.5.5