Asterisk - The Open Source Telephony Project  18.5.0
Data Structures | Macros | Functions | Variables
named_acl.c File Reference

Named Access Control Lists. More...

#include "asterisk.h"
#include "asterisk/config.h"
#include "asterisk/config_options.h"
#include "asterisk/utils.h"
#include "asterisk/module.h"
#include "asterisk/cli.h"
#include "asterisk/acl.h"
#include "asterisk/astobj2.h"
#include "asterisk/paths.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"
Include dependency graph for named_acl.c:

Go to the source code of this file.

Data Structures

struct  named_acl
 
struct  named_acl_config
 

Macros

#define ACL_FAMILY   "acls"
 
#define AST_MODULE   "acl"
 
#define NACL_CONFIG   "acl.conf"
 

Functions

static void __reg_module (void)
 
static void __unreg_module (void)
 
static int acl_order_comparator (struct ast_category *p, struct ast_category *q)
 
static AO2_GLOBAL_OBJ_STATIC (globals)
 
struct ast_moduleAST_MODULE_SELF_SYM (void)
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL. More...
 
static void cli_display_named_acl (int fd, const char *name)
 
static void cli_display_named_acl_list (int fd)
 
 CONFIG_INFO_CORE ("named_acl", cfg_info, globals, named_acl_config_alloc,.files=ACO_FILES(&named_acl_conf),)
 
static void destroy_named_acl (void *obj)
 Destroy a named ACL object. More...
 
static char * handle_show_named_acl_cmd (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 
static int load_module (void)
 
static void * named_acl_alloc (const char *cat)
 Create a named ACL structure. More...
 
static void * named_acl_config_alloc (void)
 allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code More...
 
static void named_acl_config_destructor (void *obj)
 destructor for named_acl_config More...
 
static void * named_acl_find (struct ao2_container *container, const char *cat)
 Find a named ACL in a container by its name. More...
 
static struct named_aclnamed_acl_find_realtime (const char *name)
 
static int publish_acl_change (const char *name)
 
static int reload_module (void)
 
 STASIS_MESSAGE_TYPE_DEFN (ast_named_acl_change_type)
 Message type for named ACL changes. More...
 
static int unload_module (void)
 

Variables

static struct ast_module_info __mod_info = { .name = "acl" , .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "30ef0c93b36035ec78c9cfd712d36d9b" , .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
 
static const struct ast_module_infoast_module_info = &__mod_info
 
static struct ast_cli_entry cli_named_acl []
 
struct aco_file named_acl_conf
 
static struct aco_type named_acl_type
 
struct aco_typenamed_acl_types [] = ACO_TYPES(&named_acl_type)
 

Detailed Description

Named Access Control Lists.

Author
Jonathan Rose jrose[email protected]@dig[email protected]ium.c[email protected]om
Note
Based on a feature proposed by Olle E. Johansson [email protected][email protected]dvin[email protected]a.net

Definition in file named_acl.c.

Macro Definition Documentation

◆ ACL_FAMILY

#define ACL_FAMILY   "acls"

Definition at line 50 of file named_acl.c.

Referenced by ast_named_acl_find(), and named_acl_find_realtime().

◆ AST_MODULE

#define AST_MODULE   "acl"

Definition at line 33 of file named_acl.c.

◆ NACL_CONFIG

#define NACL_CONFIG   "acl.conf"

Definition at line 49 of file named_acl.c.

Function Documentation

◆ __reg_module()

static void __reg_module ( void  )
static

Definition at line 590 of file named_acl.c.

◆ __unreg_module()

static void __unreg_module ( void  )
static

Definition at line 590 of file named_acl.c.

◆ acl_order_comparator()

static int acl_order_comparator ( struct ast_category p,
struct ast_category q 
)
static

Definition at line 201 of file named_acl.c.

References ast_category_first(), ast_variable::name, ast_variable::next, and ast_variable::value.

Referenced by named_acl_find_realtime().

202 {
203  int p_value = 0, q_value = 0;
204  struct ast_variable *p_var = ast_category_first(p);
205  struct ast_variable *q_var = ast_category_first(q);
206 
207  while (p_var) {
208  if (!strcasecmp(p_var->name, "rule_order")) {
209  p_value = atoi(p_var->value);
210  break;
211  }
212  p_var = p_var->next;
213  }
214 
215  while (q_var) {
216  if (!strcasecmp(q_var->name, "rule_order")) {
217  q_value = atoi(q_var->value);
218  break;
219  }
220  q_var = q_var->next;
221  }
222 
223  if (p_value < q_value) {
224  return -1;
225  } else if (q_value < p_value) {
226  return 1;
227  }
228 
229  return 0;
230 }
struct ast_variable * next
Structure for variables, used for configurations and for channel variables.
struct ast_variable * ast_category_first(struct ast_category *cat)
given a pointer to a category, return the root variable.
Definition: main/config.c:1157

◆ AO2_GLOBAL_OBJ_STATIC()

static AO2_GLOBAL_OBJ_STATIC ( globals  )
static

◆ AST_MODULE_SELF_SYM()

struct ast_module* AST_MODULE_SELF_SYM ( void  )

Definition at line 590 of file named_acl.c.

◆ ast_named_acl_find()

struct ast_ha* ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Return values
Acopy of the named ACL as an ast_ha
NULLif no ACL could be found.

Definition at line 293 of file named_acl.c.

References ACL_FAMILY, ao2_cleanup, ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_log, ast_named_acl_change_type(), ast_realtime_is_mapping_defined(), globals, named_acl::ha, LOG_ERROR, LOG_NOTICE, LOG_WARNING, named_acl_find(), named_acl_find_realtime(), NULL, RAII_VAR, and STASIS_MESSAGE_TYPE_DEFN().

Referenced by ast_append_acl().

294 {
295  struct ast_ha *ha = NULL;
296 
299 
300  if (is_realtime) {
301  *is_realtime = 0;
302  }
303 
304  if (is_undefined) {
305  *is_undefined = 0;
306  }
307 
308  /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
309  if ((!cfg) || (!(cfg->named_acl_list))) {
310  ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
311  return NULL;
312  }
313 
314  named_acl = named_acl_find(cfg->named_acl_list, name);
315 
316  /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
317  if (!named_acl) {
318  RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
319 
320  /* Attempt to create from realtime */
321  if ((realtime_acl = named_acl_find_realtime(name))) {
322  if (is_realtime) {
323  *is_realtime = 1;
324  }
325  ha = ast_duplicate_ha_list(realtime_acl->ha);
326  return ha;
327  }
328 
329  /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
331  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
332  "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
333  "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
334  } else {
335  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
336  }
337 
338  if (is_undefined) {
339  *is_undefined = 1;
340  }
341 
342  return NULL;
343  }
344 
346 
347  if (!ha) {
348  ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
349  }
350 
351  return ha;
352 }
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:277
#define LOG_WARNING
Definition: logger.h:274
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition: main/config.c:3363
static struct named_acl * named_acl_find_realtime(const char *name)
Definition: named_acl.c:240
#define ao2_global_obj_ref(holder)
Definition: astobj2.h:925
#define NULL
Definition: resample.c:96
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
#define ast_log
Definition: astobj2.c:42
struct ast_ha * ha
Definition: named_acl.c:109
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:911
static struct console_pvt globals
#define LOG_ERROR
Definition: logger.h:285
#define LOG_NOTICE
Definition: logger.h:263
static const char name[]
Definition: cdr_mysql.c:74
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition: main/config.c:3026
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:182
#define ao2_cleanup(obj)
Definition: astobj2.h:1958
#define ACL_FAMILY
Definition: named_acl.c:50

◆ cli_display_named_acl()

static void cli_display_named_acl ( int  fd,
const char *  name 
)
static

Definition at line 412 of file named_acl.c.

References ao2_cleanup, ao2_global_obj_ref, ast_cli(), ast_ha_output(), ast_log, globals, named_acl::ha, LOG_ERROR, named_acl_find(), named_acl_find_realtime(), NULL, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

413 {
414  int is_realtime = 0;
415 
418 
419  /* If the configuration or the configuration's named_acl_list is unavailable, abort. */
420  if ((!cfg) || (!cfg->named_acl_list)) {
421  ast_log(LOG_ERROR, "Attempted to show named ACL '%s', but the acl configuration isn't available.\n", name);
422  return;
423  }
424 
425  named_acl = named_acl_find(cfg->named_acl_list, name);
426 
427  /* If the named_acl couldn't be found with the search, also abort. */
428  if (!named_acl) {
430  ast_cli(fd, "\nCould not find ACL named '%s'\n", name);
431  return;
432  }
433 
434  is_realtime = 1;
435  }
436 
437  ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");
439 }
static struct named_acl * named_acl_find_realtime(const char *name)
Definition: named_acl.c:240
#define ao2_global_obj_ref(holder)
Definition: astobj2.h:925
#define NULL
Definition: resample.c:96
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
#define ast_log
Definition: astobj2.c:42
struct ast_ha * ha
Definition: named_acl.c:109
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:911
static struct console_pvt globals
#define LOG_ERROR
Definition: logger.h:285
static const char name[]
Definition: cdr_mysql.c:74
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:182
#define ao2_cleanup(obj)
Definition: astobj2.h:1958
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1087

◆ cli_display_named_acl_list()

static void cli_display_named_acl_list ( int  fd)
static

Definition at line 447 of file named_acl.c.

References ao2_cleanup, ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli(), globals, named_acl::name, and RAII_VAR.

Referenced by handle_show_named_acl_cmd().

448 {
449  struct ao2_iterator i;
450  void *o;
452 
453  ast_cli(fd, "\nacl\n---\n");
454 
455  if (!cfg || !cfg->named_acl_list) {
456  ast_cli(fd, "ACL configuration isn't available.\n");
457  return;
458  }
459  i = ao2_iterator_init(cfg->named_acl_list, 0);
460 
461  while ((o = ao2_iterator_next(&i))) {
462  struct named_acl *named_acl = o;
463  ast_cli(fd, "%s\n", named_acl->name);
464  ao2_ref(o, -1);
465  }
466 
468 }
#define ao2_global_obj_ref(holder)
Definition: astobj2.h:925
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
void ast_cli(int fd, const char *fmt,...)
Definition: clicompat.c:6
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:911
#define ao2_ref(o, delta)
Definition: astobj2.h:464
static struct console_pvt globals
#define ao2_iterator_next(iter)
Definition: astobj2.h:1933
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1841
#define ao2_cleanup(obj)
Definition: astobj2.h:1958
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
char name[ACL_NAME_LENGTH]
Definition: named_acl.c:110

◆ CONFIG_INFO_CORE()

CONFIG_INFO_CORE ( "named_acl"  ,
cfg_info  ,
globals  ,
named_acl_config_alloc  ,
files = ACO_FILES(&named_acl_conf) 
)

◆ destroy_named_acl()

static void destroy_named_acl ( void *  obj)
static

Destroy a named ACL object.

Definition at line 148 of file named_acl.c.

References ast_free_ha(), and named_acl::ha.

Referenced by named_acl_alloc().

149 {
150  struct named_acl *named_acl = obj;
151  ast_free_ha(named_acl->ha);
152 }
struct ast_ha * ha
Definition: named_acl.c:109
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222

◆ handle_show_named_acl_cmd()

static char* handle_show_named_acl_cmd ( struct ast_cli_entry e,
int  cmd,
struct ast_cli_args a 
)
static

Definition at line 471 of file named_acl.c.

References ao2_global_obj_ref, ao2_iterator_destroy(), ao2_iterator_init(), ao2_iterator_next, ao2_ref, ast_cli_args::argc, ast_cli_args::argv, ast_cli_completion_add(), ast_strdup, cli_display_named_acl(), cli_display_named_acl_list(), CLI_GENERATE, CLI_INIT, CLI_SHOWUSAGE, CLI_SUCCESS, ast_cli_entry::command, ast_cli_args::fd, globals, named_acl::name, named_acl_config::named_acl_list, NULL, ast_cli_args::pos, ast_cli_entry::usage, and ast_cli_args::word.

472 {
473  struct named_acl_config *cfg;
474  int length;
475  struct ao2_iterator i;
476  struct named_acl *named_acl;
477 
478  switch (cmd) {
479  case CLI_INIT:
480  e->command = "acl show";
481  e->usage =
482  "Usage: acl show [name]\n"
483  " Shows a list of named ACLs or lists all entries in a given named ACL.\n";
484  return NULL;
485  case CLI_GENERATE:
486  if (a->pos != 2) {
487  return NULL;
488  }
489 
491  if (!cfg) {
492  return NULL;
493  }
494  length = strlen(a->word);
495  i = ao2_iterator_init(cfg->named_acl_list, 0);
496  while ((named_acl = ao2_iterator_next(&i))) {
497  if (!strncasecmp(a->word, named_acl->name, length)) {
498  if (ast_cli_completion_add(ast_strdup(named_acl->name))) {
499  ao2_ref(named_acl, -1);
500  break;
501  }
502  }
503  ao2_ref(named_acl, -1);
504  }
506  ao2_ref(cfg, -1);
507 
508  return NULL;
509  }
510 
511  if (a->argc == 2) {
513  return CLI_SUCCESS;
514  }
515 
516  if (a->argc == 3) {
517  cli_display_named_acl(a->fd, a->argv[2]);
518  return CLI_SUCCESS;
519  }
520 
521 
522  return CLI_SHOWUSAGE;
523 }
struct ao2_container * named_acl_list
Definition: named_acl.c:74
const int argc
Definition: cli.h:160
Definition: cli.h:152
#define ao2_global_obj_ref(holder)
Definition: astobj2.h:925
void ao2_iterator_destroy(struct ao2_iterator *iter)
Destroy a container iterator.
#define ast_strdup(str)
A wrapper for strdup()
Definition: astmm.h:243
#define NULL
Definition: resample.c:96
static void cli_display_named_acl_list(int fd)
Definition: named_acl.c:447
const int fd
Definition: cli.h:159
#define ao2_ref(o, delta)
Definition: astobj2.h:464
static struct console_pvt globals
const char *const * argv
Definition: cli.h:161
static void cli_display_named_acl(int fd, const char *name)
Definition: named_acl.c:412
#define CLI_SHOWUSAGE
Definition: cli.h:45
#define ao2_iterator_next(iter)
Definition: astobj2.h:1933
char * command
Definition: cli.h:186
const char * word
Definition: cli.h:163
const char * usage
Definition: cli.h:177
#define CLI_SUCCESS
Definition: cli.h:44
When we need to walk through a container, we use an ao2_iterator to keep track of the current positio...
Definition: astobj2.h:1841
const int pos
Definition: cli.h:164
int ast_cli_completion_add(char *value)
Add a result to a request for completion options.
Definition: main/cli.c:2726
struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags) attribute_warn_unused_result
Create an iterator for a container.
char name[ACL_NAME_LENGTH]
Definition: named_acl.c:110

◆ load_module()

static int load_module ( void  )
static

Definition at line 564 of file named_acl.c.

References ACO_EXACT, aco_info_init(), aco_option_register, aco_process_config(), ARRAY_LEN, ast_cli_register_multiple, AST_MODFLAG_GLOBAL_SYMBOLS, AST_MODFLAG_LOAD_ORDER, AST_MODPRI_CORE, AST_MODULE_INFO(), AST_MODULE_LOAD_FAILURE, AST_MODULE_LOAD_SUCCESS, AST_MODULE_SUPPORT_CORE, ast_named_acl_change_type(), ASTERISK_GPL_KEY, FLDSET, NULL, OPT_ACL_T, reload(), reload_module(), STASIS_MESSAGE_TYPE_INIT, and unload_module().

565 {
566  if (aco_info_init(&cfg_info)) {
568  }
569 
571 
572  /* Register the per level options. */
573  aco_option_register(&cfg_info, "permit", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 1, FLDSET(struct named_acl, ha));
574  aco_option_register(&cfg_info, "deny", ACO_EXACT, named_acl_types, NULL, OPT_ACL_T, 0, FLDSET(struct named_acl, ha));
575 
576  aco_process_config(&cfg_info, 0);
577 
579 
581 }
#define ARRAY_LEN(a)
Definition: isdn_lib.c:42
#define STASIS_MESSAGE_TYPE_INIT(name)
Boiler-plate messaging macro for initializing message types.
Definition: stasis.h:1501
#define aco_option_register(info, name, matchtype, types, default_val, opt_type, flags,...)
Register a config option.
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs ...
#define ast_cli_register_multiple(e, len)
Register multiple commands.
Definition: cli.h:265
enum aco_process_status aco_process_config(struct aco_info *info, int reload)
Process a config info via the options registered with an aco_info.
#define NULL
Definition: resample.c:96
struct ast_ha * ha
Definition: named_acl.c:109
#define FLDSET(type,...)
Convert a struct and list of fields to an argument list of field offsets.
int aco_info_init(struct aco_info *info)
Initialize an aco_info structure.
struct aco_type * named_acl_types[]
Definition: named_acl.c:96
Type for default option handler for ACLs.
Module could not be loaded properly.
Definition: module.h:102
static struct ast_cli_entry cli_named_acl[]
Definition: named_acl.c:525

◆ named_acl_alloc()

static void * named_acl_alloc ( const char *  cat)
static

Create a named ACL structure.

Parameters
catname given to the ACL
Return values
NULLfailure
non-NULLsuccessfully allocated named ACL

Definition at line 161 of file named_acl.c.

References ao2_alloc, ast_copy_string(), destroy_named_acl(), named_acl::name, and NULL.

Referenced by named_acl_find_realtime().

162 {
163  struct named_acl *named_acl;
164 
165  named_acl = ao2_alloc(sizeof(*named_acl), destroy_named_acl);
166  if (!named_acl) {
167  return NULL;
168  }
169 
170  ast_copy_string(named_acl->name, cat, sizeof(named_acl->name));
171 
172  return named_acl;
173 }
#define NULL
Definition: resample.c:96
static void destroy_named_acl(void *obj)
Destroy a named ACL object.
Definition: named_acl.c:148
#define ao2_alloc(data_size, destructor_fn)
Definition: astobj2.h:411
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:401
char name[ACL_NAME_LENGTH]
Definition: named_acl.c:110

◆ named_acl_config_alloc()

static void * named_acl_config_alloc ( void  )
static

allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code

Note
These functions are used for placing/retrieving named ACLs in their ao2_container.

Definition at line 126 of file named_acl.c.

References ao2_alloc, AO2_ALLOC_OPT_LOCK_MUTEX, ao2_container_alloc_hash, ao2_ref, error(), named_acl_config_destructor(), named_acl_config::named_acl_list, and NULL.

127 {
128  struct named_acl_config *cfg;
129 
130  if (!(cfg = ao2_alloc(sizeof(*cfg), named_acl_config_destructor))) {
131  return NULL;
132  }
133 
135  named_acl_hash_fn, NULL, named_acl_cmp_fn);
136  if (!cfg->named_acl_list) {
137  goto error;
138  }
139 
140  return cfg;
141 
142 error:
143  ao2_ref(cfg, -1);
144  return NULL;
145 }
struct ao2_container * named_acl_list
Definition: named_acl.c:74
#define NULL
Definition: resample.c:96
#define ao2_ref(o, delta)
Definition: astobj2.h:464
#define ao2_container_alloc_hash(ao2_options, container_options, n_buckets, hash_fn, sort_fn, cmp_fn)
Definition: astobj2.h:1310
#define ao2_alloc(data_size, destructor_fn)
Definition: astobj2.h:411
static void named_acl_config_destructor(void *obj)
destructor for named_acl_config
Definition: named_acl.c:117
int error(const char *format,...)
Definition: utils/frame.c:999

◆ named_acl_config_destructor()

static void named_acl_config_destructor ( void *  obj)
static

destructor for named_acl_config

Definition at line 117 of file named_acl.c.

References ao2_cleanup, and named_acl_config::named_acl_list.

Referenced by named_acl_config_alloc().

118 {
119  struct named_acl_config *cfg = obj;
121 }
struct ao2_container * named_acl_list
Definition: named_acl.c:74
#define ao2_cleanup(obj)
Definition: astobj2.h:1958

◆ named_acl_find()

static void * named_acl_find ( struct ao2_container container,
const char *  cat 
)
static

Find a named ACL in a container by its name.

Parameters
containerao2container holding the named ACLs
catname of the ACL wanted to be found
Return values
pointerto the named ACL if available. Null if not found.

Definition at line 182 of file named_acl.c.

References ao2_find, ast_copy_string(), named_acl::name, and OBJ_POINTER.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

183 {
184  struct named_acl tmp;
185  ast_copy_string(tmp.name, cat, sizeof(tmp.name));
186  return ao2_find(container, &tmp, OBJ_POINTER);
187 }
#define OBJ_POINTER
Definition: astobj2.h:1154
static int tmp()
Definition: bt_open.c:389
#define ao2_find(container, arg, flags)
Definition: astobj2.h:1756
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:401

◆ named_acl_find_realtime()

static struct named_acl* named_acl_find_realtime ( const char *  name)
static

Definition at line 240 of file named_acl.c.

References ACL_FAMILY, acl_order_comparator(), ast_append_ha(), ast_category_browse(), ast_config_AST_SYSTEM_NAME, ast_config_destroy(), ast_config_sort_categories(), ast_free_ha(), ast_load_realtime_multientry(), ast_log, ast_strlen_zero, ast_variable_retrieve(), named_acl::ha, item, LOG_ERROR, named_acl_alloc(), NULL, order, and SENTINEL.

Referenced by ast_named_acl_find(), and cli_display_named_acl().

241 {
242  struct ast_config *cfg;
243  char *item = NULL;
244  const char *systemname = NULL;
245  struct ast_ha *built_ha = NULL;
246  struct named_acl *acl;
247 
248  /* If we have a systemname set in the global options, we only want to retrieve entries with a matching systemname field. */
249  systemname = ast_config_AST_SYSTEM_NAME;
250 
251  if (ast_strlen_zero(systemname)) {
253  } else {
254  cfg = ast_load_realtime_multientry(ACL_FAMILY, "name", name, "systemname", systemname, SENTINEL);
255  }
256 
257  if (!cfg) {
258  return NULL;
259  }
260 
261  /* At this point, the configuration must be sorted by the order field. */
263 
264  while ((item = ast_category_browse(cfg, item))) {
265  int append_ha_error = 0;
266  const char *order = ast_variable_retrieve(cfg, item, "rule_order");
267  const char *sense = ast_variable_retrieve(cfg, item, "sense");
268  const char *rule = ast_variable_retrieve(cfg, item, "rule");
269 
270  built_ha = ast_append_ha(sense, rule, built_ha, &append_ha_error);
271  if (append_ha_error) {
272  /* We need to completely reject an ACL that contains any bad rules. */
273  ast_log(LOG_ERROR, "Rejecting realtime ACL due to bad ACL definition '%s': %s - %s - %s\n", name, order, sense, rule);
274  ast_free_ha(built_ha);
275  return NULL;
276  }
277  }
278 
279  ast_config_destroy(cfg);
280 
281  acl = named_acl_alloc(name);
282  if (!acl) {
283  ast_log(LOG_ERROR, "allocation error\n");
284  ast_free_ha(built_ha);
285  return NULL;
286  }
287 
288  acl->ha = built_ha;
289 
290  return acl;
291 }
static struct aco_type item
Definition: test_config.c:1463
char * ast_category_browse(struct ast_config *config, const char *prev_name)
Browse categories.
Definition: extconf.c:3328
#define NULL
Definition: resample.c:96
#define ast_strlen_zero(foo)
Definition: strings.h:52
const char * ast_config_AST_SYSTEM_NAME
Definition: options.c:170
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
#define ast_log
Definition: astobj2.c:42
struct ast_ha * ha
Definition: named_acl.c:109
#define SENTINEL
Definition: compiler.h:87
integer order
Definition: analys.c:66
void ast_config_destroy(struct ast_config *config)
Destroys a config.
Definition: extconf.c:1290
struct ast_config * ast_load_realtime_multientry(const char *family,...) attribute_sentinel
Retrieve realtime configuration.
Definition: main/config.c:3452
#define LOG_ERROR
Definition: logger.h:285
static void * named_acl_alloc(const char *cat)
Create a named ACL structure.
Definition: named_acl.c:161
Definition: test_acl.c:111
static const char name[]
Definition: cdr_mysql.c:74
static int acl_order_comparator(struct ast_category *p, struct ast_category *q)
Definition: named_acl.c:201
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222
const char * ast_variable_retrieve(struct ast_config *config, const char *category, const char *variable)
Definition: main/config.c:694
void ast_config_sort_categories(struct ast_config *config, int descending, int(*comparator)(struct ast_category *p, struct ast_category *q))
Sorts categories in a config in the order of a numerical value contained within them.
Definition: main/config.c:1171
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition: acl.c:713
#define ACL_FAMILY
Definition: named_acl.c:50

◆ publish_acl_change()

static int publish_acl_change ( const char *  name)
static

Definition at line 371 of file named_acl.c.

References ao2_cleanup, ast_json_object_create(), ast_json_object_set(), ast_json_payload_create(), ast_json_string_create(), ast_json_unref(), ast_log, ast_named_acl_change_type(), ast_security_topic(), ast_strlen_zero, LOG_ERROR, NULL, RAII_VAR, stasis_message_create(), and stasis_publish().

Referenced by reload_module().

372 {
373  RAII_VAR(struct stasis_message *, msg, NULL, ao2_cleanup);
374  RAII_VAR(struct ast_json_payload *, json_payload, NULL, ao2_cleanup);
375  RAII_VAR(struct ast_json *, json_object, ast_json_object_create(), ast_json_unref);
376 
377  if (!json_object || !ast_named_acl_change_type()) {
378  goto publish_failure;
379  }
380 
381  if (ast_json_object_set(json_object, "name", ast_json_string_create(name))) {
382  goto publish_failure;
383  }
384 
385  if (!(json_payload = ast_json_payload_create(json_object))) {
386  goto publish_failure;
387  }
388 
389  msg = stasis_message_create(ast_named_acl_change_type(), json_payload);
390 
391  if (!msg) {
392  goto publish_failure;
393  }
394 
396 
397  return 0;
398 
399 publish_failure:
400  ast_log(LOG_ERROR, "Failed to issue ACL change message for %s.\n",
401  ast_strlen_zero(name) ? "all named ACLs" : name);
402  return -1;
403 }
struct ast_json_payload * ast_json_payload_create(struct ast_json *json)
Create an ao2 object to pass json blobs as data payloads for stasis.
Definition: json.c:735
struct stasis_topic * ast_security_topic(void)
A stasis_topic which publishes messages for security related issues.
void ast_json_unref(struct ast_json *value)
Decrease refcount on value. If refcount reaches zero, value is freed.
Definition: json.c:73
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs ...
#define NULL
Definition: resample.c:96
int ast_json_object_set(struct ast_json *object, const char *key, struct ast_json *value)
Set a field in a JSON object.
Definition: json.c:404
#define ast_strlen_zero(foo)
Definition: strings.h:52
#define ast_log
Definition: astobj2.c:42
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:911
struct ast_json * ast_json_string_create(const char *value)
Construct a JSON string from value.
Definition: json.c:268
#define LOG_ERROR
Definition: logger.h:285
struct stasis_message * stasis_message_create(struct stasis_message_type *type, void *data)
Create a new message.
void stasis_publish(struct stasis_topic *topic, struct stasis_message *message)
Publish a message to a topic&#39;s subscribers.
Definition: stasis.c:1511
static const char name[]
Definition: cdr_mysql.c:74
struct ast_json * ast_json_object_create(void)
Create a new JSON object.
Definition: json.c:389
#define ao2_cleanup(obj)
Definition: astobj2.h:1958
Abstract JSON element (object, array, string, int, ...).

◆ reload_module()

static int reload_module ( void  )
static

Definition at line 529 of file named_acl.c.

References aco_process_config(), ACO_PROCESS_ERROR, ACO_PROCESS_UNCHANGED, ast_log, LOG_WARNING, publish_acl_change(), and status.

Referenced by load_module().

530 {
532 
533  status = aco_process_config(&cfg_info, 1);
534 
535  if (status == ACO_PROCESS_ERROR) {
536  ast_log(LOG_WARNING, "Could not reload ACL config\n");
537  return 0;
538  }
539 
540  if (status == ACO_PROCESS_UNCHANGED) {
541  /* We don't actually log anything if the config was unchanged,
542  * but we don't need to send a config change event either.
543  */
544  return 0;
545  }
546 
547  /* We need to push an ACL change event with no ACL name so that all subscribers update with all ACLs */
548  publish_acl_change("");
549 
550  return 0;
551 }
static int publish_acl_change(const char *name)
Definition: named_acl.c:371
#define LOG_WARNING
Definition: logger.h:274
enum aco_process_status aco_process_config(struct aco_info *info, int reload)
Process a config info via the options registered with an aco_info.
#define ast_log
Definition: astobj2.c:42
aco_process_status
Return values for the aco_process functions.
The config had not been edited and no changes applied.
Their was an error and no changes were applied.
jack_status_t status
Definition: app_jack.c:146

◆ STASIS_MESSAGE_TYPE_DEFN()

STASIS_MESSAGE_TYPE_DEFN ( ast_named_acl_change_type  )

Message type for named ACL changes.

Referenced by ast_named_acl_find().

◆ unload_module()

static int unload_module ( void  )
static

Definition at line 553 of file named_acl.c.

References aco_info_destroy(), ao2_global_obj_release, ARRAY_LEN, ast_cli_unregister_multiple(), ast_named_acl_change_type(), globals, and STASIS_MESSAGE_TYPE_CLEANUP.

Referenced by load_module().

554 {
556 
558  aco_info_destroy(&cfg_info);
560 
561  return 0;
562 }
#define ARRAY_LEN(a)
Definition: isdn_lib.c:42
int ast_cli_unregister_multiple(struct ast_cli_entry *e, int len)
Unregister multiple commands.
Definition: clicompat.c:30
#define STASIS_MESSAGE_TYPE_CLEANUP(name)
Boiler-plate messaging macro for cleaning up message types.
Definition: stasis.h:1523
struct stasis_message_type * ast_named_acl_change_type(void)
a stasis_message_type for changes against a named ACL or the set of all named ACLs ...
static struct console_pvt globals
void aco_info_destroy(struct aco_info *info)
Destroy an initialized aco_info struct.
#define ao2_global_obj_release(holder)
Definition: astobj2.h:865
static struct ast_cli_entry cli_named_acl[]
Definition: named_acl.c:525

Variable Documentation

◆ __mod_info

struct ast_module_info __mod_info = { .name = "acl" , .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "30ef0c93b36035ec78c9cfd712d36d9b" , .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
static

Definition at line 590 of file named_acl.c.

◆ ast_module_info

const struct ast_module_info* ast_module_info = &__mod_info
static

Definition at line 590 of file named_acl.c.

◆ cli_named_acl

struct ast_cli_entry cli_named_acl[]
static
Initial value:
= {
{ .handler = handle_show_named_acl_cmd , .summary = "Show a named ACL or list all named ACLs" ,},
}
static char * handle_show_named_acl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
Definition: named_acl.c:471

Definition at line 525 of file named_acl.c.

◆ named_acl_conf

struct aco_file named_acl_conf
Initial value:
= {
.filename = "acl.conf",
}
static struct aco_type named_acl_type
Definition: named_acl.c:85
#define ACO_TYPES(...)
A helper macro to ensure that aco_info types always have a sentinel.

Definition at line 98 of file named_acl.c.

◆ named_acl_type

struct aco_type named_acl_type
static

Definition at line 85 of file named_acl.c.

◆ named_acl_types

struct aco_type* named_acl_types[] = ACO_TYPES(&named_acl_type)

Definition at line 96 of file named_acl.c.