42 const char * invalid_acls[] = {
48 "1.3.3.7/92342348927389492307420",
52 "1.3.3.7/255.255.255.255.255",
56 "400.32.201029.-6/24",
68 "1234:5678:90ab:cdef:1234:5678:90ab:cdef:1234/56",
72 "::ffff:255.255.255/128",
76 "fe80::1234/255.255.255.0",
79 enum ast_test_result_state res = AST_TEST_PASS;
85 info->name =
"invalid_acl";
86 info->category =
"/main/acl/";
87 info->summary =
"Invalid ACL unit test";
89 "Ensures that garbage ACL values are not accepted";
90 return AST_TEST_NOT_RUN;
95 for (i = 0; i < ARRAY_LEN(invalid_acls); ++i) {
99 ast_test_status_update(
test,
"ACL %s accepted even though it is total garbage.\n",
120 #define TACL_A AST_SENSE_ALLOW
121 #define TACL_D AST_SENSE_DENY
123 static int build_ha(
const struct acl *
acl,
size_t len,
struct ast_ha **ha,
const char *acl_name,
int *err,
struct ast_test *
test,
enum ast_test_result_state *res)
127 for (i = 0; i < len; ++i) {
128 if (!(*ha =
ast_append_ha(acl[i].access, acl[i].host, *ha, err))) {
129 ast_test_status_update(test,
"Failed to add rule %s with access %s to %s\n",
130 acl[i].host, acl[i].access, acl_name);
131 *res = AST_TEST_FAIL;
141 struct acl permitallv4 = {
"0.0.0.0/0",
"permit" };
142 struct acl denyallv4 = {
"0.0.0.0/0",
"deny" };
143 struct acl permitallv6 = {
"::/0",
"permit" };
144 struct acl denyallv6 = {
"::/0",
"deny" };
146 struct acl acl1[] = {
147 {
"0.0.0.0/0.0.0.0",
"deny" },
148 {
"10.0.0.0/255.0.0.0",
"permit" },
149 {
"192.168.0.0/255.255.255.0",
"permit" },
152 struct acl acl2[] = {
153 {
"10.0.0.0/8",
"deny" },
154 {
"10.0.0.0/8",
"permit" },
155 {
"10.0.0.0/16",
"deny" },
156 {
"10.0.0.0/24",
"permit" },
159 struct acl acl3[] = {
161 {
"fe80::/64",
"permit" },
164 struct acl acl4[] = {
166 {
"fe80::/64",
"permit" },
167 {
"fe80::ffff:0:0:0/80",
"deny" },
168 {
"fe80::ffff:0:ffff:0/112",
"permit" },
171 struct acl acl5[] = {
172 {
"0.0.0.0/0.0.0.0",
"deny" },
173 {
"10.0.0.0/255.0.0.0,192.168.0.0/255.255.255.0",
"permit" },
176 struct acl acl6[] = {
177 {
"10.0.0.0/8",
"deny" },
178 {
"10.0.0.0/8",
"permit" },
179 {
"10.0.0.0/16,!10.0.0.0/24",
"deny" },
182 struct acl acl7[] = {
183 {
"::/0,!fe80::/64",
"deny" },
184 {
"fe80::ffff:0:0:0/80",
"deny" },
185 {
"fe80::ffff:0:ffff:0/112",
"permit" },
189 const char *test_address;
190 int v4_permitall_result;
191 int v4_denyall_result;
192 int v6_permitall_result;
193 int v6_denyall_result;
202 {
"10.1.1.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
203 {
"192.168.0.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
204 {
"192.168.1.5", TACL_A, TACL_D, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A },
205 {
"10.0.0.1", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
206 {
"10.0.10.10", TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A },
207 {
"172.16.0.1", TACL_A, TACL_D, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A },
208 {
"fe80::1234", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
209 {
"fe80::ffff:1213:dead:beef", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_D },
210 {
"fe80::ffff:0:ffff:ABCD", TACL_A, TACL_A, TACL_A, TACL_D, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A, TACL_A },
213 struct ast_ha *permit_hav4 = NULL;
214 struct ast_ha *deny_hav4 = NULL;
215 struct ast_ha *permit_hav6 = NULL;
216 struct ast_ha *deny_hav6 = NULL;
217 struct ast_ha *ha1 = NULL;
218 struct ast_ha *ha2 = NULL;
219 struct ast_ha *ha3 = NULL;
220 struct ast_ha *ha4 = NULL;
221 struct ast_ha *ha5 = NULL;
222 struct ast_ha *ha6 = NULL;
223 struct ast_ha *ha7 = NULL;
224 enum ast_test_result_state res = AST_TEST_PASS;
232 info->category =
"/main/acl/";
233 info->summary =
"ACL unit test";
235 "Tests that hosts are properly permitted or denied";
236 return AST_TEST_NOT_RUN;
241 if (!(permit_hav4 =
ast_append_ha(permitallv4.access, permitallv4.host, permit_hav4, &err))) {
242 ast_test_status_update(test,
"Failed to create permit_all ACL\n");
247 if (!(deny_hav4 =
ast_append_ha(denyallv4.access, denyallv4.host, deny_hav4, &err))) {
248 ast_test_status_update(test,
"Failed to create deny_all ACL\n");
253 if (!(permit_hav6 =
ast_append_ha(permitallv6.access, permitallv6.host, permit_hav6, &err))) {
254 ast_test_status_update(test,
"Failed to create permit_all ACL\n");
259 if (!(deny_hav6 =
ast_append_ha(denyallv6.access, denyallv6.host, deny_hav6, &err))) {
260 ast_test_status_update(test,
"Failed to create deny_all ACL\n");
265 if (build_ha(acl1, ARRAY_LEN(acl1), &ha1,
"ha1", &err, test, &res) != 0) {
269 if (build_ha(acl2, ARRAY_LEN(acl2), &ha2,
"ha2", &err, test, &res) != 0) {
273 if (build_ha(acl3, ARRAY_LEN(acl3), &ha3,
"ha3", &err, test, &res) != 0) {
277 if (build_ha(acl4, ARRAY_LEN(acl4), &ha4,
"ha4", &err, test, &res) != 0) {
281 if (build_ha(acl5, ARRAY_LEN(acl5), &ha5,
"ha5", &err, test, &res) != 0) {
285 if (build_ha(acl6, ARRAY_LEN(acl6), &ha6,
"ha6", &err, test, &res) != 0) {
289 if (build_ha(acl7, ARRAY_LEN(acl7), &ha7,
"ha7", &err, test, &res) != 0) {
293 for (i = 0; i < ARRAY_LEN(acl_tests); ++i) {
321 if (permit_resv4 != acl_tests[i].v4_permitall_result) {
322 ast_test_status_update(test,
"Access not as expected to %s on permitallv4. Expected %d but "
323 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_permitall_result, permit_resv4);
328 if (deny_resv4 != acl_tests[i].v4_denyall_result) {
329 ast_test_status_update(test,
"Access not as expected to %s on denyallv4. Expected %d but "
330 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v4_denyall_result, deny_resv4);
335 if (permit_resv6 != acl_tests[i].v6_permitall_result) {
336 ast_test_status_update(test,
"Access not as expected to %s on permitallv6. Expected %d but "
337 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_permitall_result, permit_resv6);
342 if (deny_resv6 != acl_tests[i].v6_denyall_result) {
343 ast_test_status_update(test,
"Access not as expected to %s on denyallv6. Expected %d but "
344 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].v6_denyall_result, deny_resv6);
349 if (acl1_res != acl_tests[i].acl1_result) {
350 ast_test_status_update(test,
"Access not as expected to %s on acl1. Expected %d but "
351 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl1_result, acl1_res);
356 if (acl2_res != acl_tests[i].acl2_result) {
357 ast_test_status_update(test,
"Access not as expected to %s on acl2. Expected %d but "
358 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl2_result, acl2_res);
363 if (acl3_res != acl_tests[i].acl3_result) {
364 ast_test_status_update(test,
"Access not as expected to %s on acl3. Expected %d but "
365 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl3_result, acl3_res);
370 if (acl4_res != acl_tests[i].acl4_result) {
371 ast_test_status_update(test,
"Access not as expected to %s on acl4. Expected %d but "
372 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl4_result, acl4_res);
377 if (acl5_res != acl_tests[i].acl5_result) {
378 ast_test_status_update(test,
"Access not as expected to %s on acl5. Expected %d but "
379 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl5_result, acl5_res);
384 if (acl6_res != acl_tests[i].acl6_result) {
385 ast_test_status_update(test,
"Access not as expected to %s on acl6. Expected %d but "
386 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl6_result, acl6_res);
391 if (acl7_res != acl_tests[i].acl7_result) {
392 ast_test_status_update(test,
"Access not as expected to %s on acl7. Expected %d but "
393 "got %d instead\n", acl_tests[i].test_address, acl_tests[i].acl7_result, acl7_res);
436 static int unload_module(
void)
438 AST_TEST_UNREGISTER(invalid_acl);
439 AST_TEST_UNREGISTER(acl);
443 static int load_module(
void)
445 AST_TEST_REGISTER(invalid_acl);
446 AST_TEST_REGISTER(acl);
Asterisk main include file. File version handling, generic pbx functions.
int ast_sockaddr_parse(struct ast_sockaddr *addr, const char *str, int flags)
Parse an IPv4 or IPv6 address string.
enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
Apply a set of rules to a given IP address.
Socket address structure.
internal representation of ACL entries In principle user applications would have no need for this...
Configuration File Parser.
Access Control of various sorts.
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
#define AST_TEST_DEFINE(hdr)
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
#define ASTERISK_GPL_KEY
The text the key() function should return.
Asterisk module definitions.