Asterisk - The Open Source Telephony Project
21.4.1
|
Custom function management routines. More...
#include "asterisk.h"
#include "asterisk/_private.h"
#include "asterisk/cli.h"
#include "asterisk/linkedlists.h"
#include "asterisk/module.h"
#include "asterisk/pbx.h"
#include "asterisk/term.h"
#include "asterisk/threadstorage.h"
#include "asterisk/xmldoc.h"
#include "pbx_private.h"
Go to the source code of this file.
Data Structures | |
struct | acf_root |
Registered functions container. More... | |
Functions | |
int | __ast_custom_function_register (struct ast_custom_function *acf, struct ast_module *mod) |
Register a custom function. | |
int | __ast_custom_function_register_escalating (struct ast_custom_function *acf, enum ast_custom_function_escalation escalation, struct ast_module *mod) |
Register a custom function which requires escalated privileges. More... | |
static void | __init_thread_inhibit_escalations_tl (void) |
A thread local indicating whether the current thread can run 'dangerous' dialplan functions. | |
static int | acf_retrieve_docs (struct ast_custom_function *acf) |
struct ast_custom_function * | ast_custom_function_find (const char *name) |
static struct ast_custom_function * | ast_custom_function_find_nolock (const char *name) |
int | ast_custom_function_unregister (struct ast_custom_function *acf) |
Unregister a custom function. | |
int | ast_func_read (struct ast_channel *chan, const char *function, char *workspace, size_t len) |
executes a read operation on a function More... | |
int | ast_func_read2 (struct ast_channel *chan, const char *function, struct ast_str **str, ssize_t maxlen) |
executes a read operation on a function More... | |
int | ast_func_write (struct ast_channel *chan, const char *function, const char *value) |
executes a write operation on a function More... | |
int | ast_thread_inhibit_escalations (void) |
Inhibit (in the current thread) the execution of dialplan functions which cause privilege escalations. If pbx_live_dangerously() has been called, this function has no effect. More... | |
int | ast_thread_inhibit_escalations_swap (int inhibit) |
Swap the current thread escalation inhibit setting. More... | |
static char * | complete_functions (const char *word, int pos, int state) |
static char * | func_args (char *function) |
return a pointer to the arguments of the function, and terminates the function name with '\0' | |
static char * | handle_show_function (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a) |
static char * | handle_show_functions (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a) |
static int | is_read_allowed (struct ast_custom_function *acfptr) |
Determines whether execution of a custom function's read function is allowed. More... | |
static int | is_write_allowed (struct ast_custom_function *acfptr) |
Determines whether execution of a custom function's write function is allowed. More... | |
int | load_pbx_functions_cli (void) |
void | pbx_live_dangerously (int new_live_dangerously) |
Enable/disable the execution of 'dangerous' functions from external protocols (AMI, etc.). More... | |
static int | read_escalates (const struct ast_custom_function *acf) |
Returns true if given custom function escalates privileges on read. More... | |
static int | thread_inhibits_escalations (void) |
Indicates whether the current thread inhibits the execution of dangerous functions. More... | |
static void | unload_pbx_functions_cli (void) |
static int | write_escalates (const struct ast_custom_function *acf) |
Returns true if given custom function escalates privileges on write. More... | |
Variables | |
static struct ast_cli_entry | acf_cli [] |
static struct acf_root | acf_root = { .first = NULL, .last = NULL, .lock = { PTHREAD_RWLOCK_INITIALIZER , NULL, {1, 0} } , } |
static int | live_dangerously |
Set to true (non-zero) to globally allow all dangerous dialplan functions to run. | |
static struct ast_threadstorage | thread_inhibit_escalations_tl = { .once = PTHREAD_ONCE_INIT , .key_init = __init_thread_inhibit_escalations_tl , .custom_init = NULL , } |
Custom function management routines.
Definition in file pbx_functions.c.
int __ast_custom_function_register_escalating | ( | struct ast_custom_function * | acf, |
enum ast_custom_function_escalation | escalation, | ||
struct ast_module * | mod | ||
) |
Register a custom function which requires escalated privileges.
Examples would be SHELL() (for which a read needs permission to execute arbitrary code) or FILE() (for which write needs permission to change files on the filesystem).
Definition at line 418 of file pbx_functions.c.
References __ast_custom_function_register(), ast_custom_function::read_escalates, and ast_custom_function::write_escalates.
int ast_func_read | ( | struct ast_channel * | chan, |
const char * | function, | ||
char * | workspace, | ||
size_t | len | ||
) |
executes a read operation on a function
chan | Channel to execute on |
function | Data containing the function call string (will be modified) |
workspace | A pointer to safe memory to use for a return value |
len | the number of bytes in workspace |
This application executes a function in read mode on a given channel.
0 | success |
non-zero | failure |
Definition at line 599 of file pbx_functions.c.
References ast_copy_string(), ast_str_buffer(), ast_str_create, ast_str_size(), ast_strdupa, copy(), func_args(), is_read_allowed(), ast_custom_function::mod, ast_custom_function::read, and ast_custom_function::read2.
Referenced by handle_eval_function(), lua_get_variable_value(), and pbx_substitute_variables_helper_full_location().
int ast_func_read2 | ( | struct ast_channel * | chan, |
const char * | function, | ||
struct ast_str ** | str, | ||
ssize_t | maxlen | ||
) |
executes a read operation on a function
chan | Channel to execute on |
function | Data containing the function call string (will be modified) |
str | A dynamic string buffer into which to place the result. |
maxlen | <0 if the dynamic buffer should not grow; >0 if the dynamic buffer should be limited to that number of bytes; 0 if the dynamic buffer has no upper limit |
This application executes a function in read mode on a given channel.
0 | success |
non-zero | failure |
Definition at line 642 of file pbx_functions.c.
References ast_str_buffer(), ast_str_reset(), ast_str_size(), ast_str_update(), ast_strdupa, copy(), func_args(), is_read_allowed(), ast_custom_function::mod, ast_custom_function::read, ast_custom_function::read2, and ast_custom_function::read_max.
Referenced by ast_ari_channels_get_channel_var(), and ast_str_substitute_variables_full2().
int ast_func_write | ( | struct ast_channel * | chan, |
const char * | function, | ||
const char * | value | ||
) |
executes a write operation on a function
chan | Channel to execute on |
function | Data containing the function call string (will be modified) |
value | A value parameter to pass for writing |
This application executes a function in write mode on a given channel.
0 | success |
non-zero | failure |
Definition at line 693 of file pbx_functions.c.
References ast_strdupa, copy(), func_args(), is_write_allowed(), ast_custom_function::mod, and ast_custom_function::write.
Referenced by ast_channel_hangupcause_hash_set(), confbridge_exec(), pbx_builtin_pushvar_helper(), and pbx_builtin_setvar_helper().
int ast_thread_inhibit_escalations | ( | void | ) |
Inhibit (in the current thread) the execution of dialplan functions which cause privilege escalations. If pbx_live_dangerously() has been called, this function has no effect.
Definition at line 479 of file pbx_functions.c.
References ast_threadstorage_get().
Referenced by ast_add_extension2_lockopt(), and handle_tcptls_connection().
int ast_thread_inhibit_escalations_swap | ( | int | inhibit | ) |
Swap the current thread escalation inhibit setting.
inhibit | New setting. Non-zero to inhibit. |
1 | if dangerous function execution was inhibited. |
0 | if dangerous function execution was allowed. |
-1 | on error. |
Definition at line 494 of file pbx_functions.c.
References ast_threadstorage_get().
Referenced by ast_add_extension2_lockopt().
|
static |
Determines whether execution of a custom function's read function is allowed.
acfptr | Custom function to check |
Definition at line 541 of file pbx_functions.c.
References ast_debug, live_dangerously, ast_custom_function::name, read_escalates(), and thread_inhibits_escalations().
Referenced by ast_func_read(), and ast_func_read2().
|
static |
Determines whether execution of a custom function's write function is allowed.
acfptr | Custom function to check |
Definition at line 574 of file pbx_functions.c.
References ast_debug, live_dangerously, ast_custom_function::name, thread_inhibits_escalations(), and write_escalates().
Referenced by ast_func_write().
int load_pbx_functions_cli | ( | void | ) |
Provided by pbx_functions.c
Definition at line 733 of file pbx_functions.c.
References ast_cli_register_multiple, and ast_register_cleanup().
void pbx_live_dangerously | ( | int | new_live_dangerously | ) |
Enable/disable the execution of 'dangerous' functions from external protocols (AMI, etc.).
These dialplan functions (such as SHELL
) provide an opportunity for privilege escalation. They are okay to invoke from the dialplan, but external protocols with permission controls should not normally invoke them.
This function can globally enable/disable the execution of dangerous functions from external protocols.
new_live_dangerously | If true, enable the execution of escalating functions from external protocols. |
Definition at line 466 of file pbx_functions.c.
References live_dangerously.
|
static |
Returns true if given custom function escalates privileges on read.
acf | Custom function to query. |
Definition at line 303 of file pbx_functions.c.
References ast_custom_function::read_escalates.
Referenced by is_read_allowed().
|
static |
Indicates whether the current thread inhibits the execution of dangerous functions.
Definition at line 518 of file pbx_functions.c.
References ast_threadstorage_get().
Referenced by is_read_allowed(), and is_write_allowed().
|
static |
Returns true if given custom function escalates privileges on write.
acf | Custom function to query. |
Definition at line 315 of file pbx_functions.c.
References ast_custom_function::write_escalates.
Referenced by is_write_allowed().
|
static |
Definition at line 723 of file pbx_functions.c.