Asterisk - The Open Source Telephony Project  21.4.1
Data Structures | Macros | Functions | Variables
named_acl.c File Reference

Named Access Control Lists. More...

#include "asterisk.h"
#include "asterisk/config.h"
#include "asterisk/config_options.h"
#include "asterisk/utils.h"
#include "asterisk/module.h"
#include "asterisk/cli.h"
#include "asterisk/acl.h"
#include "asterisk/astobj2.h"
#include "asterisk/paths.h"
#include "asterisk/stasis.h"
#include "asterisk/json.h"
#include "asterisk/security_events.h"

Go to the source code of this file.

Data Structures

struct  named_acl
 
struct  named_acl_config
 

Macros

#define ACL_FAMILY   "acls"
 
#define AST_MODULE   "acl"
 
#define NACL_CONFIG   "acl.conf"
 

Functions

static void __reg_module (void)
 
static void __unreg_module (void)
 
static int acl_order_comparator (struct ast_category *p, struct ast_category *q)
 
static AO2_GLOBAL_OBJ_STATIC (globals)
 
struct ast_moduleAST_MODULE_SELF_SYM (void)
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL. More...
 
static void cli_display_named_acl (int fd, const char *name)
 
static void cli_display_named_acl_list (int fd)
 
 CONFIG_INFO_CORE ("named_acl", cfg_info, globals, named_acl_config_alloc,.files=ACO_FILES(&named_acl_conf),)
 
static void destroy_named_acl (void *obj)
 Destroy a named ACL object.
 
static char * handle_show_named_acl_cmd (struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 ACL command show <name>
 
static int load_module (void)
 
static void * named_acl_alloc (const char *cat)
 Create a named ACL structure. More...
 
static void * named_acl_config_alloc (void)
 allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code More...
 
static void named_acl_config_destructor (void *obj)
 destructor for named_acl_config
 
static void * named_acl_find (struct ao2_container *container, const char *cat)
 Find a named ACL in a container by its name. More...
 
static struct named_aclnamed_acl_find_realtime (const char *name)
 
static int publish_acl_change (const char *name)
 
static int reload_module (void)
 
 STASIS_MESSAGE_TYPE_DEFN (ast_named_acl_change_type)
 Message type for named ACL changes.
 
static int unload_module (void)
 

Variables

static struct ast_module_info __mod_info = { .name = "acl" , .flags = AST_MODFLAG_GLOBAL_SYMBOLS | AST_MODFLAG_LOAD_ORDER , .description = "Named ACL system" , .key = "This paragraph is copyright (c) 2006 by Digium, Inc. \In order for your module to load, it must return this \key via a function called \"key\". Any code which \includes this paragraph must be licensed under the GNU \General Public License version 2 or later (at your \option). In addition to Digium's general reservations \of rights, Digium expressly reserves the right to \allow other parties to license this paragraph under \different terms. Any use of Digium, Inc. trademarks or \logos (including \"Asterisk\" or \"Digium\") without \express written permission of Digium, Inc. is prohibited.\n" , .buildopt_sum = "da6642af068ee5e6490c5b1d2cc1d238" , .support_level = AST_MODULE_SUPPORT_CORE, .load = load_module, .unload = unload_module, .reload = reload_module, .load_pri = AST_MODPRI_CORE, .requires = "extconfig", }
 
static const struct ast_module_infoast_module_info = &__mod_info
 
static struct ast_cli_entry cli_named_acl []
 
struct aco_file named_acl_conf
 
static struct aco_type named_acl_type
 
struct aco_typenamed_acl_types [] = ACO_TYPES(&named_acl_type)
 

Detailed Description

Named Access Control Lists.

Author
Jonathan Rose jrose.nosp@m.@dig.nosp@m.ium.c.nosp@m.om
Note
Based on a feature proposed by Olle E. Johansson oej@e.nosp@m.dvin.nosp@m.a.net

Definition in file named_acl.c.

Function Documentation

struct ast_ha* ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Returns
A copy of the named ACL as an ast_ha
Return values
NULLif no ACL could be found.

Definition at line 293 of file named_acl.c.

References ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_realtime_is_mapping_defined(), named_acl_find(), and RAII_VAR.

Referenced by ast_append_acl().

294 {
295  struct ast_ha *ha = NULL;
296 
297  RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
298  RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
299 
300  if (is_realtime) {
301  *is_realtime = 0;
302  }
303 
304  if (is_undefined) {
305  *is_undefined = 0;
306  }
307 
308  /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
309  if ((!cfg) || (!(cfg->named_acl_list))) {
310  ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
311  return NULL;
312  }
313 
314  named_acl = named_acl_find(cfg->named_acl_list, name);
315 
316  /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
317  if (!named_acl) {
318  RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
319 
320  /* Attempt to create from realtime */
321  if ((realtime_acl = named_acl_find_realtime(name))) {
322  if (is_realtime) {
323  *is_realtime = 1;
324  }
325  ha = ast_duplicate_ha_list(realtime_acl->ha);
326  return ha;
327  }
328 
329  /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
330  if (ast_realtime_is_mapping_defined(ACL_FAMILY) && !ast_check_realtime(ACL_FAMILY)) {
331  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
332  "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
333  "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
334  } else {
335  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
336  }
337 
338  if (is_undefined) {
339  *is_undefined = 1;
340  }
341 
342  return NULL;
343  }
344 
346 
347  if (!ha) {
348  ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
349  }
350 
351  return ha;
352 }
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition: main/config.c:3530
#define ao2_global_obj_ref(holder)
Get a reference to the object stored in the global holder.
Definition: astobj2.h:918
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition: main/config.c:3193
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:182
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
static void * named_acl_alloc ( const char *  cat)
static

Create a named ACL structure.

Parameters
catname given to the ACL
Return values
NULLfailure
non-NULLsuccessfully allocated named ACL

Definition at line 161 of file named_acl.c.

References ast_copy_string(), and destroy_named_acl().

162 {
163  struct named_acl *named_acl;
164 
165  named_acl = ao2_alloc(sizeof(*named_acl), destroy_named_acl);
166  if (!named_acl) {
167  return NULL;
168  }
169 
170  ast_copy_string(named_acl->name, cat, sizeof(named_acl->name));
171 
172  return named_acl;
173 }
static void destroy_named_acl(void *obj)
Destroy a named ACL object.
Definition: named_acl.c:148
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425
static void * named_acl_config_alloc ( void  )
static

allocator callback for named_acl_config. Notice it returns void * since it is used by the backend config code

Note
These functions are used for placing/retrieving named ACLs in their ao2_container.

Definition at line 126 of file named_acl.c.

References AO2_ALLOC_OPT_LOCK_MUTEX, ao2_container_alloc_hash, ao2_ref, and named_acl_config_destructor().

127 {
128  struct named_acl_config *cfg;
129 
130  if (!(cfg = ao2_alloc(sizeof(*cfg), named_acl_config_destructor))) {
131  return NULL;
132  }
133 
134  cfg->named_acl_list = ao2_container_alloc_hash(AO2_ALLOC_OPT_LOCK_MUTEX, 0, 37,
135  named_acl_hash_fn, NULL, named_acl_cmp_fn);
136  if (!cfg->named_acl_list) {
137  goto error;
138  }
139 
140  return cfg;
141 
142 error:
143  ao2_ref(cfg, -1);
144  return NULL;
145 }
#define ao2_ref(o, delta)
Reference/unreference an object and return the old refcount.
Definition: astobj2.h:459
#define ao2_container_alloc_hash(ao2_options, container_options, n_buckets, hash_fn, sort_fn, cmp_fn)
Allocate and initialize a hash container with the desired number of buckets.
Definition: astobj2.h:1303
static void named_acl_config_destructor(void *obj)
destructor for named_acl_config
Definition: named_acl.c:117
static void * named_acl_find ( struct ao2_container container,
const char *  cat 
)
static

Find a named ACL in a container by its name.

Parameters
containerao2container holding the named ACLs
catname of the ACL wanted to be found
Return values
pointerto the named ACL if available. Null if not found.

Definition at line 182 of file named_acl.c.

References ast_copy_string(), and OBJ_POINTER.

Referenced by ast_named_acl_find().

183 {
184  struct named_acl tmp;
185  ast_copy_string(tmp.name, cat, sizeof(tmp.name));
186  return ao2_find(container, &tmp, OBJ_POINTER);
187 }
#define OBJ_POINTER
Definition: astobj2.h:1150
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425

Variable Documentation

struct ast_cli_entry cli_named_acl[]
static
Initial value:
= {
{ .handler = handle_show_named_acl_cmd , .summary = "Show a named ACL or list all named ACLs" ,},
}
static char * handle_show_named_acl_cmd(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
ACL command show
Definition: named_acl.c:471

Definition at line 525 of file named_acl.c.

struct aco_file named_acl_conf
Initial value:
= {
.filename = "acl.conf",
.types = ACO_TYPES(&named_acl_type),
}
#define ACO_TYPES(...)
A helper macro to ensure that aco_info types always have a sentinel.

Definition at line 98 of file named_acl.c.