Asterisk - The Open Source Telephony Project  21.4.1
Data Structures | Macros | Enumerations | Functions
acl.h File Reference

Access Control of various sorts. More...

#include "asterisk/network.h"
#include "asterisk/linkedlists.h"
#include "asterisk/netsock2.h"
#include "asterisk/io.h"

Go to the source code of this file.

Data Structures

struct  ast_acl
 an ast_acl is a linked list node of ast_ha structs which may have names. More...
 
struct  ast_acl_list
 Wrapper for an ast_acl linked list. More...
 
struct  ast_ha
 internal representation of ACL entries In principle user applications would have no need for this, but there is sometimes a need to extract individual items, e.g. to print them, and rather than defining iterators to navigate the list, and an externally visible 'struct ast_ha_entry', at least in the short term it is more convenient to make the whole thing public and let users play with them. More...
 

Macros

#define ACL_NAME_LENGTH   80
 

Enumerations

enum  ast_acl_sense { AST_SENSE_DENY, AST_SENSE_ALLOW }
 

Functions

int ast_acl_list_is_empty (struct ast_acl_list *acl_list)
 Determines if an ACL is empty or if it contains entries. More...
 
void ast_acl_output (int fd, struct ast_acl_list *acl, const char *prefix)
 output an ACL to the provided fd More...
 
void ast_append_acl (const char *sense, const char *stuff, struct ast_acl_list **path, int *error, int *named_acl_flag)
 Add a rule to an ACL struct. More...
 
struct ast_haast_append_ha (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule to a list of HAs. More...
 
struct ast_haast_append_ha_with_port (const char *sense, const char *stuff, struct ast_ha *path, int *error)
 Add a new rule with optional port to a list of HAs. More...
 
enum ast_acl_sense ast_apply_acl (struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose)
 Apply a set of rules to a given IP address. More...
 
enum ast_acl_sense ast_apply_acl_nolog (struct ast_acl_list *acl_list, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address, don't log failure. More...
 
enum ast_acl_sense ast_apply_ha (const struct ast_ha *ha, const struct ast_sockaddr *addr)
 Apply a set of rules to a given IP address. More...
 
void ast_copy_ha (const struct ast_ha *from, struct ast_ha *to)
 Copy the contents of one HA to another. More...
 
struct ast_acl_listast_duplicate_acl_list (struct ast_acl_list *original)
 Duplicates the contests of a list of lists of host access rules. More...
 
struct ast_haast_duplicate_ha_list (struct ast_ha *original)
 Duplicate the contents of a list of host access rules. More...
 
int ast_find_ourip (struct ast_sockaddr *ourip, const struct ast_sockaddr *bindaddr, int family)
 Find our IP address. More...
 
struct ast_acl_listast_free_acl_list (struct ast_acl_list *acl)
 Free a list of ACLs. More...
 
void ast_free_ha (struct ast_ha *ha)
 Free a list of HAs. More...
 
int ast_get_ip (struct ast_sockaddr *addr, const char *hostname)
 Get the IP address given a hostname. More...
 
int ast_get_ip_or_srv (struct ast_sockaddr *addr, const char *hostname, const char *service)
 Get the IP address given a hostname and optional service. More...
 
void ast_ha_join (const struct ast_ha *ha, struct ast_str **buf)
 Convert HAs to a comma separated string value. More...
 
void ast_ha_join_cidr (const struct ast_ha *ha, struct ast_str **buf)
 Convert HAs to a comma separated string value using CIDR notation. More...
 
void ast_ha_output (int fd, const struct ast_ha *ha, const char *prefix)
 output an HA to the provided fd More...
 
int ast_lookup_iface (char *iface, struct ast_sockaddr *address)
 Find an IP address associated with a specific interface. More...
 
struct stasis_message_typeast_named_acl_change_type (void)
 a stasis_message_type for changes against a named ACL or the set of all named ACLs More...
 
struct ast_haast_named_acl_find (const char *name, int *is_realtime, int *is_undefined)
 Retrieve a named ACL. More...
 
int ast_ouraddrfor (const struct ast_sockaddr *them, struct ast_sockaddr *us)
 Get our local IP address when contacting a remote host. More...
 
int ast_str2cos (const char *value, unsigned int *cos)
 Convert a string to the appropriate COS value. More...
 
int ast_str2tos (const char *value, unsigned int *tos)
 Convert a string to the appropriate TOS value. More...
 
const char * ast_tos2str (unsigned int tos)
 Convert a TOS value into its string representation. More...
 

Detailed Description

Access Control of various sorts.

Definition in file acl.h.

Function Documentation

int ast_acl_list_is_empty ( struct ast_acl_list acl_list)

Determines if an ACL is empty or if it contains entries.

Parameters
acl_listThe ACL list being checked
Return values
0the list is not empty
1the list is empty

Definition at line 540 of file acl.c.

References AST_LIST_FIRST, AST_LIST_LOCK, and AST_LIST_UNLOCK.

Referenced by curl_open_socket_cb(), and handle_cli_iax2_show_peer().

541 {
542  struct ast_acl *head;
543 
544  if (!acl_list) {
545  return 1;
546  }
547 
548  AST_LIST_LOCK(acl_list);
549  head = AST_LIST_FIRST(acl_list);
550  AST_LIST_UNLOCK(acl_list);
551 
552  if (head) {
553  return 0;
554  }
555 
556  return 1;
557 }
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_FIRST(head)
Returns the first entry contained in a list.
Definition: linkedlists.h:421
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
void ast_acl_output ( int  fd,
struct ast_acl_list acl,
const char *  prefix 
)

output an ACL to the provided fd

This function can be used centrally to output HAs as used in ACLs from other modules. It follows the format as originally used for named ACLs in named_acl.c.

Parameters
fdThe file-descriptor to which to output the ACL.
aclThe ACL to output.
prefixIf you need a specific prefix output on each line, give it here, may be NULL.
Since
13.33.0, 16.10.0, 17.4.0

Definition at line 1098 of file acl.c.

References ast_acl::acl, ast_ha_output(), AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_acl::is_realtime, and ast_acl::name.

1099 {
1100  struct ast_acl *acl;
1101 
1102  AST_LIST_LOCK(acl_list);
1103  AST_LIST_TRAVERSE(acl_list, acl, list) {
1104  ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",
1105  prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,
1106  acl->is_realtime ? " (realtime)" : "");
1107 
1108  ast_ha_output(fd, acl->acl, prefix);
1109  }
1110  AST_LIST_UNLOCK(acl_list);
1111 
1112 }
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
char name[ACL_NAME_LENGTH]
Definition: acl.h:71
int is_realtime
Definition: acl.h:69
struct ast_ha * acl
Definition: acl.h:68
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
output an HA to the provided fd
Definition: acl.c:1086
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
void ast_append_acl ( const char *  sense,
const char *  stuff,
struct ast_acl_list **  path,
int *  error,
int *  named_acl_flag 
)

Add a rule to an ACL struct.

This adds a named ACL or an ACL rule to an ast_acl container. It works in a similar way to ast_append_ha.

Parameters
senseCan be any among "permit", "deny", or "acl" this controls whether the rule being added will simply modify the unnamed ACL at the head of the list or if a new named ACL will be added to that ast_acl.
stuffIf sense is 'permit'/'deny', this is the ip address and subnet mask separated with a '/' like in ast_append ha. If it sense is 'acl', then this will be the name of the ACL being appended to the container.
pathAddress of the ACL list being appended
[out]errorThe int that error points to will be set to 1 if an error occurs.
[out]named_acl_flagThis will raise a flag under certain conditions to indicate that a named ACL has been added by this operation. This may be used to indicate that an event subscription should be made against the named ACL subsystem. Note: This flag may be raised by this function, but it will never be lowered by it.

Definition at line 429 of file acl.c.

References ast_acl::acl, ast_append_ha(), ast_calloc, AST_LIST_FIRST, AST_LIST_HEAD_INIT, AST_LIST_INSERT_HEAD, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_named_acl_find(), ast_skip_blanks(), ast_strdupa, ast_acl::is_invalid, ast_acl::is_realtime, and ast_acl::name.

Referenced by build_peer(), build_user(), and rtp_reload().

430 {
431  struct ast_acl *acl = NULL;
432  struct ast_acl *current;
433  struct ast_acl_list *working_list;
434 
435  char *tmp, *list;
436 
437  /* If the ACL list is currently uninitialized, it must be initialized. */
438  if (*path == NULL) {
439  struct ast_acl_list *list;
440  list = ast_calloc(1, sizeof(*list));
441  if (!list) {
442  /* Allocation Error */
443  if (error) {
444  *error = 1;
445  }
446  return;
447  }
448 
449  AST_LIST_HEAD_INIT(list);
450  *path = list;
451  }
452 
453  working_list = *path;
454 
455  AST_LIST_LOCK(working_list);
456 
457  /* First we need to determine if we will need to add a new ACL node or if we can use an existing one. */
458  if (strncasecmp(sense, "a", 1)) {
459  /* The first element in the path should be the unnamed, base ACL. If that's the case, we use it. If not,
460  * we have to make one and link it up appropriately. */
461  current = AST_LIST_FIRST(working_list);
462 
463  if (!current || !ast_strlen_zero(current->name)) {
464  if (acl_new(&acl, "")) {
465  if (error) {
466  *error = 1;
467  }
468  AST_LIST_UNLOCK(working_list);
469  return;
470  }
471  // Need to INSERT the ACL at the head here.
472  AST_LIST_INSERT_HEAD(working_list, acl, list);
473  } else {
474  /* If the first element was already the unnamed base ACL, we just use that one. */
475  acl = current;
476  }
477 
478  /* With the proper ACL set for modification, we can just pass this off to the ast_ha append function. */
479  acl->acl = ast_append_ha(sense, stuff, acl->acl, error);
480 
481  AST_LIST_UNLOCK(working_list);
482  return;
483  }
484 
485  /* We are in ACL append mode, so we know we'll be adding one or more named ACLs. */
486  list = ast_strdupa(stuff);
487 
488  while ((tmp = strsep(&list, ","))) {
489  struct ast_ha *named_ha;
490  int already_included = 0;
491 
492  /* Remove leading whitespace from the string in case the user put spaces between items */
493  tmp = ast_skip_blanks(tmp);
494 
495  /* The first step is to check for a duplicate */
496  AST_LIST_TRAVERSE(working_list, current, list) {
497  if (!strcasecmp(current->name, tmp)) { /* ACL= */
498  /* Inclusion of the same ACL multiple times isn't a catastrophic error, but it will raise the error flag and skip the entry. */
499  ast_log(LOG_ERROR, "Named ACL '%s' occurs multiple times in ACL definition. "
500  "Please update your ACL configuration.\n", tmp);
501  if (error) {
502  *error = 1;
503  }
504  already_included = 1;
505  break;
506  }
507  }
508 
509  if (already_included) {
510  continue;
511  }
512 
513  if (acl_new(&acl, tmp)) {
514  /* This is a catastrophic allocation error and we'll return immediately if this happens. */
515  if (error) {
516  *error = 1;
517  }
518  AST_LIST_UNLOCK(working_list);
519  return;
520  }
521 
522  /* Attempt to grab the Named ACL we are looking for. */
523  named_ha = ast_named_acl_find(tmp, &acl->is_realtime, &acl->is_invalid);
524 
525  /* Set the ACL's ast_ha to the duplicated named ACL retrieved above. */
526  acl->acl = named_ha;
527 
528  /* Raise the named_acl_flag since we are adding a named ACL to the ACL container. */
529  if (named_acl_flag) {
530  *named_acl_flag = 1;
531  }
532 
533  /* Now insert the new ACL at the end of the list. */
534  AST_LIST_INSERT_TAIL(working_list, acl, list);
535  }
536 
537  AST_LIST_UNLOCK(working_list);
538 }
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_FIRST(head)
Returns the first entry contained in a list.
Definition: linkedlists.h:421
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
char name[ACL_NAME_LENGTH]
Definition: acl.h:71
struct ast_ha * ast_append_ha(const char *sense, const char *stuff, struct ast_ha *path, int *error)
Add a new rule to a list of HAs.
Definition: acl.c:712
Wrapper for an ast_acl linked list.
Definition: acl.h:76
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
int is_realtime
Definition: acl.h:69
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298
int is_invalid
Definition: acl.h:70
struct ast_ha * acl
Definition: acl.h:68
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
#define AST_LIST_INSERT_TAIL(head, elm, field)
Appends a list entry to the tail of a list.
Definition: linkedlists.h:731
char * ast_skip_blanks(const char *str)
Gets a pointer to the first non-whitespace character in a string.
Definition: strings.h:161
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
#define AST_LIST_INSERT_HEAD(head, elm, field)
Inserts a list entry at the head of a list.
Definition: linkedlists.h:711
Definition: test_acl.c:111
#define AST_LIST_HEAD_INIT(head)
Initializes a list head structure.
Definition: linkedlists.h:626
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202
struct ast_ha * ast_named_acl_find(const char *name, int *is_realtime, int *is_undefined)
Retrieve a named ACL.
Definition: named_acl.c:293
struct ast_ha* ast_append_ha ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
)

Add a new rule to a list of HAs.

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters
senseEither "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuffThe IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32).
pathThe head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out]errorThe integer error points to will be set non-zero if an error occurs
Returns
The head of the HA list

Definition at line 712 of file acl.c.

Referenced by acl_handler_fn(), and ast_append_acl().

713 {
714  return append_ha_core(sense, stuff, path, error, PARSE_PORT_FORBID);
715 }
struct ast_ha* ast_append_ha_with_port ( const char *  sense,
const char *  stuff,
struct ast_ha path,
int *  error 
)

Add a new rule with optional port to a list of HAs.

Since
13.31.0, 16.8.0, 17.2.0

This adds the new host access rule to the end of the list whose head is specified by the path parameter. Rules are evaluated in a way such that if multiple rules apply to a single IP address/subnet mask, then the rule latest in the list will be used.

Parameters
senseEither "permit" or "deny" (Actually any 'p' word will result in permission, and any other word will result in denial)
stuffThe IP address and subnet mask, separated with a '/'. The subnet mask can either be in dotted-decimal format or in CIDR notation (i.e. 0-32). A port can be provided by placing it after the IP address, separated with a ':'.
pathThe head of the HA list to which we wish to append our new rule. If NULL is passed, then the new rule will become the head of the list
[out]errorThe integer error points to will be set non-zero if an error occurs
Returns
The head of the HA list

Definition at line 717 of file acl.c.

718 {
719  return append_ha_core(sense, stuff, path, error, 0);
720 }
enum ast_acl_sense ast_apply_acl ( struct ast_acl_list acl_list,
const struct ast_sockaddr addr,
const char *  purpose 
)

Apply a set of rules to a given IP address.

Similar to the above, only uses an acl container, which is a whole slew of ast_ha lists. It runs ast_apply_ha on each of the ast_ha structs contained in the acl container. It will deny if any of the ast_ha lists fail, and it will pass only if all of the rules pass.

Parameters
acl_listThe head of the list of ACLs to evaluate
addrAn ast_sockaddr whose address is considered when matching rules
purposeContext for which the ACL is being applied - Establishes purpose of a notice when rejected
Return values
AST_SENSE_ALLOWThe IP address passes our ACLs
AST_SENSE_DENYThe IP address fails our ACLs

Definition at line 799 of file acl.c.

Referenced by curl_open_socket_cb(), and register_verify().

799  {
800  return ast_apply_acl_internal(acl_list, addr, purpose ?: "");
801 }
enum ast_acl_sense ast_apply_acl_nolog ( struct ast_acl_list acl_list,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address, don't log failure.

Exactly like ast_apply_acl, except that it will never log anything.

Parameters
acl_listThe head of the list of ACLs to evaluate
addrAn ast_sockaddr whose address is considered when matching rules
Return values
AST_SENSE_ALLOWThe IP address passes our ACLs
AST_SENSE_DENYThe IP address fails our ACLs

Definition at line 803 of file acl.c.

803  {
804  return ast_apply_acl_internal(acl_list, addr, NULL);
805 }
enum ast_acl_sense ast_apply_ha ( const struct ast_ha ha,
const struct ast_sockaddr addr 
)

Apply a set of rules to a given IP address.

The list of host access rules is traversed, beginning with the input rule. If the IP address given matches a rule, the "sense" of that rule is used as the return value. Note that if an IP address matches multiple rules that the last one matched will be the one whose sense will be returned.

Parameters
haThe head of the list of host access rules to follow
addrAn ast_sockaddr whose address is considered when matching rules
Return values
AST_SENSE_ALLOWThe IP address passes our ACL
AST_SENSE_DENYThe IP address fails our ACL

Definition at line 807 of file acl.c.

References ast_copy_string(), ast_debug, ast_sockaddr_apply_netmask(), ast_sockaddr_cmp_addr(), ast_sockaddr_ipv4_mapped(), ast_sockaddr_is_ipv4(), ast_sockaddr_is_ipv4_mapped(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, and ast_sockaddr_stringify().

808 {
809  /* Start optimistic */
810  enum ast_acl_sense res = AST_SENSE_ALLOW;
811  const struct ast_ha *current_ha;
812 
813  for (current_ha = ha; current_ha; current_ha = current_ha->next) {
814  struct ast_sockaddr result;
815  struct ast_sockaddr mapped_addr;
816  const struct ast_sockaddr *addr_to_use;
817  uint16_t save_port;
818 #if 0 /* debugging code */
819  char iabuf[INET_ADDRSTRLEN];
820  char iabuf2[INET_ADDRSTRLEN];
821  /* DEBUG */
822  ast_copy_string(iabuf, ast_sockaddr_stringify(addr), sizeof(iabuf));
823  ast_copy_string(iabuf2, ast_sockaddr_stringify(&current_ha->addr), sizeof(iabuf2));
824  ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
825 #endif
826  if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
827  if (ast_sockaddr_is_ipv6(addr)) {
828  if (ast_sockaddr_is_ipv4_mapped(addr)) {
829  /* IPv4 ACLs apply to IPv4-mapped addresses */
830  if (!ast_sockaddr_ipv4_mapped(addr, &mapped_addr)) {
831  ast_log(LOG_ERROR, "%s provided to ast_sockaddr_ipv4_mapped could not be converted. That shouldn't be possible.\n",
832  ast_sockaddr_stringify(addr));
833  continue;
834  }
835  addr_to_use = &mapped_addr;
836  } else {
837  /* An IPv4 ACL does not apply to an IPv6 address */
838  continue;
839  }
840  } else {
841  /* Address is IPv4 and ACL is IPv4. No biggie */
842  addr_to_use = addr;
843  }
844  } else {
846  addr_to_use = addr;
847  } else {
848  /* Address is IPv4 or IPv4 mapped but ACL is IPv6. Skip */
849  continue;
850  }
851  }
852 
853  /* ast_sockaddr_apply_netmask() does not preserve the port, so we need to save and
854  * restore it */
855  save_port = ast_sockaddr_port(addr_to_use);
856 
857  /* For each rule, if this address and the netmask = the net address
858  apply the current rule */
859  if (ast_sockaddr_apply_netmask(addr_to_use, &current_ha->netmask, &result)) {
860  /* Unlikely to happen since we know the address to be IPv4 or IPv6 */
861  continue;
862  }
863 
864  ast_sockaddr_set_port(&result, save_port);
865 
866  if (!ast_sockaddr_cmp_addr(&result, &current_ha->addr)
867  && (!ast_sockaddr_port(&current_ha->addr)
868  || ast_sockaddr_port(&current_ha->addr) == ast_sockaddr_port(&result))) {
869  res = current_ha->sense;
870  }
871  }
872  return res;
873 }
int ast_sockaddr_ipv4_mapped(const struct ast_sockaddr *addr, struct ast_sockaddr *ast_mapped)
Convert an IPv4-mapped IPv6 address into an IPv4 address.
Definition: netsock2.c:37
Socket address structure.
Definition: netsock2.h:97
int ast_sockaddr_cmp_addr(const struct ast_sockaddr *a, const struct ast_sockaddr *b)
Compares the addresses of two ast_sockaddr structures.
Definition: netsock2.c:413
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
#define ast_debug(level,...)
Log a DEBUG message.
int ast_sockaddr_apply_netmask(const struct ast_sockaddr *addr, const struct ast_sockaddr *netmask, struct ast_sockaddr *result)
Apply a netmask to an address and store the result in a separate structure.
Definition: netsock2.c:357
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
static char * ast_sockaddr_stringify(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() with default format.
Definition: netsock2.h:256
int ast_sockaddr_is_ipv4_mapped(const struct ast_sockaddr *addr)
Determine if this is an IPv4-mapped IPv6 address.
Definition: netsock2.c:507
void ast_copy_string(char *dst, const char *src, size_t size)
Size-limited null-terminating string copy.
Definition: strings.h:425
int ast_sockaddr_is_ipv4(const struct ast_sockaddr *addr)
Determine if the address is an IPv4 address.
Definition: netsock2.c:497
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
Determine if this is an IPv6 address.
Definition: netsock2.c:524
void ast_copy_ha ( const struct ast_ha from,
struct ast_ha to 
)

Copy the contents of one HA to another.

This copies the internals of the 'from' HA to the 'to' HA. It is important that the 'to' HA has been allocated prior to calling this function

Parameters
fromSource HA to copy
toDestination HA to copy to

Definition at line 255 of file acl.c.

References ast_sockaddr_copy().

256 {
257  ast_sockaddr_copy(&to->addr, &from->addr);
258  ast_sockaddr_copy(&to->netmask, &from->netmask);
259  to->sense = from->sense;
260 }
static void ast_sockaddr_copy(struct ast_sockaddr *dst, const struct ast_sockaddr *src)
Copies the data from one ast_sockaddr to another.
Definition: netsock2.h:167
struct ast_acl_list* ast_duplicate_acl_list ( struct ast_acl_list original)

Duplicates the contests of a list of lists of host access rules.

A deep copy of an ast_acl list is made (which in turn means a deep copy of each of the ast_ha structs contained within). The returned value is allocated on the heap and must be freed independently of the input paramater when finished.

Parameters
originalThe ast_acl_list to copy
Returns
The new duplicated ast_acl_list

Definition at line 315 of file acl.c.

References ast_acl::acl, ast_calloc, ast_duplicate_ha_list(), ast_free_acl_list(), AST_LIST_HEAD_INIT, AST_LIST_INSERT_TAIL, AST_LIST_LOCK, AST_LIST_TRAVERSE, AST_LIST_UNLOCK, ast_acl::is_invalid, ast_acl::is_realtime, and ast_acl::name.

316 {
317  struct ast_acl_list *clone;
318  struct ast_acl *current_cursor;
319  struct ast_acl *current_clone;
320 
321  /* Early return if we receive a duplication request for a NULL original. */
322  if (!original) {
323  return NULL;
324  }
325 
326  if (!(clone = ast_calloc(1, sizeof(*clone)))) {
327  ast_log(LOG_ERROR, "Failed to allocate ast_acl_list struct while cloning an ACL\n");
328  return NULL;
329  }
330  AST_LIST_HEAD_INIT(clone);
331 
332  AST_LIST_LOCK(original);
333 
334  AST_LIST_TRAVERSE(original, current_cursor, list) {
335  if ((acl_new(&current_clone, current_cursor->name))) {
336  ast_log(LOG_ERROR, "Failed to allocate ast_acl struct while cloning an ACL.\n");
337  ast_free_acl_list(clone);
338  clone = NULL;
339  break;
340  }
341 
342  /* Copy data from original ACL to clone ACL */
343  current_clone->acl = ast_duplicate_ha_list(current_cursor->acl);
344 
345  current_clone->is_invalid = current_cursor->is_invalid;
346  current_clone->is_realtime = current_cursor->is_realtime;
347 
348  AST_LIST_INSERT_TAIL(clone, current_clone, list);
349 
350  if (current_cursor->acl && !current_clone->acl) {
351  /* Deal with failure after adding to clone so we don't have to free
352  * current_clone separately. */
353  ast_log(LOG_ERROR, "Failed to duplicate HA list while cloning ACL.\n");
354  ast_free_acl_list(clone);
355  clone = NULL;
356  break;
357  }
358  }
359 
360  AST_LIST_UNLOCK(original);
361 
362  return clone;
363 }
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
char name[ACL_NAME_LENGTH]
Definition: acl.h:71
struct ast_acl_list * ast_free_acl_list(struct ast_acl_list *acl_list)
Free a list of ACLs.
Definition: acl.c:233
Wrapper for an ast_acl linked list.
Definition: acl.h:76
int is_realtime
Definition: acl.h:69
int is_invalid
Definition: acl.h:70
struct ast_ha * acl
Definition: acl.h:68
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
#define AST_LIST_INSERT_TAIL(head, elm, field)
Appends a list entry to the tail of a list.
Definition: linkedlists.h:731
#define AST_LIST_TRAVERSE(head, var, field)
Loops over (traverses) the entries in a list.
Definition: linkedlists.h:491
#define AST_LIST_HEAD_INIT(head)
Initializes a list head structure.
Definition: linkedlists.h:626
#define ast_calloc(num, len)
A wrapper for calloc()
Definition: astmm.h:202
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
struct ast_ha* ast_duplicate_ha_list ( struct ast_ha original)

Duplicate the contents of a list of host access rules.

A deep copy of all ast_has in the list is made. The returned value is allocated on the heap and must be freed independently of the input parameter when finished.

Parameters
originalThe ast_ha to copy
Returns
The head of the list of duplicated ast_has

Definition at line 276 of file acl.c.

References ast_free_ha().

Referenced by ast_duplicate_acl_list(), and ast_named_acl_find().

277 {
278  struct ast_ha *start = original;
279  struct ast_ha *ret = NULL;
280  struct ast_ha *current, *prev = NULL;
281 
282  while (start) {
283  current = ast_duplicate_ha(start); /* Create copy of this object */
284  if (!current) {
285  ast_free_ha(ret);
286 
287  return NULL;
288  }
289 
290  if (prev) {
291  prev->next = current; /* Link previous to this object */
292  }
293 
294  if (!ret) {
295  ret = current; /* Save starting point */
296  }
297 
298  start = start->next; /* Go to next object */
299  prev = current; /* Save pointer to this object */
300  }
301  return ret; /* Return start of list */
302 }
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
int ast_find_ourip ( struct ast_sockaddr ourip,
const struct ast_sockaddr bindaddr,
int  family 
)

Find our IP address.

This function goes through many iterations in an attempt to find our IP address. If any step along the way should fail, we move to the next item in the list. Here are the steps taken:

  • If bindaddr has a non-zero IP address, that is copied into ourip
  • We use a combination of gethostname and ast_gethostbyname to find our IP address.
  • We use ast_ouraddrfor with 198.41.0.4 as the destination IP address
  • We try some platform-specific socket operations to find the IP address
Parameters
[out]ouripOur IP address is written here when it is found
bindaddrA hint used for finding our IP. See the steps above for more details
familyOnly addresses of the given family will be returned. Use 0 or AST_SOCKADDR_UNSPEC to get addresses of all families.
Return values
0Success
-1Failure

Definition at line 1051 of file acl.c.

References ast_debug, ast_ouraddrfor(), ast_sockaddr_copy(), ast_sockaddr_is_any(), ast_sockaddr_port, and ast_sockaddr_set_port.

Referenced by ast_rtp_prop_set().

1052 {
1053  char ourhost[MAXHOSTNAMELEN] = "";
1054  struct ast_sockaddr root;
1055  int res, port = ast_sockaddr_port(ourip);
1056 
1057  /* just use the bind address if it is nonzero */
1058  if (!ast_sockaddr_is_any(bindaddr)) {
1059  ast_sockaddr_copy(ourip, bindaddr);
1060  ast_debug(3, "Attached to given IP address\n");
1061  return 0;
1062  }
1063  /* try to use our hostname */
1064  if (gethostname(ourhost, sizeof(ourhost) - 1)) {
1065  ast_log(LOG_WARNING, "Unable to get hostname\n");
1066  } else {
1067  if (resolve_first(ourip, ourhost, PARSE_PORT_FORBID, family) == 0) {
1068  /* reset port since resolve_first wipes this out */
1069  ast_sockaddr_set_port(ourip, port);
1070  return 0;
1071  }
1072  }
1073  ast_debug(3, "Trying to check A.ROOT-SERVERS.NET and get our IP address for that connection\n");
1074  /* A.ROOT-SERVERS.NET. */
1075  if (!resolve_first(&root, "A.ROOT-SERVERS.NET", PARSE_PORT_FORBID, 0) &&
1076  !ast_ouraddrfor(&root, ourip)) {
1077  /* reset port since resolve_first wipes this out */
1078  ast_sockaddr_set_port(ourip, port);
1079  return 0;
1080  }
1081  res = get_local_address(ourip);
1082  ast_sockaddr_set_port(ourip, port);
1083  return res;
1084 }
static void ast_sockaddr_copy(struct ast_sockaddr *dst, const struct ast_sockaddr *src)
Copies the data from one ast_sockaddr to another.
Definition: netsock2.h:167
Socket address structure.
Definition: netsock2.h:97
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
int ast_sockaddr_is_any(const struct ast_sockaddr *addr)
Determine if the address type is unspecified, or "any" address.
Definition: netsock2.c:534
#define ast_debug(level,...)
Log a DEBUG message.
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
int ast_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us)
Get our local IP address when contacting a remote host.
Definition: acl.c:1004
struct ast_acl_list* ast_free_acl_list ( struct ast_acl_list acl)

Free a list of ACLs.

Given the head of a list of ast_acl structs, it and all appended acl structs will be freed. This includes the ast_ha structs within the individual nodes.

Parameters
aclThe list of ACLs to free
Return values
NULL

Definition at line 233 of file acl.c.

References ast_acl::acl, ast_free_ha(), AST_LIST_HEAD_DESTROY, AST_LIST_LOCK, AST_LIST_REMOVE_HEAD, and AST_LIST_UNLOCK.

Referenced by ast_duplicate_acl_list(), build_peer(), build_user(), and rtp_reload().

234 {
235  struct ast_acl *current;
236 
237  if (!acl_list) {
238  return NULL;
239  }
240 
241  AST_LIST_LOCK(acl_list);
242  while ((current = AST_LIST_REMOVE_HEAD(acl_list, list))) {
243  ast_free_ha(current->acl);
244  ast_free(current);
245  }
246  AST_LIST_UNLOCK(acl_list);
247 
248  AST_LIST_HEAD_DESTROY(acl_list);
249  ast_free(acl_list);
250 
251  return NULL;
252 }
#define AST_LIST_LOCK(head)
Locks a list.
Definition: linkedlists.h:40
#define AST_LIST_UNLOCK(head)
Attempts to unlock a list.
Definition: linkedlists.h:140
void ast_free_ha(struct ast_ha *ha)
Free a list of HAs.
Definition: acl.c:222
#define AST_LIST_HEAD_DESTROY(head)
Destroys a list head structure.
Definition: linkedlists.h:653
struct ast_ha * acl
Definition: acl.h:68
an ast_acl is a linked list node of ast_ha structs which may have names.
Definition: acl.h:67
#define AST_LIST_REMOVE_HEAD(head, field)
Removes and returns the head entry from a list.
Definition: linkedlists.h:833
void ast_free_ha ( struct ast_ha ha)

Free a list of HAs.

Given the head of a list of HAs, it and all appended HAs are freed

Parameters
haThe head of the list of HAs to free

Definition at line 222 of file acl.c.

Referenced by ast_duplicate_ha_list(), ast_free_acl_list(), and destroy_named_acl().

223 {
224  struct ast_ha *hal;
225  while (ha) {
226  hal = ha;
227  ha = ha->next;
228  ast_free(hal);
229  }
230 }
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
int ast_get_ip ( struct ast_sockaddr addr,
const char *  hostname 
)

Get the IP address given a hostname.

Similar in nature to ast_gethostbyname, except that instead of getting an entire hostent structure, you instead are given only the IP address inserted into a ast_sockaddr structure.

Parameters
addrThe IP address found. The address family is used as an input parameter to filter the returned addresses. If it is AST_AF_UNSPEC, both IPv4 and IPv6 addresses can be returned.
hostnameThe hostname to look up
Return values
0Success
-1Failure

Definition at line 999 of file acl.c.

References ast_get_ip_or_srv().

Referenced by build_peer(), peer_set_srcaddr(), and stun_monitor_request().

1000 {
1001  return ast_get_ip_or_srv(addr, hostname, NULL);
1002 }
int ast_get_ip_or_srv(struct ast_sockaddr *addr, const char *hostname, const char *service)
Get the IP address given a hostname and optional service.
Definition: acl.c:896
int ast_get_ip_or_srv ( struct ast_sockaddr addr,
const char *  hostname,
const char *  service 
)

Get the IP address given a hostname and optional service.

If the service parameter is non-NULL, then an SRV lookup will be made by prepending the service to the hostname parameter, separated by a '.' For example, if hostname is "example.com" and service is "_sip._udp" then an SRV lookup will be done for "_sip._udp.example.com". If service is NULL, then this function acts exactly like a call to ast_get_ip.

Parameters
addrThe IP address found. The address family is used as an input parameter to filter the returned addresses. If it is 0, both IPv4 and IPv6 addresses can be returned.
hostnameThe hostname to look up
serviceA specific service provided by the host. A NULL service results in an A-record lookup instead of an SRV lookup
Return values
0Success
-1Failure

Definition at line 896 of file acl.c.

References ast_get_srv(), and ast_sockaddr_set_port.

Referenced by ast_get_ip().

897 {
898  char srv[256];
899  char host[256];
900  int srv_ret = 0;
901  int tportno;
902 
903  if (service) {
904  snprintf(srv, sizeof(srv), "%s.%s", service, hostname);
905  if ((srv_ret = ast_get_srv(NULL, host, sizeof(host), &tportno, srv)) > 0) {
906  hostname = host;
907  }
908  }
909 
910  if (resolve_first(addr, hostname, PARSE_PORT_FORBID, addr->ss.ss_family) != 0) {
911  return -1;
912  }
913 
914  if (srv_ret > 0) {
915  ast_sockaddr_set_port(addr, tportno);
916  }
917 
918  return 0;
919 }
int ast_get_srv(struct ast_channel *chan, char *host, int hostlen, int *port, const char *service)
Lookup entry in SRV records Returns 1 if found, 0 if not found, -1 on hangup.
Definition: srv.c:260
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
void ast_ha_join ( const struct ast_ha ha,
struct ast_str **  buf 
)

Convert HAs to a comma separated string value.

Parameters
hathe starting ha head
bufstring buffer to convert data to

Definition at line 722 of file acl.c.

References ast_sockaddr_port, ast_sockaddr_stringify(), ast_sockaddr_stringify_addr(), and ast_str_append().

723 {
724  for (; ha; ha = ha->next) {
725  const char *addr;
726 
727  if (ast_sockaddr_port(&ha->addr)) {
728  addr = ast_sockaddr_stringify(&ha->addr);
729  } else {
730  addr = ast_sockaddr_stringify_addr(&ha->addr);
731  }
732 
733  ast_str_append(buf, 0, "%s%s/",
734  ha->sense == AST_SENSE_ALLOW ? "!" : "",
735  addr);
736  /* Separated to avoid duplicating stringified addresses. */
737  ast_str_append(buf, 0, "%s", ast_sockaddr_stringify_addr(&ha->netmask));
738  if (ha->next) {
739  ast_str_append(buf, 0, ",");
740  }
741  }
742 }
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
static char * ast_sockaddr_stringify(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() with default format.
Definition: netsock2.h:256
void ast_ha_join_cidr ( const struct ast_ha ha,
struct ast_str **  buf 
)

Convert HAs to a comma separated string value using CIDR notation.

Parameters
hathe starting ha head
bufstring buffer to convert data to

Definition at line 744 of file acl.c.

References ast_sockaddr_cidr_bits(), ast_sockaddr_stringify_addr(), and ast_str_append().

745 {
746  for (; ha; ha = ha->next) {
747  const char *addr = ast_sockaddr_stringify_addr(&ha->addr);
748  ast_str_append(buf, 0, "%s%s/%d",
749  ha->sense == AST_SENSE_ALLOW ? "!" : "",
750  addr, ast_sockaddr_cidr_bits(&ha->netmask));
751  if (ha->next) {
752  ast_str_append(buf, 0, ",");
753  }
754  }
755 }
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
int ast_str_append(struct ast_str **buf, ssize_t max_len, const char *fmt,...)
Append to a thread local dynamic string.
Definition: strings.h:1139
int ast_sockaddr_cidr_bits(const struct ast_sockaddr *sa)
Count the 1 bits in a netmask.
Definition: netsock2.c:130
void ast_ha_output ( int  fd,
const struct ast_ha ha,
const char *  prefix 
)

output an HA to the provided fd

This function can be used centrally to output HAs as used in ACLs from other modules. It follows the format as originally used for named ACLs in named_acl.c.

Parameters
fdThe file-descriptor to which to output the HA.
haThe HA to output.
prefixIf you need a specific prefix output on each line, give it here, may be NULL.
Since
13.33.0, 16.10.0, 17.4.0

Definition at line 1086 of file acl.c.

References ast_sockaddr_stringify_addr().

Referenced by ast_acl_output().

1087 {
1088  char addr[AST_SOCKADDR_BUFLEN];
1089  char *mask;
1090  int index = 0;
1091  for (; ha; ha = ha->next, ++index) {
1092  strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
1093  mask = ast_sockaddr_stringify_addr(&ha->netmask);
1094  ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
1095  }
1096 }
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
int ast_lookup_iface ( char *  iface,
struct ast_sockaddr address 
)

Find an IP address associated with a specific interface.

Given an interface such as "eth0" we find the primary IP address associated with it using the SIOCGIFADDR ioctl. If the ioctl call should fail, we populate address with 0s.

Note
This function is not actually used anywhere
Parameters
ifaceThe interface name whose IP address we wish to find
[out]addressThe interface's IP address is placed into this param
Return values
-1Failure, address is filled with 0s
0Success
struct stasis_message_type* ast_named_acl_change_type ( void  )

a stasis_message_type for changes against a named ACL or the set of all named ACLs

Since
12
Return values
NULLon error
Returns
stasis_message_type for named ACL changes
Note
Messages of this type should always be issued on and expected from the ast_security_topic stasis_topic

Referenced by rtp_reload().

struct ast_ha* ast_named_acl_find ( const char *  name,
int *  is_realtime,
int *  is_undefined 
)

Retrieve a named ACL.

This function attempts to find a named ACL. If found, a copy of the requested ACL will be made which must be freed by the caller.

Parameters
nameName of the ACL sought
[out]is_realtimewill be true if the ACL being returned is from realtime
[out]is_undefinedwill be true if no ACL profile can be found for the requested name
Returns
A copy of the named ACL as an ast_ha
Return values
NULLif no ACL could be found.

Definition at line 293 of file named_acl.c.

References ao2_global_obj_ref, ast_check_realtime(), ast_duplicate_ha_list(), ast_realtime_is_mapping_defined(), named_acl_find(), and RAII_VAR.

Referenced by ast_append_acl().

294 {
295  struct ast_ha *ha = NULL;
296 
297  RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
298  RAII_VAR(struct named_acl *, named_acl, NULL, ao2_cleanup);
299 
300  if (is_realtime) {
301  *is_realtime = 0;
302  }
303 
304  if (is_undefined) {
305  *is_undefined = 0;
306  }
307 
308  /* If the config or its named_acl_list hasn't been initialized, abort immediately. */
309  if ((!cfg) || (!(cfg->named_acl_list))) {
310  ast_log(LOG_ERROR, "Attempted to find named ACL '%s', but the ACL configuration isn't available.\n", name);
311  return NULL;
312  }
313 
314  named_acl = named_acl_find(cfg->named_acl_list, name);
315 
316  /* If a named ACL couldn't be retrieved locally, we need to try realtime storage. */
317  if (!named_acl) {
318  RAII_VAR(struct named_acl *, realtime_acl, NULL, ao2_cleanup);
319 
320  /* Attempt to create from realtime */
321  if ((realtime_acl = named_acl_find_realtime(name))) {
322  if (is_realtime) {
323  *is_realtime = 1;
324  }
325  ha = ast_duplicate_ha_list(realtime_acl->ha);
326  return ha;
327  }
328 
329  /* Couldn't create from realtime. Raise relevant flags and print relevant warnings. */
330  if (ast_realtime_is_mapping_defined(ACL_FAMILY) && !ast_check_realtime(ACL_FAMILY)) {
331  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n"
332  "This ACL may exist in the configured realtime backend, but that backend hasn't been registered yet. "
333  "Fix this establishing preload for the backend in 'modules.conf'.\n", name);
334  } else {
335  ast_log(LOG_WARNING, "ACL '%s' does not exist. The ACL will be marked as undefined and will automatically fail if applied.\n", name);
336  }
337 
338  if (is_undefined) {
339  *is_undefined = 1;
340  }
341 
342  return NULL;
343  }
344 
346 
347  if (!ha) {
348  ast_log(LOG_NOTICE, "ACL '%s' contains no rules. It is valid, but it will accept addresses unconditionally.\n", name);
349  }
350 
351  return ha;
352 }
struct ast_ha * ast_duplicate_ha_list(struct ast_ha *original)
Duplicate the contents of a list of host access rules.
Definition: acl.c:276
int ast_check_realtime(const char *family)
Check if realtime engine is configured for family.
Definition: main/config.c:3530
#define ao2_global_obj_ref(holder)
Get a reference to the object stored in the global holder.
Definition: astobj2.h:918
internal representation of ACL entries In principle user applications would have no need for this...
Definition: acl.h:51
int ast_realtime_is_mapping_defined(const char *family)
Determine if a mapping exists for a given family.
Definition: main/config.c:3193
static void * named_acl_find(struct ao2_container *container, const char *cat)
Find a named ACL in a container by its name.
Definition: named_acl.c:182
#define RAII_VAR(vartype, varname, initval, dtor)
Declare a variable that will call a destructor function when it goes out of scope.
Definition: utils.h:941
int ast_ouraddrfor ( const struct ast_sockaddr them,
struct ast_sockaddr us 
)

Get our local IP address when contacting a remote host.

This function will attempt to connect(2) to them over UDP using a source port of 5060. If the connect(2) call is successful, then we inspect the sockaddr_in output parameter of connect(2) to determine the IP address used to connect to them. This IP address is then copied into us.

Parameters
themThe IP address to which we wish to attempt to connect
[out]usThe source IP address used to connect to them
Return values
-1Failure
0Success

Definition at line 1004 of file acl.c.

References ast_connect(), ast_debug, ast_getsockname(), ast_sockaddr_is_ipv6(), ast_sockaddr_port, ast_sockaddr_set_port, ast_sockaddr_stringify_addr(), and ast_strdupa.

Referenced by ast_find_ourip(), ast_rtp_remote_address_set(), and unicast_rtp_request().

1005 {
1006  /*
1007  * We must create the errno string before creating the address
1008  * string because it could wipe out errno on the error return
1009  * paths.
1010  */
1011  const char *sock_err;
1012  int port;
1013  int s;
1014 
1015  /* Preserve our original address port */
1016  port = ast_sockaddr_port(us);
1017 
1018  s = socket(ast_sockaddr_is_ipv6(them) ? AF_INET6 : AF_INET, SOCK_DGRAM, 0);
1019  if (s < 0) {
1020  sock_err = ast_strdupa(strerror(errno));
1021  ast_log(LOG_ERROR, "Cannot create socket to %s: %s\n",
1022  ast_sockaddr_stringify_addr(them), sock_err);
1023  return -1;
1024  }
1025 
1026  if (ast_connect(s, them)) {
1027  sock_err = ast_strdupa(strerror(errno));
1028  ast_log(LOG_WARNING, "Cannot connect to %s: %s\n",
1029  ast_sockaddr_stringify_addr(them), sock_err);
1030  close(s);
1031  return -1;
1032  }
1033  if (ast_getsockname(s, us)) {
1034  sock_err = ast_strdupa(strerror(errno));
1035  ast_log(LOG_WARNING, "Cannot get socket name for connection to %s: %s\n",
1036  ast_sockaddr_stringify_addr(them), sock_err);
1037  close(s);
1038  return -1;
1039  }
1040  close(s);
1041 
1042  ast_sockaddr_set_port(us, port);
1043 
1044  ast_debug(3, "For destination '%s', our source address is '%s'.\n",
1047 
1048  return 0;
1049 }
static char * ast_sockaddr_stringify_addr(const struct ast_sockaddr *addr)
Wrapper around ast_sockaddr_stringify_fmt() to return an address only.
Definition: netsock2.h:286
#define ast_sockaddr_port(addr)
Get the port number of a socket address.
Definition: netsock2.h:517
#define ast_strdupa(s)
duplicate a string in memory from the stack
Definition: astmm.h:298
#define ast_debug(level,...)
Log a DEBUG message.
#define ast_sockaddr_set_port(addr, port)
Sets the port number of a socket address.
Definition: netsock2.h:532
int ast_getsockname(int sockfd, struct ast_sockaddr *addr)
Wrapper around getsockname(2) that uses struct ast_sockaddr.
Definition: netsock2.c:600
int ast_sockaddr_is_ipv6(const struct ast_sockaddr *addr)
Determine if this is an IPv6 address.
Definition: netsock2.c:524
int ast_connect(int sockfd, const struct ast_sockaddr *addr)
Wrapper around connect(2) that uses struct ast_sockaddr.
Definition: netsock2.c:595
int ast_str2cos ( const char *  value,
unsigned int *  cos 
)

Convert a string to the appropriate COS value.

Parameters
valueThe COS string to convert
[out]cosThe integer representation of that COS value
Return values
-1Failure
0Success

Definition at line 952 of file acl.c.

Referenced by set_config().

953 {
954  int fval;
955 
956  if (sscanf(value, "%30d", &fval) == 1) {
957  if (fval < 8) {
958  *cos = fval;
959  return 0;
960  }
961  }
962 
963  return -1;
964 }
int ast_str2tos ( const char *  value,
unsigned int *  tos 
)

Convert a string to the appropriate TOS value.

Parameters
valueThe TOS string to convert
[out]tosThe integer representation of that TOS value
Return values
-1Failure
0Success

Definition at line 966 of file acl.c.

Referenced by set_config().

967 {
968  int fval;
969  unsigned int x;
970 
971  if (sscanf(value, "%30i", &fval) == 1) {
972  *tos = fval & 0xFF;
973  return 0;
974  }
975 
976  for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
977  if (!strcasecmp(value, dscp_pool1[x].name)) {
978  *tos = dscp_pool1[x].space << 2;
979  return 0;
980  }
981  }
982 
983  return -1;
984 }
const char* ast_tos2str ( unsigned int  tos)

Convert a TOS value into its string representation.

Parameters
tosThe TOS value to look up
Returns
The string equivalent of the TOS value

Definition at line 986 of file acl.c.

987 {
988  unsigned int x;
989 
990  for (x = 0; x < ARRAY_LEN(dscp_pool1); x++) {
991  if (dscp_pool1[x].space == (tos >> 2)) {
992  return dscp_pool1[x].name;
993  }
994  }
995 
996  return "unknown";
997 }