sysmocom/asterisk
11
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
asterisk/main/acl.c
Luigi Rizzo 925ebbb2b3 expose struct ast_ha so external code can do things such as printing it 
(e.g. chan_sip.c in a subsequent commit).

Obviously exposing the internals of a data structure is far from ideal
(especially in a case like this where the implementation is very
inefficient and will need to be changed at some point).

On the other hand, it was also unclear what additional APIs should
we provide instead, and because exposing the stucture has no impact
on source and binary compatibility, this seemed to me the best option at
this time.



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@76034 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2007-07-20 14:38:36 +00:00

381 lines
8.3 KiB
C
Raw Blame History

/*
* Asterisk -- An open source telephony toolkit.
*
* Copyright (C) 1999 - 2006, Digium, Inc.
*
* Mark Spencer <markster@digium.com>
*
* See http://www.asterisk.org for more information about
* the Asterisk project. Please do not directly contact
* any of the maintainers of this project for assistance;
* the project provides a web site, mailing lists and IRC
* channels for your use.
*
* This program is free software, distributed under the terms of
* the GNU General Public License Version 2. See the LICENSE file
* at the top of the source tree.
*/
/*! \file
*
* \brief Various sorts of access control
*
* \author Mark Spencer <markster@digium.com>
*/
#include "asterisk.h"
ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <signal.h>
#include <errno.h>
#include <unistd.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netdb.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/ioctl.h>
#if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
#include <fcntl.h>
#include <net/route.h>
#endif
#if defined(SOLARIS)
#include <sys/sockio.h>
#endif
/* netinet/ip.h may not define the following (See RFCs 791 and 1349) */
#if !defined(IPTOS_LOWCOST)
#define IPTOS_LOWCOST 0x02
#endif
#if !defined(IPTOS_MINCOST)
#define IPTOS_MINCOST IPTOS_LOWCOST
#endif
#include "asterisk/acl.h"
#include "asterisk/logger.h"
#include "asterisk/channel.h"
#include "asterisk/options.h"
#include "asterisk/utils.h"
#include "asterisk/lock.h"
#include "asterisk/srv.h"
struct my_ifreq {
char ifrn_name[IFNAMSIZ]; /* Interface name, e.g. "eth0", "ppp0", etc. */
struct sockaddr_in ifru_addr;
};
/* Free HA structure */
void ast_free_ha(struct ast_ha *ha)
{
struct ast_ha *hal;
while (ha) {
hal = ha;
ha = ha->next;
ast_free(hal);
}
}
/* Copy HA structure */
static void ast_copy_ha(struct ast_ha *from, struct ast_ha *to)
{
memcpy(&to->netaddr, &from->netaddr, sizeof(from->netaddr));
memcpy(&to->netmask, &from->netmask, sizeof(from->netmask));
to->sense = from->sense;
}
/* Create duplicate of ha structure */
static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
{
struct ast_ha *new_ha;
if ((new_ha = ast_malloc(sizeof(*new_ha)))) {
/* Copy from original to new object */
ast_copy_ha(original, new_ha);
}
return new_ha;
}
/* Create duplicate HA link list */
/* Used in chan_sip2 templates */
struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
{
struct ast_ha *start = original;
struct ast_ha *ret = NULL;
struct ast_ha *link, *prev = NULL;
while (start) {
link = ast_duplicate_ha(start); /* Create copy of this object */
if (prev)
prev->next = link; /* Link previous to this object */
if (!ret)
ret = link; /* Save starting point */
start = start->next; /* Go to next object */
prev = link; /* Save pointer to this object */
}
return ret; /* Return start of list */
}
struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path, int *error)
{
struct ast_ha *ha;
char *nm = "255.255.255.255";
char tmp[256];
struct ast_ha *prev = NULL;
struct ast_ha *ret;
int x, z;
unsigned int y;
ret = path;
while (path) {
prev = path;
path = path->next;
}
if ((ha = ast_malloc(sizeof(*ha)))) {
ast_copy_string(tmp, stuff, sizeof(tmp));
nm = strchr(tmp, '/');
if (!nm) {
nm = "255.255.255.255";
} else {
*nm = '\0';
nm++;
}
if (!strchr(nm, '.')) {
if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) {
y = 0;
for (z = 0; z < x; z++) {
y >>= 1;
y |= 0x80000000;
}
ha->netmask.s_addr = htonl(y);
}
} else if (!inet_aton(nm, &ha->netmask)) {
ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
if (error)
*error = 1;
ast_free(ha);
return ret;
}
if (!inet_aton(tmp, &ha->netaddr)) {
ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
if (error)
*error = 1;
ast_free(ha);
return ret;
}
ha->netaddr.s_addr &= ha->netmask.s_addr;
if (!strncasecmp(sense, "p", 1)) {
ha->sense = AST_SENSE_ALLOW;
} else {
ha->sense = AST_SENSE_DENY;
}
ha->next = NULL;
if (prev) {
prev->next = ha;
} else {
ret = ha;
}
}
ast_debug(1, "%s/%s appended to acl for peer\n", stuff, nm);
return ret;
}
int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin)
{
/* Start optimistic */
int res = AST_SENSE_ALLOW;
while (ha) {
#if 0 /* debugging code */
char iabuf[INET_ADDRSTRLEN];
char iabuf2[INET_ADDRSTRLEN];
/* DEBUG */
ast_copy_string(iabuf, ast_inet_ntoa(sin->sin_addr), sizeof(iabuf));
ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
#endif
/* For each rule, if this address and the netmask = the net address
apply the current rule */
if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr)
res = ha->sense;
ha = ha->next;
}
return res;
}
int ast_get_ip_or_srv(struct sockaddr_in *sin, const char *value, const char *service)
{
struct hostent *hp;
struct ast_hostent ahp;
char srv[256];
char host[256];
int tportno = ntohs(sin->sin_port);
if (service) {
snprintf(srv, sizeof(srv), "%s.%s", service, value);
if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) {
sin->sin_port = htons(tportno);
value = host;
}
}
hp = ast_gethostbyname(value, &ahp);
if (hp) {
memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr));
} else {
ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value);
return -1;
}
return 0;
}
struct dscp_codepoint {
char *name;
unsigned int space;
};
/* IANA registered DSCP codepoints */
static const struct dscp_codepoint dscp_pool1[] = {
{ "CS0", 0x00 },
{ "CS1", 0x08 },
{ "CS2", 0x10 },
{ "CS3", 0x18 },
{ "CS4", 0x20 },
{ "CS5", 0x28 },
{ "CS6", 0x30 },
{ "CS7", 0x38 },
{ "AF11", 0x0A },
{ "AF12", 0x0C },
{ "AF13", 0x0E },
{ "AF21", 0x12 },
{ "AF22", 0x14 },
{ "AF23", 0x16 },
{ "AF31", 0x1A },
{ "AF32", 0x1C },
{ "AF33", 0x1E },
{ "AF41", 0x22 },
{ "AF42", 0x24 },
{ "AF43", 0x26 },
{ "EF", 0x2E },
};
int ast_str2cos(const char *value, unsigned int *cos)
{
int fval;
if (sscanf(value, "%d", &fval) == 1) {
if (fval < 8) {
*cos = fval;
return 0;
}
}
return -1;
}
int ast_str2tos(const char *value, unsigned int *tos)
{
int fval;
unsigned int x;
if (sscanf(value, "%i", &fval) == 1) {
*tos = fval & 0xFF;
return 0;
}
for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
if (!strcasecmp(value, dscp_pool1[x].name)) {
*tos = dscp_pool1[x].space << 2;
return 0;
}
}
return -1;
}
const char *ast_tos2str(unsigned int tos)
{
unsigned int x;
for (x = 0; x < sizeof(dscp_pool1) / sizeof(dscp_pool1[0]); x++) {
if (dscp_pool1[x].space == (tos >> 2))
return dscp_pool1[x].name;
}
return "unknown";
}
int ast_get_ip(struct sockaddr_in *sin, const char *value)
{
return ast_get_ip_or_srv(sin, value, NULL);
}
int ast_ouraddrfor(struct in_addr *them, struct in_addr *us)
{
int s;
struct sockaddr_in sin;
socklen_t slen;
s = socket(PF_INET, SOCK_DGRAM, 0);
if (s < 0) {
ast_log(LOG_WARNING, "Cannot create socket\n");
return -1;
}
sin.sin_family = AF_INET;
sin.sin_port = 5060;
sin.sin_addr = *them;
if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) {
ast_log(LOG_WARNING, "Cannot connect\n");
close(s);
return -1;
}
slen = sizeof(sin);
if (getsockname(s, (struct sockaddr *)&sin, &slen)) {
ast_log(LOG_WARNING, "Cannot get socket name\n");
close(s);
return -1;
}
close(s);
*us = sin.sin_addr;
return 0;
}
int ast_find_ourip(struct in_addr *ourip, struct sockaddr_in bindaddr)
{
char ourhost[MAXHOSTNAMELEN] = "";
struct ast_hostent ahp;
struct hostent *hp;
struct in_addr saddr;
/* just use the bind address if it is nonzero */
if (ntohl(bindaddr.sin_addr.s_addr)) {
memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip));
return 0;
}
/* try to use our hostname */
if (gethostname(ourhost, sizeof(ourhost) - 1)) {
ast_log(LOG_WARNING, "Unable to get hostname\n");
} else {
hp = ast_gethostbyname(ourhost, &ahp);
if (hp) {
memcpy(ourip, hp->h_addr, sizeof(*ourip));
return 0;
}
}
/* A.ROOT-SERVERS.NET. */
if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip))
return 0;
return -1;
}
Reference in a new issue View git blame Copy permalink