diff options
author | Mark Michelson <mmichelson@digium.com> | 2013-08-20 21:01:59 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2013-08-20 21:01:59 +0000 |
commit | 5caa938be22340202b114ec929207bbb89550a0b (patch) | |
tree | e7776190a80338063683cb4d4edbb9de5533799f /res/res_pjsip_acl.c | |
parent | b6faaf85e36695fddd4f2c968f55c23f118ed307 (diff) |
Localize and rename ACL configuration.
This is more-or-less a reversion of previous ACL behavior so that
it is more self-contained. ACL sections are now only parsed if res_pjsip_acl.so
is loaded. Moreover, the configuration section is now "type=acl" instead of
"type=security".
The original reason for having ACLs configured in a "type=security" section
was to lump ACLs and other security-related items into the same section. The
problem is that ACLs really should be in their own sections and there are
no other security-related options implemented anyways.
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397193 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_pjsip_acl.c')
-rw-r--r-- | res/res_pjsip_acl.c | 69 |
1 files changed, 64 insertions, 5 deletions
diff --git a/res/res_pjsip_acl.c b/res/res_pjsip_acl.c index 7cb498a96..c44704cf5 100644 --- a/res/res_pjsip_acl.c +++ b/res/res_pjsip_acl.c @@ -153,13 +153,24 @@ static int apply_contact_acl(pjsip_rx_data *rdata, struct ast_acl_list *contact_ return forbidden; } +#define SIP_SORCERY_ACL_TYPE "acl" + +/*! + * \brief SIP ACL details and configuration. + */ +struct ast_sip_acl { + SORCERY_OBJECT(details); + struct ast_acl_list *acl; + struct ast_acl_list *contact_acl; +}; + static int check_acls(void *obj, void *arg, int flags) { - struct ast_sip_security *security = obj; + struct ast_sip_acl *sip_acl = obj; pjsip_rx_data *rdata = arg; - if (apply_acl(rdata, security->acl) || - apply_contact_acl(rdata, security->contact_acl)) { + if (apply_acl(rdata, sip_acl->acl) || + apply_contact_acl(rdata, sip_acl->contact_acl)) { return CMP_MATCH | CMP_STOP; } return 0; @@ -168,9 +179,9 @@ static int check_acls(void *obj, void *arg, int flags) static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata) { RAII_VAR(struct ao2_container *, acls, ast_sorcery_retrieve_by_fields( - ast_sip_get_sorcery(), SIP_SORCERY_SECURITY_TYPE, + ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL), ao2_cleanup); - RAII_VAR(struct ast_sip_security *, matched_acl, NULL, ao2_cleanup); + RAII_VAR(struct ast_sip_acl *, matched_acl, NULL, ao2_cleanup); if (!acls) { ast_log(LOG_ERROR, "Unable to retrieve ACL sorcery data\n"); @@ -187,6 +198,20 @@ static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata) return PJ_FALSE; } +static int acl_handler(const struct aco_option *opt, struct ast_variable *var, void *obj) +{ + struct ast_sip_acl *sip_acl = obj; + int error = 0; + int ignore; + if (!strncmp(var->name, "contact", 7)) { + ast_append_acl(var->name + 7, var->value, &sip_acl->contact_acl, &error, &ignore); + } else { + ast_append_acl(var->name, var->value, &sip_acl->acl, &error, &ignore); + } + + return error; +} + static pjsip_module acl_module = { .name = { "ACL Module", 14 }, /* This should run after a logger but before anything else */ @@ -194,8 +219,42 @@ static pjsip_module acl_module = { .on_rx_request = acl_on_rx_msg, }; +static void acl_destroy(void *obj) +{ + struct ast_sip_acl *sip_acl = obj; + sip_acl->acl = ast_free_acl_list(sip_acl->acl); + sip_acl->contact_acl = ast_free_acl_list(sip_acl->contact_acl); +} + +static void *acl_alloc(const char *name) +{ + struct ast_sip_acl *sip_acl = + ast_sorcery_generic_alloc(sizeof(*sip_acl), acl_destroy); + + return sip_acl; +} + static int load_module(void) { + ast_sorcery_apply_default(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, + "config", "pjsip.conf,criteria=type=acl"); + + if (ast_sorcery_object_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, + acl_alloc, NULL, NULL)) { + + ast_log(LOG_ERROR, "Failed to register SIP %s object with sorcery\n", + SIP_SORCERY_ACL_TYPE); + return AST_MODULE_LOAD_DECLINE; + } + + ast_sorcery_object_field_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "type", "", OPT_NOOP_T, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "permit", "", acl_handler, NULL, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "deny", "", acl_handler, NULL, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "acl", "", acl_handler, NULL, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0); + ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactacl", "", acl_handler, NULL, 0, 0); + ast_sip_register_service(&acl_module); return AST_MODULE_LOAD_SUCCESS; } |