diff options
-rw-r--r-- | channels/chan_h323.c | 2 | ||||
-rw-r--r-- | channels/chan_iax2.c | 4 | ||||
-rw-r--r-- | channels/chan_mgcp.c | 2 | ||||
-rw-r--r-- | channels/chan_sip.c | 18 | ||||
-rw-r--r-- | channels/chan_skinny.c | 2 | ||||
-rw-r--r-- | include/asterisk/acl.h | 15 | ||||
-rw-r--r-- | main/acl.c | 9 |
7 files changed, 40 insertions, 12 deletions
diff --git a/channels/chan_h323.c b/channels/chan_h323.c index c1da95787..096e8ddbc 100644 --- a/channels/chan_h323.c +++ b/channels/chan_h323.c @@ -1425,7 +1425,7 @@ static struct oh323_user *build_user(char *name, struct ast_variable *v, struct } } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - user->ha = ast_append_ha(v->name, v->value, user->ha); + user->ha = ast_append_ha(v->name, v->value, user->ha, NULL); } } if (!user->options.dtmfmode) diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index b4cc8ae80..dc39f10e7 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -8450,7 +8450,7 @@ static struct iax2_peer *build_peer(const char *name, struct ast_variable *v, st peer_set_srcaddr(peer, v->value); } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - peer->ha = ast_append_ha(v->name, v->value, peer->ha); + peer->ha = ast_append_ha(v->name, v->value, peer->ha, NULL); } else if (!strcasecmp(v->name, "mask")) { maskfound++; inet_aton(v->value, &peer->mask); @@ -8610,7 +8610,7 @@ static struct iax2_user *build_user(const char *name, struct ast_variable *v, st } } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - user->ha = ast_append_ha(v->name, v->value, user->ha); + user->ha = ast_append_ha(v->name, v->value, user->ha, NULL); } else if (!strcasecmp(v->name, "setvar")) { varname = ast_strdupa(v->value); if (varname && (varval = strchr(varname,'='))) { diff --git a/channels/chan_mgcp.c b/channels/chan_mgcp.c index 2e0833b5f..bdb704754 100644 --- a/channels/chan_mgcp.c +++ b/channels/chan_mgcp.c @@ -3638,7 +3638,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v) } } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - gw->ha = ast_append_ha(v->name, v->value, gw->ha); + gw->ha = ast_append_ha(v->name, v->value, gw->ha, NULL); } else if (!strcasecmp(v->name, "port")) { gw->addr.sin_port = htons(atoi(v->value)); } else if (!strcasecmp(v->name, "context")) { diff --git a/channels/chan_sip.c b/channels/chan_sip.c index bc545e503..a5cfbfd1d 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -15765,7 +15765,11 @@ static struct sip_user *build_user(const char *name, struct ast_variable *v, int user->chanvars = add_var(v->value, user->chanvars); } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - user->ha = ast_append_ha(v->name, v->value, user->ha); + int ha_error = 0; + + user->ha = ast_append_ha(v->name, v->value, user->ha, &ha_error); + if (ha_error) + ast_log(LOG_ERROR, "Bad ACL entry in configuration line %d : %s\n", v->lineno, v->value); } else if (!strcasecmp(v->name, "allowtransfer")) { user->allowtransfer = ast_true(v->value) ? TRANSFER_OPENFORALL : TRANSFER_CLOSED; } else if (!strcasecmp(v->name, "secret")) { @@ -16023,7 +16027,11 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str return NULL; } } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - peer->ha = ast_append_ha(v->name, v->value, peer->ha); + int ha_error = 0; + + peer->ha = ast_append_ha(v->name, v->value, peer->ha, &ha_error); + if (ha_error) + ast_log(LOG_ERROR, "Bad ACL entry in configuration line %d : %s\n", v->lineno, v->value); } else if (!strcasecmp(v->name, "port")) { if (!realtime && ast_test_flag(&peer->flags[1], SIP_PAGE2_DYNAMIC)) peer->defaddr.sin_port = htons(atoi(v->value)); @@ -16405,10 +16413,14 @@ static int reload_config(enum channelreloadreason reason) } } else if (!strcasecmp(v->name, "localnet")) { struct ast_ha *na; - if (!(na = ast_append_ha("d", v->value, localaddr))) + int ha_error; + + if (!(na = ast_append_ha("d", v->value, localaddr, &ha_error))) ast_log(LOG_WARNING, "Invalid localnet value: %s\n", v->value); else localaddr = na; + if (ha_error) + ast_log(LOG_ERROR, "Bad localnet configuration value line %d : %s\n", v->lineno, v->value); } else if (!strcasecmp(v->name, "externip")) { if (!(hp = ast_gethostbyname(v->value, &ahp))) ast_log(LOG_WARNING, "Invalid address for externip keyword: %s\n", v->value); diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index 75bf874c8..df0d1e4de 100644 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -2027,7 +2027,7 @@ static struct skinny_device *build_device(const char *cat, struct ast_variable * } else if (!strcasecmp(v->name, "device")) { ast_copy_string(d->id, v->value, sizeof(d->id)); } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { - d->ha = ast_append_ha(v->name, v->value, d->ha); + d->ha = ast_append_ha(v->name, v->value, d->ha, NULL); } else if (!strcasecmp(v->name, "context")) { ast_copy_string(context, v->value, sizeof(context)); } else if (!strcasecmp(v->name, "allow")) { diff --git a/include/asterisk/acl.h b/include/asterisk/acl.h index b3a0e7aee..efc604990 100644 --- a/include/asterisk/acl.h +++ b/include/asterisk/acl.h @@ -38,13 +38,24 @@ extern "C" { struct ast_ha; +/*! \brief Free host access list */ void ast_free_ha(struct ast_ha *ha); -struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path); + +/*! \brief Append ACL entry to host access list. */ +struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path, int *error); + +/*! \brief Check IP address with host access list */ int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin); + +/*! \brief Copy host access list */ +struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original); + int ast_get_ip(struct sockaddr_in *sin, const char *value); + int ast_get_ip_or_srv(struct sockaddr_in *sin, const char *value, const char *service); + int ast_ouraddrfor(struct in_addr *them, struct in_addr *us); -struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original); + int ast_find_ourip(struct in_addr *ourip, struct sockaddr_in bindaddr); int ast_str2tos(const char *value, unsigned int *tos); const char *ast_tos2str(unsigned int tos); diff --git a/main/acl.c b/main/acl.c index 7e50d1f9d..e2caa2eee 100644 --- a/main/acl.c +++ b/main/acl.c @@ -137,7 +137,7 @@ struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original) return ret; /* Return start of list */ } -struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path) +struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path, int *error) { struct ast_ha *ha; char *nm = "255.255.255.255"; @@ -172,11 +172,15 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path) } } else if (!inet_aton(nm, &ha->netmask)) { ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm); + if (error) + *error = 1; free(ha); return ret; } if (!inet_aton(tmp, &ha->netaddr)) { ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp); + if (error) + *error = 1; free(ha); return ret; } @@ -193,7 +197,8 @@ struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path) ret = ha; } } - ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm); + if (option_debug) + ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm); return ret; } |