diff options
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_iax2.c | 25 | ||||
-rw-r--r-- | channels/chan_sip.c | 75 | ||||
-rw-r--r-- | channels/chan_skinny.c | 4 |
3 files changed, 46 insertions, 58 deletions
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 72e6b666c..92f070be2 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -2039,15 +2039,17 @@ static int addr_range_delme_cb(void *obj, void *arg, int flags) static int addr_range_hash_cb(const void *obj, const int flags) { const struct addr_range *lim = obj; - return abs((int) lim->ha.netaddr.s_addr); + struct sockaddr_in sin; + ast_sockaddr_to_sin(&lim->ha.addr, &sin); + return abs((int) sin.sin_addr.s_addr); } static int addr_range_cmp_cb(void *obj, void *arg, int flags) { struct addr_range *lim1 = obj, *lim2 = arg; - return ((lim1->ha.netaddr.s_addr == lim2->ha.netaddr.s_addr) && - (lim1->ha.netmask.s_addr == lim2->ha.netmask.s_addr)) ? - CMP_MATCH | CMP_STOP : 0; + return (!(ast_sockaddr_cmp_addr(&lim1->ha.addr, &lim2->ha.addr)) && + !(ast_sockaddr_cmp_addr(&lim1->ha.netmask, &lim2->ha.netmask))) ? + CMP_MATCH | CMP_STOP : 0; } static int peercnt_hash_cb(const void *obj, const int flags) @@ -2066,8 +2068,13 @@ static int addr_range_match_address_cb(void *obj, void *arg, int flags) { struct addr_range *addr_range = obj; struct sockaddr_in *sin = arg; + struct sockaddr_in ha_netmask_sin; + struct sockaddr_in ha_addr_sin; + + ast_sockaddr_to_sin(&addr_range->ha.netmask, &ha_netmask_sin); + ast_sockaddr_to_sin(&addr_range->ha.addr, &ha_addr_sin); - if ((sin->sin_addr.s_addr & addr_range->ha.netmask.s_addr) == addr_range->ha.netaddr.s_addr) { + if ((sin->sin_addr.s_addr & ha_netmask_sin.sin_addr.s_addr) == ha_addr_sin.sin_addr.s_addr) { return CMP_MATCH | CMP_STOP; } return 0; @@ -7385,6 +7392,7 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies int gotcapability = 0; struct ast_variable *v = NULL, *tmpvar = NULL; struct ao2_iterator i; + struct ast_sockaddr addr; if (!iaxs[callno]) return res; @@ -7442,10 +7450,11 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies } /* Search the userlist for a compatible entry, and fill in the rest */ i = ao2_iterator_init(users, 0); + ast_sockaddr_from_sin(&addr, sin); while ((user = ao2_iterator_next(&i))) { if ((ast_strlen_zero(iaxs[callno]->username) || /* No username specified */ !strcmp(iaxs[callno]->username, user->name)) /* Or this username specified */ - && ast_apply_ha(user->ha, sin) /* Access is permitted from this IP */ + && ast_apply_ha(user->ha, &addr) /* Access is permitted from this IP */ && (ast_strlen_zero(iaxs[callno]->context) || /* No context specified */ apply_context(user->contexts, iaxs[callno]->context))) { /* Context is permitted */ if (!ast_strlen_zero(iaxs[callno]->username)) { @@ -7787,6 +7796,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * int x; int expire = 0; int res = -1; + struct ast_sockaddr addr; ast_clear_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED); /* iaxs[callno]->peer[0] = '\0'; not necc. any more-- stringfield is pre-inited to null string */ @@ -7841,7 +7851,8 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * goto return_unref; } - if (!ast_apply_ha(p->ha, sin)) { + ast_sockaddr_from_sin(&addr, sin); + if (!ast_apply_ha(p->ha, &addr)) { if (authdebug) ast_log(LOG_NOTICE, "Host %s denied access to register peer '%s'\n", ast_inet_ntoa(sin->sin_addr), p->name); goto return_unref; diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 792ca6980..b6e167a79 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -3084,7 +3084,7 @@ static void build_via(struct sip_pvt *p) static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_sockaddr *us, struct sip_pvt *p) { struct ast_sockaddr theirs; - struct sockaddr_in theirs_sin, externip_sin, us_sin; + struct sockaddr_in externip_sin; /* Set want_remap to non-zero if we want to remap 'us' to an externally * reachable IP address and port. This is done if: @@ -3112,16 +3112,13 @@ static void ast_sip_ouraddrfor(const struct ast_sockaddr *them, struct ast_socka "remove \"localnet\" and/or \"externip\" settings.\n"); } } else { - ast_sockaddr_to_sin(&theirs, &theirs_sin); - ast_sockaddr_to_sin(us, &us_sin); - want_remap = localaddr && !(ast_sockaddr_isnull(&externip) && stunaddr.sin_addr.s_addr) && - ast_apply_ha(localaddr, &theirs_sin) == AST_SENSE_ALLOW ; + ast_apply_ha(localaddr, &theirs) == AST_SENSE_ALLOW ; } if (want_remap && - (!sip_cfg.matchexterniplocally || !ast_apply_ha(localaddr, &us_sin)) ) { + (!sip_cfg.matchexterniplocally || !ast_apply_ha(localaddr, us)) ) { /* if we used externhost or stun, see if it is time to refresh the info */ if (externexpire && time(NULL) >= externexpire) { if (stunaddr.sin_addr.s_addr) { @@ -12643,7 +12640,6 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st int transport_type; const char *useragent; struct ast_sockaddr oldsin, testsa; - struct sockaddr_in testsin; ast_copy_string(contact, get_header(req, "Contact"), sizeof(contact)); @@ -12763,16 +12759,13 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st } /* Check that they're allowed to register at this IP */ - if (!ast_sockaddr_is_ipv6(&peer->addr)) { - ast_sockaddr_to_sin(&peer->addr, &testsin); - if (ast_apply_ha(sip_cfg.contact_ha, &testsin) != AST_SENSE_ALLOW || - ast_apply_ha(peer->contactha, &testsin) != AST_SENSE_ALLOW) { - ast_log(LOG_WARNING, "Domain '%s' disallowed by contact ACL (violating IP %s)\n", domain, - ast_sockaddr_stringify_addr(&testsa)); - ast_string_field_set(peer, fullcontact, ""); - ast_string_field_set(pvt, our_contact, ""); - return PARSE_REGISTER_DENIED; - } + if (ast_apply_ha(sip_cfg.contact_ha, &peer->addr) != AST_SENSE_ALLOW || + ast_apply_ha(peer->contactha, &peer->addr) != AST_SENSE_ALLOW) { + ast_log(LOG_WARNING, "Domain '%s' disallowed by contact ACL (violating IP %s)\n", domain, + ast_sockaddr_stringify_addr(&testsa)); + ast_string_field_set(peer, fullcontact, ""); + ast_string_field_set(pvt, our_contact, ""); + return PARSE_REGISTER_DENIED; } /* if the Contact header information copied into peer->addr matches the @@ -13418,19 +13411,14 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct ast_sock } peer = find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0); - if (!ast_sockaddr_is_ipv6(addr)) { - struct sockaddr_in sin_tmp; - - ast_sockaddr_to_sin(addr, &sin_tmp); - if (!(peer && ast_apply_ha(peer->ha, &sin_tmp))) { - /* Peer fails ACL check */ - if (peer) { - unref_peer(peer, "register_verify: unref_peer: from find_peer operation"); - peer = NULL; - res = AUTH_ACL_FAILED; - } else { - res = AUTH_NOT_FOUND; - } + if (!(peer && ast_apply_ha(peer->ha, addr))) { + /* Peer fails ACL check */ + if (peer) { + unref_peer(peer, "register_verify: unref_peer: from find_peer operation"); + peer = NULL; + res = AUTH_ACL_FAILED; + } else { + res = AUTH_NOT_FOUND; } } @@ -14533,15 +14521,11 @@ static enum check_auth_result check_peer_ok(struct sip_pvt *p, char *of, } return AUTH_DONT_KNOW; } - if (!ast_sockaddr_is_ipv6(addr)) { - struct sockaddr_in sin_tmp; - ast_sockaddr_to_sin(addr, &sin_tmp); - if (!ast_apply_ha(peer->ha, &sin_tmp)) { - ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of); - unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED"); - return AUTH_ACL_FAILED; - } + if (!ast_apply_ha(peer->ha, addr)) { + ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of); + unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED"); + return AUTH_ACL_FAILED; } if (debug) ast_verbose("Found peer '%s' for '%s' from %s\n", @@ -16618,12 +16602,11 @@ static char *sip_show_settings(struct ast_cli_entry *e, int cmd, struct ast_cli_ { struct ast_ha *d; const char *prefix = "Localnet:"; - char buf[INET_ADDRSTRLEN]; /* need to print two addresses */ for (d = localaddr; d ; prefix = "", d = d->next) { ast_cli(a->fd, " %-24s%s/%s\n", - prefix, ast_inet_ntoa(d->netaddr), - inet_ntop(AF_INET, &d->netmask, buf, sizeof(buf)) ); + prefix, ast_strdupa(ast_sockaddr_stringify_addr(&d->addr)), + ast_strdupa(ast_sockaddr_stringify_addr(&d->netmask))); } } ast_cli(a->fd, " STUN server: %s:%d\n", ast_inet_ntoa(stunaddr.sin_addr), ntohs(stunaddr.sin_port)); @@ -27195,20 +27178,12 @@ static int reload_config(enum channelreloadreason reason) static int apply_directmedia_ha(struct sip_pvt *p, const char *op) { struct ast_sockaddr us = { { 0, }, }, them = { { 0, }, }; - struct sockaddr_in them_sin; int res = AST_SENSE_ALLOW; ast_rtp_instance_get_remote_address(p->rtp, &them); ast_rtp_instance_get_local_address(p->rtp, &us); - /* Currently ast_apply_ha doesn't support IPv6 */ - if (ast_sockaddr_is_ipv6(&them)) { - return res; - } - - ast_sockaddr_to_sin(&them, &them_sin); - - if ((res = ast_apply_ha(p->directmediaha, &them_sin)) == AST_SENSE_DENY) { + if ((res = ast_apply_ha(p->directmediaha, &them)) == AST_SENSE_DENY) { ast_debug(3, "Reinvite %s to %s denied by directmedia ACL on %s\n", op, ast_strdupa(ast_sockaddr_stringify(&them)), ast_strdupa(ast_sockaddr_stringify(&us))); } diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index 31f70ec46..6d4968a7b 100644 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -1877,8 +1877,10 @@ static int skinny_register(struct skinny_req *req, struct skinnysession *s) AST_LIST_LOCK(&devices); AST_LIST_TRAVERSE(&devices, d, list){ + struct ast_sockaddr addr; + ast_sockaddr_from_sin(&addr, &s->sin); if (!strcasecmp(req->data.reg.name, d->id) - && ast_apply_ha(d->ha, &(s->sin))) { + && ast_apply_ha(d->ha, &addr)) { s->device = d; d->type = letohl(req->data.reg.type); if (ast_strlen_zero(d->version_id)) { |