kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-03 20:38:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACL: ast_apply_acl_nolog - identical to ast_apply_acl but without logging.

Browse Source 
Due to use in res_rtp_asterisk there is a need to be able to apply an
ACL without logging any invalid/denies.  It's probably sensible to at
least validate the ACL once directly after load and report invalid ACLs.

Change-Id: I256169229d945ca7c1bbf228fc492d91df345843
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
This commit is contained in:
Jaco Kroon
2019-12-04 10:35:52 +02:00
parent 91cdb9537e
commit 32160cb456
2 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
main/acl.c
View File

@@ -723,7 +723,7 @@ void ast_ha_join_cidr(const struct ast_ha *ha, struct ast_str **buf)
}
}
enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose)
static enum ast_acl_sense ast_apply_acl_internal(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *log_prefix)
{
struct ast_acl *acl;
@@ -737,16 +737,22 @@ enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast
AST_LIST_TRAVERSE(acl_list, acl, list) {
if (acl->is_invalid) {
/* In this case, the baseline ACL shouldn't ever trigger this, but if that somehow happens, it'll still be shown. */
ast_log(LOG_WARNING, "%sRejecting '%s' due to use of an invalid ACL '%s'.\n", purpose ? purpose : "", ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
if (log_prefix) {
ast_log(LOG_WARNING, "%sRejecting '%s' due to use of an invalid ACL '%s'.\n",
log_prefix, ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
}
AST_LIST_UNLOCK(acl_list);
return AST_SENSE_DENY;
}
if (acl->acl) {
if (ast_apply_ha(acl->acl, addr) == AST_SENSE_DENY) {
ast_log(LOG_NOTICE, "%sRejecting '%s' due to a failure to pass ACL '%s'\n", purpose ? purpose : "", ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
if (log_prefix) {
ast_log(LOG_NOTICE, "%sRejecting '%s' due to a failure to pass ACL '%s'\n",
log_prefix, ast_sockaddr_stringify_addr(addr),
ast_strlen_zero(acl->name) ? "(BASELINE)" : acl->name);
}
AST_LIST_UNLOCK(acl_list);
return AST_SENSE_DENY;
}
@@ -758,6 +764,15 @@ enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast
return AST_SENSE_ALLOW;
}
enum ast_acl_sense ast_apply_acl(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr, const char *purpose) {
return ast_apply_acl_internal(acl_list, addr, purpose ?: "");
}
enum ast_acl_sense ast_apply_acl_nolog(struct ast_acl_list *acl_list, const struct ast_sockaddr *addr) {
return ast_apply_acl_internal(acl_list, addr, NULL);
}
enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockaddr *addr)
{
/* Start optimistic */