kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-05 20:20:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

acl: implement a centralized ACL output mechanism for HAs and ACLs.

Browse Source 
named_acl.c (which is really a named_ha) now uses ast_ha_output.

I've also updated main/manager.c to output the actual ACL on "manager
show user <username>" if one is set.  If this works then we can add
similar to other modules as required.

Change-Id: I0ec9876a90dddd379c80ec078d48e3ee6991eb0f
This commit is contained in:
Jaco Kroon
2020-03-18 15:49:56 +02:00
committed by Joshua Colp
parent ebe7749127
commit 85fca26c24
4 changed files with 65 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
include/asterisk/acl.h
View File

@@ -430,6 +430,38 @@ struct ast_ha *ast_named_acl_find(const char *name, int *is_realtime, int *is_un
*/ */
struct stasis_message_type *ast_named_acl_change_type(void); struct stasis_message_type *ast_named_acl_change_type(void);
/*!
* \brief output an HA to the provided fd
*
* \details
* This function can be used centrally to output HAs as used in ACLs from other
* modules. It follows the format as originally used for named ACLs in
* named_acl.c.
*
* \param fd The file-descriptor to which to output the HA.
* \param ha The HA to output.
* \param prefix If you need a specific prefix output on each line, give it here, may be NULL.
*
* \since 13.33.0, 16.10.0, 17.4.0
*/
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix);
/*!
* \brief output an ACL to the provided fd
*
* \details
* This function can be used centrally to output HAs as used in ACLs from other
* modules. It follows the format as originally used for named ACLs in
* named_acl.c.
*
* \param fd The file-descriptor to which to output the ACL.
* \param acl The ACL to output.
* \param prefix If you need a specific prefix output on each line, give it here, may be NULL.
*
* \since 13.33.0, 16.10.0, 17.4.0
*/
void ast_acl_output(int fd, struct ast_acl_list *acl, const char *prefix);
#if defined(__cplusplus) || defined(c_plusplus) #if defined(__cplusplus) || defined(c_plusplus)
} }
#endif #endif

29
main/acl.c
View File

@@ -48,6 +48,7 @@
#include "asterisk/utils.h" #include "asterisk/utils.h"
#include "asterisk/lock.h" #include "asterisk/lock.h"
#include "asterisk/srv.h" #include "asterisk/srv.h"
#include "asterisk/cli.h"
#if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS)) #if (!defined(SOLARIS) && !defined(HAVE_GETIFADDRS))
static int get_local_address(struct ast_sockaddr *ourip) static int get_local_address(struct ast_sockaddr *ourip)
@@ -1082,3 +1083,31 @@ int ast_find_ourip(struct ast_sockaddr *ourip, const struct ast_sockaddr *bindad
ast_sockaddr_set_port(ourip, port); ast_sockaddr_set_port(ourip, port);
return res; return res;
} }
void ast_ha_output(int fd, const struct ast_ha *ha, const char *prefix)
{
char addr[AST_SOCKADDR_BUFLEN];
char *mask;
int index = 0;
for (; ha; ha = ha->next, ++index) {
strcpy(addr, ast_sockaddr_stringify_addr(&ha->addr));
mask = ast_sockaddr_stringify_addr(&ha->netmask);
ast_cli(fd, "%s%3d: %s - %s/%s\n", prefix ?: "", index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
}
}
void ast_acl_output(int fd, struct ast_acl_list *acl_list, const char *prefix)
{
struct ast_acl *acl;
AST_LIST_LOCK(acl_list);
AST_LIST_TRAVERSE(acl_list, acl, list) {
ast_cli(fd, "%sACL: %s%s\n---------------------------------------------\n",
prefix ?: "", ast_strlen_zero(acl->name) ? "(unnamed)" : acl->name,
acl->is_realtime ? " (realtime)" : "");
ast_ha_output(fd, acl->acl, prefix);
}
AST_LIST_UNLOCK(acl_list);
}

3
main/manager.c
View File

@@ -2550,6 +2550,9 @@ static char *handle_showmanager(struct ast_cli_entry *e, int cmd, struct ast_cli
for (v = user->chanvars ; v ; v = v->next) { for (v = user->chanvars ; v ; v = v->next) {
ast_cli(a->fd, " %s = %s\n", v->name, v->value); ast_cli(a->fd, " %s = %s\n", v->name, v->value);
} }
if (!ast_acl_list_is_empty(user->acl)) {
ast_acl_output(a->fd, user->acl, NULL);
}
AST_RWLIST_UNLOCK(&users); AST_RWLIST_UNLOCK(&users);

9
main/named_acl.c
View File

@@ -411,8 +411,6 @@ publish_failure:
*/ */
static void cli_display_named_acl(int fd, const char *name) static void cli_display_named_acl(int fd, const char *name)
{ {
struct ast_ha *ha;
int ha_index = 0;
int is_realtime = 0; int is_realtime = 0;
RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup); RAII_VAR(struct named_acl_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
@@ -437,12 +435,7 @@ static void cli_display_named_acl(int fd, const char *name)
} }
ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : ""); ast_cli(fd, "\nACL: %s%s\n---------------------------------------------\n", name, is_realtime ? " (realtime)" : "");
for (ha = named_acl->ha; ha; ha = ha->next) { ast_ha_output(fd, named_acl->ha, NULL);
char *addr = ast_strdupa(ast_sockaddr_stringify_addr(&ha->addr));
char *mask = ast_sockaddr_stringify_addr(&ha->netmask);
ast_cli(fd, "%3d: %s - %s/%s\n", ha_index, ha->sense == AST_SENSE_ALLOW ? "allow" : " deny", addr, mask);
ha_index++;
}
} }
/*! /*!