Sat Nov 25 00:45:27 2006

Asterisk developer's documentation


acl.c

Go to the documentation of this file.
00001 /*
00002  * Asterisk -- An open source telephony toolkit.
00003  *
00004  * Copyright (C) 1999 - 2005, Digium, Inc.
00005  *
00006  * Mark Spencer <markster@digium.com>
00007  *
00008  * See http://www.asterisk.org for more information about
00009  * the Asterisk project. Please do not directly contact
00010  * any of the maintainers of this project for assistance;
00011  * the project provides a web site, mailing lists and IRC
00012  * channels for your use.
00013  *
00014  * This program is free software, distributed under the terms of
00015  * the GNU General Public License Version 2. See the LICENSE file
00016  * at the top of the source tree.
00017  */
00018 
00019 /*! \file
00020  *
00021  * \brief Various sorts of access control
00022  * 
00023  */
00024 
00025 #include <stdio.h>
00026 #include <stdlib.h>
00027 #include <string.h>
00028 #include <sys/time.h>
00029 #include <signal.h>
00030 #include <errno.h>
00031 #include <unistd.h>
00032 #include <netinet/in.h>
00033 #include <arpa/inet.h>
00034 #include <sys/socket.h>
00035 #include <netdb.h>
00036 #include <net/if.h>
00037 #include <netinet/in.h>
00038 #include <netinet/in_systm.h>
00039 #include <netinet/ip.h>
00040 #include <sys/ioctl.h>
00041 
00042 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
00043 #include <fcntl.h>
00044 #include <net/route.h>
00045 #endif
00046 
00047 #if defined(SOLARIS)
00048 #include <sys/sockio.h>
00049 #endif
00050 
00051 /* netinet/ip.h may not define the following (See RFCs 791 and 1349) */
00052 #if !defined(IPTOS_LOWCOST)
00053 #define       IPTOS_LOWCOST           0x02
00054 #endif
00055 
00056 #if !defined(IPTOS_MINCOST)
00057 #define       IPTOS_MINCOST           IPTOS_LOWCOST
00058 #endif
00059 
00060 #include "asterisk.h"
00061 
00062 ASTERISK_FILE_VERSION(__FILE__, "$Revision: 45119 $")
00063 
00064 #include "asterisk/acl.h"
00065 #include "asterisk/logger.h"
00066 #include "asterisk/channel.h"
00067 #include "asterisk/options.h"
00068 #include "asterisk/utils.h"
00069 #include "asterisk/lock.h"
00070 #include "asterisk/srv.h"
00071 #include "asterisk/compat.h"
00072 
00073 #if defined(__OpenBSD__) || defined(__NetBSD__) || defined(__FreeBSD__)
00074 AST_MUTEX_DEFINE_STATIC(routeseq_lock);
00075 #endif
00076 
00077 struct ast_ha {
00078    /* Host access rule */
00079    struct in_addr netaddr;
00080    struct in_addr netmask;
00081    int sense;
00082    struct ast_ha *next;
00083 };
00084 
00085 /* Default IP - if not otherwise set, don't breathe garbage */
00086 static struct in_addr __ourip = { 0x00000000 };
00087 
00088 struct my_ifreq {
00089    char ifrn_name[IFNAMSIZ];  /* Interface name, e.g. "eth0", "ppp0", etc.  */
00090    struct sockaddr_in ifru_addr;
00091 };
00092 
00093 /* Free HA structure */
00094 void ast_free_ha(struct ast_ha *ha)
00095 {
00096    struct ast_ha *hal;
00097    while(ha) {
00098       hal = ha;
00099       ha = ha->next;
00100       free(hal);
00101    }
00102 }
00103 
00104 /* Copy HA structure */
00105 static void ast_copy_ha(struct ast_ha *from, struct ast_ha *to)
00106 {
00107    memcpy(&to->netaddr, &from->netaddr, sizeof(from->netaddr));
00108    memcpy(&to->netmask, &from->netmask, sizeof(from->netmask));
00109    to->sense = from->sense;
00110 }
00111 
00112 /* Create duplicate of ha structure */
00113 static struct ast_ha *ast_duplicate_ha(struct ast_ha *original)
00114 {
00115    struct ast_ha *new_ha = malloc(sizeof(struct ast_ha));
00116    /* Copy from original to new object */
00117    ast_copy_ha(original, new_ha); 
00118 
00119    return new_ha;
00120 }
00121 
00122 /* Create duplicate HA link list */
00123 /*  Used in chan_sip2 templates */
00124 struct ast_ha *ast_duplicate_ha_list(struct ast_ha *original)
00125 {
00126    struct ast_ha *start=original;
00127    struct ast_ha *ret = NULL;
00128    struct ast_ha *link,*prev=NULL;
00129 
00130    while (start) {
00131       link = ast_duplicate_ha(start);  /* Create copy of this object */
00132       if (prev)
00133          prev->next = link;      /* Link previous to this object */
00134 
00135       if (!ret) 
00136          ret = link;    /* Save starting point */
00137 
00138       start = start->next;    /* Go to next object */
00139       prev = link;         /* Save pointer to this object */
00140    }
00141    return ret;             /* Return start of list */
00142 }
00143 
00144 struct ast_ha *ast_append_ha(char *sense, char *stuff, struct ast_ha *path)
00145 {
00146    struct ast_ha *ha = malloc(sizeof(struct ast_ha));
00147    char *nm = "255.255.255.255";
00148    char tmp[256];
00149    struct ast_ha *prev = NULL;
00150    struct ast_ha *ret;
00151    int x, z;
00152    unsigned int y;
00153    ret = path;
00154    while (path) {
00155       prev = path;
00156       path = path->next;
00157    }
00158    if (ha) {
00159       ast_copy_string(tmp, stuff, sizeof(tmp));
00160       nm = strchr(tmp, '/');
00161       if (!nm) {
00162          nm = "255.255.255.255";
00163       } else {
00164          *nm = '\0';
00165          nm++;
00166       }
00167       if (!strchr(nm, '.')) {
00168          if ((sscanf(nm, "%d", &x) == 1) && (x >= 0) && (x <= 32)) {
00169             y = 0;
00170             for (z=0;z<x;z++) {
00171                y >>= 1;
00172                y |= 0x80000000;
00173             }
00174             ha->netmask.s_addr = htonl(y);
00175          }
00176       } else if (!inet_aton(nm, &ha->netmask)) {
00177          ast_log(LOG_WARNING, "%s is not a valid netmask\n", nm);
00178          free(ha);
00179          return ret;
00180       }
00181       if (!inet_aton(tmp, &ha->netaddr)) {
00182          ast_log(LOG_WARNING, "%s is not a valid IP\n", tmp);
00183          free(ha);
00184          return ret;
00185       }
00186       ha->netaddr.s_addr &= ha->netmask.s_addr;
00187       if (!strncasecmp(sense, "p", 1)) {
00188          ha->sense = AST_SENSE_ALLOW;
00189       } else {
00190          ha->sense = AST_SENSE_DENY;
00191       }
00192       ha->next = NULL;
00193       if (prev) {
00194          prev->next = ha;
00195       } else {
00196          ret = ha;
00197       }
00198    }
00199    ast_log(LOG_DEBUG, "%s/%s appended to acl for peer\n", stuff, nm);
00200    return ret;
00201 }
00202 
00203 int ast_apply_ha(struct ast_ha *ha, struct sockaddr_in *sin)
00204 {
00205    /* Start optimistic */
00206    int res = AST_SENSE_ALLOW;
00207    while (ha) {
00208       char iabuf[INET_ADDRSTRLEN];
00209       char iabuf2[INET_ADDRSTRLEN];
00210       /* DEBUG */
00211       ast_log(LOG_DEBUG,
00212          "##### Testing %s with %s\n",
00213          ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr),
00214          ast_inet_ntoa(iabuf2, sizeof(iabuf2), ha->netaddr));
00215       /* For each rule, if this address and the netmask = the net address
00216          apply the current rule */
00217       if ((sin->sin_addr.s_addr & ha->netmask.s_addr) == ha->netaddr.s_addr)
00218          res = ha->sense;
00219       ha = ha->next;
00220    }
00221    return res;
00222 }
00223 
00224 int ast_get_ip_or_srv(struct sockaddr_in *sin, const char *value, const char *service)
00225 {
00226    struct hostent *hp;
00227    struct ast_hostent ahp;
00228    char srv[256];
00229    char host[256];
00230    int tportno = ntohs(sin->sin_port);
00231    if (inet_aton(value, &sin->sin_addr))
00232       return 0;
00233    if (service) {
00234       snprintf(srv, sizeof(srv), "%s.%s", service, value);
00235       if (ast_get_srv(NULL, host, sizeof(host), &tportno, srv) > 0) {
00236          sin->sin_port = htons(tportno);
00237          value = host;
00238       }
00239    }
00240    hp = ast_gethostbyname(value, &ahp);
00241    if (hp) {
00242       memcpy(&sin->sin_addr, hp->h_addr, sizeof(sin->sin_addr));
00243    } else {
00244       ast_log(LOG_WARNING, "Unable to lookup '%s'\n", value);
00245       return -1;
00246    }
00247    return 0;
00248 }
00249 
00250 int ast_str2tos(const char *value, int *tos)
00251 {
00252    int fval;
00253    if (sscanf(value, "%i", &fval) == 1)
00254       *tos = fval & 0xff;
00255    else if (!strcasecmp(value, "lowdelay"))
00256       *tos = IPTOS_LOWDELAY;
00257    else if (!strcasecmp(value, "throughput"))
00258       *tos = IPTOS_THROUGHPUT;
00259    else if (!strcasecmp(value, "reliability"))
00260       *tos = IPTOS_RELIABILITY;
00261    else if (!strcasecmp(value, "mincost"))
00262       *tos = IPTOS_MINCOST;
00263    else if (!strcasecmp(value, "none"))
00264       *tos = 0;
00265    else
00266       return -1;
00267    return 0;
00268 }
00269 
00270 int ast_get_ip(struct sockaddr_in *sin, const char *value)
00271 {
00272    return ast_get_ip_or_srv(sin, value, NULL);
00273 }
00274 
00275 /* iface is the interface (e.g. eth0); address is the return value */
00276 int ast_lookup_iface(char *iface, struct in_addr *address) 
00277 {
00278    int mysock, res = 0;
00279    struct my_ifreq ifreq;
00280 
00281    memset(&ifreq, 0, sizeof(ifreq));
00282    ast_copy_string(ifreq.ifrn_name, iface, sizeof(ifreq.ifrn_name));
00283 
00284    mysock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
00285    res = ioctl(mysock, SIOCGIFADDR, &ifreq);
00286 
00287    close(mysock);
00288    if (res < 0) {
00289       ast_log(LOG_WARNING, "Unable to get IP of %s: %s\n", iface, strerror(errno));
00290       memcpy((char *)address, (char *)&__ourip, sizeof(__ourip));
00291       return -1;
00292    } else {
00293       memcpy((char *)address, (char *)&ifreq.ifru_addr.sin_addr, sizeof(ifreq.ifru_addr.sin_addr));
00294       return 0;
00295    }
00296 }
00297 
00298 int ast_ouraddrfor(struct in_addr *them, struct in_addr *us)
00299 {
00300    int s;
00301    struct sockaddr_in sin;
00302    socklen_t slen;
00303 
00304    s = socket(PF_INET, SOCK_DGRAM, 0);
00305    if (s < 0) {
00306       ast_log(LOG_WARNING, "Cannot create socket\n");
00307       return -1;
00308    }
00309    sin.sin_family = AF_INET;
00310    sin.sin_port = 5060;
00311    sin.sin_addr = *them;
00312    if (connect(s, (struct sockaddr *)&sin, sizeof(sin))) {
00313       ast_log(LOG_WARNING, "Cannot connect\n");
00314       close(s);
00315       return -1;
00316    }
00317    slen = sizeof(sin);
00318    if (getsockname(s, (struct sockaddr *)&sin, &slen)) {
00319       ast_log(LOG_WARNING, "Cannot get socket name\n");
00320       close(s);
00321       return -1;
00322    }
00323    close(s);
00324    *us = sin.sin_addr;
00325    return 0;
00326 }
00327 
00328 int ast_find_ourip(struct in_addr *ourip, struct sockaddr_in bindaddr)
00329 {
00330    char ourhost[MAXHOSTNAMELEN] = "";
00331    struct ast_hostent ahp;
00332    struct hostent *hp;
00333    struct in_addr saddr;
00334 
00335    /* just use the bind address if it is nonzero */
00336    if (ntohl(bindaddr.sin_addr.s_addr)) {
00337       memcpy(ourip, &bindaddr.sin_addr, sizeof(*ourip));
00338       return 0;
00339    }
00340    /* try to use our hostname */
00341    if (gethostname(ourhost, sizeof(ourhost) - 1)) {
00342       ast_log(LOG_WARNING, "Unable to get hostname\n");
00343    } else {
00344       hp = ast_gethostbyname(ourhost, &ahp);
00345       if (hp) {
00346          memcpy(ourip, hp->h_addr, sizeof(*ourip));
00347          return 0;
00348       }
00349    }
00350    /* A.ROOT-SERVERS.NET. */
00351    if (inet_aton("198.41.0.4", &saddr) && !ast_ouraddrfor(&saddr, ourip))
00352       return 0;
00353    return -1;
00354 }
00355 

Generated on Sat Nov 25 00:45:27 2006 for Asterisk - the Open Source PBX by  doxygen 1.4.6