Localize and rename ACL configuration.
authorMark Michelson <mmichelson@digium.com>
Tue, 20 Aug 2013 21:01:59 +0000 (21:01 +0000)
committerMark Michelson <mmichelson@digium.com>
Tue, 20 Aug 2013 21:01:59 +0000 (21:01 +0000)
This is more-or-less a reversion of previous ACL behavior so that
it is more self-contained. ACL sections are now only parsed if res_pjsip_acl.so
is loaded. Moreover, the configuration section is now "type=acl" instead of
"type=security".

The original reason for having ACLs configured in a "type=security" section
was to lump ACLs and other security-related items into the same section. The
problem is that ACLs really should be in their own sections and there are
no other security-related options implemented anyways.

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397193 65c4cc65-6c06-0410-ace0-fbb531ad65f3

include/asterisk/res_pjsip.h
res/res_pjsip/config_security.c [deleted file]
res/res_pjsip/pjsip_configuration.c
res/res_pjsip_acl.c

index 3d66cf3..d25a1d4 100644 (file)
@@ -665,17 +665,6 @@ struct ast_sip_endpoint_identifier {
     struct ast_sip_endpoint *(*identify_endpoint)(pjsip_rx_data *rdata);
 };
 
-#define SIP_SORCERY_SECURITY_TYPE "security"
-
-/*!
- * \brief SIP security details and configuration.
- */
-struct ast_sip_security {
-       SORCERY_OBJECT(details);
-       struct ast_acl_list *acl;
-       struct ast_acl_list *contact_acl;
-};
-
 /*!
  * \brief Register a SIP service in Asterisk.
  *
@@ -973,16 +962,6 @@ int ast_sip_initialize_sorcery_domain_alias(struct ast_sorcery *sorcery);
 int ast_sip_initialize_sorcery_auth(struct ast_sorcery *sorcery);
 
 /*!
- * \brief Initialize security support on a sorcery instance
- *
- * \param sorcery The sorcery instance
- *
- * \retval -1 failure
- * \retval 0 success
- */
-int ast_sip_initialize_sorcery_security(struct ast_sorcery *sorcery);
-
-/*!
  * \brief Callback called when an outbound request with authentication credentials is to be sent in dialog
  *
  * This callback will have the created request on it. The callback's purpose is to do any extra
diff --git a/res/res_pjsip/config_security.c b/res/res_pjsip/config_security.c
deleted file mode 100644 (file)
index 3caff2b..0000000
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Asterisk -- An open source telephony toolkit.
- *
- * Copyright (C) 2013, Digium, Inc.
- *
- * Mark Michelson <mmichelson@digium.com>
- * Kevin Harwell <kharwell@digium.com>
- *
- * See http://www.asterisk.org for more information about
- * the Asterisk project. Please do not directly contact
- * any of the maintainers of this project for assistance;
- * the project provides a web site, mailing lists and IRC
- * channels for your use.
- *
- * This program is free software, distributed under the terms of
- * the GNU General Public License Version 2. See the LICENSE file
- * at the top of the source tree.
- */
-
-/*** MODULEINFO
-       <depend>pjproject</depend>
-       <depend>res_pjsip</depend>
-       <support_level>core</support_level>
- ***/
-#include "asterisk.h"
-
-#include <pjsip.h>
-
-#include "asterisk/res_pjsip.h"
-#include "asterisk/logger.h"
-#include "asterisk/sorcery.h"
-#include "asterisk/acl.h"
-
-static int acl_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
-{
-       struct ast_sip_security *security = obj;
-       int error = 0;
-       int ignore;
-       if (!strncmp(var->name, "contact", 7)) {
-               ast_append_acl(var->name + 7, var->value, &security->contact_acl, &error, &ignore);
-       } else {
-               ast_append_acl(var->name, var->value, &security->acl, &error, &ignore);
-       }
-
-       return error;
-}
-
-static void security_destroy(void *obj)
-{
-       struct ast_sip_security *security = obj;
-       security->acl = ast_free_acl_list(security->acl);
-       security->contact_acl = ast_free_acl_list(security->contact_acl);
-}
-
-static void *security_alloc(const char *name)
-{
-       struct ast_sip_security *security =
-               ast_sorcery_generic_alloc(sizeof(*security), security_destroy);
-
-       if (!security) {
-               return NULL;
-       }
-
-       return security;
-}
-
-int ast_sip_initialize_sorcery_security(struct ast_sorcery *sorcery)
-{
-       ast_sorcery_apply_default(sorcery, SIP_SORCERY_SECURITY_TYPE,
-                                 "config", "pjsip.conf,criteria=type=security");
-
-       if (ast_sorcery_object_register(sorcery, SIP_SORCERY_SECURITY_TYPE,
-                                       security_alloc, NULL, NULL)) {
-
-               ast_log(LOG_ERROR, "Failed to register SIP %s object with sorcery\n",
-                       SIP_SORCERY_SECURITY_TYPE);
-               return -1;
-       }
-
-       ast_sorcery_object_field_register(sorcery, SIP_SORCERY_SECURITY_TYPE, "type", "", OPT_NOOP_T, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "permit", "", acl_handler, NULL, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "deny", "", acl_handler, NULL, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "acl", "", acl_handler, NULL, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0);
-       ast_sorcery_object_field_register_custom(sorcery, SIP_SORCERY_SECURITY_TYPE, "contactacl", "", acl_handler, NULL, 0, 0);
-       return 0;
-}
index 4d703e5..527df5d 100644 (file)
@@ -740,13 +740,6 @@ int ast_res_pjsip_initialize_configuration(void)
                return -1;
        }
 
-       if (ast_sip_initialize_sorcery_security(sip_sorcery)) {
-               ast_log(LOG_ERROR, "Failed to register SIP security support\n");
-               ast_sorcery_unref(sip_sorcery);
-               sip_sorcery = NULL;
-               return -1;
-       }
-
        if (ast_sip_initialize_sorcery_global(sip_sorcery)) {
                ast_log(LOG_ERROR, "Failed to register SIP Global support\n");
                ast_sorcery_unref(sip_sorcery);
index 7cb498a..c44704c 100644 (file)
@@ -153,13 +153,24 @@ static int apply_contact_acl(pjsip_rx_data *rdata, struct ast_acl_list *contact_
        return forbidden;
 }
 
+#define SIP_SORCERY_ACL_TYPE "acl"
+
+/*!
+ * \brief SIP ACL details and configuration.
+ */
+struct ast_sip_acl {
+       SORCERY_OBJECT(details);
+       struct ast_acl_list *acl;
+       struct ast_acl_list *contact_acl;
+};
+
 static int check_acls(void *obj, void *arg, int flags)
 {
-       struct ast_sip_security *security = obj;
+       struct ast_sip_acl *sip_acl = obj;
        pjsip_rx_data *rdata = arg;
 
-       if (apply_acl(rdata, security->acl) ||
-           apply_contact_acl(rdata, security->contact_acl)) {
+       if (apply_acl(rdata, sip_acl->acl) ||
+           apply_contact_acl(rdata, sip_acl->contact_acl)) {
                return CMP_MATCH | CMP_STOP;
        }
        return 0;
@@ -168,9 +179,9 @@ static int check_acls(void *obj, void *arg, int flags)
 static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata)
 {
        RAII_VAR(struct ao2_container *, acls, ast_sorcery_retrieve_by_fields(
-                        ast_sip_get_sorcery(), SIP_SORCERY_SECURITY_TYPE,
+                        ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
                         AST_RETRIEVE_FLAG_MULTIPLE | AST_RETRIEVE_FLAG_ALL, NULL), ao2_cleanup);
-       RAII_VAR(struct ast_sip_security *, matched_acl, NULL, ao2_cleanup);
+       RAII_VAR(struct ast_sip_acl *, matched_acl, NULL, ao2_cleanup);
 
        if (!acls) {
                ast_log(LOG_ERROR, "Unable to retrieve ACL sorcery data\n");
@@ -187,6 +198,20 @@ static pj_bool_t acl_on_rx_msg(pjsip_rx_data *rdata)
        return PJ_FALSE;
 }
 
+static int acl_handler(const struct aco_option *opt, struct ast_variable *var, void *obj)
+{
+       struct ast_sip_acl *sip_acl = obj;
+       int error = 0;
+       int ignore;
+       if (!strncmp(var->name, "contact", 7)) {
+               ast_append_acl(var->name + 7, var->value, &sip_acl->contact_acl, &error, &ignore);
+       } else {
+               ast_append_acl(var->name, var->value, &sip_acl->acl, &error, &ignore);
+       }
+
+       return error;
+}
+
 static pjsip_module acl_module = {
        .name = { "ACL Module", 14 },
        /* This should run after a logger but before anything else */
@@ -194,8 +219,42 @@ static pjsip_module acl_module = {
        .on_rx_request = acl_on_rx_msg,
 };
 
+static void acl_destroy(void *obj)
+{
+       struct ast_sip_acl *sip_acl = obj;
+       sip_acl->acl = ast_free_acl_list(sip_acl->acl);
+       sip_acl->contact_acl = ast_free_acl_list(sip_acl->contact_acl);
+}
+
+static void *acl_alloc(const char *name)
+{
+       struct ast_sip_acl *sip_acl =
+               ast_sorcery_generic_alloc(sizeof(*sip_acl), acl_destroy);
+
+       return sip_acl;
+}
+
 static int load_module(void)
 {
+       ast_sorcery_apply_default(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
+                                 "config", "pjsip.conf,criteria=type=acl");
+
+       if (ast_sorcery_object_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE,
+                                       acl_alloc, NULL, NULL)) {
+
+               ast_log(LOG_ERROR, "Failed to register SIP %s object with sorcery\n",
+                       SIP_SORCERY_ACL_TYPE);
+               return AST_MODULE_LOAD_DECLINE;
+       }
+
+       ast_sorcery_object_field_register(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "type", "", OPT_NOOP_T, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "permit", "", acl_handler, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "deny", "", acl_handler, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "acl", "", acl_handler, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactpermit", "", acl_handler, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactdeny", "", acl_handler, NULL, 0, 0);
+       ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contactacl", "", acl_handler, NULL, 0, 0);
+
        ast_sip_register_service(&acl_module);
        return AST_MODULE_LOAD_SUCCESS;
 }